diff --git a/CHANGELOG.md b/CHANGELOG.md index 62f5b1f1b..f372f406f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,15 @@ ## Unreleased +## 4.1.1 + +* Fixed [#517](https://github.com/microsoft/PowerStig/issues/517): 4.1.0 GPRegistryPolicyDsc Module Version Issue + +## 4.1.0 + +* Update PowerSTIG to enable Exception Parameter Backward Compatibility Feature Request: [506](https://github.com/microsoft/PowerStig/issues/506) +* Update Enable Stig Checklist automation to include Status and Comments for manual checks: [#485](https://github.com/microsoft/PowerStig/issues/485) + ## 4.0.0 * Update PowerSTIG parsing for Windows Sever 2016 STIG - Ver 1, Rel 9 [#498] (https://github.com/microsoft/PowerStig/issues/498) diff --git a/DSCResources/DotNetFramework/DotNetFramework.schema.psm1 b/DSCResources/DotNetFramework/DotNetFramework.schema.psm1 index b67a6e0b7..e8daeaed7 100644 --- a/DSCResources/DotNetFramework/DotNetFramework.schema.psm1 +++ b/DSCResources/DotNetFramework/DotNetFramework.schema.psm1 @@ -28,7 +28,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration DotNetFramework +configuration DotNetFramework { [CmdletBinding()] param diff --git a/DSCResources/FireFox/FireFox.schema.psm1 b/DSCResources/FireFox/FireFox.schema.psm1 index 103cbcb96..da1c11ef7 100644 --- a/DSCResources/FireFox/FireFox.schema.psm1 +++ b/DSCResources/FireFox/FireFox.schema.psm1 @@ -26,7 +26,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration FireFox +configuration FireFox { [CmdletBinding()] param diff --git a/DSCResources/IisServer/IisServer.schema.psm1 b/DSCResources/IisServer/IisServer.schema.psm1 index 079753c69..0366f265f 100644 --- a/DSCResources/IisServer/IisServer.schema.psm1 +++ b/DSCResources/IisServer/IisServer.schema.psm1 @@ -30,7 +30,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration IisServer +configuration IisServer { [CmdletBinding()] Param diff --git a/DSCResources/IisSite/IisSite.schema.psm1 b/DSCResources/IisSite/IisSite.schema.psm1 index 198b461c6..a18924e87 100644 --- a/DSCResources/IisSite/IisSite.schema.psm1 +++ b/DSCResources/IisSite/IisSite.schema.psm1 @@ -33,7 +33,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration IisSite +configuration IisSite { [CmdletBinding()] Param diff --git a/DSCResources/InternetExplorer/InternetExplorer.schema.psm1 b/DSCResources/InternetExplorer/InternetExplorer.schema.psm1 index 301114fbb..16bda4655 100644 --- a/DSCResources/InternetExplorer/InternetExplorer.schema.psm1 +++ b/DSCResources/InternetExplorer/InternetExplorer.schema.psm1 @@ -28,7 +28,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration InternetExplorer +configuration InternetExplorer { [CmdletBinding()] param @@ -69,7 +69,7 @@ Configuration InternetExplorer $stig.LoadRules($OrgSettings, $Exception, $SkipRule, $SkipRuleType) ##### END DO NOT MODIFY ##### - Import-DscResource -ModuleName GPRegistryPolicyDsc -ModuleVersion 1.0.0 + Import-DscResource -ModuleName GPRegistryPolicyDsc -ModuleVersion 1.0.1 Import-DscResource -ModuleName PSDscResources -ModuleVersion 2.10.0.0 . "$resourcePath\windows.Registry.ps1" . "$resourcePath\windows.Script.skip.ps1" diff --git a/DSCResources/Office/Office.schema.psm1 b/DSCResources/Office/Office.schema.psm1 index 73472e7ae..aa2f06738 100644 --- a/DSCResources/Office/Office.schema.psm1 +++ b/DSCResources/Office/Office.schema.psm1 @@ -28,7 +28,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration Office +configuration Office { [CmdletBinding()] param @@ -68,7 +68,7 @@ Configuration Office $stig.LoadRules($OrgSettings, $Exception, $SkipRule, $SkipRuleType) ##### END DO NOT MODIFY ##### - Import-DscResource -ModuleName GPRegistryPolicyDsc -ModuleVersion 1.0.0 + Import-DscResource -ModuleName GPRegistryPolicyDsc -ModuleVersion 1.0.1 Import-DscResource -ModuleName PSDscResources -ModuleVersion 2.10.0.0 . "$resourcePath\windows.Registry.ps1" . "$resourcePath\windows.Script.skip.ps1" diff --git a/DSCResources/OracleJRE/OracleJRE.schema.psm1 b/DSCResources/OracleJRE/OracleJRE.schema.psm1 index 11764fad2..e2ba65f70 100644 --- a/DSCResources/OracleJRE/OracleJRE.schema.psm1 +++ b/DSCResources/OracleJRE/OracleJRE.schema.psm1 @@ -30,7 +30,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration OracleJRE +configuration OracleJRE { [CmdletBinding()] param diff --git a/DSCResources/SqlServer/SqlServer.schema.psm1 b/DSCResources/SqlServer/SqlServer.schema.psm1 index 75bf159b6..e46c04d41 100644 --- a/DSCResources/SqlServer/SqlServer.schema.psm1 +++ b/DSCResources/SqlServer/SqlServer.schema.psm1 @@ -38,7 +38,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration SqlServer +configuration SqlServer { [CmdletBinding()] param diff --git a/DSCResources/WindowsClient/WindowsClient.schema.psm1 b/DSCResources/WindowsClient/WindowsClient.schema.psm1 index befbba98c..56ba2fdf3 100644 --- a/DSCResources/WindowsClient/WindowsClient.schema.psm1 +++ b/DSCResources/WindowsClient/WindowsClient.schema.psm1 @@ -35,7 +35,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration WindowsClient +configuration WindowsClient { [CmdletBinding()] param @@ -99,7 +99,7 @@ Configuration WindowsClient Import-DscResource -ModuleName WindowsDefenderDSC -ModuleVersion 1.0.0.0 . "$resourcePath\windows.ProcessMitigation.ps1" - Import-DscResource -ModuleName GPRegistryPolicyDsc -ModuleVersion 1.0.0 + Import-DscResource -ModuleName GPRegistryPolicyDsc -ModuleVersion 1.0.1 Import-DscResource -ModuleName PSDscResources -ModuleVersion 2.10.0.0 . "$resourcePath\windows.Script.skip.ps1" . "$resourcePath\windows.Service.ps1" diff --git a/DSCResources/WindowsDefender/WindowsDefender.schema.psm1 b/DSCResources/WindowsDefender/WindowsDefender.schema.psm1 index 37c95f7ff..39c4ea121 100644 --- a/DSCResources/WindowsDefender/WindowsDefender.schema.psm1 +++ b/DSCResources/WindowsDefender/WindowsDefender.schema.psm1 @@ -26,7 +26,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration WindowsDefender +configuration WindowsDefender { [CmdletBinding()] param @@ -62,7 +62,7 @@ Configuration WindowsDefender $stig.LoadRules($OrgSettings, $Exception, $SkipRule, $SkipRuleType) ##### END DO NOT MODIFY ##### - Import-DscResource -ModuleName GPRegistryPolicyDsc -ModuleVersion 1.0.0 + Import-DscResource -ModuleName GPRegistryPolicyDsc -ModuleVersion 1.0.1 Import-DscResource -ModuleName PSDscResources -ModuleVersion 2.10.0.0 . "$resourcePath\windows.Registry.ps1" . "$resourcePath\windows.Script.skip.ps1" diff --git a/DSCResources/WindowsDnsServer/WindowsDnsServer.schema.psm1 b/DSCResources/WindowsDnsServer/WindowsDnsServer.schema.psm1 index 2413adc5a..7ddd9deb5 100644 --- a/DSCResources/WindowsDnsServer/WindowsDnsServer.schema.psm1 +++ b/DSCResources/WindowsDnsServer/WindowsDnsServer.schema.psm1 @@ -34,7 +34,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration WindowsDnsServer +configuration WindowsDnsServer { [CmdletBinding()] param diff --git a/DSCResources/WindowsFirewall/WindowsFirewall.schema.psm1 b/DSCResources/WindowsFirewall/WindowsFirewall.schema.psm1 index 651f793a6..c06a5785b 100644 --- a/DSCResources/WindowsFirewall/WindowsFirewall.schema.psm1 +++ b/DSCResources/WindowsFirewall/WindowsFirewall.schema.psm1 @@ -26,7 +26,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration WindowsFirewall +configuration WindowsFirewall { [CmdletBinding()] param diff --git a/DSCResources/WindowsServer/WindowsServer.schema.psm1 b/DSCResources/WindowsServer/WindowsServer.schema.psm1 index 17e07eff5..2b04d7da2 100644 --- a/DSCResources/WindowsServer/WindowsServer.schema.psm1 +++ b/DSCResources/WindowsServer/WindowsServer.schema.psm1 @@ -38,7 +38,7 @@ using module ..\..