Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unable to check HKLM:\Security ACL #22

Closed
kkola opened this issue Nov 5, 2019 · 1 comment · Fixed by #5
Closed

unable to check HKLM:\Security ACL #22

kkola opened this issue Nov 5, 2019 · 1 comment · Fixed by #5
Assignees

Comments

@kkola
Copy link
Collaborator

kkola commented Nov 5, 2019

https://github.com/mitre/stig-microsoft-windows-server-2016-v1r4-baseline/blob/4e835f41b8153ed1b9b1e381a5754ba75d0d2f64/controls/V-73255.rb#L109-L124

The other keys like HKLM:\Software and HKLM:System return their ACLs when executing Get-ACL

@kkola kkola self-assigned this Nov 5, 2019
kkola added a commit that referenced this issue Nov 6, 2019
@kkola
Copy link
Collaborator Author

kkola commented Nov 6, 2019

4da692c fixes this issue

@kkola kkola closed this as completed Nov 6, 2019
aaronlippold added a commit that referenced this issue Feb 10, 2020
* first simple pass for the profile

* update 73615 to use Windows 2016 PS commands

* change attributes to inputs

* move attributes to inside the control code

* updates related to legal notice text and caption

* update 73221 to correct domain roles and AD check

* update 73259 to check for DC role

* update 73261 to account for DC role

* update 73387 with inputs for MaxConnIdleTime

* update LegalNoticeCaption input for 73649

* update 73607 check for DoD interoperabilty certs

* update 78127 language

* control updates to 73785 and 73803

* update 73783

* update 73775 to NOT a domain controller check

* check for AD only system in 73771

* check for 73775 for AD only flag

* read AD only flag for 73775

* check for AD in 73759

* update 73749 to use 'be_in'

* update 73733 to use 'be_in'

* update 73731 to use 'be_in'

* minor edits to 73379

* check for SMBv1 in 78123 and 78125

* add check for no accounts or groups to 73783

* Update Review.md

* Update Review.md

* Update Review.md

* address incorrect if statement issue #6

* fix incorrect NIST tag issue #7

* fix temporary account check. issue #8

* fixes issue #9

* Update Review.md

* Update Review.md

* Update Review.md

* fix for issue #11

* Update Review.md

* fix issue #12

* fix issue #13

* fix issue #13

* fix issue #17

* fix issue #18

* fix for issue #19

* fix issue #16: NIST tag duplication (#20)

* v-73607: minor edit; v-73223: account all systems

* update V-73231

* update V-73247

* update V-73391

* minor edit to v-73391

* update V-73391 to be more readable

* update V-73249

* update v-73249 and v-73251

* update V-73249 and V-73251

* remove commented lines from V-73251

* update V-73253

* remove comments

* update V-73255

* remove comments

* update V-73369

* update V-73381

* update V-73375

* fixes issue #22

* update V-73255 for readability

* control fixes so inspec v4.18 can run execute (#21)

* control fixes so inspec v4.18 can run execute

* update inspec.yml

* fixes for issue #14

* fixes for issue #15

* fix for issue #14

Co-authored-by: Rony Xavier <rx294@nyu.edu>
Co-authored-by: Aaron Lippold <lippold@gmail.com>
aaronlippold added a commit that referenced this issue Feb 10, 2020
* first simple pass for the profile

* update 73615 to use Windows 2016 PS commands

* change attributes to inputs

* move attributes to inside the control code

* updates related to legal notice text and caption

* update 73221 to correct domain roles and AD check

* update 73259 to check for DC role

* update 73261 to account for DC role

* update 73387 with inputs for MaxConnIdleTime

* update LegalNoticeCaption input for 73649

* update 73607 check for DoD interoperabilty certs

* update 78127 language

* control updates to 73785 and 73803

* update 73783

* update 73775 to NOT a domain controller check

* check for AD only system in 73771

* check for 73775 for AD only flag

* read AD only flag for 73775

* check for AD in 73759

* update 73749 to use 'be_in'

* update 73733 to use 'be_in'

* update 73731 to use 'be_in'

* minor edits to 73379

* check for SMBv1 in 78123 and 78125

* add check for no accounts or groups to 73783

* Update Review.md

* Update Review.md

* Update Review.md

* address incorrect if statement issue #6

* fix incorrect NIST tag issue #7

* fix temporary account check. issue #8

* fixes issue #9

* Update Review.md

* Update Review.md

* Update Review.md

* fix for issue #11

* Update Review.md

* fix issue #12

* fix issue #13

* fix issue #13

* fix issue #17

* fix issue #18

* fix for issue #19

* fix issue #16: NIST tag duplication (#20)

* v-73607: minor edit; v-73223: account all systems

* update V-73231

* update V-73247

* update V-73391

* minor edit to v-73391

* update V-73391 to be more readable

* update V-73249

* update v-73249 and v-73251

* update V-73249 and V-73251

* remove commented lines from V-73251

* update V-73253

* remove comments

* update V-73255

* remove comments

* update V-73369

* update V-73381

* update V-73375

* fixes issue #22

* update V-73255 for readability

* control fixes so inspec v4.18 can run execute (#21)

* control fixes so inspec v4.18 can run execute

* update inspec.yml

* fixes for issue #14

* fixes for issue #15

* fix for issue #14

* update check, fix tags to use new  desc format (#23)

Co-authored-by: Krishna Kola <kkola@digitalinfuzion.com>
Co-authored-by: Rony Xavier <rx294@nyu.edu>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant