7/30/2023 0 Comments Cis benchmark scriptsThe original is in the Utils folder, with some other script you can use. Here structure of the CIS Script folder, in the root of the folder, there is a symbolic link to the assemble script. This will be hard to maintain if a new macOS has released.įor that reason, and for easy maintaining, the CIS-Script is assembled out of a bunch of fragments. To resolve this I combined the reporting script with remediation with the option to enable remediation or not.Īnd we need to keep in mind that every year we get a new macOS release and like macOS, Security is a moving target.īasically things change, and we don’t want to edit and maintain an 3000 line script. However I still needed an extra script for remediation. While working with CIS Benchmark, Script and Configuration Profile, I had the feeling there was missing a overview with compleet reporting, and there for build a read only CIS-Reporting script you can find hereĮnded up with seperate tools, creation of the Documention, Configuration Profiles and Reporting. I created custom rules set for CIS Benchmark to integrate with the macOS Security Compliance Project and published CIS-macOS-Security. The guys from the macOS Security Compliance Project did an amazing job automating the guidance and configuration profiles. While working with CIS Benchmarks (Remediation Scripts and/or Configuration Profiles) I felt this could be done better, faster and easier. Please see the MIT license for more information.This CIS Script is build to report and remediate based on the your organisation score. Please do not use these scripts in a production environment without reading them over first. ![]() Windows Server 2016v1604 Domain Controller and member server Windows Server 2012r2 Domain Controller and member server Warning - this module is a work in progress! It also makes extensive use of the registry resource and the file resource. The module is designed to run scripts only if the test script fails with exit code of 1 using the Puppet unless attribute on the Exec resource. This can be found at base_cis::base_windows::twentysixteen_template or base_cis::base_windows::twentytwelve_template ::base_cis::base_windows::twentytwelve_dc_registry - Registry settings and most of the local policiesįirst thing to modify would be the regex used to determine if a server is a domain controller or not.::base_cis::base_windows::twentytwelve_client_registry - Registry settings and most of the local policies.base_cis::base_windows::twentytwelve_template - Pushes over files / Powershell scripts that run if out of compliance.::base_cis::base_windows::twentysixteen_dc_registry - Registry settings and most of the local policies.::base_cis::base_windows::twentysixteen_client_registry - Registry settings and most of the local policies.base_cis::base_windows::twentysixteen_template - Pushes over files / Powershell scripts that run if out of compliance.::base_cis::base_rhel::rhel_cis - Shell scripts that run if out of compliance.base_cis::base_rhel::rhel_template - Pushes over files.::base_cis::base_centos::centos_cis - Shell scripts that run if out of compliance.::base_cis::base_centos::centos_template - Pushes over files.Run the following on the servers you deploy: Logs can be found under C:\ProgramData\PuppetLabs\scripts\puppet\logs. Then run the CIS Benchmark Assessor program to view your results. Pin the nodes in your test lab to that classification group for this to take effect! In the Puppet Website of your server, create a classification under production and add this class to your group. # delete older versions of this module if they exist. # Send the zip file to your puppet masterĬd /etc/puppetlabs/code/environments/production/modules/ # Assuming you took the folder 'base_cis' and created a zip file of it and drag-n-drop it to your Windows VM with WSL installed. # Assuming your testlab puppet master is 10.12.12.200 and you have a local user named 'gerry' with sudo rights. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |