Skip to content

The configuration file

Jump to bottom
Theo Technicguy edited this page Jul 6, 2020 · 8 revisions

The configuration file (here on config, config file or just CF) is the file where CIS_Win retrieves the information it needs to get the policies and their expected values. Miss configuring will most likely prevent the program from working correctly! No. Not a joke. πŸ˜„

The file

The CF is a comma-separated values sheet. It should be located in the work πŸ“ (same as the program) and end in CSV - the standard extension for comma-separated values files. You can edit the file with a standard plain-text editor like notepad, but most table sheet programs like excel can open them too (and I would recommend that method...). The file is read in utf-8 encoding though it can be read in utf-16 if needed.

πŸ‘ ideally you should let the program generate it and fill it afterwards.

The header

With the version 0.1.0 config, the header should look like this...

Version:,0.1.0
Note:,Max_val is excluded --> min=0 max=5 = 0-1-2-3-4.
Number,Section,Policy_name,User_key,Type,Min_val,Max_val,Exact_val
---------------,---------------,---------------,---------------,---------------,---------------,---------------,---------------

... in a text editor; and like this...
Version: 0.1.0
Note: Max_val is excluded --> min=0 max=5 = 0-1-2-3-4.
Number Section Policy_name Human_readable_policy_name Type Min_val Max_val Exact_val
--------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------

... in a tabling program. tabler. whatever you call it.

πŸ‘ Never mind the top empty row. This is a MarkDown requirement and I don't want column headings.

Do not change these lines! They are program-generated and used in the program for validation... Modifying will most likely cause an error and your πŸ’» will 😱 at you

The body

The body starts after the lines column (indicating end of header). Fill the columns with the content matching the column header.

  1. The Number column is the section/item number in the compliance file thingy.
  2. The Section column is the section in the group-prolicy.xml file.
  3. The Policy_name column is the policy you are looking πŸ‘€ for.
  4. The Human_readable_policy_name column is what you want to name your policy. This is (intended) to be a more humanly readable and understandable name. This string will be displayed in the out.csv file in the Policy_name column. If right blank, the program will use the Policy_name.
  5. The Type column is the type of the input value. See Types
  6. The Min_val column is the minimum expected value for compliance. On the opposite,
  7. The Max_val column is the maximum expected value for compliance. Note that this value is exclusive. Example:
Min_val = 0
Max_val = 5
tuple(range(Min_val, Max_val)) == (0, 1, 2, 3, 4) # NOTE: 5 is NOT included!
  1. Exact_val is the exact expected value for compliance.

πŸ‘ You can only use a min, max, range or an exact value. Not doing so will make your πŸ’» 😱.

Comments

If you want, you can add comments by setting Number to Comment (cAsE SenSitiVe!). The program will ignre these lines.

1.1.1,rsop:ComputerResults/rsop:ExtensionData/settings:Extension/security:Account,PasswordHistorySize,,int,24,,
Comment,rsop:ComputerResults/rsop:ExtensionData/settings:Extension/security:Account,MaximumPasswordAge,,int,1,61,

The first line will be read and the policy evaluated. The second line will not be read even if it contains a policy. #debugging!

Currently, there is no multiline comment available, but you can make a pull request.

Namespaces

As CIS_Win will be working with an XML file using stupid namespaces, you need to supply the full name (including namespace) or you can use the currently hard programmed namespaces like here below:

# NOTE: This is a politically correct version.
NAMESPACE = {
    "rsop" :      "http://www.microsoft.com/GroupPolicy/Rsop",
    "settings" :  "http://www.microsoft.com/GroupPolicy/Settings",
    "registry" :  "http://www.microsoft.com/GroupPolicy/Settings/Registry",
    "security" :  "http://www.microsoft.com/GroupPolicy/Settings/Security",
    "type" :      "http://www.microsoft.com/GroupPolicy/Types"
}
Clone this wiki locally