\PowerStig.psm1 All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule function. Each rule follows the same process as the SkipRule parameter. #> -Configuration WindowsServer +configuration WindowsServer { [CmdletBinding()] param @@ -98,7 +98,7 @@ Configuration WindowsServer Import-DscResource -ModuleName AuditPolicyDsc -ModuleVersion 1.2.0.0 . "$resourcePath\windows.AuditPolicySubcategory.ps1" - Import-DscResource -ModuleName GPRegistryPolicyDsc -ModuleVersion 1.0.0 + Import-DscResource -ModuleName GPRegistryPolicyDsc -ModuleVersion 1.0.1 Import-DscResource -ModuleName PSDscResources -ModuleVersion 2.10.0.0 . "$resourcePath\windows.Registry.ps1" . "$resourcePath\windows.Script.skip.ps1" diff --git a/FILEHASH.md b/FILEHASH.md index a65b826b3..7b9fe09b8 100644 --- a/FILEHASH.md +++ b/FILEHASH.md @@ -1,96 +1,96 @@ -# PowerSTIG File Hashes : Module Version 4.0.0 - -Hashes for **PowerSTIG** files are listed in the following table: - -| File | SHA256 Hash | Size (bytes) | +# PowerSTIG File Hashes : Module Version 4.1.0 + +Hashes for **PowerSTIG** files are listed in the following table: + +| File | SHA256 Hash | Size (bytes) | | :---- | ---- | ---: | -| ActiveDirectory-All-Domain-2.11.org.default.xml | 36C57DCE11BFDFC6CA6F876066B57B3725E902310C3B36EBD6A7646654FBAB7A | 298 | -| ActiveDirectory-All-Domain-2.11.xml | F620EB98F3F8939839E2C6DC27100AEFA294E6B3E91A418282D832A6D9F2CA0D | 79479 | -| ActiveDirectory-All-Domain-2.12.org.default.xml | C5FDFB53DA513210F971CD8870FD2F238749D5C6D63DB8C2FE43176E5675D6CC | 298 | -| ActiveDirectory-All-Domain-2.12.xml | E4EC758A545994FBFFB74C9FCCDDD81F573C76E16948DA48A2FAF2BB12450AE0 | 77038 | -| ActiveDirectory-All-Forest-2.7.org.default.xml | 8FF08BC757D05420F2F4261C65EE6CA7668A5069C5EB28E817C2A8C9A3ED72B9 | 297 | -| ActiveDirectory-All-Forest-2.7.xml | 05886F0BA6DB6FB995F6493AE13AB0778546805BF075762FBD6D680B08D0B5EB | 13984 | -| ActiveDirectory-All-Forest-2.8.org.default.xml | 62AADCF47EDDE86FFDA5F7FBE31F0CEC2F9B204DF14767908DF71554FED4D6C7 | 297 | -| ActiveDirectory-All-Forest-2.8.xml | 48C9874E43E545B648F6463A52D12430559126649B3E35AB0D0877A9B5C9292C | 14458 | -| DotNetFramework-4-1.7.org.default.xml | 94B12A372BE01EEA620F5CBC451286E35979A8E12D533A60EF975868F5C4D9C9 | 297 | -| DotNetFramework-4-1.7.xml | 3B45B7CC956A2EB2CDF458C962693B11BB8A4BFCA0F47BBED2303CEB32305AED | 50981 | -| DotNetFramework-4-1.8.org.default.xml | 4D3E2CFBDDC6EE65322DEC9115844A03AD049E742A8AB3610AEA8EBA216A0E6E | 297 | -| DotNetFramework-4-1.8.xml | 037D502A2CB9CF65B8C8B3315D6EC207A6F761508ACE8258CCDB0C73C87D81AC | 50976 | -| FireFox-All-4.25.org.default.xml | 60BCFF5FE244EE460AF7EE140778F325BDD160C63E0B95BD200F3B7F1DE6AA72 | 298 | -| FireFox-All-4.25.xml | C5C9FCBFA5E52E481D4035F8F7AA55A16AB9C7886B75223718BA02C546FD243D | 43380 | -| FireFox-All-4.26.org.default.xml | 04206780E6E35FAC3F548E021F43B4507514BAF01E99A4A9F9566CC9B91923D2 | 298 | -| FireFox-All-4.26.xml | 7049EACDF17BB98F2D1BE2ECA9D48952CBD2118D3D7CB29316922089EE3C177B | 38994 | -| IISServer-8.5-1.6.org.default.xml | 2CD5236D44A4BE16AAB322C43194702FC720779C2616C30B8A21ACD2A586F569 | 427 | -| IISServer-8.5-1.6.xml | 8A17EACC9BC400FD4ED35D940A5ACAEB130173CBCF9156498E3D367C097D0BE6 | 115300 | -| IISServer-8.5-1.7.org.default.xml | 38BFE14D7E2DD785CB0C282F7FBBEABC4B5634DB525ED7FCDF9C69959D288B1F | 427 | -| IISServer-8.5-1.7.xml | 3E433722CBC6663CEE1D87C5AFF83FC8550635C4F3F767E6E9E53B26BC706F15 | 125006 | -| IISSite-8.5-1.7.org.default.xml | B151A21DF1766D51006064EC46CBEBA87F61878BAFBE6C1EFEC009B1D9047E33 | 1410 | -| IISSite-8.5-1.7.xml | D16CB27273D86FC9FF8D1FF58B019A08F066F8A55EEC3170FD3D9EFDAFE80DB2 | 130629 | +| ActiveDirectory-All-Domain-2.11.org.default.xml | A7737AD065897DE29823DF61722FBBC91280EA731186C5DFF74441A4CF9F9142 | 306 | +| ActiveDirectory-All-Domain-2.11.xml | 4336BD56008ABDFA1708745584333013112B215B1BB496FB6C13AC525D66EE4E | 80124 | +| ActiveDirectory-All-Domain-2.12.org.default.xml | 973C2D3FC456F6979ACCC147CF772E3020EADFFC24070191517E2F703084CD30 | 306 | +| ActiveDirectory-All-Domain-2.12.xml | 5C8ADC13BC61383BEE7D02379C0A2FC02C2FACD8E4CC55DD5EA5162E899796C6 | 77667 | +| ActiveDirectory-All-Forest-2.7.org.default.xml | 56BCA04D9F1294AD3DF88B9E053C04DB531C800B45C934AE13CA1A386CBD25DA | 305 | +| ActiveDirectory-All-Forest-2.7.xml | DD78DDDD38AF9F5DD90E4A384B3D2670D6C656015E37CB9D11121CA69878E1B4 | 14152 | +| ActiveDirectory-All-Forest-2.8.org.default.xml | C1CB80559523FB75483F04349E89E4D2974444A0B8AA8083C8249859EDE0E2BA | 305 | +| ActiveDirectory-All-Forest-2.8.xml | BA1C3EC90936413BF04C04FEF83920E550A1E53AD79383F8712DB93D4A80A41D | 14641 | +| DotNetFramework-4-1.7.org.default.xml | 2E20F6E4ACCE26E9D252B8DBDB2DD8936486EA1BA62C2C2743BC16BB269604D1 | 305 | +| DotNetFramework-4-1.7.xml | A45D3E8A2766BEF389C45BA854D62CEA355444DC1658B795C344DE08E1EFAB93 | 51548 | +| DotNetFramework-4-1.8.org.default.xml | 2AAB6EFB274E49F158E4B11E31F0A09ED905870C1969A0DD6CEFF1DB237F2A1A | 305 | +| DotNetFramework-4-1.8.xml | 44DC3D6E6346B90E75B772ED0CEFF439023E4D8936D09BD375E9A89451F88FBC | 51543 | +| FireFox-All-4.25.org.default.xml | A45477EA90DD426642C752B888C5D8F1F5532FBB3B8879B0A55ED6A20F079A08 | 306 | +| FireFox-All-4.25.xml | 9A3BD2F32F60C978F9EB526E4CD4AC4BF4DB3C90193D4F980E66F35CA59E2726 | 43746 | +| FireFox-All-4.26.org.default.xml | A26E417473AB8FD72BE68D49E0A53C02214F1E448691AF6CDD82DF54AC9F9699 | 306 | +| FireFox-All-4.26.xml | 174F11A60985D5D5C6D40423788F694E0A4C400064149A5583CF3DCE242F65AE | 39325 | +| IISServer-8.5-1.6.org.default.xml | 9B49744B2FD527474BDADC0D253F2AB84BE01AE2666E2560DD6DC61336A925A9 | 438 | +| IISServer-8.5-1.6.xml | 62255C7AA8065DE51BC5490C4AB9093D2775B789C67EFE4B24D8373459A140B9 | 116559 | +| IISServer-8.5-1.7.org.default.xml | ACF3A2FBF19D31CDE937C3680603C6CDE4A8BBC0AC579B363CC6D9E588C3E0ED | 438 | +| IISServer-8.5-1.7.xml | A47B96A37505F57592A33EC3F3DE0F2AED5FB173814A9C555E2A428355748418 | 126440 | +| IISSite-8.5-1.7.org.default.xml | 507220C4E3E7FDE4FAB0FE6246018929573C9A7009D403CAFA544FA3171B6E75 | 1441 | +| IISSite-8.5-1.7.xml | B5FF6854D1958ED1B51AF130BE491EF77E22BC4C3FF336497B7D803D295C6842 | 132124 | | IISSite-8.5-1.8.org.default.xml | 6DF9A7670DA7847BF70C1C7FFC20E8FCE23F57BFDD6D2F05914FDA0B94B1A7CF | 1441 | | IISSite-8.5-1.8.xml | 60C0D0E814371B31DAADF7582ADADF04C55B2A0DC546D9EC6BBFE82B20CC3A8A | 130356 | -| InternetExplorer-11-1.16.org.default.xml | 1436A81B81D12C9656CC8FF581A0637240797D23606E79C34EBB6989E0A664F4 | 298 | -| InternetExplorer-11-1.16.xml | 248B3C7DF0AC8C62BF433B7445A6392848551AD6622765C5A486AB1DE1D94F60 | 332356 | -| InternetExplorer-11-1.17.org.default.xml | 59504DC80BD41C4B152A7362A181FF73F182811911475E007265ACB5ED0079E2 | 298 | -| InternetExplorer-11-1.17.xml | FE5EB3593767783B921C0EB881279E4FE12EEE231FE6CE90B4C8ACEFC899B9F5 | 328277 | -| Office-Excel2013-1.7.org.default.xml | 7112F164172614EEB9F470466C91609C1AA0EA8AD13F2A1A5AB0147FB0F8E790 | 418 | -| Office-Excel2013-1.7.xml | F0C8011EE682223689B08072C93BB9312F1964A834A540A18090F710A5674DEF | 108049 | -| Office-Excel2016-1.2.org.default.xml | C7D6B6B2EFE31CCDBC9A072AEC52E17D5F9C7C52F326CF480E4B0BBCBEBBE779 | 517 | -| Office-Excel2016-1.2.xml | C1EEAE1896224260C7EEB48EFEF773D3ECE42F1BD799CB1D4E923CC299CAF812 | 107254 | -| Office-Outlook2013-1.12.org.default.xml | 6DE2F8E0E9DF57570762FBB22BAF17F389C74DF88E8737D9463DA7491C2DE862 | 298 | -| Office-Outlook2013-1.12.xml | DCD510AFDC92DD03136480DA09353C4919E01438118D6D0FE9232CE933E7E4EE | 192069 | -| Office-Outlook2013-1.13.org.default.xml | E0AABF9650DB6A37E05A15A6B943C7B05AA31B2581506380188172B171BA2339 | 450 | -| Office-Outlook2013-1.13.xml | E7020C1084BD4090C8BB50BE8DFC0B865C3698CBF1802C0D1F7E01EF261437E1 | 192186 | -| Office-Outlook2016-1.2.org.default.xml | 5CE91EDE106520713126300D08A9FC2416D03C71350BCC8ACABAF95278391F3C | 297 | -| Office-Outlook2016-1.2.xml | 21E6B8CEB837EF56BF9EE1F89C07CC4C57B1496F2A102D194B59A7B35D940A96 | 137566 | -| Office-PowerPoint2013-1.6.org.default.xml | C91A1AC1475E57CB90BB229633EA32A0ECFB6400479FAB33CB42DBAA6A562C7C | 297 | -| Office-PowerPoint2013-1.6.xml | F58B0231BCF94AF8E0808FEFE48CFC00E4F1F0636E73ED7E974ECAEB1F5A46AA | 93353 | -| Office-PowerPoint2016-1.1.org.default.xml | 440A06FFB09F4FECB3546372E20FDB16C30F84B55F41EA5DA1AC891491E11F4C | 420 | -| Office-PowerPoint2016-1.1.xml | CEAF4E6451621201D948A61DBFE57C303AA2F025CD0035374F2B24C68D9ADBCB | 90836 | -| Office-Word2013-1.6.org.default.xml | C91A1AC1475E57CB90BB229633EA32A0ECFB6400479FAB33CB42DBAA6A562C7C | 297 | -| Office-Word2013-1.6.xml | C6D5620E7977EDA5B59134D0DABFA42AA4AC6C87EFB3FFF6502CE615DF157285 | 80779 | -| Office-Word2016-1.1.org.default.xml | 724DB22065C11F47D376186EB1A5F959C9721A47A3A2E00F125DFB36BBD96EBD | 420 | -| Office-Word2016-1.1.xml | CF23511AE9EF837FE49B19F0888F2CC38D1D4E3BF1F054EA35903732A6781858 | 87615 | -| OracleJRE-8-1.5.org.default.xml | 47538B0A0749C1292EBEC041962F0CD2868D01E1827311FECC185A34BB090FCC | 297 | -| OracleJRE-8-1.5.xml | B93DBE137B6AE5835AA323AC74892721FAB70ACAC07F716826AA211B4FFB7AF6 | 43309 | -| SqlServer-2012-Database-1.18.org.default.xml | 2B74F323F2AF40C106D8ECA0BB73AD75E6445EE379DBB2DB43C0B157067F8765 | 398 | +| InternetExplorer-11-1.16.org.default.xml | BDC028F6D224DD78E77CB81658BDF4A63C17C7095B1637A25701834A22344694 | 306 | +| InternetExplorer-11-1.16.xml | 986CE1080783D0E517178B7D60DD204332A5E6727F91E164B5E4F5858F27589C | 334301 | +| InternetExplorer-11-1.17.org.default.xml | 8A5B2D74C0FB37EFBA5C75BADF21955074EA9338062E00BC3C3BF6238BF80F4A | 306 | +| InternetExplorer-11-1.17.xml | 53E849F5D76EDFD275DDBAC5F2298FF2D0BF24C0F3362F9AEE8120A5D11DFC61 | 330200 | +| Office-Excel2013-1.7.org.default.xml | 6A8FBC7AD79015A5261C617A2EFC0084E58BCAFAAD3FA2B8E61BC01A860C102C | 429 | +| Office-Excel2013-1.7.xml | D7A0C2FE798EA929BD40DF7FF27324FF8AF2F4C4BD412F9CD4B316A96406DDC0 | 108967 | +| Office-Excel2016-1.2.org.default.xml | EE134DCD15DEFBD412AF18477F75248DE83A705E10CA061776F2AE74884749E3 | 530 | +| Office-Excel2016-1.2.xml | 5685CF03939CA92E8F4C854095344EA88B613E3CC1AB581E3DA4F70D70E69B77 | 108096 | +| Office-Outlook2013-1.12.org.default.xml | 6691883C5ACE1CBF9ACAFC536E0E335620A9A1B158B75EAB7FE2E661C7C31A63 | 306 | +| Office-Outlook2013-1.12.xml | DBF4FF03D3214F753B76C5ADFE0FEFB228E87EFD767BBDF1D3847080D67CF3D4 | 193739 | +| Office-Outlook2013-1.13.org.default.xml | 624856564A2FB618BDF6A41263806BC2BE08B1AE58226425C07EFBADDC98FAF5 | 461 | +| Office-Outlook2013-1.13.xml | 3446E121027400CE6C4834E4507EA94B5CFD24F65CFA4D5F0524873D32B07D8A | 193858 | +| Office-Outlook2016-1.2.org.default.xml | B3587A82F4CC9A347B4D491AA1E84036EA1C410E24CB1B28DFF41846B58594F3 | 305 | +| Office-Outlook2016-1.2.xml | 5AFB894BFCFB367FB643DE6ACAE8C513584EC2812DA54ECCBAFF9C551D465DF9 | 138739 | +| Office-PowerPoint2013-1.6.org.default.xml | 737AEDF59D64684358B3E58ED4D0C42E5FD99AA4495489B8E625B79CE838E663 | 305 | +| Office-PowerPoint2013-1.6.xml | 563E20C0149E0CB20880EB777439A7B67C4FE1BBF4347EA7677048E6DD2D2EAA | 94142 | +| Office-PowerPoint2016-1.1.org.default.xml | 3FEE8C811ED3DB6986E24ABF9BBA833975A908C82EFAECC2E91755E10D02C30C | 431 | +| Office-PowerPoint2016-1.1.xml | 8F17DC18B9997782E98DACA5044ACB1E63B178A80240AE130D0AC7F64B703531 | 91626 | +| Office-Word2013-1.6.org.default.xml | 737AEDF59D64684358B3E58ED4D0C42E5FD99AA4495489B8E625B79CE838E663 | 305 | +| Office-Word2013-1.6.xml | 85E667D9899F3B98270275D1E2F1E5BEAF3AC39C0D8F3143E61F53FBA74263B9 | 81466 | +| Office-Word2016-1.1.org.default.xml | 7C6CDD5943A445A748835DDAEA1C2AC2615A2BC21B0570751F234E5AB5D7B14B | 431 | +| Office-Word2016-1.1.xml | 3309F6DCAFFDC4521E2B40CD6D1FC8DBEFB69972B64BBEC5C4C43BAF74542B84 | 88318 | +| OracleJRE-8-1.5.org.default.xml | 676A5B49ABF068059969EC9C3639788E1606222CA8652628B4D36E2FE1870057 | 305 | +| OracleJRE-8-1.5.xml | 6F340A1C73D32FFC9F1C6699C47BBD3FC6E8B82A95F8816BDDE71B95815AAD31 | 43666 | +| SqlServer-2012-Database-1.18.org.default.xml | 393D9B940BD03BA8F5DB386964D00F1AD9CD195A62D0F654E8235AF8F8754D02 | 409 | | SqlServer-2012-Database-1.18.xml | 6F8DFCC425DDDAB1F6712BE0BB7B996D9D4CA53B64129F3E03131A87186B1362 | 85242 | -| SqlServer-2012-Database-1.19.org.default.xml | 289D88AB723C1AB637278E6E642262C02DA7DB045A31111EC1D6A30DB5FBC53E | 398 | -| SqlServer-2012-Database-1.19.xml | A3BDE3C686A46CC18C99E4CD2BC243B66B69CE07214C35142AE9DC0BE678D51C | 84950 | +| SqlServer-2012-Database-1.19.org.default.xml | 68A05F4480CD66C7CB07BF7554A6FB580AD1D7826D56F3B399A164321A5904C5 | 409 | +| SqlServer-2012-Database-1.19.xml | 73EBD394A734F4C66077BA9124FD69131986232BB8800EE88509D98CBC471FED | 85752 | | SqlServer-2012-Instance-1.17.org.default.xml | 213E06833B9AEB53B5E92B2308FEF45636FEC4C7318C695A22BD6B57038763D2 | 775 | | SqlServer-2012-Instance-1.17.xml | 6E1DB910785ABA34EAF8F4A4458F7CC36BE2748D2B85DAED3A486FAD02CBC8CD | 713286 | -| SqlServer-2012-Instance-1.19.org.default.xml | 70B114614C6C501DD8F402403166F3CD61010D9C5D3B7EB0BC0A68DB37964063 | 760 | -| SqlServer-2012-Instance-1.19.xml | C5137AF92CE89744E1371FCE23A6BF47902A570A0798D69B1247AB465C55009D | 711763 | -| SqlServer-2016-Instance-1.3.org.default.xml | DCB3928691D9A3CDC07532F09AE5B33926EA933D3C60228A965AD2573009F534 | 297 | -| SqlServer-2016-Instance-1.3.xml | CEB345C9F85753121E95853F4C75C654012DD0C3876AB0C741B129F7BAC2C4F4 | 420182 | -| WindowsClient-10-1.17.org.default.xml | 59D9BC57E4D20A02754A8AEA27258865159606B9CC7D0DC17871E516752BE4C5 | 3284 | -| WindowsClient-10-1.17.xml | 15B309B3443461E2F70483C2635E4990A7268AF1AA883A0056EF5C8E13030D4B | 567032 | -| WindowsClient-10-1.18.org.default.xml | B02EB4A694A1375F94BA898DCAA9223128785397917391097F7CB2B44238AC69 | 3305 | -| WindowsClient-10-1.18.xml | 2596E00A7643559853B2B3A63F6AFA0A8DFC220AA78AB8097C0564E51641AC2A | 574570 | -| WindowsDefender-All-1.5.org.default.xml | 426A9E1462F33EB85A6E2128419FC1906F88F81F90E484790528F7B60778A0D2 | 1145 | -| WindowsDefender-All-1.5.xml | EFA21E233FC20602C416E8ADF5CBE63B2B94B07C73985EE4F01229B35119ED03 | 94261 | -| WindowsDefender-All-1.6.org.default.xml | C0BCCE02B3E2B992714CAC055DDA479D06CB9E0FEC62F944DB977C6AE74ADE81 | 1048 | -| WindowsDefender-All-1.6.xml | 079ABEABB7E30C67F2F42093B46A501A0A0C010A72801E0FBA6ADF95E3E89F54 | 94195 | -| WindowsDnsServer-2012R2-1.11.org.default.xml | 5B4E592DADBD11824FFF21CCF8494F0489015B0B0177113577646122F9427C01 | 298 | -| WindowsDnsServer-2012R2-1.11.xml | E53572A4DA4B05A7F43E104E41F9E8898F5B5FCFAB3861FA2CAE529E7341FF83 | 264456 | -| WindowsDnsServer-2012R2-1.12.org.default.xml | AE4FC166553E6349CA996B0B963057C6ED48664EDE0864A2F104C67071C8CDE6 | 438 | -| WindowsDnsServer-2012R2-1.12.xml | EB4DD792235C3CAAC79E23A22816B1906929F62283E7760897D676EE8E94BA7F | 265064 | -| WindowsFirewall-All-1.6.org.default.xml | ABA040899A30A028FD4D1ACC26E525F05C22C0C93B9C93EEF4821A5F4CC93C28 | 945 | -| WindowsFirewall-All-1.6.xml | 5C8238EF0E51227943F4E64EA3348C1E4F60F75CA9E74DA55BB500229382B5B7 | 64830 | -| WindowsFirewall-All-1.7.org.default.xml | BF71BCE35DD772AA32964B7E6E3A20FCDAAA24C494FC51E58DEA5DB6DEFFC0EB | 945 | -| WindowsFirewall-All-1.7.xml | 2B8E3CC4782FB3DC7718C1E6E75A7638E5CE7BEF417FA37530C807FEEF9355AF | 64830 | -| WindowsServer-2012R2-DC-2.16.org.default.xml | 3C98EDC3F4620731BCC10AD379024A31992F844995CF9E50C83BB88BC2883C44 | 4449 | -| WindowsServer-2012R2-DC-2.16.xml | DFCE0518633D67CD35489F401546EACAC02B0A68E67999CD9BB2424DADFD258E | 765387 | -| WindowsServer-2012R2-DC-2.17.org.default.xml | 4FA4A38F8E65B1E866642BFAA53CA99E8C1A03553374ADD5B86A2666FB1340C1 | 4449 | -| WindowsServer-2012R2-DC-2.17.xml | 9B9D2A161E3E16811DC2F4F3E67322A4D51A444F3DC57C31656E1CB024329702 | 763911 | +| SqlServer-2012-Instance-1.19.org.default.xml | 9A1073C21CCCAED958DD0654F9F1CFB5AA04C4A9B8352C588BC9DAD7D1FCEF1D | 781 | +| SqlServer-2012-Instance-1.19.xml | 9EB9767A76C46E90DF76008FC95EC79D020190885C91164225DF8D222B3DBDC2 | 720127 | +| SqlServer-2016-Instance-1.3.org.default.xml | 16977635610C8B705C2D42C05ABF27151600C781194782872F282663FC9DA95E | 305 | +| SqlServer-2016-Instance-1.3.xml | 4690B3747D05EB4B5DE23AFB37F3C8EDFD86DA241826336FE8A277A43B3914AE | 423742 | +| WindowsClient-10-1.17.org.default.xml | 3D97599EB8327F5D4511AE1BD5CCB1E0DDEA27EAADD928F38FBD6590E0678813 | 3349 | +| WindowsClient-10-1.17.xml | 5655B677C1BD4BFA37308F1EE8169733DD23C344979322E1125CAB3ADE192DE4 | 574357 | +| WindowsClient-10-1.18.org.default.xml | EB1149A3E885C09AE0431A2C6F39FC7EB57C8F77BC7238AB6F54D30AF137004C | 3370 | +| WindowsClient-10-1.18.xml | 93116ACBBB25E6DDAC82148EA442E9F8EECA97B7C9CA9BA3CFAA3F22A63F59B5 | 581917 | +| WindowsDefender-All-1.5.org.default.xml | 0C33C7EA9A2ABDF53F97D730BFFB50501061E91EA6FDD6E1AD56C5955EF0169C | 1170 | +| WindowsDefender-All-1.5.xml | A975F13D38C7800CAB8D0AE145EF9D9DBEBBA41A3EF0142A2DAE6382A3C13821 | 95143 | +| WindowsDefender-All-1.6.org.default.xml | 99B065FCAFEED8B7B087E4AD34D2553A947E6ACD01C8D84BBD66AD8D67B7333A | 1071 | +| WindowsDefender-All-1.6.xml | 1114810E974146F77CB9478F060BB02E7A80E941A0512F02CC9030956330FEB7 | 95077 | +| WindowsDnsServer-2012R2-1.11.org.default.xml | 74831D43FD2564947D69D7EF8EECCC5F192FCA17DED3BA463341EDD20ED3BA58 | 306 | +| WindowsDnsServer-2012R2-1.11.xml | DB578A95EBBC65BFAD279D3F55579E056CF9B906B2625065C9F5E2021494F3FF | 267425 | +| WindowsDnsServer-2012R2-1.12.org.default.xml | 23FF97A3D83B61CF158A800002286DE35ABCE1E857557A9DB14234F177FA9B32 | 449 | +| WindowsDnsServer-2012R2-1.12.xml | FDA49EAE842AC9BCB3CE1D6D952BA4A2DB8C84375B7193E03C284CA915C55737 | 268042 | +| WindowsFirewall-All-1.6.org.default.xml | 129A5B9F20B27E36FED4C1AC470B7B7419B563A6B2733B7FC3112CAF682ABB77 | 966 | +| WindowsFirewall-All-1.6.xml | 42FA28D3C4BA6387D3EA4F5DCB72F133F814D3A9854555498E22DDFD188194B7 | 65518 | +| WindowsFirewall-All-1.7.org.default.xml | 64E9FFA9B456C36DD36B5824BF641E473931B5C350F473DDFFDF31B1B64DD016 | 966 | +| WindowsFirewall-All-1.7.xml | BBB13C6D675EB591D972EF8AD9B46472CFE80FCAD76E9D453586E6BE430F01B6 | 65518 | +| WindowsServer-2012R2-DC-2.16.org.default.xml | 1EA46D2A8F2BBCEBD0AD2C16CC840F51DDEA6F36064D62FBF058BD186ADE8054 | 4532 | +| WindowsServer-2012R2-DC-2.16.xml | 23D9F976FFA4FED43FC0ADBA43B8CE6561EBF547D0890463005E9DE11F05E063 | 775120 | +| WindowsServer-2012R2-DC-2.17.org.default.xml | AB4EF5C627A56EA58B0A27C53882A742A330C86937B7C5053A90CE0605053525 | 4532 | +| WindowsServer-2012R2-DC-2.17.xml | A5220FB9683644A1EC1122B6FA714E11A1C22540D98CB795CE897246B3A6B218 | 773627 | | WindowsServer-2012R2-MS-2.15.org.default.xml | 15E575CCA42360C7DF9DDF9B8AEF6CD98F523054497F385C70A73B6373190D2A | 3988 | | WindowsServer-2012R2-MS-2.15.xml | 2F33DCADAA9E112EE23A0C4F23F3426B76DCA654B6186C551F62AE2BDEA12D37 | 660266 | -| WindowsServer-2012R2-MS-2.16.org.default.xml | 27B7592FCBE853E813EF81830F8F51119187AB9567001D795495ED08980CE98B | 3917 | -| WindowsServer-2012R2-MS-2.16.xml | 1E8E1F206AB12609288B5329F5BB80B3AA385BAF9169E75D59DB765FAD3D843D | 653774 | -| WindowsServer-2016-DC-1.8.org.default.xml | 9A2AB1356B387B63E89F88274AAE6E2A4B020E73A921F191C6A19A42D528CAE4 | 