diff --git a/CHANGELOG.md b/CHANGELOG.md index d1b971d11..e1ed6d14d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -86,251 +86,3 @@ * Updated logfile in DotNet Framework STIG leveraging HardCodedRule to automate additional STIG rules. [#454](https://github.com/microsoft/PowerStig/issues/454) * Fixed [#493](https://github.com/microsoft/PowerStig/issues/493): IIS 8/5 Server STIG rule V-76745 is referencing the incorrect IIS default path * Fixed [#505](https://github.com/microsoft/PowerStig/issues/505): Missing reg key setting on V-76759 IIS Server 8.5 v1R7 - -## [3.3.0] - 2019-08-12 - -UPDATES - -* Fixed [#419](https://github.com/Microsoft/PowerStig/issues/419): PowerStig is creating resource xSSLSettings with the wrong value for Name. -* Updated PowerSTIG to leverage AuditSetting instead of the Script resource. Additionally renamed WmiRule to AuditSettingRule [#431](https://github.com/Microsoft/PowerStig/issues/431) - -Added the following STIG - -* Added support for Windows 10, Version 1, Release 17 [#442](https://github.com/microsoft/PowerStig/issues/442) -* Added support for Windows Defender, Version 1, Release 5 [#393](https://github.com/microsoft/PowerStig/issues/393) -* Added support for Internet Explorer 11 Version 1, Release 17 [#422](https://github.com/Microsoft/PowerStig/issues/422) -* Added support for Server 2016 STIG, Version 1, Release 8 [#418](https://github.com/Microsoft/PowerStig/issues/418) - -## [3.2.0] - 2019-05-24 - -* Added support for IIS 8.5 Server STIG, Version 1, Release 7 [#399](https://github.com/Microsoft/PowerStig/issues/399) -* Fixed [#373](https://github.com/Microsoft/PowerStig/issues/373): Registry resource does not handle null values for ValueData contained in Processed STIGs -* Fixed [#376](https://github.com/Microsoft/PowerStig/issues/376): SQL STIG Rules V-41021 (Instance STIG) and V-41402 (Database STIG) fail to apply when applying to a SQL instance that is NOT name the default (MSSQLSERVER). -* Fixed [#377](https://github.com/Microsoft/PowerStig/issues/377): SQL Instance Rule V-40936 fails when Set-TargertResource is ran -* Fixed [#280](https://github.com/Microsoft/PowerStig/issues/280): HKEY_CURRENT_USER is not needed with the cAdministrativeTemplateSetting composite resource. (Regression Issue) -* Fixed [#385](https://github.com/Microsoft/PowerStig/issues/385): IIS Server STIG V-76681 does not parse correctly -* Added support for Office 2016 STIGs [#370](https://github.com/Microsoft/PowerStig/issues/370) -* Added support to Automate Application Pool Recycling for IisSite_8.5 [#378](https://github.com/Microsoft/PowerStig/issues/378) -* Added support for Windows Server 2012R2 DC V2R16 [#398](https://github.com/Microsoft/PowerStig/issues/398) -* Added support for update Windows Server 2012 MS STIG v2r15 [#395](https://github.com/Microsoft/PowerStig/issues/395) -* Added support for Firefox STIG v4r25 [#389](https://github.com/Microsoft/PowerStig/issues/389) -* Added entry in log file for IISSite 1.7 so rule v-76819 parses as an xWebConfigurationProperty [#407](https://github.com/microsoft/PowerStig/issues/407) -* Added IISSite v1.7 [#400](https://github.com/microsoft/PowerStig/issues/400) -* Fixed [#403](https://github.com/microsoft/PowerStig/issues/403): DotNet STIG V1R7 update - -## [3.1.0] - 2019-04-01 - -UPDATES - -* Removed duplicate code from rule class constructors -* Migrated from Get-WmiObject to Get-CimInstance to support PowerShell Core -* Migrated to PSDscResources [#345](https://github.com/Microsoft/PowerStig/issues/345) -* Migrated to ComputerManagementDsc [#342](https://github.com/Microsoft/PowerStig/issues/342) -* Fixed [#358](https://github.com/Microsoft/PowerStig/issues/358): Update PowerSTIG Duplicate Rule handling and capability - -Added the following STIG - -* Windows Defender V1R4 [#344](https://github.com/Microsoft/PowerStig/issues/344) - -## [3.0.1] - 2019-03-11 - -* Fixed [#350](https://github.com/Microsoft/PowerStig/issues/350): Updates to fix Skip rules not working correctly -* Fixed [#348](https://github.com/Microsoft/PowerStig/issues/348): Update to DnsServer Schema to correct typo. - -## [3.0.0] - 2019-03-01 - -* Introduces class support for each rule type -* The STIG class now contains an array of rule objects vs xml elements -* Orgsettings, Exceptions, and Rule skips are all supported by the Rule base class -* Rule help is provided for any loaded rule. - * See the [wiki](https://github.com/Microsoft/PowerStig/wiki/GettingRuleHelp) for more information. -* Major code refactor to simplify maintenance and usage -* [Breaking Change] The STIG class constructor no longer accepts Orgsettings, Exceptions, or Rule skips - * That functionality has move to the load rule method -* DSC composite resource parameter validation for version numbers has been removed - * The STIG class validates all input and will throw an error if invalid data is provided. -* The Get-StigList has be updated and renamed to Get-Stig to return the STIG class - -UPDATES - -* Fixed [#241](https://github.com/Microsoft/PowerStig/issues/241): [WindowsFeatureRule] PsDesiredStateConfiguration\WindowsOptionalFeature doesn't properly handle features that return $null -* Fixed [#258](https://github.com/Microsoft/PowerStig/issues/258): New-StigChecklist will not accept a path without an explicit filename -* Fixed [#243](https://github.com/Microsoft/PowerStig/issues/243): [V-46515] Windows-All-IE11-1.15 Rawstring typo -* Fixed [#289](https://github.com/Microsoft/PowerStig/issues/289): Updated DocumentRule and DocumentRuleConvert Classes to parse correctly. -* Fixed [#284](https://github.com/Microsoft/PowerStig/issues/284): [V-74415] [V-74413] Windows 10 STIG rule V-74415 and V-74413 should not contain white space in key -* Fixed [290](https://github.com/Microsoft/PowerStig/issues/290): [V-76731] IIS Server STIG V-76731 fails to properly set STIG guidance because rule is not split. -* Fixed [314](https://github.com/Microsoft/PowerStig/issues/314): Update PowerSTIG to Utilize LogTargetW3C parameter in xWebAdministration 2.5.0.0. -* Fixed [334](https://github.com/Microsoft/PowerStig/issues/334): Update PowerStig to utilize AccessControlDsc 1.3.0.0 -* Fixed [331](https://github.com/Microsoft/PowerStig/issues/331): 2012/R2 [V-39325] 2016 [V-73373], [V-73389] PermissionRule.Convert CheckContent Match Parser Update -* Fixed [320](https://github.com/Microsoft/PowerStig/issues/320): IIS Site STIG doesn't correctly convert STIGS that contain "SSL Settings" in raw string - -* Added the following STIGs - * IIS Site 8.5 V1R6 [#276](https://github.com/Microsoft/PowerStig/issues/276) - * Windows Firewall STIG V1R7 [#319](https://github.com/Microsoft/PowerStig/issues/319) - -* Removed the following STIGs - * Windows Server 2012 R2 DC 2.12 - * Windows Server 2012 R2 DSN 1.7 - * Active Directory Domain 2.9 - * IIS Server 8.5 1.3 - * IIS Site 8.5 1.2 - * Removed: Internet Explorer 1.13 - -## [2.4.0.0] - 2019-02-07 - -* Fixed [#244](https://github.com/Microsoft/PowerStig/issues/244): IIS Server rule V-76727.b org setting test fails -* Fixed [#246](https://github.com/Microsoft/PowerStig/issues/246): IIS Server rule V-76737 contains an incorrect value -* Fixed [#225](https://github.com/Microsoft/PowerStig/issues/225): Update PowerStig integration tests to consolidate duplicate code. -* Fixed [#160](https://github.com/Microsoft/PowerStig/issues/160): PowerStig.Convert needs to handle new registry rules without affecting existing code -* Fixed [#201](https://github.com/Microsoft/PowerStig/issues/201): Update PowerStig integration tests to account for skips and exceptions. -* Fixed [#260](https://github.com/Microsoft/PowerStig/issues/260): FireFox Composite Resource configuration applies correctly, but never passes a Test-DscConfiguration. -* Fixed [#244](https://github.com/Microsoft/PowerStig/issues/244): IIS Server rule V-76727.b org setting test fails -* Fixed [#265](https://github.com/Microsoft/PowerStig/issues/265): Fixed UserRightsAssignment split rule bug. -* Fixed [#267](https://github.com/Microsoft/PowerStig/issues/267): Fixed winlogon registry path parser bug. -* Fixed [#238](https://github.com/Microsoft/PowerStig/issues/238): Adds regex tracker for RegistryRule regex's. -* Fixed [#274](https://github.com/Microsoft/PowerStig/issues/274): UserRightsAssignment composite resource does not leverage the Force Parameter. -* Fixed [#280](https://github.com/Microsoft/PowerStig/issues/280): HKEY_CURRENT_USER is not needed with the cAdministrativeTemplateSetting composite resource. - -* Windows Server 2012R2 Fixes - * V-36707 is now an org setting - * (DC only) V-2376 - V-2380 are migrated from manual to account policy rules. - -* Added the following STIGs - * SQL Server 2016 Instance V1R3 [#186](https://github.com/Microsoft/PowerStig/issues/186) - * Windows Defender Antivirus V1R4 [#236](https://github.com/microsoft/PowerStig/issues/236) - * Mozilla Firefox V4R24 [#261](https://github.com/Microsoft/PowerStig/issues/261) - * Windows Server 2016 V1R6 [#169](https://github.com/Microsoft/PowerStig/issues/169) - * Windows Server 2016 V1R7 [#251](https://github.com/Microsoft/PowerStig/issues/251) - * SQL Server 2012 Database V1R18 [#263](https://github.com/Microsoft/PowerStig/issues/263) - * Windows Server 2012R2 DC V2R15 [#267](https://github.com/Microsoft/PowerStig/issues/267) - * Windows 10 V1R16 [#269](https://github.com/Microsoft/PowerStig/issues/269) - * IIS Server 8.5 V1R6 [#256](https://github.com/Microsoft/PowerStig/issues/266) - * Windows Server 2012R2 DNS V1R11 STIG [#265](https://github.com/Microsoft/PowerStig/issues/265) - * AD Domain V2R12 [#270](https://github.com/Microsoft/PowerStig/issues/270) - -## [2.3.2.0] - 2018-12-18 - -* Fixed [#215](https://github.com/Microsoft/PowerStig/issues/215): Org settings wont apply for DotNet STIG -* Fixed [#216](https://github.com/Microsoft/PowerStig/issues/216): DotNet STIGs are misnamed -* Fixed [#207](https://github.com/Microsoft/PowerStig/issues/207): SQL Server Database rules fail to apply -* Fixed [#208](https://github.com/Microsoft/PowerStig/issues/208): Update PowerSTIG to use SQLServerDsc 12.1.0.0 -* Fixed [#220](https://github.com/Microsoft/PowerStig/issues/220): Update PowerSTIG to use xWebAdministration 2.3.0.0 - -## [2.3.1.0] - 2018-12-07 - -* Fixed [#212](https://github.com/Microsoft/PowerStig/issues/212): SDDL strings are incorrectly split in the xRegistry resource -* Fixed [#180](https://github.com/Microsoft/PowerStig/issues/180): IisSite SkipRuleType and SkipRule fail to skip rules - -## [2.3.0.0] - 2018-11-30 - -* Windows 10 Fixes - * V-63795 - Changed from manual to registry rule ## HIGH IMPACT CHANGE ## - -* Windows Server 2012R2 Fixes - * V-1089 - Corrected text - * V-21954 - Changed from manual to registry rule ## HIGH IMPACT CHANGE ## - * V-26070 - Corrected key path - * V-36657 - Corrected key path - * V-36681 - Corrected key path - -* Added the following STIGs - * IIS Server 8.5 STIG V1R5 - * Microsoft Outlook 2013 STIG V1R13 - * DotNet Framework 4.0 STIG V1R6 - * IIS Site 8.5 STIG V1R5 - * Windows Domain V2R11 - * FireFox 4.23 STIG - * Windows Server 2012R2 DC V2R14 - * Windows Server 2012R2 MS V2R14 - * Windows 10 V1R15 - -## [2.2.0.0] - 2018-10-10 - -* Added the following STIGs - * IIS Site 8.5 STIG V1R2 - * IIS Site 8.5 STIG V1R3 - * Oracle JRE 8 STIG V1R5 - * Microsoft Outlook 2013 STIG V1R12 - * Microsoft PowerPoint 2013 Stig V1R6 - * Microsoft Excel 2013 STIG V1R7 - * Microsoft Word 2013 STIG V1R6 - -* Added the following DSC Composite Resources - * Microsoft Office 2013 STIGs - * FireFox STIG - * IIS Site STIG - * IIS Server STIG - * Oracle JRE STIG - * Windows10 STIG - -* Newly required modules - * PolicyFileEditor - * FileContentDsc - * WindowsDefenderDSC - * xWebAdministration - * xWinEventLog - -* Updated required module versions - * xDnsServer from 1.9.0.0 to 1.11.0.0 - * SecurityPolicyDsc from 2.2.0.0 to 2.4.0.0 - -## [2.1.0.0] - 2018-09-05 - -* Migrated Composite resources to the xRegistry resource -* Fixed 2012R2 V-15713 default org setting value -* Updated IE STIGs (V-46477) with the decimal value -* Updated New-StigCheckList to output StigViewer 2.7.1 ckl files -* Added SkipRule functionality to all composite resources -* Added StigData for FireFox STIG V4R21 -* Added Sql2012 1.17 to Archive and processed -* Updated Sql2012 1.16 to fix broken rules -* Removed Sql2012 1.14 from archives to comply with n-2 version policy -* Updated data for 2012R2 Stigs to fix broken rules - -## [2.0.0.0] - 2018-08-17 - -* Added a Document module to automatically create a Stig Checklist (EXPERIMENTAL) -* Merged PowerStigDsc into PowerStig so there is only one module to maintain - * Replaced PowerStig Technology Class with Enumeration - * Added script module back to manifest - * Added DotNetFramework composite resource - -* Added the following STIGs - * Windows Server 2012R2 MS STIG V2R13 - * Windows Server 2012R2 DC STIG V2R13 - * Windows 2012 DNS V1R10 - * Windows Domain V2R10 - * Windows Forest V2R8 - * IE11-V1R16 - -* Corrected parsing of rule V-46477 in the IE STIGs - * Updated StigData - * Bug fixes - * Removed Windows Server 2012R2 MS and DC StigData v2.9 - -## [1.1.1.0] - 2018-08-13 - -Update IIS Server STIG V-76723.a with correct value - -## [1.1.0.0] - 2018-07-29 - -Replaced Technology class with enumeration. This breaks PowerStigDsc < 1.1.0.0 - -Added the following STIGs: - -* IIS 8.5 Server STIG V1R3 - -Updates - -* Updated SQL STIG code to account for SQL STIGS being added in PowerStigDsc -* Update to PowerStig.psm1 to fix issue were StigData class was not accessible to PowerStigDsc - -## [1.0.0.0] - 2018-07-01 - -Added the following STIGs: - -* Windows Server 2012R2 MS STIG V2R12 -* Windows Server 2012R2 DC STIG V2R12 -* Windows Server DNS V1R9 -* Windows AD Domain V2R9 -* IE11 V1R15 diff --git a/HISTORIC_CHANGELOG.md b/HISTORIC_CHANGELOG.md new file mode 100644 index 000000000..9c5f49d78 --- /dev/null +++ b/HISTORIC_CHANGELOG.md @@ -0,0 +1,254 @@ +# Historic change log for PowerSTIG + +The release notes in the PowerShell Module manifest cannot exceed 10000 +characters. Due to a bug in the CI deploy pipeline this is not handled. +This file is to temporary move the older change log history to keep the +change log short. + +## [3.3.0] - 2019-08-12 + +UPDATES + +* Fixed [#419](https://github.com/Microsoft/PowerStig/issues/419): PowerStig is creating resource xSSLSettings with the wrong value for Name. +* Updated PowerSTIG to leverage AuditSetting instead of the Script resource. Additionally renamed WmiRule to AuditSettingRule [#431](https://github.com/Microsoft/PowerStig/issues/431) + +Added the following STIG + +* Added support for Windows 10, Version 1, Release 17 [#442](https://github.com/microsoft/PowerStig/issues/442) +* Added support for Windows Defender, Version 1, Release 5 [#393](https://github.com/microsoft/PowerStig/issues/393) +* Added support for Internet Explorer 11 Version 1, Release 17 [#422](https://github.com/Microsoft/PowerStig/issues/422) +* Added support for Server 2016 STIG, Version 1, Release 8 [#418](https://github.com/Microsoft/PowerStig/issues/418) + +## [3.2.0] - 2019-05-24 + +* Added support for IIS 8.5 Server STIG, Version 1, Release 7 [#399](https://github.com/Microsoft/PowerStig/issues/399) +* Fixed [#373](https://github.com/Microsoft/PowerStig/issues/373): Registry resource does not handle null values for ValueData contained in Processed STIGs +* Fixed [#376](https://github.com/Microsoft/PowerStig/issues/376): SQL STIG Rules V-41021 (Instance STIG) and V-41402 (Database STIG) fail to apply when applying to a SQL instance that is NOT name the default (MSSQLSERVER). +* Fixed [#377](https://github.com/Microsoft/PowerStig/issues/377): SQL Instance Rule V-40936 fails when Set-TargertResource is ran +* Fixed [#280](https://github.com/Microsoft/PowerStig/issues/280): HKEY_CURRENT_USER is not needed with the cAdministrativeTemplateSetting composite resource. (Regression Issue) +* Fixed [#385](https://github.com/Microsoft/PowerStig/issues/385): IIS Server STIG V-76681 does not parse correctly +* Added support for Office 2016 STIGs [#370](https://github.com/Microsoft/PowerStig/issues/370) +* Added support to Automate Application Pool Recycling for IisSite_8.5 [#378](https://github.com/Microsoft/PowerStig/issues/378) +* Added support for Windows Server 2012R2 DC V2R16 [#398](https://github.com/Microsoft/PowerStig/issues/398) +* Added support for update Windows Server 2012 MS STIG v2r15 [#395](https://github.com/Microsoft/PowerStig/issues/395) +* Added support for Firefox STIG v4r25 [#389](https://github.com/Microsoft/PowerStig/issues/389) +* Added entry in log file for IISSite 1.7 so rule v-76819 parses as an xWebConfigurationProperty [#407](https://github.com/microsoft/PowerStig/issues/407) +* Added IISSite v1.7 [#400](https://github.com/microsoft/PowerStig/issues/400) +* Fixed [#403](https://github.com/microsoft/PowerStig/issues/403): DotNet STIG V1R7 update + +## [3.1.0] - 2019-04-01 + +UPDATES + +* Removed duplicate code from rule class constructors +* Migrated from Get-WmiObject to Get-CimInstance to support PowerShell Core +* Migrated to PSDscResources [#345](https://github.com/Microsoft/PowerStig/issues/345) +* Migrated to ComputerManagementDsc [#342](https://github.com/Microsoft/PowerStig/issues/342) +* Fixed [#358](https://github.com/Microsoft/PowerStig/issues/358): Update PowerSTIG Duplicate Rule handling and capability + +Added the following STIG + +* Windows Defender V1R4 [#344](https://github.com/Microsoft/PowerStig/issues/344) + +## [3.0.1] - 2019-03-11 + +* Fixed [#350](https://github.com/Microsoft/PowerStig/issues/350): Updates to fix Skip rules not working correctly +* Fixed [#348](https://github.com/Microsoft/PowerStig/issues/348): Update to DnsServer Schema to correct typo. + +## [3.0.0] - 2019-03-01 + +* Introduces class support for each rule type +* The STIG class now contains an array of rule objects vs xml elements +* Orgsettings, Exceptions, and Rule skips are all supported by the Rule base class +* Rule help is provided for any loaded rule. + * See the [wiki](https://github.com/Microsoft/PowerStig/wiki/GettingRuleHelp) for more information. +* Major code refactor to simplify maintenance and usage +* [Breaking Change] The STIG class constructor no longer accepts Orgsettings, Exceptions, or Rule skips + * That functionality has move to the load rule method +* DSC composite resource parameter validation for version numbers has been removed + * The STIG class validates all input and will throw an error if invalid data is provided. +* The Get-StigList has be updated and renamed to Get-Stig to return the STIG class + +UPDATES + +* Fixed [#241](https://github.com/Microsoft/PowerStig/issues/241): [WindowsFeatureRule] PsDesiredStateConfiguration\WindowsOptionalFeature doesn't properly handle features that return $null +* Fixed [#258](https://github.com/Microsoft/PowerStig/issues/258): New-StigChecklist will not accept a path without an explicit filename +* Fixed [#243](https://github.com/Microsoft/PowerStig/issues/243): [V-46515] Windows-All-IE11-1.15 Rawstring typo +* Fixed [#289](https://github.com/Microsoft/PowerStig/issues/289): Updated DocumentRule and DocumentRuleConvert Classes to parse correctly. +* Fixed [#284](https://github.com/Microsoft/PowerStig/issues/284): [V-74415] [V-74413] Windows 10 STIG rule V-74415 and V-74413 should not contain white space in key +* Fixed [290](https://github.com/Microsoft/PowerStig/issues/290): [V-76731] IIS Server STIG V-76731 fails to properly set STIG guidance because rule is not split. +* Fixed [314](https://github.com/Microsoft/PowerStig/issues/314): Update PowerSTIG to Utilize LogTargetW3C parameter in xWebAdministration 2.5.0.0. +* Fixed [334](https://github.com/Microsoft/PowerStig/issues/334): Update PowerStig to utilize AccessControlDsc 1.3.0.0 +* Fixed [331](https://github.com/Microsoft/PowerStig/issues/331): 2012/R2 [V-39325] 2016 [V-73373], [V-73389] PermissionRule.Convert CheckContent Match Parser Update +* Fixed [320](https://github.com/Microsoft/PowerStig/issues/320): IIS Site STIG doesn't correctly convert STIGS that contain "SSL Settings" in raw string + +* Added the following STIGs + * IIS Site 8.5 V1R6 [#276](https://github.com/Microsoft/PowerStig/issues/276) + * Windows Firewall STIG V1R7 [#319](https://github.com/Microsoft/PowerStig/issues/319) + +* Removed the following STIGs + * Windows Server 2012 R2 DC 2.12 + * Windows Server 2012 R2 DSN 1.7 + * Active Directory Domain 2.9 + * IIS Server 8.5 1.3 + * IIS Site 8.5 1.2 + * Removed: Internet Explorer 1.13 + +## [2.4.0.0] - 2019-02-07 + +* Fixed [#244](https://github.com/Microsoft/PowerStig/issues/244): IIS Server rule V-76727.b org setting test fails +* Fixed [#246](https://github.com/Microsoft/PowerStig/issues/246): IIS Server rule V-76737 contains an incorrect value +* Fixed [#225](https://github.com/Microsoft/PowerStig/issues/225): Update PowerStig integration tests to consolidate duplicate code. +* Fixed [#160](https://github.com/Microsoft/PowerStig/issues/160): PowerStig.Convert needs to handle new registry rules without affecting existing code +* Fixed [#201](https://github.com/Microsoft/PowerStig/issues/201): Update PowerStig integration tests to account for skips and exceptions. +* Fixed [#260](https://github.com/Microsoft/PowerStig/issues/260): FireFox Composite Resource configuration applies correctly, but never passes a Test-DscConfiguration. +* Fixed [#244](https://github.com/Microsoft/PowerStig/issues/244): IIS Server rule V-76727.b org setting test fails +* Fixed [#265](https://github.com/Microsoft/PowerStig/issues/265): Fixed UserRightsAssignment split rule bug. +* Fixed [#267](https://github.com/Microsoft/PowerStig/issues/267): Fixed winlogon registry path parser bug. +* Fixed [#238](https://github.com/Microsoft/PowerStig/issues/238): Adds regex tracker for RegistryRule regex's. +* Fixed [#274](https://github.com/Microsoft/PowerStig/issues/274): UserRightsAssignment composite resource does not leverage the Force Parameter. +* Fixed [#280](https://github.com/Microsoft/PowerStig/issues/280): HKEY_CURRENT_USER is not needed with the cAdministrativeTemplateSetting composite resource. + +* Windows Server 2012R2 Fixes + * V-36707 is now an org setting + * (DC only) V-2376 - V-2380 are migrated from manual to account policy rules. + +* Added the following STIGs + * SQL Server 2016 Instance V1R3 [#186](https://github.com/Microsoft/PowerStig/issues/186) + * Windows Defender Antivirus V1R4 [#236](https://github.com/microsoft/PowerStig/issues/236) + * Mozilla Firefox V4R24 [#261](https://github.com/Microsoft/PowerStig/issues/261) + * Windows Server 2016 V1R6 [#169](https://github.com/Microsoft/PowerStig/issues/169) + * Windows Server 2016 V1R7 [#251](https://github.com/Microsoft/PowerStig/issues/251) + * SQL Server 2012 Database V1R18 [#263](https://github.com/Microsoft/PowerStig/issues/263) + * Windows Server 2012R2 DC V2R15 [#267](https://github.com/Microsoft/PowerStig/issues/267) + * Windows 10 V1R16 [#269](https://github.com/Microsoft/PowerStig/issues/269) + * IIS Server 8.5 V1R6 [#256](https://github.com/Microsoft/PowerStig/issues/266) + * Windows Server 2012R2 DNS V1R11 STIG [#265](https://github.com/Microsoft/PowerStig/issues/265) + * AD Domain V2R12 [#270](https://github.com/Microsoft/PowerStig/issues/270) + +## [2.3.2.0] - 2018-12-18 + +* Fixed [#215](https://github.com/Microsoft/PowerStig/issues/215): Org settings wont apply for DotNet STIG +* Fixed [#216](https://github.com/Microsoft/PowerStig/issues/216): DotNet STIGs are misnamed +* Fixed [#207](https://github.com/Microsoft/PowerStig/issues/207): SQL Server Database rules fail to apply +* Fixed [#208](https://github.com/Microsoft/PowerStig/issues/208): Update PowerSTIG to use SQLServerDsc 12.1.0.0 +* Fixed [#220](https://github.com/Microsoft/PowerStig/issues/220): Update PowerSTIG to use xWebAdministration 2.3.0.0 + +## [2.3.1.0] - 2018-12-07 + +* Fixed [#212](https://github.com/Microsoft/PowerStig/issues/212): SDDL strings are incorrectly split in the xRegistry resource +* Fixed [#180](https://github.com/Microsoft/PowerStig/issues/180): IisSite SkipRuleType and SkipRule fail to skip rules + +## [2.3.0.0] - 2018-11-30 + +* Windows 10 Fixes + * V-63795 - Changed from manual to registry rule ## HIGH IMPACT CHANGE ## + +* Windows Server 2012R2 Fixes + * V-1089 - Corrected text + * V-21954 - Changed from manual to registry rule ## HIGH IMPACT CHANGE ## + * V-26070 - Corrected key path + * V-36657 - Corrected key path + * V-36681 - Corrected key path + +* Added the following STIGs + * IIS Server 8.5 STIG V1R5 + * Microsoft Outlook 2013 STIG V1R13 + * DotNet Framework 4.0 STIG V1R6 + * IIS Site 8.5 STIG V1R5 + * Windows Domain V2R11 + * FireFox 4.23 STIG + * Windows Server 2012R2 DC V2R14 + * Windows Server 2012R2 MS V2R14 + * Windows 10 V1R15 + +## [2.2.0.0] - 2018-10-10 + +* Added the following STIGs + * IIS Site 8.5 STIG V1R2 + * IIS Site 8.5 STIG V1R3 + * Oracle JRE 8 STIG V1R5 + * Microsoft Outlook 2013 STIG V1R12 + * Microsoft PowerPoint 2013 Stig V1R6 + * Microsoft Excel 2013 STIG V1R7 + * Microsoft Word 2013 STIG V1R6 + +* Added the following DSC Composite Resources + * Microsoft Office 2013 STIGs + * FireFox STIG + * IIS Site STIG + * IIS Server STIG + * Oracle JRE STIG + * Windows10 STIG + +* Newly required modules + * PolicyFileEditor + * FileContentDsc + * WindowsDefenderDSC + * xWebAdministration + * xWinEventLog + +* Updated required module versions + * xDnsServer from 1.9.0.0 to 1.11.0.0 + * SecurityPolicyDsc from 2.2.0.0 to 2.4.0.0 + +## [2.1.0.0] - 2018-09-05 + +* Migrated Composite resources to the xRegistry resource +* Fixed 2012R2 V-15713 default org setting value +* Updated IE STIGs (V-46477) with the decimal value +* Updated New-StigCheckList to output StigViewer 2.7.1 ckl files +* Added SkipRule functionality to all composite resources +* Added StigData for FireFox STIG V4R21 +* Added Sql2012 1.17 to Archive and processed +* Updated Sql2012 1.16 to fix broken rules +* Removed Sql2012 1.14 from archives to comply with n-2 version policy +* Updated data for 2012R2 Stigs to fix broken rules + +## [2.0.0.0] - 2018-08-17 + +* Added a Document module to automatically create a Stig Checklist (EXPERIMENTAL) +* Merged PowerStigDsc into PowerStig so there is only one module to maintain + * Replaced PowerStig Technology Class with Enumeration + * Added script module back to manifest + * Added DotNetFramework composite resource + +* Added the following STIGs + * Windows Server 2012R2 MS STIG V2R13 + * Windows Server 2012R2 DC STIG V2R13 + * Windows 2012 DNS V1R10 + * Windows Domain V2R10 + * Windows Forest V2R8 + * IE11-V1R16 + +* Corrected parsing of rule V-46477 in the IE STIGs + * Updated StigData + * Bug fixes + * Removed Windows Server 2012R2 MS and DC StigData v2.9 + +## [1.1.1.0] - 2018-08-13 + +Update IIS Server STIG V-76723.a with correct value + +## [1.1.0.0] - 2018-07-29 + +Replaced Technology class with enumeration. This breaks PowerStigDsc < 1.1.0.0 + +Added the following STIGs: + +* IIS 8.5 Server STIG V1R3 + +Updates + +* Updated SQL STIG code to account for SQL STIGS being added in PowerStigDsc +* Update to PowerStig.psm1 to fix issue were StigData class was not accessible to PowerStigDsc + +## [1.0.0.0] - 2018-07-01 + +Added the following STIGs: + +* Windows Server 2012R2 MS STIG V2R12 +* Windows Server 2012R2 DC STIG V2R12 +* Windows Server DNS V1R9 +* Windows AD Domain V2R9 +* IE11 V1R15 diff --git a/Tools/Release/Release.psm1 b/Tools/Release/Release.psm1 index a102e0bd7..686df8e3a 100644 --- a/Tools/Release/Release.psm1 +++ b/Tools/Release/Release.psm1 @@ -825,7 +825,7 @@ function Update-FileHashMarkdown ( [Parameter()] [string[]] - $FileHashPath = (Join-Path -Path $PWD -ChildPath '\StigData\Processed\*.xml'), + $FileHashPath = (Join-Path -Path $PWD -ChildPath 'source\StigData\Processed\*.xml'), [Parameter()] [string] @@ -901,11 +901,11 @@ function Update-PowerSTIGCoverageMarkdown ( [Parameter()] [string[]] - $ProcessedStigPath = (Join-Path -Path $PSScriptRoot -ChildPath '..