Merge pull request #321 from fbprogmbh/approve

AuditTAP Release 5.5
fbprogmbh · Mar 24, 2023 · a8b9d29 · a8b9d29
2 parents bc3ba56 + dd3fa7c
commit a8b9d29
Show file tree

Hide file tree

Showing 107 changed files with 6,862 additions and 5,736 deletions.
diff --git a/ATAPAuditor/ATAPAuditor.psd1 b/ATAPAuditor/ATAPAuditor.psd1
@@ -1,6 +1,6 @@
 @{
 RootModule = 'ATAPAuditor.psm1'
-ModuleVersion = '5.4'
+ModuleVersion = '5.5'
 GUID = '1662a599-4e3a-4f72-a844-9582077b589e'
 Author = 'Benedikt Böhme, Patrick Helbach, Steffen Winternheimer'
 CompanyName = 'FB Pro GmbH'

diff --git a/ATAPAuditor/ATAPAuditor.psm1 b/ATAPAuditor/ATAPAuditor.psm1
@@ -3,6 +3,7 @@ using namespace Microsoft.PowerShell.Commands
 #region Initialization
 
 $RootPath = Split-Path $MyInvocation.MyCommand.Path -Parent
+. "$RootPath\Helpers\HashHelper.ps1"
 
 $script:atapReportsPath = $env:ATAPReportPath
 if (-not $script:atapReportsPath) {
@@ -126,6 +127,21 @@ function Test-ArrayEqual {
 	return $true
 }
 
+function Get-LicenseStatus{
+	$licenseStatus = (Get-CimInstance SoftwareLicensingProduct -Filter "Name like 'Windows%'" | where { $_.PartialProductKey } | select Description, LicenseStatus -ExpandProperty LicenseStatus)
+	switch($licenseStatus){
+		"0" {$lcStatus = "Unlicensed"}
+		"1" {$lcStatus = "Licensed"}
+		"2" {$lcStatus = "OOBGrace"}
+		"3" {$lcStatus = "OOTGrace"}
+		"4" {$lcStatus = "NonGenuineGrace"}
+		"5" {$lcStatus = "Notification"}
+		"6" {$lcStatus = "ExtendedGrace"}
+	}
+	return $lcStatus
+}
+
+
 # Get domain role
 # 0 {"Standalone Workstation"}
 # 1 {"Member Workstation"}
@@ -295,17 +311,31 @@ function Test-AuditGroup {
 				$domainRoles = $DomainRoleConstraint.Values
 				if ($currentRole -notin $domainRoles) {
 					$roleValue = (Get-CimInstance -Class Win32_ComputerSystem).DomainRole
-					if($roleValue -eq 4 -or $roleValue -eq 5){
-						$message = 'Not applicable. This audit only applies to Domain controllers.'
-						$status = [AuditInfoStatus]::None
-					}
-					if($roleValue -ne 4 -or $roleValue -ne 5){
-						$message = 'Not applicable. This audit does not apply to Domain controllers.'
-						$status = [AuditInfoStatus]::None
-					}
-					if($roleValue -eq 0 -or $roleValue -eq 2){
-						$message = 'Not applicable. This audit does not apply to Standalone systems.'
-						$status = [AuditInfoStatus]::None
+					switch ($roleValue) {
+						0 {	
+							$message = 'Not applicable. This audit does not apply to Standalone Workstation.'
+							$status = [AuditInfoStatus]::None
+						}
+						1 {	
+							$message = 'Not applicable. This audit does not apply to Member Workstation.'
+							$status = [AuditInfoStatus]::None
+						}
+						2 {	
+							$message = 'Not applicable. This audit does not apply to Standalone Server.'
+							$status = [AuditInfoStatus]::None
+						}
+						3 {	
+							$message = 'Not applicable. This audit does not apply to Member Server.'
+							$status = [AuditInfoStatus]::None
+						}
+						4 {	
+							$message = 'Not applicable. This audit does not apply to Backup Domain Controller.'
+							$status = [AuditInfoStatus]::None
+						}
+						5 {	
+							$message = 'Not applicable. This audit does not apply to Primary Domain Controller.'
+							$status = [AuditInfoStatus]::None
+						}
 					}
 					Write-Output ([AuditInfo]@{
 						Id = $test.Id
@@ -334,21 +364,6 @@ function Test-AuditGroup {
 					}
 				}
 			}
-			if($test.Task -match "(MS only)"){
-				if($role.domainRole -ne 2 -and $role.domainRole -ne 3){
-					$message = 'Not applicable. This audit does not apply to Domain Controller systems.'
-					$status = [AuditInfoStatus]::None
-					Write-Output ([AuditInfo]@{
-						Id = $test.Id
-						Task = $test.Task
-						Message = $message
-						Status = $status
-					})
-					continue
-				}
-			}
-
-
 			try {
 				$innerResult = & $test.Test
 