3700 | -| WindowsServer-2016-DC-1.8.xml | 8E8855000892B1CE070B9CE5F3D0122636F817AB72BB89AACC294AD316B3E827 | 553805 | -| WindowsServer-2016-DC-1.9.org.default.xml | 0BBE3B32F83AB05C81EE0D2019D2FA172B5461A5EC4127B4C8D020F9F1F6373C | 3700 | -| WindowsServer-2016-DC-1.9.xml | D4C3C2799C5601C0345F910F8E56575A2A8F3D862D93F3A7D2ED02F0BA34B30B | 548872 | -| WindowsServer-2016-MS-1.8.org.default.xml | A4C897B8B76D31EECDEABEB0CF2F6C9DA64DF4A50505B4AA07611E7FF0A8A780 | 3818 | -| WindowsServer-2016-MS-1.8.xml | FDA622743346D91BCC0B88508A889366371F14D0613B88FF2631511B61B2FB66 | 467502 | -| WindowsServer-2016-MS-1.9.org.default.xml | F97642A53337BDE97187DBFCEA46D8EC7BAEF0251C94761B102ED4FADA819489 | 3818 | -| WindowsServer-2016-MS-1.9.xml | 406D026081D3110278AA34207FA5BD386CDE25D12F8872C3828DC4801D512E8D | 463574 | +| WindowsServer-2012R2-MS-2.16.org.default.xml | 506B11E8DF549F7303C929BE63FC567C69E31A0F80FA3BC712BDBAE2CF3723EB | 3988 | +| WindowsServer-2012R2-MS-2.16.xml | 35F9B511C263D257263C9C75E9C18F48B97A5DC3FF94AAD786ACF6FF814F9EA1 | 662064 | +| WindowsServer-2016-DC-1.8.org.default.xml | 4D7EEDE652E793EB8773788E4CB2F1F056708943E8DB22671477AA42E09CFC43 | 3771 | +| WindowsServer-2016-DC-1.8.xml | 00B1629B610C2377C04AF9357AE1103FE18F1906C8B92A976C07FF239DFC2509 | 561551 | +| WindowsServer-2016-DC-1.9.org.default.xml | F139E6B861715B0870F3236A8292D6704F2DA84A317B26BB1C02E99E6A99DA10 | 3771 | +| WindowsServer-2016-DC-1.9.xml | CF31F0CB8DEAB839BFC02FC03A95ADCC38F6FBAA822F021A33FA3AD89612E3C3 | 556472 | +| WindowsServer-2016-MS-1.8.org.default.xml | BB8F18A83CE803D1D8348F152D2AFF839EE46465C4243B129C52B8F4018B3381 | 3887 | +| WindowsServer-2016-MS-1.8.xml | 20DF2D3ABE3F37444F83F0AEFBE5204EDC37FD1DDA82391303DBF17B0B5FEB31 | 473734 | +| WindowsServer-2016-MS-1.9.org.default.xml | 43EACE83E712F590EF96911CC47107F1006F28A28E6DE7E7C52BFA6C8C51B5D7 | 3887 | +| WindowsServer-2016-MS-1.9.xml | 496CBDC4CED3C2E41820C880C2A8BBD6FCBA7DD41BEB685E50F84BCD23F9A926 | 469746 | diff --git a/Module/Rule.WindowsFeature/WindowsFeatureRule.psm1 b/Module/Rule.WindowsFeature/WindowsFeatureRule.psm1 index 27906b8f1..871dcdbc2 100644 --- a/Module/Rule.WindowsFeature/WindowsFeatureRule.psm1 +++ b/Module/Rule.WindowsFeature/WindowsFeatureRule.psm1 @@ -17,7 +17,7 @@ using module .\..\Rule\Rule.psm1 Class WindowsFeatureRule : Rule { [string] $Name - [string] $Ensure + [string] $Ensure <#(ExceptionValue)#> <# .SYNOPSIS diff --git a/Module/Rule/Rule.psm1 b/Module/Rule/Rule.psm1 index 7ad94184c..9865a07ea 100644 --- a/Module/Rule/Rule.psm1 +++ b/Module/Rule/Rule.psm1 @@ -180,12 +180,19 @@ Class Rule : ICloneable .SYNOPSIS Applies an exception to a rule #> - [void] AddExceptionToPolicy ([hashtable] $ExceptionParamValue) + [void] AddExceptionToPolicy ([object] $ExceptionParamValue) { $this.UpdateRuleTitle('Exception') - foreach ($key in $ExceptionParamValue.Keys) + if ($ExceptionParamValue -is [hashtable]) { - $this.$key = $ExceptionParamValue[$key] + foreach ($key in $ExceptionParamValue.Keys) + { + $this.$key = $ExceptionParamValue[$key] + } + } + else + { + $this.($this.GetOverrideValue()) = $ExceptionParamValue } } diff --git a/Module/STIG/Functions.Checklist.ps1 b/Module/STIG/Functions.Checklist.ps1 index 2d22ce942..643bad847 100644 --- a/Module/STIG/Functions.Checklist.ps1 +++ b/Module/STIG/Functions.Checklist.ps1 @@ -20,8 +20,14 @@ .PARAMETER OutputPath The location you want the checklist saved to + .PARAMETER ManualCheckFile + Location of a psd1 file containing the input for Vulnerabilities unmanaged via DSC/PowerSTIG. + .EXAMPLE New-StigCheckList -ReferenceConfiguration $referenceConfiguration -XccdfPath $xccdfPath -OutputPath $outputPath + + .EXAMPLE + New-StigCheckList -ReferenceConfiguration $referenceConfiguration -ManualCheckFile "C:\Stig\ManualChecks\2012R2-MS-1.7.psd1" -XccdfPath $xccdfPath -OutputPath $outputPath #> function New-StigCheckList { @@ -41,11 +47,18 @@ function New-StigCheckList [string] $XccdfPath, + [Parameter(Mandatory = $true)] + [string] + $ManualCheckFile, + [Parameter(Mandatory = $true)] [System.IO.FileInfo] $OutputPath + ) + $manualCheckData = Invoke-Expression (Get-Content $manualCheckFile | Out-String) + if (-not (Test-Path -Path $OutputPath.DirectoryName)) { throw "$($OutputPath.DirectoryName) is not a valid directory. Please provide a valid directory." @@ -69,17 +82,17 @@ function New-StigCheckList $writer.WriteStartElement("ASSET") $assetElements = [ordered] @{ - 'ROLE' = 'None' - 'ASSET_TYPE' = 'Computing' - 'HOST_NAME' = '' - 'HOST_IP' = '' - 'HOST_MAC' = '' - 'HOST_GUID' = '' - 'HOST_FQDN' = '' - 'TECH_AREA' = '' - 'TARGET_KEY' = '2350' + 'ROLE' = 'None' + 'ASSET_TYPE' = 'Computing' + 'HOST_NAME' = '' + 'HOST_IP' = '' + 'HOST_MAC' = '' + 'HOST_GUID' = '' + 'HOST_FQDN' = '' + 'TECH_AREA' = '' + 'TARGET_KEY' = '2350' 'WEB_OR_DATABASE' = 'false' - 'WEB_DB_SITE' = '' + 'WEB_DB_SITE' = '' 'WEB_DB_INSTANCE' = '' } @@ -104,17 +117,17 @@ function New-StigCheckList $xccdfBenchmarkContent = Get-StigXccdfBenchmarkContent -Path $xccdfPath $stigInfoElements = [ordered] @{ - 'version' = $xccdfBenchmarkContent.version + 'version' = $xccdfBenchmarkContent.version 'classification' = 'UNCLASSIFIED' - 'customname' = '' - 'stigid' = $xccdfBenchmarkContent.id - 'description' = $xccdfBenchmarkContent.description - 'filename' = Split-Path -Path $xccdfPath -Leaf - 'releaseinfo' = $xccdfBenchmarkContent.'plain-text'.InnerText - 'title' = $xccdfBenchmarkContent.title - 'uuid' = (New-Guid).Guid - 'notice' = $xccdfBenchmarkContent.notice.InnerText - 'source' = $xccdfBenchmarkContent.reference.source + 'customname' = '' + 'stigid' = $xccdfBenchmarkContent.id + 'description' = $xccdfBenchmarkContent.description + 'filename' = Split-Path -Path $xccdfPath -Leaf + 'releaseinfo' = $xccdfBenchmarkContent.'plain-text'.InnerText + 'title' = $xccdfBenchmarkContent.title + 'uuid' = (New-Guid).Guid + 'notice' = $xccdfBenchmarkContent.notice.InnerText + 'source' = $xccdfBenchmarkContent.reference.source } foreach ($StigInfoElement in $stigInfoElements.GetEnumerator()) @@ -138,7 +151,7 @@ function New-StigCheckList #region STIGS/iSTIG/VULN[] - foreach ( $vulnerability in (Get-VulnerabilityList -XccdfBenchmark $xccdfBenchmarkContent) ) + foreach ($vulnerability in (Get-VulnerabilityList -XccdfBenchmark $xccdfBenchmarkContent)) { $writer.WriteStartElement("VULN") @@ -146,6 +159,7 @@ function New-StigCheckList { $status = $null $comments = $null + $manualCheck = $null if ($attribute.Name -eq 'Vuln_Num') { @@ -166,20 +180,26 @@ function New-StigCheckList } $statusMap = @{ - NotReviewed = 'Not_Reviewed' - Open = 'Open' - NotAFinding = 'NotAFinding' + NotReviewed = 'Not_Reviewed' + Open = 'Open' + NotAFinding = 'NotAFinding' NotApplicable = 'Not_Applicable' } if ($PSCmdlet.ParameterSetName -eq 'mof') { $setting = Get-SettingsFromMof -ReferenceConfiguration $referenceConfiguration -Id $vid + $manualCheck = $manualCheckData | Where-Object {$_.VulID -eq $VID} if ($setting) { $status = $statusMap['NotAFinding'] - $comments = 'Managed via PowerStigDsc' + + } + elseif ($manualCheck) + { + $status = $statusMap["$($manualCheck.Status)"] + $comments = $manualCheck.Comments } else { @@ -214,7 +234,7 @@ function New-StigCheckList $writer.WriteEndElement(<#STATUS#>) $writer.WriteStartElement("FINDING_DETAILS") - $writer.WriteString( ( Get-FindingDetails -Setting $setting ) ) + $writer.WriteString((Get-FindingDetails -Setting $setting)) $writer.WriteEndElement(<#FINDING_DETAILS#>) $writer.WriteStartElement("COMMENTS") @@ -239,6 +259,7 @@ function New-StigCheckList $writer.WriteEndElement(<#CHECKLIST#>) $writer.Flush() $writer.Close() + } <# @@ -258,47 +279,47 @@ function Get-VulnerabilityList [System.Collections.ArrayList] $vulnerabilityList = @() - foreach ( $vulnerability in $XccdfBenchmark.Group ) + foreach ($vulnerability in $XccdfBenchmark.Group) { [xml]$vulnerabiltyDiscussionElement = "$($vulnerability.Rule.description)" [void] $vulnerabilityList.Add( @( - [PSCustomObject]@{ Name = 'Vuln_Num'; Value = $vulnerability.id }, - [PSCustomObject]@{ Name = 'Severity'; Value= $vulnerability.Rule.severity}, - [PSCustomObject]@{ Name = 'Group_Title'; Value = $vulnerability.title}, - [PSCustomObject]@{ Name = 'Rule_ID'; Value = $vulnerability.Rule.id}, - [PSCustomObject]@{ Name = 'Rule_Ver'; Value = $vulnerability.Rule.version}, - [PSCustomObject]@{ Name = 'Rule_Title'; Value = $vulnerability.Rule.title}, - [PSCustomObject]@{ Name = 'Vuln_Discuss'; Value = $vulnerabiltyDiscussionElement.discussionroot.VulnDiscussion}, - [PSCustomObject]@{ Name = 'IA_Controls'; Value = $vulnerabiltyDiscussionElement.discussionroot.IAControls}, - [PSCustomObject]@{ Name = 'Check_Content'; Value = $vulnerability.Rule.check.'check-content'}, - [PSCustomObject]@{ Name = 'Fix_Text'; Value = $vulnerability.Rule.fixtext.InnerText}, - [PSCustomObject]@{ Name = 