\..\StigData\Processed\*.xml'), + $ProcessedStigPath = (Join-Path -Path $PSScriptRoot -ChildPath '..\..\source\StigData\Processed\*.xml'), [Parameter()] [string] - $PowerStigWikiPath = (Join-Path -Path $PSScriptRoot -ChildPath '..\..\..\PowerSTIG.wiki\StigDetails'), + $PowerStigWikiPath = (Join-Path -Path $PSScriptRoot -ChildPath '..\..\..\PowerSTIG.wiki\'), [Parameter()] [string[]] @@ -917,7 +917,10 @@ function Update-PowerSTIGCoverageMarkdown throw "$(Split-Path -Path $PowerStigWikiPath) was not detected, check the path and try again." } - $moduleManifest = Join-Path -Path $PSScriptRoot -ChildPath '..\..\PowerStig.psd1' + $stigDetails = Join-Path -Path $PowerStigWikiPath -ChildPath 'StigDetails' + Get-ChildItem -Path $stigDetails -Recurse | Remove-Item -Recurse -Confirm:$false -Force + + $moduleManifest = Join-Path -Path $PSScriptRoot -ChildPath '..\..\source\PowerStig.psd1' $moduleVersion = (Import-PowerShellDataFile -Path $moduleManifest).ModuleVersion $processedStig = Get-ChildItem -Path $ProcessedStigPath -Exclude $Exclude | Select-Object -ExpandProperty FullName $markdownStrings = Import-PowerShellDataFile -Path (Join-Path -Path $PSScriptRoot -ChildPath 'Data.Markdown.psd1') @@ -939,7 +942,7 @@ function Update-PowerSTIGCoverageMarkdown $allStigRuleSevCount = $allStigRuleType | Foreach-Object {$stig.DISASTIG.$_.Rule} | Group-Object -Property severity -NoElement $automatedSevCount = $automatedRuleType | Foreach-Object {$stig.DISASTIG.$_.Rule} | Group-Object -Property severity -NoElement $stigDetailFileName = (Split-Path -Path $stigXml -Leaf) -replace '.xml', '.md' - $stigDetailFilePath = Join-Path -Path $PowerStigWikiPath -ChildPath $stigDetailFileName + $stigDetailFilePath = Join-Path -Path $stigDetails -ChildPath $stigDetailFileName $stigDetailFileLink = $markdownStrings.markdownRuleLink -f ($stigDetailFileName -replace '.md') $stigMarkdown = $markdownStrings.markdownSummaryBody -f $stig.DISASTIG.stigid.Replace('_', ' ').Trim(), @@ -1009,10 +1012,10 @@ function Update-PowerSTIGCoverageMarkdown Set-Content -Path $stigDetailFilePath -Value $stigDetailContent.ToString().Trim() -Force } - $coverageSummary = Join-Path -Path $PowerStigWikiPath -ChildPath StigCoverageSummary.md + $coverageSummary = Join-Path -Path $stigDetails -ChildPath StigCoverageSummary.md Set-Content -Path $coverageSummary -Value $summaryMarkdownContent.ToString().Trim() -Force - Update-PowerSTIGCoverageSidebar -MarkdownStrings $markdownStrings + Update-PowerSTIGCoverageSidebar -MarkdownStrings $markdownStrings -PowerStigWikiPath $PowerStigWikiPath } <# diff --git a/azure-pipelines.yml b/azure-pipelines.yml index dcab928a9..13e94b634 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -189,3 +189,35 @@ stages: bash <(curl -s https://codecov.io/bash) -f "./output/testResults/JaCoCo_coverage.xml" displayName: 'Upload to Codecov.io' condition: succeededOrFailed() + + - stage: Deploy + dependsOn: Test + condition: | + and( + succeeded(), + or( + eq(variables['Build.SourceBranch'], 'refs/heads/master'), + startsWith(variables['Build.SourceBranch'], 'refs/tags/') + ) + ) + jobs: + - job: Deploy_Module + displayName: 'Deploy Module' + pool: + vmImage: 'windows-2019' + steps: + - task: DownloadBuildArtifacts@0 + displayName: 'Download Build Artifact' + inputs: + buildType: 'current' + downloadType: 'single' + artifactName: 'output' + downloadPath: '$(Build.SourcesDirectory)' + - task: PowerShell@2 + name: publishRelease + displayName: 'Publish Release' + inputs: + filePath: './build.ps1' + arguments: '-tasks publish' + env: + GalleryApiToken: $(GalleryApiToken) diff --git a/build.yaml b/build.yaml index eccd6fcbb..9ffc410a7 100644 --- a/build.yaml +++ b/build.yaml @@ -63,7 +63,6 @@ DscTest: ExcludeTag: - "Common Tests - New Error-Level Script Analyzer Rules" - "Common Tests - Validate Localization" - - "Common Tests - PS Script Analyzer on Resource Files" Tag: ExcludeSourceFile: - output diff --git a/source/DSCResources/IisServer/IisServer.schema.psm1 b/source/DSCResources/IisServer/IisServer.schema.psm1 index 2a7130f2e..a6e5579f8 100644 --- a/source/DSCResources/IisServer/IisServer.schema.psm1 +++ b/source/DSCResources/IisServer/IisServer.schema.psm1 @@ -33,7 +33,7 @@ using module ..\..\PowerStig.psm1 configuration IisServer { [CmdletBinding()] - Param + param ( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] diff --git a/source/DSCResources/IisSite/IisSite.schema.psm1 b/source/DSCResources/IisSite/IisSite.schema.psm1 index 0aa3585e5..a6c817d46 100644 --- a/source/DSCResources/IisSite/IisSite.schema.psm1 +++ b/source/DSCResources/IisSite/IisSite.schema.psm1 @@ -36,7 +36,7 @@ using module ..\..\PowerStig.psm1 configuration IisSite { [CmdletBinding()] - Param + param ( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] diff --git a/source/DSCResources/Resources/windows.AccessControl.ps1 b/source/DSCResources/Resources/windows.AccessControl.ps1 index e3afbbf82..11f0cdc65 100644 --- a/source/DSCResources/Resources/windows.AccessControl.ps1 +++ b/source/DSCResources/Resources/windows.AccessControl.ps1 @@ -6,7 +6,7 @@ $rules = $stig.RuleList | Select-Rule -Type PermissionRule foreach ($rule in $rules) { # Determine PermissionRule type and handle - Switch ($rule.dscresource) + switch ($rule.dscresource) { 'RegistryAccessEntry' { diff --git a/source/Module/Common/Convert/Function.RangeConversion.ps1 b/source/Module/Common/Convert/Function.RangeConversion.ps1 index 18504ad20..8f4999a69 100644 --- a/source/Module/Common/Convert/Function.RangeConversion.ps1 +++ b/source/Module/Common/Convert/Function.RangeConversion.ps1 @@ -385,7 +385,7 @@ function ConvertTo-OrTestString { $tokens = [System.Management.Automation.PSParser]::Tokenize($string, [ref]$null) $orgSettings = $tokens.Where( {$PSItem.type -eq 'Number' -and $PSItem.Content -notmatch '\dx\d{8}' }).Content - if($string -match 'or if the Value Name does not exist') + if ($string -match 'or if the Value Name does not exist') { $orgSettings += 'ShouldBeAbsent' } diff --git a/source/Module/Common/Functions.XccdfXml.ps1 b/source/Module/Common/Functions.XccdfXml.ps1 index 11837d893..ac3a515c6 100644 --- a/source/Module/Common/Functions.XccdfXml.ps1 +++ b/source/Module/Common/Functions.XccdfXml.ps1 @@ -215,7 +215,7 @@ function Get-StigRuleList So we simply unwind the changes we made earlier so that any new text we added is removed by reversing the regex match. #> - + # Trim the unique char from split rules if they exist foreach ($correction in $StigGroupListChangeLog[($rule.Id -split '\.')[0]]) { @@ -448,7 +448,7 @@ function Split-BenchmarkId { $officeStig = ($id -split '_') - if($PSItem -match 'System') + if ($PSItem -match 'System') { $officeStig = $officeStig[2], $officeStig[3] -join "" $returnId = '{0}_{1}' -f 'Office', $officeStig diff --git a/source/Module/Rule.AccountPolicy/AccountPolicyRule.psm1 b/source/Module/Rule.AccountPolicy/AccountPolicyRule.psm1 index 7fd66f2be..b42faa77e 100644 --- a/source/Module/Rule.AccountPolicy/AccountPolicyRule.psm1 +++ b/source/Module/Rule.AccountPolicy/AccountPolicyRule.psm1 @@ -14,7 +14,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER PolicyValue The value the account policy should be set to. #> -Class AccountPolicyRule : Rule +class AccountPolicyRule : Rule { [string] $PolicyName [string] $PolicyValue <#(ExceptionValue)#> @@ -33,7 +33,7 @@ Class AccountPolicyRule : Rule .PARAMETER Rule The STIG rule to load #> - AccountPolicyRule ([xml.xmlelement] $Rule) : Base ($Rule) + AccountPolicyRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -45,7 +45,7 @@ Class AccountPolicyRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - AccountPolicyRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + AccountPolicyRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.AccountPolicy/Convert/AccountPolicyRule.Convert.psm1 b/source/Module/Rule.AccountPolicy/Convert/AccountPolicyRule.Convert.psm1 index 8dc890acd..660c93551 100644 --- a/source/Module/Rule.AccountPolicy/Convert/AccountPolicyRule.Convert.psm1 +++ b/source/Module/Rule.AccountPolicy/Convert/AccountPolicyRule.Convert.psm1 @@ -14,7 +14,7 @@ using namespace System.Text Account Policy rule. The configuration details are then extracted and validated before returning the object. #> -Class AccountPolicyRuleConvert : AccountPolicyRule +class AccountPolicyRuleConvert : AccountPolicyRule { <# .SYNOPSIS @@ -30,7 +30,7 @@ Class AccountPolicyRuleConvert : AccountPolicyRule .PARAMETER XccdfRule The STIG rule to convert #> - AccountPolicyRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + AccountPolicyRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { [RegularExpressions.MatchCollection] $tokens = $this.ExtractProperties() $this.SetPolicyName($tokens) @@ -106,7 +106,7 @@ Class AccountPolicyRuleConvert : AccountPolicyRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'AccountPolicy' } diff --git a/source/Module/Rule.AuditPolicy/AuditPolicyRule.psm1 b/source/Module/Rule.AuditPolicy/AuditPolicyRule.psm1 index d2f81e00d..0618c7af6 100644 --- a/source/Module/Rule.AuditPolicy/AuditPolicyRule.psm1 +++ b/source/Module/Rule.AuditPolicy/AuditPolicyRule.psm1 @@ -16,7 +16,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER Ensure A present or absent flag #> -Class AuditPolicyRule : Rule +class AuditPolicyRule : Rule { [string] $Subcategory [string] $AuditFlag @@ -36,7 +36,7 @@ Class AuditPolicyRule : Rule .PARAMETER Rule The STIG rule to load #> - AuditPolicyRule ([xml.xmlelement] $Rule) : Base ($Rule) + AuditPolicyRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -48,7 +48,7 @@ Class AuditPolicyRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - AuditPolicyRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + AuditPolicyRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.AuditPolicy/Convert/AuditPolicyRule.Convert.psm1 b/source/Module/Rule.AuditPolicy/Convert/AuditPolicyRule.Convert.psm1 index b1be48503..0ba79ef60 100644 --- a/source/Module/Rule.AuditPolicy/Convert/AuditPolicyRule.Convert.psm1 +++ b/source/Module/Rule.AuditPolicy/Convert/AuditPolicyRule.Convert.psm1 @@ -9,7 +9,7 @@ using namespace System.Text .SYNOPSIS Converts the xccdf check-content element into an audit policy object. #> -Class AuditPolicyRuleConvert : AuditPolicyRule +class AuditPolicyRuleConvert : AuditPolicyRule { <# .SYNOPSIS @@ -25,7 +25,7 @@ Class AuditPolicyRuleConvert : AuditPolicyRule .PARAMETER XccdfRule The STIG rule to convert #> - AuditPolicyRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + AuditPolicyRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $tokens = $this.ExtractProperties() $this.SetSubcategory($tokens) @@ -94,7 +94,7 @@ Class AuditPolicyRuleConvert : AuditPolicyRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'AuditPolicySubcategory' } diff --git a/source/Module/Rule.AuditSetting/AuditSettingRule.psm1 b/source/Module/Rule.AuditSetting/AuditSettingRule.psm1 index ecfdcd8c3..139a1fdc7 100644 --- a/source/Module/Rule.AuditSetting/AuditSettingRule.psm1 +++ b/source/Module/Rule.AuditSetting/AuditSettingRule.psm1 @@ -19,7 +19,7 @@ using module .\..\Rule\Rule.psm1 The PowerShell equivalent operator #> -Class AuditSettingRule : Rule +class AuditSettingRule : Rule { [string] $Query [string] $Property @@ -40,7 +40,7 @@ Class AuditSettingRule : Rule .PARAMETER Rule The STIG rule to load #> - AuditSettingRule ([xml.xmlelement] $Rule) : Base ($Rule) + AuditSettingRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -52,7 +52,7 @@ Class AuditSettingRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - AuditSettingRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + AuditSettingRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.AuditSetting/Convert/AuditSettingRule.Convert.psm1 b/source/Module/Rule.AuditSetting/Convert/AuditSettingRule.Convert.psm1 index ec6afa703..f3d03a219 100644 --- a/source/Module/Rule.AuditSetting/Convert/AuditSettingRule.Convert.psm1 +++ b/source/Module/Rule.AuditSetting/Convert/AuditSettingRule.Convert.psm1 @@ -22,7 +22,7 @@ foreach ($supportFile in $supportFileList) class for parsing and validation. #> -Class AuditSettingRuleConvert : AuditSettingRule +class AuditSettingRuleConvert : AuditSettingRule { <# .SYNOPSIS @@ -38,9 +38,9 @@ Class AuditSettingRuleConvert : AuditSettingRule .PARAMETER XccdfRule The STIG rule to convert #> - AuditSettingRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + AuditSettingRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { - Switch ($this.rawString) + switch ($this.rawString) { {$PSItem -Match "winver\.exe" } { @@ -79,7 +79,7 @@ Class AuditSettingRuleConvert : AuditSettingRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'AuditSetting' } diff --git a/source/Module/Rule.DnsServerRootHint/Convert/DnsServerRootHintRule.Convert.psm1 b/source/Module/Rule.DnsServerRootHint/Convert/DnsServerRootHintRule.Convert.psm1 index 79ec5ccb8..f788d4d30 100644 --- a/source/Module/Rule.DnsServerRootHint/Convert/DnsServerRootHintRule.Convert.psm1 +++ b/source/Module/Rule.DnsServerRootHint/Convert/DnsServerRootHintRule.Convert.psm1 @@ -26,7 +26,7 @@ foreach ($supportFile in $supportFileList) .PARAMETER IpAddress The ip address of the root hint server #> -Class DnsServerRootHintRuleConvert : DnsServerRootHintRule +class DnsServerRootHintRuleConvert : DnsServerRootHintRule { <# .SYNOPSIS @@ -42,7 +42,7 @@ Class DnsServerRootHintRuleConvert : DnsServerRootHintRule .PARAMETER XccdfRule The STIG rule to convert #> - DnsServerRootHintRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + DnsServerRootHintRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.set_HostName('$null') $this.set_IpAddress('$null') @@ -52,7 +52,7 @@ Class DnsServerRootHintRuleConvert : DnsServerRootHintRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'Script' } diff --git a/source/Module/Rule.DnsServerRootHint/DnsServerRootHintRule.psm1 b/source/Module/Rule.DnsServerRootHint/DnsServerRootHintRule.psm1 index da85a7a41..c8638a9e7 100644 --- a/source/Module/Rule.DnsServerRootHint/DnsServerRootHintRule.psm1 +++ b/source/Module/Rule.DnsServerRootHint/DnsServerRootHintRule.psm1 @@ -11,7 +11,7 @@ using module .