Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content irrelevant IDs falsify the result #431

Closed
svndh opened this issue Oct 18, 2023 · 4 comments · Fixed by #475
Closed

Content irrelevant IDs falsify the result #431

svndh opened this issue Oct 18, 2023 · 4 comments · Fixed by #475
Assignees
@qngngyn
Labels
bug Something isn't working information needed Extra attention is needed
Milestone
5.7.1

Comments

@svndh
Copy link

svndh commented Oct 18, 2023
edited
Loading

What i did

I performed an AuditTAP report for Windows Server 2022 DC with the latest version on a Domain-Controller 2022 and reviewed the result within the area "Hardening settings"

What i noticed

Concerning ID 2.3.10.9 A, 2.3.10.9 B and 2.3.10.9 C all of these split IDs are scored although only one entry can be true. In this case (see following screenshot) two tasks with the status false falsify the result because in the end the combination of 2.3.10.9 A and its status implies that the remaining tasks of 2.3.10.9 B and 2.3.10.9 C can no longer be relevant in terms of content and must therefore be excluded from the scoring --> Status = None

image

What to do

Please check this behaviour in this and other reports and verify if the interdependencies are taken into account.
@SteffenWinternheimer SteffenWinternheimer added this to the 5.7.1 milestone Nov 20, 2023
@qngngyn qngngyn self-assigned this Nov 27, 2023
@qngngyn qngngyn mentioned this issue Nov 27, 2023
Merged
@qngngyn
Copy link
Collaborator

qngngyn commented Nov 27, 2023

Fix can only be done for servers 16, 19, 22
12 can't be done.

@TuemmlerKelch
Copy link
Collaborator

TuemmlerKelch commented Nov 28, 2023
edited
Loading

Hi @qngngyn,
I merged the Pull Request, however I would like to understand the issue when it comes to Server 2012, maybe we can establish a workaround.
Leaving this open for now

@TuemmlerKelch TuemmlerKelch added bug Something isn't working information needed Extra attention is needed labels Nov 28, 2023
@qngngyn
Copy link
Collaborator

qngngyn commented Nov 28, 2023

@TuemmlerKelch
The function used to determine whether a system has CA Services or WINS Role Feature installed is Get-WindowsFeature. I could not find a way to do this in Windows Server 2012.

I consulted the following sources:

Both sources used the "Get-WindowsFeature" cmdlet which does not exist on freshly installed Windows Server 2012.

@TuemmlerKelch
Copy link
Collaborator

@qngngyn I suppose we do a check if ServerManager module exists on the target system. If that is not the case, we cannot use Get-WindowsFeature and resort to just carrying out of all the checks. Then the user will have to manually check.

@qngngyn qngngyn mentioned this issue Nov 29, 2023
Merged
@qngngyn qngngyn linked a pull request Nov 29, 2023 that will close this issue
Added 2012 checks CA/WINS #475
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@qngngyn qngngyn

Labels
bug Something isn't working information needed Extra attention is needed
Projects
None yet
Milestone
5.7.1
Development

Successfully merging a pull request may close this issue.

Added 2012 checks CA/WINS fbprogmbh/Audit-Test-Automation
4 participants
@SteffenWinternheimer @TuemmlerKelch @qngngyn @svndh