'False_Positives'; Value = $vulnerabiltyDiscussionElement.discussionroot.FalsePositives}, - [PSCustomObject]@{ Name = 'False_Negatives'; Value = $vulnerabiltyDiscussionElement.discussionroot.FalseNegatives}, - [PSCustomObject]@{ Name = 'Documentable'; Value = $vulnerabiltyDiscussionElement.discussionroot.Documentable}, - [PSCustomObject]@{ Name = 'Mitigations'; Value = $vulnerabiltyDiscussionElement.discussionroot.Mitigations}, - [PSCustomObject]@{ Name = 'Potential_Impact'; Value = $vulnerabiltyDiscussionElement.discussionroot.PotentialImpacts}, - [PSCustomObject]@{ Name = 'Third_Party_Tools'; Value = $vulnerabiltyDiscussionElement.discussionroot.ThirdPartyTools}, - [PSCustomObject]@{ Name = 'Mitigation_Control'; Value = $vulnerabiltyDiscussionElement.discussionroot.MitigationControl}, - [PSCustomObject]@{ Name = 'Responsibility'; Value = $vulnerabiltyDiscussionElement.discussionroot.Responsibility}, - [PSCustomObject]@{ Name = 'Security_Override_Guidance'; Value = $vulnerabiltyDiscussionElement.discussionroot.SeverityOverrideGuidance}, - [PSCustomObject]@{ Name = 'Check_Content_Ref'; Value = $vulnerability.Rule.check.'check-content-ref'.href }, - [PSCustomObject]@{ Name = 'Weight'; Value = $vulnerability.Rule.Weight}, - [PSCustomObject]@{ Name = 'Class'; Value = 'Unclass'}, - [PSCustomObject]@{ Name = 'STIGRef'; Value = "$($XccdfBenchmark.title) :: $($XccdfBenchmark.'plain-text'.InnerText)"}, - [PSCustomObject]@{ Name = 'TargetKey'; Value = $vulnerability.Rule.reference.identifier} + [PSCustomObject]@{Name = 'Vuln_Num'; Value = $vulnerability.id}, + [PSCustomObject]@{Name = 'Severity'; Value = $vulnerability.Rule.severity}, + [PSCustomObject]@{Name = 'Group_Title'; Value = $vulnerability.title}, + [PSCustomObject]@{Name = 'Rule_ID'; Value = $vulnerability.Rule.id}, + [PSCustomObject]@{Name = 'Rule_Ver'; Value = $vulnerability.Rule.version}, + [PSCustomObject]@{Name = 'Rule_Title'; Value = $vulnerability.Rule.title}, + [PSCustomObject]@{Name = 'Vuln_Discuss'; Value = $vulnerabiltyDiscussionElement.discussionroot.VulnDiscussion}, + [PSCustomObject]@{Name = 'IA_Controls'; Value = $vulnerabiltyDiscussionElement.discussionroot.IAControls}, + [PSCustomObject]@{Name = 'Check_Content'; Value = $vulnerability.Rule.check.'check-content'}, + [PSCustomObject]@{Name = 'Fix_Text'; Value = $vulnerability.Rule.fixtext.InnerText}, + [PSCustomObject]@{Name = 'False_Positives'; Value = $vulnerabiltyDiscussionElement.discussionroot.FalsePositives}, + [PSCustomObject]@{Name = 'False_Negatives'; Value = $vulnerabiltyDiscussionElement.discussionroot.FalseNegatives}, + [PSCustomObject]@{Name = 'Documentable'; Value = $vulnerabiltyDiscussionElement.discussionroot.Documentable}, + [PSCustomObject]@{Name = 'Mitigations'; Value = $vulnerabiltyDiscussionElement.discussionroot.Mitigations}, + [PSCustomObject]@{Name = 'Potential_Impact'; Value = $vulnerabiltyDiscussionElement.discussionroot.PotentialImpacts}, + [PSCustomObject]@{Name = 'Third_Party_Tools'; Value = $vulnerabiltyDiscussionElement.discussionroot.ThirdPartyTools}, + [PSCustomObject]@{Name = 'Mitigation_Control'; Value = $vulnerabiltyDiscussionElement.discussionroot.MitigationControl}, + [PSCustomObject]@{Name = 'Responsibility'; Value = $vulnerabiltyDiscussionElement.discussionroot.Responsibility}, + [PSCustomObject]@{Name = 'Security_Override_Guidance'; Value = $vulnerabiltyDiscussionElement.discussionroot.SeverityOverrideGuidance}, + [PSCustomObject]@{Name = 'Check_Content_Ref'; Value = $vulnerability.Rule.check.'check-content-ref'.href}, + [PSCustomObject]@{Name = 'Weight'; Value = $vulnerability.Rule.Weight}, + [PSCustomObject]@{Name = 'Class'; Value = 'Unclass'}, + [PSCustomObject]@{Name = 'STIGRef'; Value = "$($XccdfBenchmark.title) :: $($XccdfBenchmark.'plain-text'.InnerText)"}, + [PSCustomObject]@{Name = 'TargetKey'; Value = $vulnerability.Rule.reference.identifier} # Some Stigs have multiple Control Correlation Identifiers (CCI) $( # Extract only the cci entries $CCIREFList = $vulnerability.Rule.ident | - Where-Object {$PSItem.system -eq 'http://iase.disa.mil/cci'} | - Select-Object 'InnerText' -ExpandProperty 'InnerText' + Where-Object {$PSItem.system -eq 'http://iase.disa.mil/cci'} | + Select-Object 'InnerText' -ExpandProperty 'InnerText' foreach ($CCIREF in $CCIREFList) { - [PSCustomObject]@{ Name = 'CCI_REF'; Value = $CCIREF} + [PSCustomObject]@{Name = 'CCI_REF'; Value = $CCIREF} } ) ) @@ -323,7 +344,7 @@ function Get-MofContent $ReferenceConfiguration ) - if ( -not $script:mofContent ) + if (-not $script:mofContent) { $script:mofContent = [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ImportInstances($referenceConfiguration, 4) } @@ -352,7 +373,7 @@ function Get-SettingsFromMof $mofContent = Get-MofContent -ReferenceConfiguration $referenceConfiguration - return $mofContent.Where( {$PSItem.ResourceID -match $id} ) + return $mofContent.Where({$PSItem.ResourceID -match $id}) } <# @@ -379,7 +400,7 @@ function Get-SettingsFromResult $script:allResources = $dscResult.ResourcesNotInDesiredState + $dscResult.ResourcesInDesiredState } - return $script:allResources.Where( {$PSItem.ResourceID -match $id} ) + return $script:allResources.Where({$PSItem.ResourceID -match $id}) } <# diff --git a/PowerStig.psd1 b/PowerStig.psd1 index 8db6eed4b..6061a101e 100644 --- a/PowerStig.psd1 +++ b/PowerStig.psd1 @@ -6,7 +6,7 @@ RootModule = 'PowerStig.psm1' # Version number of this module. -ModuleVersion = '4.0.0' +ModuleVersion = '4.1.1' # ID used to uniquely identify this module GUID = 'a132f6a5-8f96-4942-be25-b213ee7e4af3' @@ -41,7 +41,7 @@ RequiredModules = @( @{ModuleName = 'AccessControlDsc'; ModuleVersion = '1.4.0.0'}, @{ModuleName = 'ComputerManagementDsc'; ModuleVersion = '6.2.0.0'}, @{ModuleName = 'FileContentDsc'; ModuleVersion = '1.1.0.108'}, - @{ModuleName = 'GPRegistryPolicyDsc'; ModuleVersion = '1.0.0'}, + @{ModuleName = 'GPRegistryPolicyDsc'; ModuleVersion = '1.0.1'}, @{ModuleName = 'PSDscResources'; ModuleVersion = '2.10.0.0'}, @{ModuleName = 'SecurityPolicyDsc'; ModuleVersion = '2.4.0.0'}, @{ModuleName = 'SqlServerDsc'; ModuleVersion = '12.1.0.0'}, @@ -98,34 +98,7 @@ PrivateData = @{ ProjectUri = 'https://github.com/Microsoft/PowerStig' # ReleaseNotes of this module - ReleaseNotes = '* Update PowerSTIG parsing for Windows Sever 2016 STIG - Ver 1, Rel 9 [#498] (https://github.com/microsoft/PowerStig/issues/498) - * Fixed [#507](https://github.com/microsoft/PowerStig/issues/507): Get-HardCodedRuleLogFileEntry Errors on RegistryRule - * Update PowerSTIG to leverage the GPRegistryPolicyDsc resource for Local Group Policy automation: [#497](https://github.com/microsoft/PowerStig/issues/497) - * Update PowerSTIG to enable the logfile framework to consume a hashtable for HardCodedRule: [#494](https://github.com/microsoft/PowerStig/issues/494) - * Update PowerSTIG to pass OrgSettings in via configuration hashtable: [#372](https://github.com/microsoft/PowerStig/issues/372) - * Update support for SQL Server 2012 Database STIG, Version 1, Release 19 [#482](https://github.com/microsoft/PowerStig/issues/482) - * Fixed [#478](https://github.com/microsoft/PowerStig/issues/478): SQL STIG Instance V-40936 Fails to apply - * Update PowerSTIG to automate applying the IIS 8.5 STIG, Version 1 Release 8. [#469](https://github.com/microsoft/PowerStig/issues/469) - * Fixed [#476](https://github.com/microsoft/PowerStig/issues/476): AuditSetting Rule for Windows STIGs has an incorrect operator when evaluating Service Pack information - * Added support for Dot Net Framework 4.0 STIG, Version 1, Release 8 [#447](https://github.com/microsoft/PowerStig/issues/447) - * Added support for Windows 10 STIG, Version 1, Release 17 & 18: [#466](https://github.com/microsoft/PowerStig/issues/466) - * Added support for Windows 2012 Server DNS STIG, Version 1, Release 12 [#464](https://github.com/microsoft/PowerStig/issues/464) - * Update PowerSTIG to automate applying the Windows Server 2012R2 DC & MS STIG, Version 2, Release 17 & 16 respectively. [#456](https://github.com/microsoft/PowerStig/issues/456) - * Fixed [#444](https://github.com/microsoft/PowerStig/issues/444): Duplicate principals in Permission Rule (Registry) - * Updated logfile in 2012R2 DC STIG leveraging HardCodedRule to automate additional STIG rules. [#446](https://github.com/microsoft/PowerStig/issues/446) - * Updated logfile in 2012R2 MS STIG leveraging HardCodedRule to automate additional STIG rules. [#448](https://github.com/microsoft/PowerStig/issues/448) - * Declarative definition of a rule in the StigData log file to provide a standard way to populate unautomated rules [#435](https://github.com/microsoft/PowerStig/issues/435) - * Updated PowerSTIG to leverage AuditSetting instead of the Script resource. Additionally renamed WmiRule to AuditSettingRule [#431](https://github.com/Microsoft/PowerStig/issues/431) - * Fixed [#419](https://github.com/Microsoft/PowerStig/issues/419): PowerStig is creating resource xSSLSettings with the wrong value for Name. - * Added support for Windows Defender, Version 1, Release 5 [#393](https://github.com/microsoft/PowerStig/issues/393) - * Added support for Internet Explorer 11 Version 1, Release 17 [#422](https://github.com/Microsoft/PowerStig/issues/422) - * Added support for Server 2016 STIG, Version 1, Release 8 [#418](https://github.com/Microsoft/PowerStig/issues/418) - * Update PowerSTIG to enforce additional rules in the SQL Server 2012 STIG [#438](https://github.com/microsoft/PowerStig/issues/438) - * Added support for Windows Defender Antivirus STIG, Version 1, Release 6 [#462](https://github.com/Microsoft/PowerStig/issues/462) - * Added support for Firefox STIG v4r26 [#458](https://github.com/Microsoft/PowerStig/issues/458) - * Updated logfile in DotNet Framework STIG leveraging HardCodedRule to automate additional STIG rules. [#454](https://github.com/microsoft/PowerStig/issues/454) - * Fixed [#493](https://github.com/microsoft/PowerStig/issues/493): IIS 8/5 Server STIG rule V-76745 is referencing the incorrect IIS default path - * Fixed [#505](https://github.com/microsoft/PowerStig/issues/505): Missing reg key setting on V-76759 IIS Server 8.5 v1R7' + ReleaseNotes = '* Fixed [#517](https://github.com/microsoft/PowerStig/issues/517): 4.1.0 GPRegistryPolicyDsc Module Version Issue' } # End of PSData hashtable } # End of PrivateData hashtable } diff --git a/README.md b/README.md index 9e9c39411..a1edf9746 100644 --- a/README.md +++ b/README.md @@ -110,22 +110,22 @@ We are especially thankful for those who have contributed pull requests to the c ### Contributors -* [@ALichtenberg](https://github.com/ALichtenberg) (ALichtenberg) +* [@ALichtenberg](https://github.com/ALichtenberg) (Adam Lichtenberg) * [@athaynes](https://github.com/athaynes) (Adam Haynes) * [@bcwilhite](https://github.com/bcwilhite) (Brian Wilhite) * [@bgouldman](https://github.com/bgouldman) (Brian Gouldman) * [@camusicjunkie](https://github.com/camusicjunkie) (John Steele) * [@chasewilson](https://github.com/chasewilson) (Chase Wilson) * [@clcaldwell](https://github.com/clcaldwell) (Coby Caldwell) -* [@davbowman](https://github.com/davbowman) +* [@davbowman](https://github.com/davbowman) (David Bowman) * [@erjenkin](https://github.com/erjenkin) (Eric Jenkins) -* [@JakeDean3631](https://github.com/JakeDean3631) -* [@japatton](https://github.com/japatton) +* [@JakeDean3631](https://github.com/JakeDean3631) (Jake Dean) +* [@japatton](https://github.com/japatton) (Jason Patton) * [@jcwalker](https://github.com/jcwalker) (Jason Walker) -* [@jesal858](https://github.com/jesal858) +* [@jesal858](https://github.com/jesal858) (Jeff Salas) * [@ldillonel](https://github.com/ldillonel) (LaNika Dillon) * [@LLansey](https://github.com/LLansey) (La'Neice Lansey) -* [@mcollera](https://github.com/mcollera) +* [@mcollera](https://github.com/mcollera) (Matthew Collera) * [@nehrua](https://github.com/nehrua) (Nehru Ali) * [@regedit32](https://github.com/regedit32) (Reggie Gibson) * [@stevehose](https://github.com/stevehose) (Steve Hose) diff --git a/Tests/Integration/DSCResources/Common.integration.ps1 b/Tests/Integration/DSCResources/Common.integration.ps1 index 48163ad06..03d6d4708 100644 --- a/Tests/Integration/DSCResources/Common.integration.ps1 +++ b/Tests/Integration/DSCResources/Common.integration.ps1 @@ -87,6 +87,18 @@ Describe ($title + " $($stig.StigVersion) mof output") { } } + Context 'Single Backward Compatibility Exception' { + It "Should compile the MOF with STIG exception $($backCompatException.Keys) without throwing" { + {& $technologyConfig @testParameterList -BackwardCompatibilityException $backCompatException} | Should -Not -Throw + } + } + + Context 'Multiple Backward Compatibility Exceptions' { + It "Should compile the MOF with STIG exceptions $($backCompatExceptionMultiple.Keys) without throwing" { + {& $technologyConfig @testParameterList -BackwardCompatibilityException $backCompatExceptionMultiple} | Should -Not -Throw + } + } + Context 'Single Rule' { It 'Should compile the MOF without throwing' { {& $technologyConfig @testParameterList -SkipRule $skipRule } | Should -Not -Throw diff --git a/Tests/Integration/DSCResources/DotNetFramework.config.ps1 b/Tests/Integration/DSCResources/DotNetFramework.config.ps1 index 639d06400..43c06c683 100644 --- a/Tests/Integration/DSCResources/DotNetFramework.config.ps1 +++ b/Tests/Integration/DSCResources/DotNetFramework.config.ps1 @@ -1,4 +1,4 @@ -Configuration DotNetFramework_config +configuration DotNetFramework_config { param ( diff --git a/Tests/Integration/DSCResources/Firefox.config.ps1 b/Tests/Integration/DSCResources/Firefox.config.ps1 index 6f32b6724..3718cd3c8 100644 --- a/Tests/Integration/DSCResources/Firefox.config.ps1 +++ b/Tests/Integration/DSCResources/Firefox.config.ps1 @@ -1,4 +1,4 @@ -Configuration Firefox_config +configuration Firefox_config { param ( @@ -28,6 +28,10 @@ Configuration Firefox_config [hashtable] $Exception, + [Parameter()] + [hashtable] + $BackwardCompatibilityException, + [Parameter()] [object] $OrgSettings @@ -57,6 +61,11 @@ Configuration Firefox_config ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}" }) + $(if ($null -ne $BackwardCompatibilityException) + { + "Exception = @{`n$($BackwardCompatibilityException.Keys | + ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}" + }) $(if ($null -ne $SkipRule) { "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n" diff --git a/Tests/Integration/DSCResources/Firefox.integration.tests.ps1 b/Tests/Integration/DSCResources/Firefox.integration.tests.ps1 index 0189932be..164ba800f 100644 --- a/Tests/Integration/DSCResources/Firefox.integration.tests.ps1 +++ b/Tests/Integration/DSCResources/Firefox.integration.tests.ps1 @@ -34,6 +34,8 @@ try } $exception = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 $exceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 + $backCompatException = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 -BackwardCompatibility + $backCompatExceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 -BackwardCompatibility . "$PSScriptRoot\Common.integration.ps1" } diff --git a/Tests/Integration/DSCResources/IisServer.config.ps1 b/Tests/Integration/DSCResources/IisServer.config.ps1 index b47fca800..3fa0f4bd8 100644 --- a/Tests/Integration/DSCResources/IisServer.config.ps1 +++ b/Tests/Integration/DSCResources/IisServer.config.ps1 @@ -1,4 +1,4 @@ -Configuration IisServer_Config +configuration IisServer_Config { param ( @@ -28,6 +28,10 @@ Configuration IisServer_Config [hashtable] $Exception, + [Parameter()] + [hashtable] + $BackwardCompatibilityException, + [Parameter()] [object] $OrgSettings, @@ -64,6 +68,11 @@ Configuration IisServer_Config ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}" }) + $(if ($null -ne $BackwardCompatibilityException) + { + "Exception = @{`n$($BackwardCompatibilityException.Keys | + ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}" + }) $(if ($null -ne $SkipRule) { "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n" diff --git a/Tests/Integration/DSCResources/IisServer.integration.tests.ps1 b/Tests/Integration/DSCResources/IisServer.integration.tests.ps1 index 8dc7d90d7..8aca760dc 100644 --- a/Tests/Integration/DSCResources/IisServer.integration.tests.ps1 +++ b/Tests/Integration/DSCResources/IisServer.integration.tests.ps1 @@ -40,6 +40,8 @@ try } $exception = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 $exceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 + $backCompatException = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 -BackwardCompatibility + $backCompatExceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 -BackwardCompatibility . "$PSScriptRoot\Common.integration.ps1" } diff --git a/Tests/Integration/DSCResources/IisSite.config.ps1 b/Tests/Integration/DSCResources/IisSite.config.ps1 index 9e3c7ca63..db44bfe92 100644 --- a/Tests/Integration/DSCResources/IisSite.config.ps1 +++ b/Tests/Integration/DSCResources/IisSite.config.ps1 @@ -1,4 +1,4 @@ -Configuration IisSite_config +configuration IisSite_config { param ( @@ -28,6 +28,10 @@ Configuration IisSite_config [hashtable] $Exception, + [Parameter()] + [hashtable] + $BackwardCompatibilityException, + [Parameter()] [object] $OrgSettings, @@ -73,6 +77,11 @@ Configuration IisSite_config ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}" }) + $(if ($null -ne $BackwardCompatibilityException) + { + "Exception = @{`n$($BackwardCompatibilityException.Keys | + ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}" + }) $(if ($null -ne $SkipRule) { "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n" diff --git a/Tests/Integration/DSCResources/IisSite.integration.tests.ps1 