\..\Rule\Rule.psm1 The DnsServerRootHintRule class is used to maange the Account Policy Settings. #> -Class DnsServerRootHintRule : Rule +class DnsServerRootHintRule : Rule { [string] $HostName [string] $IpAddress <#(ExceptionValue)#> @@ -30,7 +30,7 @@ Class DnsServerRootHintRule : Rule .PARAMETER Rule The STIG rule to load #> - DnsServerRootHintRule ([xml.xmlelement] $Rule) : Base ($Rule) + DnsServerRootHintRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -42,7 +42,7 @@ Class DnsServerRootHintRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - DnsServerRootHintRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + DnsServerRootHintRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.DnsServerSetting/Convert/DnsServerSettingRule.Convert.psm1 b/source/Module/Rule.DnsServerSetting/Convert/DnsServerSettingRule.Convert.psm1 index a59ee1a06..c9555a998 100644 --- a/source/Module/Rule.DnsServerSetting/Convert/DnsServerSettingRule.Convert.psm1 +++ b/source/Module/Rule.DnsServerSetting/Convert/DnsServerSettingRule.Convert.psm1 @@ -23,7 +23,7 @@ foreach ($supportFile in $supportFileList) parsing and validation. #> -Class DnsServerSettingRuleConvert : DnsServerSettingRule +class DnsServerSettingRuleConvert : DnsServerSettingRule { <# .SYNOPSIS @@ -39,7 +39,7 @@ Class DnsServerSettingRuleConvert : DnsServerSettingRule .PARAMETER XccdfRule The STIG rule to convert #> - DnsServerSettingRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + DnsServerSettingRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetDnsServerPropertyName() $this.SetDnsServerPropertyValue() @@ -95,7 +95,7 @@ Class DnsServerSettingRuleConvert : DnsServerSettingRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'xDnsServerSetting' } diff --git a/source/Module/Rule.DnsServerSetting/DnsServerSettingRule.psm1 b/source/Module/Rule.DnsServerSetting/DnsServerSettingRule.psm1 index 0d559b58b..45e3e7125 100644 --- a/source/Module/Rule.DnsServerSetting/DnsServerSettingRule.psm1 +++ b/source/Module/Rule.DnsServerSetting/DnsServerSettingRule.psm1 @@ -14,7 +14,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER PropertyValue The value to set the proerty to #> -Class DnsServerSettingRule : Rule +class DnsServerSettingRule : Rule { [string] $PropertyName [string] $PropertyValue <#(ExceptionValue)#> @@ -33,7 +33,7 @@ Class DnsServerSettingRule : Rule .PARAMETER Rule The STIG rule to load #> - DnsServerSettingRule ([xml.xmlelement] $Rule) : Base ($Rule) + DnsServerSettingRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -45,7 +45,7 @@ Class DnsServerSettingRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - DnsServerSettingRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + DnsServerSettingRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.Document/Convert/DocumentRule.Convert.psm1 b/source/Module/Rule.Document/Convert/DocumentRule.Convert.psm1 index 771308d2e..b30c15c48 100644 --- a/source/Module/Rule.Document/Convert/DocumentRule.Convert.psm1 +++ b/source/Module/Rule.Document/Convert/DocumentRule.Convert.psm1 @@ -21,7 +21,7 @@ foreach ($supportFile in $supportFileList) document rule, it is passed to the DocumentRuleConvert class for parsing and validation. #> -Class DocumentRuleConvert : DocumentRule +class DocumentRuleConvert : DocumentRule { <# .SYNOPSIS @@ -37,7 +37,7 @@ Class DocumentRuleConvert : DocumentRule .PARAMETER XccdfRule The STIG rule to convert #> - DocumentRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + DocumentRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.DscResource = 'None' } diff --git a/source/Module/Rule.Document/DocumentRule.psm1 b/source/Module/Rule.Document/DocumentRule.psm1 index 0ee02ffe5..003a1b155 100644 --- a/source/Module/Rule.Document/DocumentRule.psm1 +++ b/source/Module/Rule.Document/DocumentRule.psm1 @@ -11,7 +11,7 @@ using module .\..\Rule\Rule.psm1 The DocumentRule class is used to maange the Document Settings. #> -Class DocumentRule : Rule +class DocumentRule : Rule { <# .SYNOPSIS @@ -50,7 +50,7 @@ Class DocumentRule : Rule .PARAMETER Rule The STIG rule to load #> - DocumentRule ([xml.xmlelement] $Rule) : Base ($Rule) + DocumentRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -62,7 +62,7 @@ Class DocumentRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - DocumentRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + DocumentRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.FileContent/Convert/FileContentRule.Convert.psm1 b/source/Module/Rule.FileContent/Convert/FileContentRule.Convert.psm1 index d4e7ed17e..d1b6ec430 100644 --- a/source/Module/Rule.FileContent/Convert/FileContentRule.Convert.psm1 +++ b/source/Module/Rule.FileContent/Convert/FileContentRule.Convert.psm1 @@ -20,7 +20,7 @@ foreach ($supportFile in $supportFileList) The FileContentRule class is used to manage STIGs for applications that utilize a configuration file to manage security settings #> -Class FileContentRuleConvert : FileContentRule +class FileContentRuleConvert : FileContentRule { <# .SYNOPSIS @@ -36,7 +36,7 @@ Class FileContentRuleConvert : FileContentRule .PARAMETER XccdfRule The STIG rule to convert #> - FileContentRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + FileContentRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetKeyName() $this.SetValue() @@ -87,7 +87,7 @@ Class FileContentRuleConvert : FileContentRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { if ($this.Key -match 'deployment.') { diff --git a/source/Module/Rule.FileContent/Convert/FileContentType/FileContentType.psm1 b/source/Module/Rule.FileContent/Convert/FileContentType/FileContentType.psm1 index 457a560f7..bf49fcdda 100644 --- a/source/Module/Rule.FileContent/Convert/FileContentType/FileContentType.psm1 +++ b/source/Module/Rule.FileContent/Convert/FileContentType/FileContentType.psm1 @@ -11,7 +11,7 @@ .PARAMETER Instance Maintains a single instance of the class object #> -Class FileContentType +class FileContentType { static [FileContentType] $Instance #region Constructor diff --git a/source/Module/Rule.FileContent/FileContentRule.psm1 b/source/Module/Rule.FileContent/FileContentRule.psm1 index c72da50ad..41a0837cb 100644 --- a/source/Module/Rule.FileContent/FileContentRule.psm1 +++ b/source/Module/Rule.FileContent/FileContentRule.psm1 @@ -14,7 +14,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER Value Specifies the value of the configuration setting #> -Class FileContentRule : Rule +class FileContentRule : Rule { [string] $Key [string] $Value <#(ExceptionValue)#> @@ -33,7 +33,7 @@ Class FileContentRule : Rule .PARAMETER Rule The STIG rule to load #> - FileContentRule ([xml.xmlelement] $Rule) : Base ($Rule) + FileContentRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -45,7 +45,7 @@ Class FileContentRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - FileContentRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + FileContentRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.Group/Convert/GroupRule.Convert.psm1 b/source/Module/Rule.Group/Convert/GroupRule.Convert.psm1 index 7891748a8..270cde3b8 100644 --- a/source/Module/Rule.Group/Convert/GroupRule.Convert.psm1 +++ b/source/Module/Rule.Group/Convert/GroupRule.Convert.psm1 @@ -21,7 +21,7 @@ foreach ($supportFile in $supportFileList) group rule, it is passed to the GroupRuleConvert class for parsing and validation. #> -Class GroupRuleConvert : GroupRule +class GroupRuleConvert : GroupRule { <# .SYNOPSIS @@ -37,7 +37,7 @@ Class GroupRuleConvert : GroupRule .PARAMETER XccdfRule The STIG rule to convert #> - GroupRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + GroupRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetGroupName() $this.SetMembersToExclude() @@ -96,7 +96,7 @@ Class GroupRuleConvert : GroupRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'Group' } diff --git a/source/Module/Rule.Group/GroupRule.psm1 b/source/Module/Rule.Group/GroupRule.psm1 index 78bcffca8..562f3fac1 100644 --- a/source/Module/Rule.Group/GroupRule.psm1 +++ b/source/Module/Rule.Group/GroupRule.psm1 @@ -14,7 +14,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER MembersToExclude The list of memmbers that are not allowed to be in the group #> -Class GroupRule : Rule +class GroupRule : Rule { [string] $GroupName [string[]] $MembersToExclude <#(ExceptionValue)#> @@ -33,7 +33,7 @@ Class GroupRule : Rule .PARAMETER Rule The STIG rule to load #> - GroupRule ([xml.xmlelement] $Rule) : Base ($Rule) + GroupRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -45,7 +45,7 @@ Class GroupRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - GroupRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + GroupRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.HardCoded/Convert/HardCodedRule.Convert.psm1 b/source/Module/Rule.HardCoded/Convert/HardCodedRule.Convert.psm1 index df6f33f02..2021fd9c7 100644 --- a/source/Module/Rule.HardCoded/Convert/HardCodedRule.Convert.psm1 +++ b/source/Module/Rule.HardCoded/Convert/HardCodedRule.Convert.psm1 @@ -36,7 +36,7 @@ using module .\..\..\Rule.WindowsFeature\Convert\WindowsFeatureRule.Convert.psm1 a predefined rule type. The configuration details are then extracted and validated before returning the object. #> -Class HardCodedRuleConvert +class HardCodedRuleConvert { [System.Object] $Rule <# diff --git a/source/Module/Rule.IISLogging/Convert/IISLoggingRule.Convert.psm1 b/source/Module/Rule.IISLogging/Convert/IISLoggingRule.Convert.psm1 index 3d5cea609..c7cfccd4b 100644 --- a/source/Module/Rule.IISLogging/Convert/IISLoggingRule.Convert.psm1 +++ b/source/Module/Rule.IISLogging/Convert/IISLoggingRule.Convert.psm1 @@ -23,7 +23,7 @@ foreach ($supportFile in $supportFileList) IIS Log rule, it is passed to the IisLoggingRuleConvert class for parsing and validation. #> -Class IisLoggingRuleConvert : IisLoggingRule +class IisLoggingRuleConvert : IisLoggingRule { <# .SYNOPSIS @@ -39,9 +39,8 @@ Class IisLoggingRuleConvert : IisLoggingRule .PARAMETER XccdfRule The STIG rule to convert #> - IisLoggingRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + IisLoggingRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { - if ($this.conversionstatus -eq 'pass') { $this.SetDuplicateRule() @@ -174,7 +173,7 @@ Class IisLoggingRuleConvert : IisLoggingRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { if ($global:stigTitle -match "Server") { diff --git a/source/Module/Rule.IISLogging/IISLoggingRule.psm1 b/source/Module/Rule.IISLogging/IISLoggingRule.psm1 index c67222d1d..33b8fc6e9 100644 --- a/source/Module/Rule.IISLogging/IISLoggingRule.psm1 +++ b/source/Module/Rule.IISLogging/IISLoggingRule.psm1 @@ -19,7 +19,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER LogTargetW3C #> -Class IisLoggingRule : Rule +class IisLoggingRule : Rule { [object[]] $LogCustomFieldEntry [string] $LogFlags @@ -41,7 +41,7 @@ Class IisLoggingRule : Rule .PARAMETER Rule The STIG rule to load #> - IisLoggingRule ([xml.xmlelement] $Rule) : Base ($Rule) + IisLoggingRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -53,7 +53,7 @@ Class IisLoggingRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - IisLoggingRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + IisLoggingRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.Manual/Convert/ManualRule.Convert.psm1 b/source/Module/Rule.Manual/Convert/ManualRule.Convert.psm1 index 7a803e249..d16c811e0 100644 --- a/source/Module/Rule.Manual/Convert/ManualRule.Convert.psm1 +++ b/source/Module/Rule.Manual/Convert/ManualRule.Convert.psm1 @@ -20,7 +20,7 @@ foreach ($supportFile in $supportFileList) check-content of the xccdf. Once a STIG rule is identifed as a manual rule, it is passed to the ManualRule class for parsing and validation. #> -Class ManualRuleConvert : ManualRule +class ManualRuleConvert : ManualRule { <# .SYNOPSIS @@ -36,7 +36,7 @@ Class ManualRuleConvert : ManualRule .PARAMETER XccdfRule The STIG rule to convert #> - ManualRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + ManualRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.DscResource = 'None' } diff --git a/source/Module/Rule.Manual/ManualRule.psm1 b/source/Module/Rule.Manual/ManualRule.psm1 index 18463bb91..77c48db88 100644 --- a/source/Module/Rule.Manual/ManualRule.psm1 +++ b/source/Module/Rule.Manual/ManualRule.psm1 @@ -11,7 +11,7 @@ using module .\..\Rule\Rule.psm1 The ManualRule class is used to maange the Account Policy Settings. #> -Class ManualRule : Rule +class ManualRule : Rule { <#(ExceptionValue)#> @@ -29,7 +29,7 @@ Class ManualRule : Rule .PARAMETER Rule The STIG rule to load #> - ManualRule ([xml.xmlelement] $Rule) : Base ($Rule) + ManualRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -41,7 +41,7 @@ Class ManualRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - ManualRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + ManualRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.MimeType/Convert/MimeTypeRule.Convert.psm1 b/source/Module/Rule.MimeType/Convert/MimeTypeRule.Convert.psm1 index d21f9940a..6c113e3de 100644 --- a/source/Module/Rule.MimeType/Convert/MimeTypeRule.Convert.psm1 +++ b/source/Module/Rule.MimeType/Convert/MimeTypeRule.Convert.psm1 @@ -22,7 +22,7 @@ foreach ($supportFile in $supportFileList) and validation. #> -Class MimeTypeRuleConvert : MimeTypeRule +class MimeTypeRuleConvert : MimeTypeRule { <# .SYNOPSIS @@ -38,7 +38,7 @@ Class MimeTypeRuleConvert : MimeTypeRule .PARAMETER XccdfRule The STIG rule to convert #> - MimeTypeRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + MimeTypeRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetExtension() $this.SetMimeType() @@ -139,7 +139,7 @@ Class MimeTypeRuleConvert : MimeTypeRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'xIisMimeTypeMapping' } diff --git a/source/Module/Rule.MimeType/MimeTypeRule.psm1 b/source/Module/Rule.MimeType/MimeTypeRule.psm1 index 8c65a615e..3d7c35be4 100644 --- a/source/Module/Rule.MimeType/MimeTypeRule.psm1 +++ b/source/Module/Rule.MimeType/MimeTypeRule.psm1 @@ -16,7 +16,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER Ensure A present or absent flag #> -Class MimeTypeRule : Rule +class MimeTypeRule : Rule { [string] $Extension [string] $MimeType @@ -36,7 +36,7 @@ Class MimeTypeRule : Rule .PARAMETER Rule The STIG rule to load #> - MimeTypeRule ([xml.xmlelement] $Rule) : Base ($Rule) + MimeTypeRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -48,7 +48,7 @@ Class MimeTypeRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - MimeTypeRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + MimeTypeRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.Permission/Convert/Methods.ps1 b/source/Module/Rule.Permission/Convert/Methods.ps1 index 9f4439c9d..07bb4d291 100644 --- a/source/Module/Rule.Permission/Convert/Methods.ps1 +++ b/source/Module/Rule.Permission/Convert/Methods.ps1 @@ -546,7 +546,7 @@ function Convert-RightsConstant { $string.Split(',') } - elseIf ( $string.Contains('/') ) + elseif ($string.Contains('/')) { $string.Split('/') } @@ -651,7 +651,7 @@ function Split-MultiplePermissionRule $headerLineRange = 0..