@@ -561,8 +576,15 @@ function Save-ATAPHtmlReport {
 			}
 		}
 	}
+	$LicenseStatus = Get-LicenseStatus
+
+	$report = Invoke-ATAPReport -ReportName $ReportName 
+
+	#hashes for each recommendation
+	$hashtable_sha256 = GenerateHashTable $report
+
 
-	Invoke-ATAPReport -ReportName $ReportName | Get-ATAPHtmlReport -Path $Path -RiskScore:$RiskScore #-DarkMode:$DarkMode
+	$report | Get-ATAPHtmlReport -Path $Path -RiskScore:$RiskScore -hashtable_sha256:$hashtable_sha256 -LicenseStatus:$LicenseStatus #-DarkMode:$DarkMode 
 }
 
 New-Alias -Name 'shr' -Value Save-ATAPHtmlReport

diff --git a/ATAPAuditor/AuditGroups/Application Control.ps1 b/ATAPAuditor/AuditGroups/Application Control.ps1
@@ -1,33 +1,8 @@
-function isWindows8OrNewer {
-	return ([Environment]::OSVersion.Version -ge (New-Object 'Version' 6,2))
-}
-function isWindows81OrNewer {
-	return ([Environment]::OSVersion.Version -ge (New-Object 'Version' 6,3))
-}
-function isWindows10OrNewer {
-	return ([Environment]::OSVersion.Version -ge (New-Object 'Version' 10,0))
-}
-function win7NoTPMChipDetected {
-	return (Get-CimInstance -ClassName Win32_Tpm -Namespace root\cimv2\security\microsofttpm | Select-Object -ExpandProperty IsActivated_InitialValue) -eq $null
-}
-function hasTPM {
-	try {
-		$obj = (Get-Tpm).TpmPresent
-	} catch {
-		return $null
-	}
-	return $obj
-}
-function isWindows10Enterprise {
-    $os = Get-ComputerInfo OsName
-    if($os -match "Windows 10 Enterprise" -or $os -match "Windows 11 Enterprise"){
-        return $true
-    }
-    return $false
-}
-
+$RootPath = Split-Path $MyInvocation.MyCommand.Path -Parent
+$RootPath = Split-Path $RootPath -Parent
+. "$RootPath\Helpers\AuditGroupFunctions.ps1"
 [AuditTest] @{
-	Id = "SBD-070"
+    Id = "SBD-072"
 	Task = "Ensure Windows Defender Application Control (WDAC) is available."
 	Test = {
         if(isWindows10Enterprise -eq $true){
@@ -43,7 +18,7 @@ function isWindows10Enterprise {
 	}
 }
 [AuditTest] @{
-	Id = "SBD-071"
+	Id = "SBD-073"
 	Task = "Ensure Windows Defender Application ID Service is running."
 	Test = {
         if((Get-Service -Name APPIDSvc).Status -eq "Running"){