b/Tests/Integration/DSCResources/IisSite.integration.tests.ps1 index 8b8671c78..b0e4d1cb8 100644 --- a/Tests/Integration/DSCResources/IisSite.integration.tests.ps1 +++ b/Tests/Integration/DSCResources/IisSite.integration.tests.ps1 @@ -42,6 +42,8 @@ try $exception = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 $getRandomExceptionRuleParams.RuleType = 'WebAppPoolRule' $exceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 + $backCompatException = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 -BackwardCompatibility + $backCompatExceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 -BackwardCompatibility . "$PSScriptRoot\Common.integration.ps1" } diff --git a/Tests/Integration/DSCResources/InternetExplorer.config.ps1 b/Tests/Integration/DSCResources/InternetExplorer.config.ps1 index 1cb070ce1..66f609324 100644 --- a/Tests/Integration/DSCResources/InternetExplorer.config.ps1 +++ b/Tests/Integration/DSCResources/InternetExplorer.config.ps1 @@ -1,4 +1,4 @@ -Configuration InternetExplorer_config +configuration InternetExplorer_config { param ( @@ -28,6 +28,10 @@ Configuration InternetExplorer_config [hashtable] $Exception, + [Parameter()] + [hashtable] + $BackwardCompatibilityException, + [Parameter()] [object] $OrgSettings @@ -58,6 +62,11 @@ Configuration InternetExplorer_config ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}" }) + $(if ($null -ne $BackwardCompatibilityException) + { + "Exception = @{`n$($BackwardCompatibilityException.Keys | + ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}" + }) $(if ($null -ne $SkipRule) { "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n" diff --git a/Tests/Integration/DSCResources/InternetExplorer.integration.tests.ps1 b/Tests/Integration/DSCResources/InternetExplorer.integration.tests.ps1 index c37b1cfba..5449d269c 100644 --- a/Tests/Integration/DSCResources/InternetExplorer.integration.tests.ps1 +++ b/Tests/Integration/DSCResources/InternetExplorer.integration.tests.ps1 @@ -34,6 +34,8 @@ try } $exception = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 $exceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 + $backCompatException = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 -BackwardCompatibility + $backCompatExceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 -BackwardCompatibility . "$PSScriptRoot\Common.integration.ps1" } diff --git a/Tests/Integration/DSCResources/Office.config.ps1 b/Tests/Integration/DSCResources/Office.config.ps1 index 639e1c0a8..56e4682ad 100644 --- a/Tests/Integration/DSCResources/Office.config.ps1 +++ b/Tests/Integration/DSCResources/Office.config.ps1 @@ -1,4 +1,4 @@ -Configuration Office_config +configuration Office_config { param ( @@ -28,6 +28,10 @@ Configuration Office_config [hashtable] $Exception, + [Parameter()] + [hashtable] + $BackwardCompatibilityException, + [Parameter()] [object] $OrgSettings @@ -58,6 +62,11 @@ Configuration Office_config ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}" }) + $(if ($null -ne $BackwardCompatibilityException) + { + "Exception = @{`n$($BackwardCompatibilityException.Keys | + ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}" + }) $(if ($null -ne $SkipRule) { "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n" diff --git a/Tests/Integration/DSCResources/Office.integration.tests.ps1 b/Tests/Integration/DSCResources/Office.integration.tests.ps1 index c37b1cfba..5449d269c 100644 --- a/Tests/Integration/DSCResources/Office.integration.tests.ps1 +++ b/Tests/Integration/DSCResources/Office.integration.tests.ps1 @@ -34,6 +34,8 @@ try } $exception = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 $exceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 + $backCompatException = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 -BackwardCompatibility + $backCompatExceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 -BackwardCompatibility . "$PSScriptRoot\Common.integration.ps1" } diff --git a/Tests/Integration/DSCResources/OracleJRE.config.ps1 b/Tests/Integration/DSCResources/OracleJRE.config.ps1 index 5869812e3..3031ed31f 100644 --- a/Tests/Integration/DSCResources/OracleJRE.config.ps1 +++ b/Tests/Integration/DSCResources/OracleJRE.config.ps1 @@ -1,4 +1,4 @@ -Configuration OracleJRE_config +configuration OracleJRE_config { param ( @@ -28,6 +28,10 @@ Configuration OracleJRE_config [hashtable] $Exception, + [Parameter()] + [hashtable] + $BackwardCompatibilityException, + [Parameter()] [object] $OrgSettings, @@ -69,6 +73,11 @@ Configuration OracleJRE_config ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}" }) + $(if ($null -ne $BackwardCompatibilityException) + { + "Exception = @{`n$($BackwardCompatibilityException.Keys | + ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}" + }) $(if ($null -ne $SkipRule) { "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n" diff --git a/Tests/Integration/DSCResources/OracleJRE.integration.tests.ps1 b/Tests/Integration/DSCResources/OracleJRE.integration.tests.ps1 index 1c7a566d3..436bf4d2a 100644 --- a/Tests/Integration/DSCResources/OracleJRE.integration.tests.ps1 +++ b/Tests/Integration/DSCResources/OracleJRE.integration.tests.ps1 @@ -39,6 +39,8 @@ try } $exception = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 $exceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 + $backCompatException = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 -BackwardCompatibility + $backCompatExceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 -BackwardCompatibility . "$PSScriptRoot\Common.integration.ps1" } diff --git a/Tests/Integration/DSCResources/SqlServer.config.ps1 b/Tests/Integration/DSCResources/SqlServer.config.ps1 index 8f99b1333..67aaf0d72 100644 --- a/Tests/Integration/DSCResources/SqlServer.config.ps1 +++ b/Tests/Integration/DSCResources/SqlServer.config.ps1 @@ -1,4 +1,4 @@ -Configuration SqlServer_config +configuration SqlServer_config { param ( @@ -28,6 +28,10 @@ Configuration SqlServer_config [hashtable] $Exception, + [Parameter()] + [hashtable] + $BackwardCompatibilityException, + [Parameter()] [object] $OrgSettings @@ -61,6 +65,11 @@ Configuration SqlServer_config ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}" }) + $(if ($null -ne $BackwardCompatibilityException) + { + "Exception = @{`n$($BackwardCompatibilityException.Keys | + ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}" + }) $(if ($null -ne $SkipRule) { "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n" @@ -74,7 +83,7 @@ Configuration SqlServer_config } } -Configuration SqlServerDatabase_config +configuration SqlServerDatabase_config { param ( diff --git a/Tests/Integration/DSCResources/SqlServer.integration.tests.ps1 b/Tests/Integration/DSCResources/SqlServer.integration.tests.ps1 index 1844b309b..16fddf541 100644 --- a/Tests/Integration/DSCResources/SqlServer.integration.tests.ps1 +++ b/Tests/Integration/DSCResources/SqlServer.integration.tests.ps1 @@ -30,10 +30,12 @@ try $getRandomExceptionRuleParams = @{ RuleType = 'SqlScriptQueryRule' PowerStigXml = $powerstigXml - ParameterValue = 'TestScript' + ParameterValue = $true } $exception = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 $exceptionMultiple = $null + $backCompatException = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 -BackwardCompatibility + $backCompatExceptionMultiple = $null . "$PSScriptRoot\Common.integration.ps1" } diff --git a/Tests/Integration/DSCResources/WindowsClient.config.ps1 b/Tests/Integration/DSCResources/WindowsClient.config.ps1 index 562ef133e..e08c833eb 100644 --- a/Tests/Integration/DSCResources/WindowsClient.config.ps1 +++ b/Tests/Integration/DSCResources/WindowsClient.config.ps1 @@ -1,4 +1,4 @@ -Configuration WindowsClient_config +configuration WindowsClient_config { param ( @@ -20,6 +20,10 @@ Configuration WindowsClient_config [hashtable] $Exception, + [Parameter()] + [hashtable] + $BackwardCompatibilityException, + [Parameter()] [string[]] $SkipRule, @@ -70,6 +74,11 @@ Configuration WindowsClient_config ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}" }) + $(if ($null -ne $BackwardCompatibilityException) + { + "Exception = @{`n$($BackwardCompatibilityException.Keys | + ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}" + }) $(if ($null -ne $SkipRule) { "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n" diff --git a/Tests/Integration/DSCResources/WindowsClient.integration.tests.ps1 b/Tests/Integration/DSCResources/WindowsClient.integration.tests.ps1 index 0c4726e90..7bcc1867b 100644 --- a/Tests/Integration/DSCResources/WindowsClient.integration.tests.ps1 +++ b/Tests/Integration/DSCResources/WindowsClient.integration.tests.ps1 @@ -41,6 +41,8 @@ try } $exception = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 $exceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 + $backCompatException = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 -BackwardCompatibility + $backCompatExceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 -BackwardCompatibility . "$PSScriptRoot\Common.integration.ps1" } diff --git a/Tests/Integration/DSCResources/WindowsDefender.config.ps1 b/Tests/Integration/DSCResources/WindowsDefender.config.ps1 index 7b50770ab..edbd6a596 100644 --- a/Tests/Integration/DSCResources/WindowsDefender.config.ps1 +++ b/Tests/Integration/DSCResources/WindowsDefender.config.ps1 @@ -1,4 +1,4 @@ -Configuration WindowsDefender_config +configuration WindowsDefender_config { param ( @@ -28,6 +28,10 @@ Configuration WindowsDefender_config [hashtable] $Exception, + [Parameter()] + [hashtable] + $BackwardCompatibilityException, + [Parameter()] [object] $OrgSettings @@ -57,6 +61,11 @@ Configuration WindowsDefender_config ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}" }) + $(if ($null -ne $BackwardCompatibilityException) + { + "Exception = @{`n$($BackwardCompatibilityException.Keys | + ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}" + }) $(if ($null -ne $SkipRule) { "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n" diff --git a/Tests/Integration/DSCResources/WindowsDefender.integration.tests.ps1 b/Tests/Integration/DSCResources/WindowsDefender.integration.tests.ps1 index 1beec2a4a..474ee2e36 100644 --- a/Tests/Integration/DSCResources/WindowsDefender.integration.tests.ps1 +++ b/Tests/Integration/DSCResources/WindowsDefender.integration.tests.ps1 @@ -37,6 +37,8 @@ try } $exception = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 $exceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 + $backCompatException = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 -BackwardCompatibility + $backCompatExceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 -BackwardCompatibility . "$PSScriptRoot\Common.integration.ps1" } diff --git a/Tests/Integration/DSCResources/WindowsDnsServer.config.ps1 b/Tests/Integration/DSCResources/WindowsDnsServer.config.ps1 index 0247f2eb4..51d785f6c 100644 --- a/Tests/Integration/DSCResources/WindowsDnsServer.config.ps1 +++ b/Tests/Integration/DSCResources/WindowsDnsServer.config.ps1 @@ -1,4 +1,4 @@ -Configuration WindowsDnsServer_config +configuration WindowsDnsServer_config { param ( @@ -28,6 +28,10 @@ Configuration WindowsDnsServer_config [hashtable] $Exception, + [Parameter()] + [hashtable] + $BackwardCompatibilityException, + [Parameter()] [object] $OrgSettings, @@ -70,6 +74,11 @@ Configuration WindowsDnsServer_config ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}" }) + $(if ($null -ne $BackwardCompatibilityException) + { + "Exception = @{`n$($BackwardCompatibilityException.Keys | + ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}" + }) $(if ($null -ne $SkipRule) { "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n" diff --git a/Tests/Integration/DSCResources/WindowsDnsServer.integration.tests.ps1 b/Tests/Integration/DSCResources/WindowsDnsServer.integration.tests.ps1 index b7f5c7cf7..53032d09c 100644 --- a/Tests/Integration/DSCResources/WindowsDnsServer.integration.tests.ps1 +++ b/Tests/Integration/DSCResources/WindowsDnsServer.integration.tests.ps1 @@ -44,6 +44,8 @@ try } $exception = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 $exceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 + $backCompatException = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 -BackwardCompatibility + $backCompatExceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 -BackwardCompatibility . "$PSScriptRoot\Common.integration.ps1" } diff --git a/Tests/Integration/DSCResources/WindowsFirewall.config.ps1 b/Tests/Integration/DSCResources/WindowsFirewall.config.ps1 index 83502209d..e1d75af34 100644 --- a/Tests/Integration/DSCResources/WindowsFirewall.config.ps1 +++ b/Tests/Integration/DSCResources/WindowsFirewall.config.ps1 @@ -1,4 +1,4 @@ -Configuration WindowsFirewall_config +configuration WindowsFirewall_config { param ( @@ -28,6 +28,10 @@ Configuration WindowsFirewall_config [hashtable] $Exception, + [Parameter()] + [hashtable] + $BackwardCompatibilityException, + [Parameter()] [object] $OrgSettings @@ -57,6 +61,11 @@ Configuration WindowsFirewall_config ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}" }) + $(if ($null -ne $BackwardCompatibilityException) + { + "Exception = @{`n$($BackwardCompatibilityException.Keys | + ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}" + }) $(if ($null -ne $SkipRule) { "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n" diff --git a/Tests/Integration/DSCResources/WindowsFirewall.integration.tests.ps1 b/Tests/Integration/DSCResources/WindowsFirewall.integration.tests.ps1 index c37b1cfba..5449d269c 100644 --- a/Tests/Integration/DSCResources/WindowsFirewall.integration.tests.ps1 +++ b/Tests/Integration/DSCResources/WindowsFirewall.integration.tests.ps1 @@ -34,6 +34,8 @@ try } $exception = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 $exceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 + $backCompatException = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 -BackwardCompatibility + $backCompatExceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 -BackwardCompatibility . "$PSScriptRoot\Common.integration.ps1" } diff --git a/Tests/Integration/DSCResources/WindowsServer.config.ps1 b/Tests/Integration/DSCResources/WindowsServer.config.ps1 index b5410d186..0886d2168 100644 --- a/Tests/Integration/DSCResources/WindowsServer.config.ps1 +++ b/Tests/Integration/DSCResources/WindowsServer.config.ps1 @@ -1,4 +1,4 @@ -Configuration WindowsServer_config +configuration WindowsServer_config { param ( @@ -28,6 +28,10 @@ Configuration WindowsServer_config [hashtable] $Exception, + [Parameter()] + [hashtable] + $BackwardCompatibilityException, + [Parameter()] [object] $OrgSettings, @@ -71,6 +75,11 @@ Configuration WindowsServer_config ForEach-Object {"'{0}' = {1}{2} = '{3}'{4}`n" -f $PSItem, '@{', $($Exception[$PSItem].Keys), $($Exception[$PSItem][$Exception[$PSItem].Keys]), '}'})}" }) + $(if ($null -ne $BackwardCompatibilityException) + { + "Exception = @{`n$($BackwardCompatibilityException.Keys | + ForEach-Object {"'{0}' = {1}`n" -f $PSItem, $BackwardCompatibilityException[$PSItem]})}" + }) $(if ($null -ne $SkipRule) { "SkipRule = @($( ($SkipRule | ForEach-Object {"'$PSItem'"}) -join ',' ))`n" diff --git a/Tests/Integration/DSCResources/WindowsServer.integration.tests.ps1 b/Tests/Integration/DSCResources/WindowsServer.integration.tests.ps1 index 1ab105cfd..b83590514 100644 --- a/Tests/Integration/DSCResources/WindowsServer.integration.tests.ps1 +++ b/Tests/Integration/DSCResources/WindowsServer.integration.tests.ps1 @@ -46,6 +46,8 @@ try } $exception = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 $exceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 + $backCompatException = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 1 -BackwardCompatibility + $backCompatExceptionMultiple = Get-RandomExceptionRule @getRandomExceptionRuleParams -Count 2 -BackwardCompatibility } . "$PSScriptRoot\Common.integration.ps1" diff --git a/Tests/Integration/DSCResources/helper.psm1 b/Tests/Integration/DSCResources/helper.psm1 index 0083ca75e..8fe6f3c14 100644 --- a/Tests/Integration/DSCResources/helper.psm1 +++ b/Tests/Integration/DSCResources/helper.psm1 @@ -29,7 +29,7 @@ data exceptionRuleParameterValues <# .SYNOPSIS - Returns a regex pattern used to find the dsc resource names in a mof. + Returns a regex pattern used to find the dsc resource names in a mof. #> function Get-ResourceMatchStatement { @@ -257,7 +257,11 @@ function Get-RandomExceptionRule [Parameter(Mandatory = $true)] [int] - $Count + $Count, + + [Parameter(Mandatory = $false)] + [switch] + $BackwardCompatibility ) $randomExceptionRuleId = Get-Random -InputObject $PowerStigXml.($RuleType).Rule.id -Count $Count @@ -267,6 +271,10 @@ function Get-RandomExceptionRule $exceptionRuleHashtable = @{ $exceptionRuleParameterValues[$RuleType] = $ParameterValue } + if ($PSBoundParameters.ContainsKey('BackwardCompatibility')) + { + $exceptionRuleHashtable = $ParameterValue + } $stigException.Add($id, $exceptionRuleHashtable) } return $stigException diff --git a/Tests/Unit/DSCResources/windows.Registry.config.ps1 b/Tests/Unit/DSCResources/windows.Registry.config.ps1 index 1d769a539..762b2d1db 100644 --- a/Tests/Unit/DSCResources/windows.Registry.config.ps1 +++ b/Tests/Unit/DSCResources/windows.Registry.config.ps1 @@ -1,10 +1,10 @@ -Configuration Registry_config +configuration Registry_config { param ( ) Import-Module $PSScriptRoot\..\..\..\DscResources\helper.psm1 -Force - Import-DscResource -ModuleName GPRegistryPolicyDsc -ModuleVersion 1.0.0 + Import-DscResource -ModuleName GPRegistryPolicyDsc -ModuleVersion 1.0.1 Import-DscResource -ModuleName PSDscResources -ModuleVersion 2.10.0.0 Node localhost