($hklmSecurityMatch.LineNumber - 2) $footerLineRange = ($lastPermissonMatch.LineNumber)..($checkContent.Length - 1) } - elseIf ( + elseif ( $checkContent -match $regularExpression.rootOfC -and $checkContent -match $regularExpression.programFilesWin10 -and $checkContent -match $regularExpression.winDir diff --git a/source/Module/Rule.Permission/Convert/PermissionRule.Convert.psm1 b/source/Module/Rule.Permission/Convert/PermissionRule.Convert.psm1 index f43c73e28..9ce607158 100644 --- a/source/Module/Rule.Permission/Convert/PermissionRule.Convert.psm1 +++ b/source/Module/Rule.Permission/Convert/PermissionRule.Convert.psm1 @@ -21,7 +21,7 @@ foreach ($supportFile in $supportFileList) permission rule, it is passed to the PermissionRule class for parsing and validation. #> -Class PermissionRuleConvert : PermissionRule +class PermissionRuleConvert : PermissionRule { <# .SYNOPSIS @@ -37,7 +37,7 @@ Class PermissionRuleConvert : PermissionRule .PARAMETER XccdfRule The STIG rule to convert #> - PermissionRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + PermissionRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetPath() $this.SetDscResource() @@ -121,7 +121,7 @@ Class PermissionRuleConvert : PermissionRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { if ($this.Path) { @@ -141,7 +141,7 @@ Class PermissionRuleConvert : PermissionRule } } } - elseIf ($this.RawString -match 'Auditing Tab') + elseif ($this.RawString -match 'Auditing Tab') { $this.DscResource = 'FileSystemAuditRuleEntry' } diff --git a/source/Module/Rule.Permission/PermissionRule.psm1 b/source/Module/Rule.Permission/PermissionRule.psm1 index 29375bfe7..5d4b74ca1 100644 --- a/source/Module/Rule.Permission/PermissionRule.psm1 +++ b/source/Module/Rule.Permission/PermissionRule.psm1 @@ -16,7 +16,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER Force A flag that will overwrite the current ACE in the ACL instead of merge #> -Class PermissionRule : Rule +class PermissionRule : Rule { [string] $Path [object[]] $AccessControlEntry <#(ExceptionValue)#> @@ -36,7 +36,7 @@ Class PermissionRule : Rule .PARAMETER Rule The STIG rule to load #> - PermissionRule ([xml.xmlelement] $Rule) : Base ($Rule) + PermissionRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -48,7 +48,7 @@ Class PermissionRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - PermissionRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + PermissionRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.ProcessMitigation/Convert/ProcessMitigationRule.Convert.psm1 b/source/Module/Rule.ProcessMitigation/Convert/ProcessMitigationRule.Convert.psm1 index 8a41645a5..e8661d24f 100644 --- a/source/Module/Rule.ProcessMitigation/Convert/ProcessMitigationRule.Convert.psm1 +++ b/source/Module/Rule.ProcessMitigation/Convert/ProcessMitigationRule.Convert.psm1 @@ -23,7 +23,7 @@ foreach ($supportFile in $supportFileList) for parsing and validation. #> -Class ProcessMitigationRuleConvert : ProcessMitigationRule +class ProcessMitigationRuleConvert : ProcessMitigationRule { <# .SYNOPSIS @@ -39,7 +39,7 @@ Class ProcessMitigationRuleConvert : ProcessMitigationRule .PARAMETER XccdfRule The STIG rule to convert #> - ProcessMitigationRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + ProcessMitigationRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetMitigationTarget() $this.SetMitigationToEnable() @@ -122,7 +122,7 @@ Class ProcessMitigationRuleConvert : ProcessMitigationRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'ProcessMitigation' } diff --git a/source/Module/Rule.ProcessMitigation/ProcessMitigationRule.psm1 b/source/Module/Rule.ProcessMitigation/ProcessMitigationRule.psm1 index da1041cc7..3a7eb876b 100644 --- a/source/Module/Rule.ProcessMitigation/ProcessMitigationRule.psm1 +++ b/source/Module/Rule.ProcessMitigation/ProcessMitigationRule.psm1 @@ -16,7 +16,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER Disable A flag to disable the mitigation rule #> -Class ProcessMitigationRule : Rule +class ProcessMitigationRule : Rule { [string] $MitigationTarget [string] $Enable @@ -36,7 +36,7 @@ Class ProcessMitigationRule : Rule .PARAMETER Rule The STIG rule to load #> - ProcessMitigationRule ([xml.xmlelement] $Rule) : Base ($Rule) + ProcessMitigationRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -48,7 +48,7 @@ Class ProcessMitigationRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - ProcessMitigationRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + ProcessMitigationRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.Registry/Convert/Functions.SingleLine.ps1 b/source/Module/Rule.Registry/Convert/Functions.SingleLine.ps1 index fd8278534..f524bc967 100644 --- a/source/Module/Rule.Registry/Convert/Functions.SingleLine.ps1 +++ b/source/Module/Rule.Registry/Convert/Functions.SingleLine.ps1 @@ -216,7 +216,7 @@ function Get-McAfeeRegistryPath if ($CheckContent -match "Software\\McAfee") { $path = "HKEY_LOCAL_MACHINE\Software\Wow6432Node\McAfee\" - if($CheckContent -match 'DesktopProtection') + if ($CheckContent -match 'DesktopProtection') { $mcafeePath = $CheckContent | Select-String -Pattern 'DesktopProtection.*$' } diff --git a/source/Module/Rule.Registry/Convert/Methods.ps1 b/source/Module/Rule.Registry/Convert/Methods.ps1 index 1973e9f48..ee7fcdeb3 100644 --- a/source/Module/Rule.Registry/Convert/Methods.ps1 +++ b/source/Module/Rule.Registry/Convert/Methods.ps1 @@ -1050,7 +1050,7 @@ function Split-MultipleRegistryEntries If a check contains only the registry hive, but have multiple/unique paths,type,names,and values, then reference the single hive for each path that is discovered. #> - elseIf ( $paths.count -gt 1 -and $types.count -eq 1 -and $names.count -eq 1 -and $values.count -eq 1 ) + elseif ($paths.count -gt 1 -and $types.count -eq 1 -and $names.count -eq 1 -and $values.count -eq 1) { Write-Verbose -Message "[$($MyInvocation.MyCommand.Name)] Paths : $($paths.count)" @@ -1071,7 +1071,7 @@ function Split-MultipleRegistryEntries If a check contains a single registry hive, path, type, and value, but multiple value names, then reference the single hive hive, path, type, and value for each value name that is discovered. #> - elseIf ( $names.count -gt 1 -and $types.count -eq 1 -and $values.count -eq 1 ) + elseif ($names.count -gt 1 -and $types.count -eq 1 -and $values.count -eq 1) { Write-Verbose -Message "[$($MyInvocation.MyCommand.Name)] Values : $($names.count)" @@ -1092,7 +1092,7 @@ function Split-MultipleRegistryEntries If a check contains a single registry hive and path, but multiple values, then reference the single hive and path for each value name that is discovered. #> - elseIf ( $names.count -gt 1 -and $types.count -gt 1 ) + elseif ($names.count -gt 1 -and $types.count -gt 1) { Write-Verbose -Message "[$($MyInvocation.MyCommand.Name)] Values : $($names.count)" @@ -1109,7 +1109,7 @@ function Split-MultipleRegistryEntries $registryEntryCounter ++ } } - elseIf ( $hives.count -eq 1 -and $paths.count -gt 1 -and $types.count -eq 1 -and $names.count -eq 1 -and $values.count -eq 1 ) + elseif ($hives.count -eq 1 -and $paths.count -gt 1 -and $types.count -eq 1 -and $names.count -eq 1 -and $values.count -eq 1) { foreach ( $registryRule in $names ) { @@ -1124,9 +1124,9 @@ function Split-MultipleRegistryEntries $registryEntryCounter ++ } } - elseIf ( $hives.count -eq 1 -and $paths.count -eq 1 -and $types.count -eq 1 -and $names.count -gt 1 -and $values.count -gt 1 ) + elseif ($hives.count -eq 1 -and $paths.count -eq 1 -and $types.count -eq 1 -and $names.count -gt 1 -and $values.count -gt 1) { - foreach ( $registryRule in $values ) + foreach ($registryRule in $values) { $newSplitRegistryEntry = @( $hives[0], @@ -1166,56 +1166,56 @@ function Set-RegistryPatternLog ( [Parameter(Mandatory = $true)] [string] - $Pattern, + $Pattern, [Parameter()] [string] $Rule ) - - <# + + <# Load table with patterns from Core data file. Build the in-memory table of patterns #> - if(-not $global:patternTable) + if (-not $global:patternTable) { - $nonestedItems = $global:SingleLineRegistryPath.GetEnumerator() | + $nonestedItems = $global:SingleLineRegistryPath.GetEnumerator() | Where-Object { $_.Value['Select'] -ne $null } - - $nestedItems = $global:SingleLineRegistryPath.GetEnumerator() | + + $nestedItems = $global:SingleLineRegistryPath.GetEnumerator() | Where-Object { $_.Value['Select'] -eq $null } | Select-Object {$_.Value } -ExpandProperty Value - $regPathTable = $nonestedItems.GetEnumerator() | + $regPathTable = $nonestedItems.GetEnumerator() | ForEach-Object { New-Object -TypeName PSObject -Property @{Pattern=$_.Value['Select']; Count=0; Type='RegistryPath'}} - - $regPathTable += $nestedItems.GetEnumerator() | - Where-Object { $_.Value['Select'] -ne $null } | + + $regPathTable += $nestedItems.GetEnumerator() | + Where-Object { $_.Value['Select'] -ne $null } | ForEach-Object { New-Object -TypeName PSObject -Property @{Pattern=$_.Value['Select']; Count=0; Type='RegistryPath'}} - - $regValueTypeTable = $global:SingleLineRegistryValueType.GetEnumerator() | - Where-Object { $_.Value['Select'] -ne $null } | + + $regValueTypeTable = $global:SingleLineRegistryValueType.GetEnumerator() | + Where-Object { $_.Value['Select'] -ne $null } | ForEach-Object { New-Object -TypeName PSObject -Property @{Pattern=$_.Value['Select']; Count=0; Type='ValueType'}} - - $regValueNameTable = $global:SingleLineRegistryValueName.GetEnumerator() | - Where-Object { $_.Value['Select'] -ne $null } | + + $regValueNameTable = $global:SingleLineRegistryValueName.GetEnumerator() | + Where-Object { $_.Value['Select'] -ne $null } | ForEach-Object { New-Object -TypeName PSObject -Property @{Pattern=$_.Value['Select']; Count=0; Type='ValueName'}} - - $regValueDataTable = $global:SingleLineRegistryValueData.GetEnumerator() | - Where-Object { $_.Value['Select'] -ne $null } | + + $regValueDataTable = $global:SingleLineRegistryValueData.GetEnumerator() | + Where-Object { $_.Value['Select'] -ne $null } | ForEach-Object { New-Object -TypeName PSObject -Property @{Pattern=$_.Value['Select']; Count=0; Type='ValueData'}} - - $valueTypeTable = $regValueTypeTable | - Group-Object -Property "Pattern" | + + $valueTypeTable = $regValueTypeTable | + Group-Object -Property "Pattern" | ForEach-Object{ $_.Group | Select-Object 'Pattern','Count', 'Type' -First 1} - - $valueNameTable = $regValueNameTable | - Group-Object -Property "Pattern" | + + $valueNameTable = $regValueNameTable | + Group-Object -Property "Pattern" | ForEach-Object{ $_.Group | Select-Object 'Pattern','Count', 'Type' -First 1} - $valueDataTable = $regValueDataTable | - Group-Object -Property "Pattern" | + $valueDataTable = $regValueDataTable | + Group-Object -Property "Pattern" | ForEach-Object{ $_.Group | Select-Object 'Pattern','Count', 'Type' -First 1} - + $global:patternTable = $regPathTable + $valueTypeTable + $valueNameTable + $valueDataTable } @@ -1233,7 +1233,7 @@ function Set-RegistryPatternLog .PARAMETER Path Specifies a path to a directory with (unprocessed) xccdf.xml files or a specific xccdf.xml file. - Path should be StigData\Archive\{Directory Name} or StigData\Archive\{DirectoryName}\{*.xccdf.xml} + Path should be StigData\Archive\{Directory Name} or StigData\Archive\{DirectoryName}\{*.xccdf.xml} .Notes Expression patterns are only for Registry Rules, this could change in the future @@ -1264,7 +1264,7 @@ function Get-RegistryPatternLog } } } - + # If $Path is a file, process it $isFile = Test-Path $Path -pathType Leaf if ($isFile) @@ -1312,22 +1312,22 @@ function Test-StigProcessed # Setup, check $Path for Processed [xml]$XmlDocument = Get-Content -Path $Path $id = $XmlDocument.Benchmark | Select-Object id - - $version = $Path | Select-String -Pattern '(?<=_)V.*(?=_)' | + + $version = $Path | Select-String -Pattern '(?<=_)V.*(?=_)' | ForEach-Object { $_.Matches[0] -replace "V", "" -replace "R","\." } $conversionPath = Get-Item "$($PSScriptRoot)..\..\..\StigData\Processed" #Write-Host $testPath - $hasConversion = Get-ChildItem -Path $conversionPath -recurse | Where-Object { $_ | Select-String -Pattern $id.id } | Where-Object { $_ | Select-String -Pattern $version } - #$hasConversion = Get-ChildItem -Path ..\..\..\StigData\Processed -recurse | Where-Object { $_ | Select-String -Pattern $id.id } | Where-Object { $_ | Select-String -Pattern $version } - + $hasConversion = Get-ChildItem -Path $conversionPath -recurse | Where-Object { $_ | Select-String -Pattern $id.id } | Where-Object { $_ | Select-String -Pattern $version } + #$hasConversion = Get-ChildItem -Path ..\..\..