-
Notifications
You must be signed in to change notification settings - Fork 0
The configuration file
The configuration file (here on config, config file or just CF) is the file where CIS_Win retrieves the information it needs to get the policies and their expected values. Miss configuring will most likely prevent the program from working correctly! No. Not a joke. π
The CF is a comma-separated values sheet. It should be located in the work π (same as the program) and end in CSV - the standard extension for comma-separated values files. You can edit the file with a standard plain-text editor like notepad, but most table sheet programs like excel can open them too (and I would recommend that method...). The file is read in utf-8 encoding though it can be read in utf-16 if needed.
π ideally you should let the program generate it and fill it afterwards.
With the version 0.1.1 config, the header should look like this...
Version:,0.1.1
Note:,Max_val is inclusive --> min=0 max=5 = 0-1-2-3-4-5.
Number,Section,Policy_name,Human_readable_policy_name,Type,Min_val,Max_val,Exact_val
---------------,---------------,---------------,---------------,---------------,---------------,---------------,---------------
... in a text editor; and like this...
| Version: | 0.1.1 | ||||||
| Note: | Max_val is inclusive --> min=0 max=5 = 0-1-2-3-4-5. | ||||||
| Number | Section | Policy_name | Human_readable_policy_name | Type | Min_val | Max_val | Exact_val |
| --------------- | --------------- | --------------- | --------------- | --------------- | --------------- | --------------- | --------------- |
... in a tabling program. tabler. whatever you call it.
π Never mind the top empty row. This is a
MarkDownrequirement and I don't want column headings formating.
Do not change these lines! They are program-generated and used in the program for validation... Modifying will most likely cause an error and your π» will π± at you!
The body starts after the lines column (indicating end of header). Fill the columns with the content matching the column header.
- The
Numbercolumn is the section/item number in the compliance file thingy. - The
Sectioncolumn is the section in thegroup-prolicy.xmlfile. - The
Policy_namecolumn is the policy you are looking π for. - The
Human_readable_policy_namecolumn is what you want to name your policy. This is (intended) to be a more humanly readable and understandable name. This string will be displayed in the out.csv file in the Policy_name column. If right blank, the program will use thePolicy_name. - The
Typecolumn is the type of the input value. See Types - The
Min_valcolumn is the minimum expected value for compliance. On the opposite, - The
Max_valcolumn is the maximum expected value for compliance. Note that this value is inclusive. Example:
Min_val = 0
Max_val = 5
tuple(range(Min_val, Max_val)) == (0, 1, 2, 3, 4, 5) # NOTE: 5 IS included!- Exact_val is the exact expected value for compliance.
π You can only use a min, max, range or an exact value. Not doing so will make your π» π±.
If you want, you can add comments by setting Number to Comment (cAsE SenSitiVe!). The program will ignore these lines.
1.1.1,rsop:ComputerResults/rsop:ExtensionData/settings:Extension/security:Account,PasswordHistorySize,,int,24,,
Comment,rsop:ComputerResults/rsop:ExtensionData/settings:Extension/security:Account,MaximumPasswordAge,,int,1,61,
The first line will be read and the policy evaluated. The second line will not be read even if it contains a policy. #debugging!
Currently, there is no multiline comment available, but you can make a pull request.
XML has something called namespacing. This, in our case, prefixes the tag with {url} so that it looks like {url}tag.
Example:
You want to get the policy PasswordHistorySize. In the xml this one is abreviated:
<Rsop xmlns="http://www.microsoft.com/GroupPolicy/Rsop">
<ComputerResults>
<ExtensionData xmlns="http://www.microsoft.com/GroupPolicy/Settings">
<Extension xmlns:q10="http://www.microsoft.com/GroupPolicy/Settings/Security">
<q10:Account>The Rsop clause sets xmlns - xml namespace - to http://www.microsoft.com/GroupPolicy/Rsop. This is carried over to ComputerResults and ExtensionData because no new xmlns is set. So, the path to ExtensionData is:
{http://www.microsoft.com/GroupPolicy/Rsop}ComputerResults/{http://www.microsoft.com/GroupPolicy/Rsop}ExtensionData
π Rsop is excluded because it is the root of the document.
Now it gets complicated... ExtensionData sets xmlns to http://www.microsoft.com/GroupPolicy/Settings; this means that every child item of ExtensionData will have this namespace and not the one from Rsop. Our path to Extension becomes:
{http://www.microsoft.com/GroupPolicy/Rsop}ComputerResults/{http://www.microsoft.com/GroupPolicy/Rsop}ExtensionData/{http://www.microsoft.com/GroupPolicy/Settings}Extension
Extension now sets the q10 tag of the xmlns to http://www.microsoft.com/GroupPolicy/Settings/Security. Account is preset by q10 means that we need to use this namespace.
{http://www.microsoft.com/GroupPolicy/Rsop}ComputerResults/{http://www.microsoft.com/GroupPolicy/Rsop}ExtensionData/{http://www.microsoft.com/GroupPolicy/Settings}Extension/{http://www.microsoft.com/GroupPolicy/Settings/Security}Account
Here you have the full path to Accounts.
You will notice, however, that this is difficult and annoying: one typo will make your π» π±. This is why the program uses namespaces. Replace all the links above with the namespace from below, ignore the {} and separate the namespace from the tag with :; like so:
rsop:ComputerResults/rsop:ExtensionData/settings:Extension/security:Account
As CIS_Win will be working with an XML file using stupid namespaces, you need to supply the full name (including namespace) or you can use the currently hard programmed namespaces like here below:
# NOTE: This is a politically correct version.
NAMESPACE = {
"rsop" : "http://www.microsoft.com/GroupPolicy/Rsop", # root
"settings" : "http://www.microsoft.com/GroupPolicy/Settings", # root 2
"type" : "http://www.microsoft.com/GroupPolicy/Types", # root 3
"script" : "http://www.microsoft.com/GroupPolicy/Settings/Scripts", # q1 & q6
"win-reg" : "http://www.microsoft.com/GroupPolicy/Settings/Windows/Registry", # q2 & q8
"pub-key" : "http://www.microsoft.com/GroupPolicy/Settings/PublicKey", # q3 & q12
"registry" : "http://www.microsoft.com/GroupPolicy/Settings/Registry", # q4 & q5 & q15 & q16
"audit" : "http://www.microsoft.com/GroupPolicy/Settings/Auditing", # q7
"file" : "http://www.microsoft.com/GroupPolicy/Settings/Files", # q9
"security" : "http://www.microsoft.com/GroupPolicy/Settings/Security", # q10 & q11
"eqos" : "http://www.microsoft.com/GroupPolicy/Settings/eqos", # q13
"fw" : "http://www.microsoft.com/GroupPolicy/Settings/WindowsFirewall" # q14
}