Skip to content

Commit

Permalink
Merge pull request #416 from fbprogmbh/approve
Browse files Browse the repository at this point in the history 
Update AuditTAP 5.6.1
  • Loading branch information
@TuemmlerKelch
TuemmlerKelch authored Oct 4, 2023
2 parents 4f4aa94 + 6780d17 commit b593df7
Show file tree
Hide file tree
Showing 95 changed files with 4,565 additions and 3,487 deletions.
2 changes: 1 addition & 1 deletion ATAPAuditor/ATAPAuditor.psd1
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
@{
RootModule = 'ATAPAuditor.psm1'
ModuleVersion = '5.6'
ModuleVersion = '5.6.1'
GUID = '1662a599-4e3a-4f72-a844-9582077b589e'
Author = 'Benedikt Böhme, Patrick Helbach, Steffen Winternheimer, Phan Quang Nguyen, Daniel Ströher'
CompanyName = 'FB Pro GmbH'
Expand Down
2 changes: 1 addition & 1 deletion ATAPAuditor/ATAPAuditor.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,7 @@ function Test-AuditGroup {

#Windows OS
if([System.Environment]::OSVersion.Platform -ne 'Unix'){
$role = Get-Wmiobject -Class 'Win32_computersystem' -ComputerName $env:computername | Select-Object domainrole
$role = Get-CimInstance -Class 'Win32_computersystem' -ComputerName $env:computername | Select-Object domainrole
if($test.Task -match "(DC only)"){
if($role.domainRole -ne 4 -and $role.domainRole -ne 5){
$message = 'Not applicable. This audit does not apply to Member Server systems.'
Expand Down
4 changes: 2 additions & 2 deletions ATAPAuditor/AuditGroups/Connectivity Security.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@
Id = "SBD-039"
Task = "Ensure NetBios is set to 'Disabled'."
Test = {
$value = (Get-WmiObject -Class Win32_NetWorkAdapterConfiguration -Filter "IPEnabled=$true").TcpipNetbiosOptions
$value = (Get-CimInstance -Class Win32_NetWorkAdapterConfiguration -Filter "IPEnabled=$true").TcpipNetbiosOptions
if($value -eq 2){
return @{
Message = "Compliant"
Expand Down Expand Up @@ -1196,7 +1196,7 @@
Task = "Check NETBIOS-Status for all active NICs"
Test = {
try{
$networkCards = Get-WmiObject win32_networkadapterconfiguration -filter 'IPEnabled=true' | select Description, TcpipNetbiosOptions
$networkCards = Get-CimInstance win32_networkadapterconfiguration -filter 'IPEnabled=true' | select Description, TcpipNetbiosOptions
$nonCompliantCards = @()

for($i = 0; $i -lt $networkCards.Count; $i++){
Expand Down
212 changes: 132 additions & 80 deletions ATAPAuditor/AuditGroups/Microsoft Windows 10 SiSyPHuS HD-BSI-1.3#RegistrySettings.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8999,34 +8999,47 @@ $windefrunning = CheckWindefRunning
Task = "(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'."
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters" `
-Name "RequireSecuritySignature" `
| Select-Object -ExpandProperty "RequireSecuritySignature"

if ($regValue -ne 1) {
if((Get-SmbClientConfiguration).RequireSecuritySignature -ne $True){
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Message = "RequireSecuritySignature is not set to True"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
Message = "Compliant"
Status = "True"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
catch {
try{
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters" `
-Name "RequireSecuritySignature" `
| Select-Object -ExpandProperty "RequireSecuritySignature"

if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
}

return @{
Message = "Compliant"
Status = "True"
}
}
}
Expand All @@ -9035,34 +9048,47 @@ $windefrunning = CheckWindefRunning
Task = "(ND, NE) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'."
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters" `
-Name "EnableSecuritySignature" `
| Select-Object -ExpandProperty "EnableSecuritySignature"

if ($regValue -ne 1) {
if((Get-SmbClientConfiguration).EnableSecuritySignature -ne $True){
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Message = "EnableSecuritySignature is not set to True"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
Message = "Compliant"
Status = "True"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
catch {
try{
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters" `
-Name "EnableSecuritySignature" `
| Select-Object -ExpandProperty "EnableSecuritySignature"

if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
}

return @{
Message = "Compliant"
Status = "True"
}
}
}
Expand Down Expand Up @@ -9143,34 +9169,47 @@ $windefrunning = CheckWindefRunning
Task = "(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'."
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters" `
-Name "RequireSecuritySignature" `
| Select-Object -ExpandProperty "RequireSecuritySignature"

if ($regValue -ne 1) {
if((Get-SmbServerConfiguration).RequireSecuritySignature -ne $True){
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Message = "RequireSecuritySignature is not set to True"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
Message = "Compliant"
Status = "True"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
catch {
try{
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters" `
-Name "RequireSecuritySignature" `
| Select-Object -ExpandProperty "RequireSecuritySignature"

if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
}

return @{
Message = "Compliant"
Status = "True"
}
}
}
Expand All @@ -9179,34 +9218,47 @@ $windefrunning = CheckWindefRunning
Task = "(ND, NE) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'. "
Test = {
try {
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters" `
-Name "EnableSecuritySignature" `
| Select-Object -ExpandProperty "EnableSecuritySignature"

if ($regValue -ne 1) {
if((Get-SmbServerConfiguration).EnableSecuritySignature -ne $True){
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Message = "EnableSecuritySignature is not set to True"
Status = "False"
}
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
Message = "Compliant"
Status = "True"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
catch {
try{
$regValue = Get-ItemProperty -ErrorAction Stop `
-Path "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters" `
-Name "EnableSecuritySignature" `
| Select-Object -ExpandProperty "EnableSecuritySignature"

if ($regValue -ne 1) {
return @{
Message = "Registry value is '$regValue'. Expected: 1"
Status = "False"
}
}
return @{
Message = "Compliant"
Status = "True"
}
}
catch [System.Management.Automation.PSArgumentException] {
return @{
Message = "Registry value not found."
Status = "False"
}
}
catch [System.Management.Automation.ItemNotFoundException] {
return @{
Message = "Registry key not found."
Status = "False"
}
}
}

return @{
Message = "Compliant"
Status = "True"
}
}
}
Expand Down
Loading

0 comments on commit b593df7

Please sign in to comment.