\StigData\Processed -recurse | Where-Object { $_ | Select-String -Pattern $id.id } | Where-Object { $_ | Select-String -Pattern $version } + if ($hasConversion) { return $true } - else - { - return $false + else + { + return $false } } #endregion diff --git a/source/Module/Rule.Registry/Convert/RegistryRule.Convert.psm1 b/source/Module/Rule.Registry/Convert/RegistryRule.Convert.psm1 index 1bf6e01ab..ae3ea7b54 100644 --- a/source/Module/Rule.Registry/Convert/RegistryRule.Convert.psm1 +++ b/source/Module/Rule.Registry/Convert/RegistryRule.Convert.psm1 @@ -22,7 +22,7 @@ foreach ($supportFile in $supportFileList) registry rule, it is passed to the RegistryRule class for parsing and validation. #> -Class RegistryRuleConvert : RegistryRule +class RegistryRuleConvert : RegistryRule { <# .SYNOPSIS @@ -38,9 +38,8 @@ Class RegistryRuleConvert : RegistryRule .PARAMETER XccdfRule The STIG rule to convert #> - RegistryRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + RegistryRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { - $fixText = [RegistryRule]::GetFixText($XccdfRule) if ($global:stigTitle -match 'Adobe Acrobat Reader') @@ -368,7 +367,7 @@ Class RegistryRuleConvert : RegistryRule hidden [void] SetDscResource ([string] $FixText) { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { if ($FixText -match 'Administrative Templates' -or $this.key -match "(^hkcu|^HKEY_CURRENT_USER)") { diff --git a/source/Module/Rule.Registry/RegistryRule.psm1 b/source/Module/Rule.Registry/RegistryRule.psm1 index 2c1a624d8..ef23df226 100644 --- a/source/Module/Rule.Registry/RegistryRule.psm1 +++ b/source/Module/Rule.Registry/RegistryRule.psm1 @@ -23,7 +23,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER Ensure A present or absent flag #> -Class RegistryRule : Rule +class RegistryRule : Rule { [string] $Key [string] $ValueName @@ -45,7 +45,7 @@ Class RegistryRule : Rule .PARAMETER Rule The STIG rule to load #> - RegistryRule ([xml.xmlelement] $Rule) : Base ($Rule) + RegistryRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -57,7 +57,7 @@ Class RegistryRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - RegistryRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + RegistryRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.SecurityOption/Convert/SecurityOptionRule.Convert.psm1 b/source/Module/Rule.SecurityOption/Convert/SecurityOptionRule.Convert.psm1 index 0468f2abb..1e26aa7ce 100644 --- a/source/Module/Rule.SecurityOption/Convert/SecurityOptionRule.Convert.psm1 +++ b/source/Module/Rule.SecurityOption/Convert/SecurityOptionRule.Convert.psm1 @@ -14,7 +14,7 @@ using namespace System.Text Security Option rule. The configuration details are then extracted and validated before returning the object. #> -Class SecurityOptionRuleConvert : SecurityOptionRule +class SecurityOptionRuleConvert : SecurityOptionRule { <# .SYNOPSIS @@ -30,7 +30,7 @@ Class SecurityOptionRuleConvert : SecurityOptionRule .PARAMETER XccdfRule The STIG rule to convert #> - SecurityOptionRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + SecurityOptionRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { [System.Text.RegularExpressions.Match] $tokens = $this.ExtractProperties() $this.SetOptionName($tokens) @@ -144,7 +144,7 @@ Class SecurityOptionRuleConvert : SecurityOptionRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'SecurityOption' } diff --git a/source/Module/Rule.SecurityOption/SecurityOptionRule.psm1 b/source/Module/Rule.SecurityOption/SecurityOptionRule.psm1 index 3f75ae35f..8bfa7aabc 100644 --- a/source/Module/Rule.SecurityOption/SecurityOptionRule.psm1 +++ b/source/Module/Rule.SecurityOption/SecurityOptionRule.psm1 @@ -14,7 +14,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER OptionValue The security option value #> -Class SecurityOptionRule : Rule +class SecurityOptionRule : Rule { [ValidateNotNullOrEmpty()] [string] $OptionName [ValidateNotNullOrEmpty()] [string] $OptionValue <#(ExceptionValue)#> @@ -33,7 +33,7 @@ Class SecurityOptionRule : Rule .PARAMETER Rule The STIG rule to load #> - SecurityOptionRule ([xml.xmlelement] $Rule) : Base ($Rule) + SecurityOptionRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -45,7 +45,7 @@ Class SecurityOptionRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - SecurityOptionRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + SecurityOptionRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.Service/Convert/Methods.ps1 b/source/Module/Rule.Service/Convert/Methods.ps1 index 1fb8c460b..c7551b135 100644 --- a/source/Module/Rule.Service/Convert/Methods.ps1 +++ b/source/Module/Rule.Service/Convert/Methods.ps1 @@ -18,19 +18,19 @@ function Get-ServiceName Write-Verbose "[$($MyInvocation.MyCommand.Name)]" - if ( $checkContent -match $regularExpression.McAfee ) + if ( $checkContent -match $regularExpression.McAfee) { $serviceName = 'masvc' } - elseif ( $checkContent -match $regularExpression.SmartCardRemovalPolicy ) + elseif ($checkContent -match $regularExpression.SmartCardRemovalPolicy) { $serviceName = 'SCPolicySvc' } - elseif ( $checkContent -match $regularExpression.SecondaryLogon ) + elseif ($checkContent -match $regularExpression.SecondaryLogon) { $serviceName = 'seclogon' } - elseif ( $checkContent -match $regularExpression.followingservices ) + elseif ($checkContent -match $regularExpression.followingservices) { $regexMatch = $checkContent | Select-String '-' $svcArray = @() @@ -58,8 +58,8 @@ function Get-ServiceName $serviceName = $regexMatch.matches.groups[-1].Value } } - <# - There is an edge case with the rule concerning the FTP Service. All service rules have the service names inside of parentheses + <# + There is an edge case with the rule concerning the FTP Service. All service rules have the service names inside of parentheses (ex. (servicename)), however the rule pertaining to the FTP service presents this scenario: (Service name: FTPSVC) #> if ( $serviceName -match 'Service name: FTPSVC' ) @@ -109,16 +109,16 @@ function Get-ServiceState $serviceName = Get-ServiceName -CheckContent $checkContent # ServiceState McAfee and Smartcard is running everything else is stopped - if ( $serviceName -match 'masvc' -or $serviceName -eq 'SCPolicySvc' ) + if ($serviceName -match 'masvc' -or $serviceName -eq 'SCPolicySvc') { return 'Running' } - elseif ( $checkContent -match 'is installed and not disabled, this is a finding' ) + elseif ($checkContent -match 'is installed and not disabled, this is a finding') { return 'Stopped' } - elseif ( $checkContent -match 'is not set to Automatic, this is a finding' -or - $checkContent -match 'is not Automatic, this is a finding' ) + elseif ($checkContent -match 'is not set to Automatic, this is a finding' -or + $checkContent -match 'is not Automatic, this is a finding') { return 'Running' } @@ -148,16 +148,16 @@ function Get-ServiceStartupType $serviceName = Get-ServiceName -CheckContent $checkContent # StartupType McAfee and Smartcard is Automatic everything else is disabled - if ( $serviceName -match 'masvc' -or $serviceName -eq 'SCPolicySvc' ) + if ($serviceName -match 'masvc' -or $serviceName -eq 'SCPolicySvc') { return 'Automatic' } - elseif ( $checkContent -match 'is installed and not disabled, this is a finding' ) + elseif ($checkContent -match 'is installed and not disabled, this is a finding') { return 'Disabled' } - elseif ( $checkContent -match 'is not set to Automatic, this is a finding' -or - $checkContent -match 'is not Automatic, this is a finding' ) + elseif ($checkContent -match 'is not set to Automatic, this is a finding' -or + $checkContent -match 'is not Automatic, this is a finding') { return 'Automatic' } diff --git a/source/Module/Rule.Service/Convert/ServiceRule.Convert.psm1 b/source/Module/Rule.Service/Convert/ServiceRule.Convert.psm1 index e9a22212a..029b281b1 100644 --- a/source/Module/Rule.Service/Convert/ServiceRule.Convert.psm1 +++ b/source/Module/Rule.Service/Convert/ServiceRule.Convert.psm1 @@ -20,7 +20,7 @@ foreach ($supportFile in $supportFileList) check-content of the xccdf. Once a STIG rule is identified a service rule, it is passed to the ServiceRule class for parsing and validation. #> -Class ServiceRuleConvert : ServiceRule +class ServiceRuleConvert : ServiceRule { <# .SYNOPSIS @@ -36,7 +36,7 @@ Class ServiceRuleConvert : ServiceRule .PARAMETER XccdfRule The STIG rule to convert #> - ServiceRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + ServiceRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetServiceName() $this.SetServiceState() @@ -153,7 +153,7 @@ Class ServiceRuleConvert : ServiceRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'Service' } diff --git a/source/Module/Rule.Service/ServiceRule.psm1 b/source/Module/Rule.Service/ServiceRule.psm1 index 722613b32..2d78eb4ac 100644 --- a/source/Module/Rule.Service/ServiceRule.psm1 +++ b/source/Module/Rule.Service/ServiceRule.psm1 @@ -18,7 +18,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER Ensure A present or absent flag #> -Class ServiceRule : Rule +class ServiceRule : Rule { [string] $ServiceName [string] $ServiceState @@ -39,7 +39,7 @@ Class ServiceRule : Rule .PARAMETER Rule The STIG rule to load #> - ServiceRule ([xml.xmlelement] $Rule) : Base ($Rule) + ServiceRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -51,7 +51,7 @@ Class ServiceRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - ServiceRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + ServiceRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.Skip/Skip.psm1 b/source/Module/Rule.Skip/Skip.psm1 index 7ff16c97c..891af6eb8 100644 --- a/source/Module/Rule.Skip/Skip.psm1 +++ b/source/Module/Rule.Skip/Skip.psm1 @@ -16,7 +16,7 @@ using module .\..\Rule\Rule.psm1 .NOTES This class requires PowerShell v5 or above. #> -Class SkippedRule : Rule +class SkippedRule : Rule { <# .SYNOPSIS @@ -40,7 +40,7 @@ Class SkippedRule : Rule .PARAMETER Rule The Stig Rule #> - SkippedRule ([xml.xmlelement] $Rule) : Base ($Rule) + SkippedRule ([xml.xmlelement] $Rule) : base ($Rule) { $this.UpdateRuleTitle('Skip') } diff --git a/source/Module/Rule.SqlScriptQuery/Convert/SqlScriptQueryRule.Convert.psm1 b/source/Module/Rule.SqlScriptQuery/Convert/SqlScriptQueryRule.Convert.psm1 index 18be67b3c..17089bc9e 100644 --- a/source/Module/Rule.SqlScriptQuery/Convert/SqlScriptQueryRule.Convert.psm1 +++ b/source/Module/Rule.SqlScriptQuery/Convert/SqlScriptQueryRule.Convert.psm1 @@ -22,7 +22,7 @@ foreach ($supportFile in $supportFileList) SQL script query rule, it is passed to the SqlScriptQueryRule class for parsing and validation. #> -Class SqlScriptQueryRuleConvert : SqlScriptQueryRule +class SqlScriptQueryRuleConvert : SqlScriptQueryRule { <# .SYNOPSIS @@ -38,7 +38,7 @@ Class SqlScriptQueryRuleConvert : SqlScriptQueryRule .PARAMETER XccdfRule The STIG rule to convert #> - SqlScriptQueryRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + SqlScriptQueryRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $ruleType = $this.GetRuleType($this.splitCheckContent) $fixText = [SqlScriptQueryRule]::GetFixText($XccdfRule) @@ -154,7 +154,7 @@ Class SqlScriptQueryRuleConvert : SqlScriptQueryRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'SqlScriptQuery' } @@ -166,7 +166,7 @@ Class SqlScriptQueryRuleConvert : SqlScriptQueryRule static [bool] Match ([string] $CheckContent) { - <# + <# Provide match criteria to validate that the rule is (or is not) a SQL rule. Standard match rules #> diff --git a/source/Module/Rule.SqlScriptQuery/SqlScriptQueryRule.psm1 b/source/Module/Rule.SqlScriptQuery/SqlScriptQueryRule.psm1 index dcc1a2308..4391667d1 100644 --- a/source/Module/Rule.SqlScriptQuery/SqlScriptQueryRule.psm1 +++ b/source/Module/Rule.SqlScriptQuery/SqlScriptQueryRule.psm1 @@ -16,7 +16,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER SetScript The set script content #> -Class SqlScriptQueryRule : Rule +class SqlScriptQueryRule : Rule { [string] $GetScript [string] $TestScript @@ -38,7 +38,7 @@ Class SqlScriptQueryRule : Rule .PARAMETER Rule The STIG rule to load #> - SqlScriptQueryRule ([xml.xmlelement] $Rule) : Base ($Rule) + SqlScriptQueryRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -50,7 +50,7 @@ Class SqlScriptQueryRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - SqlScriptQueryRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + SqlScriptQueryRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.SslSettings/Convert/SslSettingsRule.Convert.psm1 b/source/Module/Rule.SslSettings/Convert/SslSettingsRule.Convert.psm1 index 11970da57..f774728f4 100644 --- a/source/Module/Rule.SslSettings/Convert/SslSettingsRule.Convert.psm1 +++ b/source/Module/Rule.SslSettings/Convert/SslSettingsRule.Convert.psm1 @@ -13,7 +13,7 @@ using module .\..\SslSettingsRule.psm1 rule is identified as a web configuration property rule, it is passed to the WebConfigurationPropertyRule class for parsing and validation. #> -Class SslSettingsRuleConvert : SslSettingsRule +class SslSettingsRuleConvert : SslSettingsRule { <# .SYNOPSIS @@ -29,7 +29,7 @@ Class SslSettingsRuleConvert : SslSettingsRule .PARAMETER XccdfRule The STIG rule to convert #> - SslSettingsRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + SslSettingsRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetSslValue() @@ -86,7 +86,7 @@ Class SslSettingsRuleConvert : SslSettingsRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'xSslSettings' } diff --git a/source/Module/Rule.SslSettings/SslSettingsRule.psm1 b/source/Module/Rule.SslSettings/SslSettingsRule.psm1 index c477a6a62..ea88c5090 100644 --- a/source/Module/Rule.SslSettings/SslSettingsRule.psm1 +++ b/source/Module/Rule.SslSettings/SslSettingsRule.psm1 @@ -12,7 +12,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER Value The value the bindings should be set to #> -Class SslSettingsRule : Rule +class SslSettingsRule : Rule { [string] $Value <#(ExceptionValue)#> @@ -30,7 +30,7 @@ Class SslSettingsRule : Rule .PARAMETER Rule The STIG rule to load #> - SslSettingsRule ([xml.xmlelement] $Rule) : Base ($Rule) + SslSettingsRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -42,7 +42,7 @@ Class SslSettingsRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - SslSettingsRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + SslSettingsRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.UserRight/Convert/Methods.ps1 b/source/Module/Rule.UserRight/Convert/Methods.ps1 index d71c64147..84dc2a8d0 100644 --- a/source/Module/Rule.UserRight/Convert/Methods.ps1 +++ b/source/Module/Rule.UserRight/Convert/Methods.ps1 @@ -94,15 +94,15 @@ function Get-UserRightIdentity { [void] $return.Add('Administrators') } - elseif ( $checkContent -Match "If (any|the following){1} (accounts or groups|groups or accounts) (other than the following|are not defined){1}.