-
Notifications
You must be signed in to change notification settings - Fork 0
The configuration file
The configuration file (here on config, config file or just CF) is the file where CIS_Win retrieves the information it needs to get the policies and their expected values. Miss configuring will most likely prevent the program from working correctly! No. Not a joke. π
The CF is a comma-separated values
sheet. It should be located in the work π (same as the program) and end in CSV
- the standard extension for comma-separated values files. You can edit the file with a standard plain-text editor like notepad, but most table sheet programs like excel can open them too (and I would recommend that method...). The file is read in utf-8
encoding though it can be read in utf-16
if needed.
π ideally you should let the program generate it and fill it afterwards.
With the version 0.1.1 config, the header should look like this...
Version:,0.1.1
Note:,Max_val is inclusive --> min=0 max=5 = 0-1-2-3-4-5.
Number,Section,Policy_name,Human_readable_policy_name,Type,Min_val,Max_val,Exact_val
---------------,---------------,---------------,---------------,---------------,---------------,---------------,---------------
... in a text editor; and like this...
Version: | 0.1.1 | ||||||
Note: | Max_val is inclusive --> min=0 max=5 = 0-1-2-3-4-5. | ||||||
Number | Section | Policy_name | Human_readable_policy_name | Type | Min_val | Max_val | Exact_val |
--------------- | --------------- | --------------- | --------------- | --------------- | --------------- | --------------- | --------------- |
... in a tabling program. tabler. whatever you call it.
π Never mind the top empty row. This is a
MarkDown
requirement and I don't want column headings formating.
Do not change these lines! They are program-generated and used in the program for validation... Modifying will most likely cause an error and your π» will π± at you!
The body starts after the lines column (indicating end of header). Fill the columns with the content matching the column header.
- The
Number
column is the section/item number in the compliance file thingy. - The
Section
column is the section in thegroup-prolicy.xml
file. - The
Policy_name
column is the policy you are looking π for. - The
Human_readable_policy_name
column is what you want to name your policy. This is (intended) to be a more humanly readable and understandable name. This string will be displayed in the out.csv file in the Policy_name column. If right blank, the program will use thePolicy_name
. - The
Type
column is the type of the input value. See Types - The
Min_val
column is the minimum expected value for compliance. On the opposite, - The
Max_val
column is the maximum expected value for compliance. Note that this value is inclusive. Example:
Min_val = 0
Max_val = 5
tuple(range(Min_val, Max_val)) == (0, 1, 2, 3, 4, 5) # NOTE: 5 IS included!
- Exact_val is the exact expected value for compliance.
π You can only use a min, max, range or an exact value. Not doing so will make your π» π±.
If you want, you can add comments by setting Number
to Comment
(cAsE SenSitiVe!). The program will ignre these lines.
1.1.1,rsop:ComputerResults/rsop:ExtensionData/settings:Extension/security:Account,PasswordHistorySize,,int,24,,
Comment,rsop:ComputerResults/rsop:ExtensionData/settings:Extension/security:Account,MaximumPasswordAge,,int,1,61,
The first line will be read and the policy evaluated. The second line will not be read even if it contains a policy. #debugging!
Currently, there is no multiline comment available, but you can make a pull request.
As CIS_Win will be working with an XML file using stupid namespaces, you need to supply the full name (including namespace) or you can use the currently hard programmed namespaces like here below:
# NOTE: This is a politically correct version.
NAMESPACE = {
"rsop" : "http://www.microsoft.com/GroupPolicy/Rsop",
"settings" : "http://www.microsoft.com/GroupPolicy/Settings",
"registry" : "http://www.microsoft.com/GroupPolicy/Settings/Registry",
"security" : "http://www.microsoft.com/GroupPolicy/Settings/Security",
"type" : "http://www.microsoft.com/GroupPolicy/Types"
}