The CodeGov PowerShell module is used to generate the NSA Cybersecurity GitHub code.gov JSON file.
To get started using the tools:
- Install prerequisites
- Download the repository as a zip file
- Configure PowerShell
- Load the code
- Run the code
This module depends on NewtonSoft.Json and NewtonSoft.Json.Schema for validation of the generated code.gov JSON file. Download the latest release from each project and use gacutil to install the files to the Global Assembly Cache (GAC).
- gacutil -i %userprofile%\Downloads\Json110r2\Bin\net40\Newtonsoft.Json.dll
- gacutil -i %userprofile%\Downloads\Json110r2\Bin\net45\Newtonsoft.Json.dll
- gacutil -i %userprofile%\Downloads\JsonSchema30r10\Bin\net40\Newtonsoft.Json.Schema.dll
- gacutil -i %userprofile%\Downloads\JsonSchema30r10\Bin\net45\Newtonsoft.Json.Schema.dll
Downloading the repository
Download the current code to your Downloads folder. It will be saved as PSCodeGov-master.zip by default.
Configuring the PowerShell environment
The PowerShell commands are meant to run from a system with at least PowerShell 4.0 and .Net 4.5 installed. PowerShell may need to be configured to run the commands.
Changing the PowerShell execution policy
Users may need to change the default PowerShell execution policy. This can be achieved in a number of different ways:
- Open a command prompt and run powershell.exe -ExecutionPolicy Unrestricted and run scripts from that PowerShell session.
- Open a PowerShell prompt and run Set-ExecutionPolicy Unrestricted -Scope Process and run scripts from the current PowerShell session.
- Open an administrative PowerShell prompt and run Set-ExecutionPolicy Unrestricted and run scripts from any PowerShell session.
Unblocking the PowerShell scripts
Users will need to unblock the downloaded zip file since it will be marked as having been downloaded from the Internet which PowerShell will block from executing by default. Open a PowerShell prompt and run the following commands to unblock the PowerShell code in the zip file:
Unblock-File -Path '.\CodeGov-master.zip'
Running the PowerShell scripts inside the zip file without unblocking the file will result in the following warning:
Security warning Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning message. Do you want to run C:\users\user\Downloads\script.ps1? [D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"):
If the downloaded zip file is not unblocked before extracting it, then all the individual PowerShell files that were in the zip file will have to be unblocked. You will need to run the following command after Step 5 in the Loading the code section:
Get-ChildItem -Path '.\CodeGov' -Recurse -Include '*.ps1','*.psm1','*.psd1' | Unblock-File -Verbose
See the Unblock-File command's documentation for more information on how to use it.
Loading the code
Now extract the downloaded zip file and load the PowerShell code used for apply the policies.
- Right click on the zip file and select Extract All
- At the dialog remove CodeGov-master from the end of the path since it will extract the files to a CodeGov-master folder by default
- Click the Extract button
- From the previously opened PowerShell prompt, rename the CodeGov-master folder to CodeGov
mv .\CodeGov-master\ .\CodeGov\
- Inside the CodeGov folder is another folder named CodeGov which is a PowerShell module. Move this folder to a folder path in your $PSModulePath such as C:\users\username\Documents\WindowsPowerShell\Modules
mv .\CodeGov "$env:USERPROFILE\Documents\WindowsPowerShell\Modules"
Running the code