*this is a finding" ) + elseif ($checkContent -Match "If (any|the following){1} (accounts or groups|groups or accounts) (other than the following|are not defined){1}.*this is a finding") { Write-Verbose "[$($MyInvocation.MyCommand.Name)] Ensure : Present" # There is an edge case where multiple finding statements are made, so a zero index is needed. - [int] $lineNumber = ( ( $checkContent | Select-String "this is a finding" )[0] ).LineNumber + [int] $lineNumber = (($checkContent | Select-String "this is a finding")[0]).LineNumber # Set the negative index number of the first group to process. $startLine = $lineNumber - $checkContent.Count - foreach ( $line in $checkContent[$startLine..-1] ) + foreach ($line in $checkContent[$startLine..-1]) { <# The Windows Server 2016 STIG prepends each identity with a dash space (- ) @@ -124,16 +124,16 @@ function Get-UserRightIdentity { [void] $return.Add("{Hyper-V}") } - elseif ( $line.Trim() -match "(^Enterprise|^Domain) (Admins|Admin)|^Guests" ) + elseif ($line.Trim() -match "(^Enterprise|^Domain) (Admins|Admin)|^Guests") { - if ( $line -match '\sAdmin\s' ) + if ($line -match '\sAdmin\s') { $line = $line -replace 'Admin', 'Admins' } # .Trim method is case sensitive, so the replace operator is used instead - [void] $return.Add( $($line.Trim() -replace ' Group').Trim() ) + [void] $return.Add($($line.Trim() -replace ' Group').Trim()) } - elseIf ($line.Trim() -match '"Local account and member of Administrators group" or "Local account"') + elseif ($line.Trim() -match '"Local account and member of Administrators group" or "Local account"') { [void] $return.Add('(Local account and member of Administrators group|Local account)') } @@ -148,7 +148,7 @@ function Get-UserRightIdentity } } } - elseif ( $checkContent -Match "If any (accounts or groups|groups or accounts).*are (granted|defined).*this is a finding" ) + elseif ($checkContent -Match "If any (accounts or groups|groups or accounts).*are (granted|defined).*this is a finding") { Write-Verbose "[$($MyInvocation.MyCommand.Name)] Ensure : Absent" @@ -173,11 +173,11 @@ function Test-SetForceFlag $CheckContent ) - if ( $checkContent -match 'If any (accounts or groups|groups or accounts) other than the following' ) + if ($checkContent -match 'If any (accounts or groups|groups or accounts) other than the following') { return $true } - elseif ( $checkContent -match 'If any (accounts or groups|groups or accounts)\s*(\(.*\),)?\s*are (granted|defined)' ) + elseif ($checkContent -match 'If any (accounts or groups|groups or accounts)\s*(\(.*\),)?\s*are (granted|defined)') { return $true } diff --git a/source/Module/Rule.UserRight/Convert/UserRightRule.Convert.psm1 b/source/Module/Rule.UserRight/Convert/UserRightRule.Convert.psm1 index fa2dfaee0..ceb2f4cec 100644 --- a/source/Module/Rule.UserRight/Convert/UserRightRule.Convert.psm1 +++ b/source/Module/Rule.UserRight/Convert/UserRightRule.Convert.psm1 @@ -21,7 +21,7 @@ foreach ($supportFile in $supportFileList) user right rule, it is passed to the UserRightRule class for parsing and validation. #> -Class UserRightRuleConvert : UserRightRule +class UserRightRuleConvert : UserRightRule { <# .SYNOPSIS @@ -37,7 +37,7 @@ Class UserRightRuleConvert : UserRightRule .PARAMETER XccdfRule The STIG rule to convert #> - UserRightRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + UserRightRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetDisplayName() $this.SetConstant() @@ -146,7 +146,7 @@ Class UserRightRuleConvert : UserRightRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'UserRightsAssignment' } diff --git a/source/Module/Rule.UserRight/UserRightRule.psm1 b/source/Module/Rule.UserRight/UserRightRule.psm1 index 510166678..33e468097 100644 --- a/source/Module/Rule.UserRight/UserRightRule.psm1 +++ b/source/Module/Rule.UserRight/UserRightRule.psm1 @@ -18,7 +18,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER Force A flag that replaces the identities vs append #> -Class UserRightRule : Rule +class UserRightRule : Rule { [ValidateNotNullOrEmpty()] [string] $DisplayName [ValidateNotNullOrEmpty()] [string] $Constant @@ -39,7 +39,7 @@ Class UserRightRule : Rule .PARAMETER Rule The STIG rule to load #> - UserRightRule ([xml.xmlelement] $Rule) : Base ($Rule) + UserRightRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -51,7 +51,7 @@ Class UserRightRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - UserRightRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + UserRightRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.WebAppPool/Convert/WebAppPoolRule.Convert.psm1 b/source/Module/Rule.WebAppPool/Convert/WebAppPoolRule.Convert.psm1 index d5b3b136d..ad1f6cd54 100644 --- a/source/Module/Rule.WebAppPool/Convert/WebAppPoolRule.Convert.psm1 +++ b/source/Module/Rule.WebAppPool/Convert/WebAppPoolRule.Convert.psm1 @@ -21,7 +21,7 @@ foreach ($supportFile in $supportFileList) webapp rule, it is passed to the WebAppPoolRule class for parsing and validation. #> -Class WebAppPoolRuleConvert : WebAppPoolRule +class WebAppPoolRuleConvert : WebAppPoolRule { <# .SYNOPSIS @@ -37,7 +37,7 @@ Class WebAppPoolRuleConvert : WebAppPoolRule .PARAMETER XccdfRule The STIG rule to convert #> - WebAppPoolRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + WebAppPoolRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetKeyValuePair() if ($this.IsOrganizationalSetting()) @@ -110,7 +110,7 @@ Class WebAppPoolRuleConvert : WebAppPoolRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'xWebAppPool' } diff --git a/source/Module/Rule.WebAppPool/WebAppPoolRule.psm1 b/source/Module/Rule.WebAppPool/WebAppPoolRule.psm1 index 96e2e84a1..d2f77e3ec 100644 --- a/source/Module/Rule.WebAppPool/WebAppPoolRule.psm1 +++ b/source/Module/Rule.WebAppPool/WebAppPoolRule.psm1 @@ -14,7 +14,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER Value The value the web.config key should be set to #> -Class WebAppPoolRule : Rule +class WebAppPoolRule : Rule { [string] $Key [string] $Value <#(ExceptionValue)#> @@ -33,7 +33,7 @@ Class WebAppPoolRule : Rule .PARAMETER Rule The STIG rule to load #> - WebAppPoolRule ([xml.xmlelement] $Rule) : Base ($Rule) + WebAppPoolRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -45,7 +45,7 @@ Class WebAppPoolRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - WebAppPoolRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + WebAppPoolRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.WebConfigurationProperty/Convert/WebConfigurationPropertyRule.Convert.psm1 b/source/Module/Rule.WebConfigurationProperty/Convert/WebConfigurationPropertyRule.Convert.psm1 index a7eb85622..f248ea7d6 100644 --- a/source/Module/Rule.WebConfigurationProperty/Convert/WebConfigurationPropertyRule.Convert.psm1 +++ b/source/Module/Rule.WebConfigurationProperty/Convert/WebConfigurationPropertyRule.Convert.psm1 @@ -22,7 +22,7 @@ foreach ($supportFile in $supportFileList) rule is identified as a web configuration property rule, it is passed to the WebConfigurationPropertyRule class for parsing and validation. #> -Class WebConfigurationPropertyRuleConvert : WebConfigurationPropertyRule +class WebConfigurationPropertyRuleConvert : WebConfigurationPropertyRule { <# .SYNOPSIS @@ -38,7 +38,7 @@ Class WebConfigurationPropertyRuleConvert : WebConfigurationPropertyRule .PARAMETER XccdfRule The STIG rule to convert #> - WebConfigurationPropertyRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + WebConfigurationPropertyRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetConfigSection() $this.SetKeyValuePair() @@ -132,7 +132,7 @@ Class WebConfigurationPropertyRuleConvert : WebConfigurationPropertyRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'xWebConfigKeyValue' } diff --git a/source/Module/Rule.WebConfigurationProperty/WebConfigurationPropertyRule.psm1 b/source/Module/Rule.WebConfigurationProperty/WebConfigurationPropertyRule.psm1 index baa14ed4d..381a900df 100644 --- a/source/Module/Rule.WebConfigurationProperty/WebConfigurationPropertyRule.psm1 +++ b/source/Module/Rule.WebConfigurationProperty/WebConfigurationPropertyRule.psm1 @@ -16,7 +16,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER Value The value the web.config key should be set to #> -Class WebConfigurationPropertyRule : Rule +class WebConfigurationPropertyRule : Rule { [string] $ConfigSection [string] $Key @@ -36,7 +36,7 @@ Class WebConfigurationPropertyRule : Rule .PARAMETER Rule The STIG rule to load #> - WebConfigurationPropertyRule ([xml.xmlelement] $Rule) : Base ($Rule) + WebConfigurationPropertyRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -48,7 +48,7 @@ Class WebConfigurationPropertyRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - WebConfigurationPropertyRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + WebConfigurationPropertyRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.WinEventLog/Convert/WinEventLogRule.Convert.psm1 b/source/Module/Rule.WinEventLog/Convert/WinEventLogRule.Convert.psm1 index f3c19e582..35fd6448b 100644 --- a/source/Module/Rule.WinEventLog/Convert/WinEventLogRule.Convert.psm1 +++ b/source/Module/Rule.WinEventLog/Convert/WinEventLogRule.Convert.psm1 @@ -23,7 +23,7 @@ foreach ($supportFile in $supportFileList) parsing and validation. #> -Class WinEventLogRuleConvert : WinEventLogRule +class WinEventLogRuleConvert : WinEventLogRule { <# .SYNOPSIS @@ -39,7 +39,7 @@ Class WinEventLogRuleConvert : WinEventLogRule .PARAMETER XccdfRule The STIG rule to convert #> - WinEventLogRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + WinEventLogRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetWinEventLogName() $this.SetWinEventLogIsEnabled() @@ -74,7 +74,7 @@ Class WinEventLogRuleConvert : WinEventLogRule hidden [void] SetDscResource () { - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { $this.DscResource = 'xWinEventLog' } diff --git a/source/Module/Rule.WinEventLog/WinEventLogRule.psm1 b/source/Module/Rule.WinEventLog/WinEventLogRule.psm1 index a5dfa8aa7..5ae14d320 100644 --- a/source/Module/Rule.WinEventLog/WinEventLogRule.psm1 +++ b/source/Module/Rule.WinEventLog/WinEventLogRule.psm1 @@ -14,7 +14,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER IsEnabled The enabled status of the log #> -Class WinEventLogRule : Rule +class WinEventLogRule : Rule { [string] $LogName [bool] $IsEnabled <#(ExceptionValue)#> @@ -33,7 +33,7 @@ Class WinEventLogRule : Rule .PARAMETER Rule The STIG rule to load #> - WinEventLogRule ([xml.xmlelement] $Rule) : Base ($Rule) + WinEventLogRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -45,7 +45,7 @@ Class WinEventLogRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - WinEventLogRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + WinEventLogRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule.WindowsFeature/Convert/WindowsFeatureRule.Convert.psm1 b/source/Module/Rule.WindowsFeature/Convert/WindowsFeatureRule.Convert.psm1 index 4747c6ae3..c7a42b128 100644 --- a/source/Module/Rule.WindowsFeature/Convert/WindowsFeatureRule.Convert.psm1 +++ b/source/Module/Rule.WindowsFeature/Convert/WindowsFeatureRule.Convert.psm1 @@ -23,7 +23,7 @@ foreach ($supportFile in $supportFileList) parsing and validation. #> -Class WindowsFeatureRuleConvert : WindowsFeatureRule +class WindowsFeatureRuleConvert : WindowsFeatureRule { <# .SYNOPSIS @@ -39,7 +39,7 @@ Class WindowsFeatureRuleConvert : WindowsFeatureRule .PARAMETER XccdfRule The STIG rule to convert #> - WindowsFeatureRuleConvert ([xml.xmlelement] $XccdfRule) : Base ($XccdfRule, $true) + WindowsFeatureRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true) { $this.SetFeatureName() $this.SetFeatureInstallState() @@ -137,7 +137,7 @@ Class WindowsFeatureRuleConvert : WindowsFeatureRule hidden [void] SetDscResource () { # Assigns the appropriate Windows Feature DSC Resource - if($null -eq $this.DuplicateOf) + if ($null -eq $this.DuplicateOf) { if ($global:stigTitle -match 'Windows 10') { diff --git a/source/Module/Rule.WindowsFeature/WindowsFeatureRule.psm1 b/source/Module/Rule.WindowsFeature/WindowsFeatureRule.psm1 index 871dcdbc2..32e318130 100644 --- a/source/Module/Rule.WindowsFeature/WindowsFeatureRule.psm1 +++ b/source/Module/Rule.WindowsFeature/WindowsFeatureRule.psm1 @@ -14,7 +14,7 @@ using module .\..\Rule\Rule.psm1 .PARAMETER Ensure The state the windows feature should be in #> -Class WindowsFeatureRule : Rule +class WindowsFeatureRule : Rule { [string] $Name [string] $Ensure <#(ExceptionValue)#> @@ -33,7 +33,7 @@ Class WindowsFeatureRule : Rule .PARAMETER Rule The STIG rule to load #> - WindowsFeatureRule ([xml.xmlelement] $Rule) : Base ($Rule) + WindowsFeatureRule ([xml.xmlelement] $Rule) : base ($Rule) { } @@ -45,7 +45,7 @@ Class WindowsFeatureRule : Rule .PARAMETER Convert A simple bool flag to create a unique constructor signature #> - WindowsFeatureRule ([xml.xmlelement] $Rule, [switch] $Convert) : Base ($Rule, $Convert) + WindowsFeatureRule ([xml.xmlelement] $Rule, [switch] $Convert) : base ($Rule, $Convert) { } diff --git a/source/Module/Rule/Convert/Functions.ps1 b/source/Module/Rule/Convert/Functions.ps1 index 6a437806c..86a12f9fe 100644 --- a/source/Module/Rule/Convert/Functions.ps1 +++ b/source/Module/Rule/Convert/Functions.ps1 @@ -91,7 +91,7 @@ function Get-HardCodedString $StigId ) - Switch ($stigId) + switch ($stigId) { {$PSItem -match 'V-(1089|63675|73647|93147)'} { @@ -183,7 +183,7 @@ function Get-HardCodedString $StigId ) - Switch ($stigId) + switch ($stigId) { {$PSItem -match 'V-3472.b'} { diff --git a/source/Module/Rule/Rule.LoadFactory.psm1 b/source/Module/Rule/Rule.LoadFactory.psm1 index 52fdaf9f5..e6d4449c3 100644 --- a/source/Module/Rule/Rule.LoadFactory.psm1 +++ b/source/Module/Rule/Rule.LoadFactory.psm1 @@ -28,7 +28,7 @@ class LoadFactory static [psobject] Rule ([xml.xmlelement] $Rule) { $return = $null - switch($Rule.ParentNode.Name) + switch ($Rule.ParentNode.Name) { 'AccountPolicyRule' {$return = [AccountPolicyRule]::new($Rule)} 'AuditPolicyRule' {$return = [AuditPolicyRule]::new($Rule)} diff --git a/source/Module/Rule/Rule.psm1 b/source/Module/Rule/Rule.psm1 index 9865a07ea..42c44db1c 100644 --- a/source/Module/Rule/Rule.psm1 +++ b/source/Module/Rule/Rule.psm1 @@ -40,7 +40,7 @@ foreach ($supportFile in $supportFileList) .PARAMETER DscResource Defines the DSC resource used to configure the rule #> -Class Rule : ICloneable +class Rule : ICloneable { [string] $Id [string] $Title @@ -100,7 +100,7 @@ Class Rule : ICloneable #> Rule ([xml.xmlelement] $Rule, [switch] $Convert) { - # This relaces the current InvokeClass method + # This relaces the current Invokeclass method $this.Id = $Rule.Id $this.Title = $Rule.Title $this.Severity = $Rule.rule.severity diff --git a/source/Module/STIG/Functions.DomainName.ps1 b/source/Module/STIG/Functions.DomainName.ps1 index 0c3c99f33..60a580ae4 100644 --- a/source/Module/STIG/Functions.DomainName.ps1 +++ b/source/Module/STIG/Functions.DomainName.ps1 @@ -143,7 +143,7 @@ Function Get-NetbiosName ) $parts = Get-DomainParts -FQDN $FQDN - If ($parts.Count -gt 1) + if ($parts.Count -gt 1) { return $parts[0] } diff --git a/source/Module/STIG/STIG.psm1 b/source/Module/STIG/STIG.psm1 index e070c21ad..f0799bdbc 100644 --- a/source/Module/STIG/STIG.psm1 +++ b/source/Module/STIG/STIG.psm1 @@ -33,7 +33,7 @@ using module .\..\Rule.Skip\Skip.psm1 This class requires PowerShell v5 or above. #> -Class STIG +class STIG { [string] $Technology # this is aligned to a DSC composite resource. [string] $TechnologyVersion # this is 2012R2, 2016, etc. @@ -216,7 +216,7 @@ Class STIG } # If there are no org settings to merge, skip over that - if($null -ne $settings) + if ($null -ne $settings) { foreach ($ruleId in $settings.Keys) { @@ -308,7 +308,7 @@ Class STIG ).ModuleVersion # load the STIG rules if they are not already laoded - if($this.RuleList.Count -le 0) + if ($this.RuleList.Count -le 0) { $this.LoadRules() } @@ -332,7 +332,7 @@ Class STIG $null = $return.AppendLine(" The $($rule.GetType().ToString()) property '$($rule.GetOverrideValue())' can be overridden ") $null = $return.AppendLine(' with an exception using the syntax below.') $null = $return.AppendLine('') - if($null -ne $exceptionHelp.Notes) + if ($null -ne $exceptionHelp.Notes) { $null = $return.AppendLine('NOTES') $null = $return.AppendLine(" $($exceptionHelp.Notes)") diff --git a/source/PowerStig.psd1 b/source/PowerStig.psd1 index 4138a01dc..59022b5cb 100644 --- a/source/PowerStig.psd1 +++ b/source/PowerStig.psd1 @@ -6,7 +6,7 @@ RootModule = 'PowerStig.psm1' # Version number of this module. -ModuleVersion = '4.4.0' +ModuleVersion = '0.0.1' # ID used to uniquely identify this module GUID = 'a132f6a5-8f96-4942-be25-b213ee7e4af3' diff --git a/source/StigData/Processed/WindowsServer-2012R2-DC-2.18.xml b/source/StigData/Processed/WindowsServer-2012R2-DC-2.18.xml index aa0d5fb3e..961fbd928 100644 --- a/source/StigData/Processed/WindowsServer-2012R2-DC-2.18.xml +++ b/source/StigData/Processed/WindowsServer-2012R2-DC-2.18.xml @@ -1,4 +1,4 @@ - + <VulnDiscussion>The account lockout feature, when enabled, prevents brute-force password attacks on the system. The higher this value is, the less effective the account lockout feature will be in protecting the local system. The number of bad logon attempts must be reasonably small to minimize the possibility of a successful password attack, while allowing for honest errors made during a normal user logon.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> @@ -1661,29 +1661,40 @@ Backups shall be consistent with organizational recovery time and recovery point Determine whether system-related documentation is backed up in accordance with local recovery time and recovery point objectives. If system-related documentation is not backed up in accordance with local recovery time and recovery point objectives, this is a finding. - - + + <VulnDiscussion>SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks as well as not being FIPS compliant. + +Disabling SMBv1 support may prevent access to file or print sharing resources with systems or devices that only support SMBv1. File shares and print services hosted on Windows Server 2003 are an example, however Windows Server 2003 is no longer a supported operating system. Some older network attached devices may only support SMBv1.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> False False - Registry Hive: HKEY_LOCAL_MACHINE + This requirement specifically applies to Windows 2012 but can also be used for Windows 2012 R2. + +Different methods are available to disable SMBv1 on Windows 2012 R2, if V-73805 is configured on Windows 2012 R2, this is NA. + +If the following registry value is not configured as specified, this is a finding: + +Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\mrxsmb10\ -Type: REG_DWORD + Value Name: Start -Value: 0x00000004 (4) - - - - - False - False - - Registry Hive: HKEY_LOCAL_MACHINE + +Type: REG_DWORD +Value: 0x00000004 (4) + +If the following registry value includes MRxSmb10, this is a finding: + +Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\LanmanWorkstation\ -Type: REG_MULTI_SZ + Value Name: DependOnService -Value: Default values after removing MRxSmb10 include the following, which are not a finding: + +Type: REG_MULTI_SZ +Value: Default values after removing MRxSmb10 include the following, which are not a finding: +Bowser +MRxSmb20 +NSI diff --git a/source/StigData/Processed/WindowsServer-2012R2-DC-2.19.xml b/source/StigData/Processed/WindowsServer-2012R2-DC-2.19.xml index 68b63caa7..bbc0122de 100644 --- a/source/StigData/Processed/WindowsServer-2012R2-DC-2.19.xml +++ b/source/StigData/Processed/WindowsServer-2012R2-DC-2.19.xml @@ -1,4 +1,4 @@ - + <VulnDiscussion>The account lockout feature, when enabled, prevents brute-force password attacks on the system. The higher this value is, the less effective the account lockout feature will be in protecting the local system. The number of bad logon attempts must be reasonably small to minimize the possibility of a successful password attack, while allowing for honest errors made during a normal user logon.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> @@ -1661,29 +1661,40 @@ Backups shall be consistent with organizational recovery time and recovery point Determine whether system-related documentation is backed up in accordance with local recovery time and recovery point objectives. If system-related documentation is not backed up in accordance with local recovery time and recovery point objectives, this is a finding. - - + + <VulnDiscussion>SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks as well as not being FIPS compliant. + +Disabling SMBv1 support may prevent access to file or print sharing resources with systems or devices that only support SMBv1. File shares and print services hosted on Windows Server 2003 are an example, however Windows Server 2003 is no longer a supported operating system. Some older network attached devices may only support SMBv1.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> False False - Registry Hive: HKEY_LOCAL_MACHINE + This requirement specifically applies to Windows 2012 but can also be used for Windows 2012 R2. + +Different methods are available to disable SMBv1 on Windows 2012 R2, if V-73805 is configured on Windows 2012 R2, this is NA. + +If the following registry value is not configured as specified, this is a finding: + +Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\mrxsmb10\ -Type: REG_DWORD + Value Name: Start -Value: 0x00000004 (4) - - - - - False - False - - Registry Hive: HKEY_LOCAL_MACHINE + +Type: REG_DWORD +Value: 0x00000004 (4) + +If the following registry value includes MRxSmb10, this is a finding: + +Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\LanmanWorkstation\ -Type: REG_MULTI_SZ + Value Name: DependOnService -Value: Default values after removing MRxSmb10 include the following, which are not a finding: + +Type: REG_MULTI_SZ +Value: Default values after removing MRxSmb10 include the following, which are not a finding: +Bowser +MRxSmb20 +NSI diff --git a/source/StigData/Processed/WindowsServer-2012R2-MS-2.16.xml b/source/StigData/Processed/WindowsServer-2012R2-MS-2.16.xml index e1cbe219a..0de223fa5 100644 --- a/source/StigData/Processed/WindowsServer-2012R2-MS-2.16.xml +++ b/source/StigData/Processed/WindowsServer-2012R2-MS-2.16.xml @@ -1,4 +1,4 @@ - + <VulnDiscussion>The account lockout feature, when enabled, prevents brute-force password attacks on the system. The higher this value is, the less effective the account lockout feature will be in protecting the local system. The number of bad logon attempts must be reasonably small to minimize the possibility of a successful password attack, while allowing for honest errors made during a normal user logon.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> @@ -1374,29 +1374,40 @@ Backups shall be consistent with organizational recovery time and recovery point Determine whether system-related documentation is backed up in accordance with local recovery time and recovery point objectives. If system-related documentation is not backed up in accordance with local recovery time and recovery point objectives, this is a finding. - - + + <VulnDiscussion>SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks as well as not being FIPS compliant. + +Disabling SMBv1 support may prevent access to file or print sharing resources with systems or devices that only support SMBv1. File shares and print services hosted on Windows Server 2003 are an example, however Windows Server 2003 is no longer a supported operating system. Some older network attached devices may only support SMBv1.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> False False - Registry Hive: HKEY_LOCAL_MACHINE + This requirement specifically applies to Windows 2012 but can also be used for Windows 2012 R2. + +Different methods are available to disable SMBv1 on Windows 2012 R2, if V-73805 is configured on Windows 2012 R2, this is NA. + +If the following registry value is not configured as specified, this is a finding: + +Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\mrxsmb10\ -Type: REG_DWORD + Value Name: Start -Value: 0x00000004 (4) - - - - - False - False - - Registry Hive: HKEY_LOCAL_MACHINE + +Type: REG_DWORD +Value: 0x00000004 (4) + +If the following registry value includes MRxSmb10, this is a finding: + +Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\LanmanWorkstation\ -Type: REG_MULTI_SZ + Value Name: DependOnService -Value: Default values after removing MRxSmb10 include the following, which are not a finding: + +Type: REG_MULTI_SZ +Value: Default values after removing MRxSmb10 include the following, which are not a finding: +Bowser +MRxSmb20 +NSI diff --git a/source/StigData/Processed/WindowsServer-2012R2-MS-2.17.xml b/source/StigData/Processed/WindowsServer-2012R2-MS-2.17.xml index 2274da377..57a8be5b3 100644 --- a/source/StigData/Processed/WindowsServer-2012R2-MS-2.17.xml +++ b/source/StigData/Processed/WindowsServer-2012R2-MS-2.17.xml @@ -1,4 +1,4 @@ - + <VulnDiscussion>The account lockout feature, when enabled, prevents brute-force password attacks on the system. The higher this value is, the less effective the account lockout feature will be in protecting the local system. The number of bad logon attempts must be reasonably small to minimize the possibility of a successful password attack, while allowing for honest errors made during a normal user logon.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> @@ -1396,29 +1396,40 @@ Backups shall be consistent with organizational recovery time and recovery point Determine whether system-related documentation is backed up in accordance with local recovery time and recovery point objectives. If system-related documentation is not backed up in accordance with local recovery time and recovery point objectives, this is a finding. - - + + <VulnDiscussion>SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks as well as not being FIPS compliant. + +Disabling SMBv1 support may prevent access to file or print sharing resources with systems or devices that only support SMBv1. File shares and print services hosted on Windows Server 2003 are an example, however Windows Server 2003 is no longer a supported operating system. Some older network attached devices may only support SMBv1.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls> False False - Registry Hive: HKEY_LOCAL_MACHINE + This requirement specifically applies to Windows 2012 but can also be used for Windows 2012 R2. + +Different methods are available to disable SMBv1 on Windows 2012 R2, if V-73805 is configured on Windows 2012 R2, this is NA. + +If the following registry value is not configured as specified, this is a finding: + +Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\mrxsmb10\ -Type: REG_DWORD + Value Name: Start -Value: 0x00000004 (4) - - - - - False - False - - Registry Hive: HKEY_LOCAL_MACHINE + +Type: REG_DWORD +Value: 0x00000004 (4) + +If the following registry value includes MRxSmb10, this is a finding: + +Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\LanmanWorkstation\ -Type: REG_MULTI_SZ + Value Name: DependOnService -Value: Default values after removing MRxSmb10 include the following, which are not a finding: + +Type: REG_MULTI_SZ +Value: Default values after removing MRxSmb10 include the following, which are not a finding: +Bowser +MRxSmb20 +NSI