Feature request: additional support for servicerule properties #514
Comments
|
@Safetybrick What version of PowerSTIG are you using? |
|
currently 3.3.0 |
|
@Safetybrick Correct, the way the DSC resource script is setup for ServiceRule, the Ensure property isn't passed to the composite. Changes would have to be made to do so. Something we could look at addressing with a possible release. |
|
I was also glancing over the hard code documentation in the wiki. in the interim could it be utilized as a short term solution at the moment? |
|
No, so the Dsc Resource script would have to be modified to reference the Ensure property for the Service dsc resource. $rules = $stig.RuleList | Select-Rule -Type ServiceRule
foreach ( $rule in $rules )
{
Service (Get-ResourceTitle -Rule $rule)
{
Name = $rule.ServiceName
State = $rule.ServiceState
StartupType = $rule.StartupType
}
}DSCResources\Resources\windows.Service.ps1 Would have to be modified in order to accept the Ensure property in order for it to work. |
5 tasks
bcwilhite
pushed a commit
that referenced
this issue
Nov 18, 2019
5 tasks
bcwilhite
added a commit
that referenced
this issue
Dec 20, 2019
* Updated based on issue (#523) * Feature request: additional support for servicerule properties #514 (#525) * Added property based on community request * updated issue version * Updated win10 system drive path in convert module (#526) * added support for 2012R2 MS/DC 2.17/2.18 (#532) * added support for 2012R2 MS/DC 2.17/2.18 * added new line on the xccdf * removed tab from processed xml. * updated to successfully parse Win10 V1R19 (#534) * added support for FireFox 4.27 (#541) * added support for IE 1.18 (#539) * added support for .net 4.0 V1R9 (#536) * Update PowerSTIG to parse the IIS 8.5 1.9 Site and Server STIGs (#537) * Initial Convert and update IIS 8.5 1.9 * remove n-2 STIGs * removed quotes * added newline to raw xccdf * updated based on PR feedback * Update PowerSTIG to successfully parse Microsoft SQL Server 2016 Instance STIG - Ver 1, Rel 7 (#544) * fixed and updated SQL Instance STIGs * updated sqlserver composite and removed tabs * updated sqlserver composite. * removed tabs * Updated JRE rule V-66941.a to be a org setting (#543) * updated JRE rule V-66941.a to be a org settings * updated name of processed STIG * update changelog * added space to TS build issue. * Need a test to verify the conversionstatus="fail" does not exist in processed STIGs (#550) * updated Win2016DC failed converts and added tests * removed V-73517 from MS-1.9 as the rule no longer exist. * Update PowerSTIG to parse and apply OfficeSystem 2013 STIG V1R9 / 2016 V1R1 (#553) * added Office-System2013 STIG support. * reconverted xccdfs, corrected issues in some processed stigs. * added OfficeSystem 2016 V1R1 STIG * updated changelog.md * stevehose#443 and #528 check list bug fixes (#529) * Update to fix checklist bugs * Fixed bug in checklist parameter ManualCheckFile * Updated Checklist Pester tests * Updates based upon PR comments * Updated changelog.md * Add test to assert dependent module versions (#555) * Added helper function And test to verify module versions * Added tests to assert dependant module versions. * Removed commented code * Removed whitespace * Update PowerSTIG to parse and apply Windows Server 2019 V1R2 STIG (#557) * added support for 2019 MS modified hardcoded parser rule ids to support 2019 MS * added support for 2019 DC STIG; parser update to address failed AD permission rules (ActiveDirectoryAuditRule) which isn't currently implemented * Added ProcessMitigation to WindowsServer composite * regenerated all xccdfs, 6 were corrected/modified * updated changelog.md * appveyor build issue - space insert * prep for 4.2.0 release, update changelog, filehash markdowns and module manifest Co-authored-by: Eric Jenkins <erjenkin@microsoft.com> Co-authored-by: Steve Hose <33662177+stevehose@users.noreply.github.com> Co-authored-by: Jason Walker <walkerjason@live.com>
bcwilhite
added a commit
that referenced
this issue
Feb 13, 2020
* Updated based on issue (#523) * Feature request: additional support for servicerule properties #514 (#525) * Added property based on community request * updated issue version * Updated win10 system drive path in convert module (#526) * Updates for Issues #259 and #527 * added support for 2012R2 MS/DC 2.17/2.18 (#532) * added support for 2012R2 MS/DC 2.17/2.18 * added new line on the xccdf * removed tab from processed xml. * updated to successfully parse Win10 V1R19 (#534) * added support for FireFox 4.27 (#541) * added support for IE 1.18 (#539) * added support for .net 4.0 V1R9 (#536) * Update PowerSTIG to parse the IIS 8.5 1.9 Site and Server STIGs (#537) * Initial Convert and update IIS 8.5 1.9 * remove n-2 STIGs * removed quotes * added newline to raw xccdf * updated based on PR feedback * Version update * MInor updates * Update PowerSTIG to successfully parse Microsoft SQL Server 2016 Instance STIG - Ver 1, Rel 7 (#544) * fixed and updated SQL Instance STIGs * updated sqlserver composite and removed tabs * updated sqlserver composite. * removed tabs * Code changes to correct issues * Updated JRE rule V-66941.a to be a org setting (#543) * updated JRE rule V-66941.a to be a org settings * updated name of processed STIG * update changelog * added space to TS build issue. * Updates to add functionality and address bugs * Need a test to verify the conversionstatus="fail" does not exist in processed STIGs (#550) * updated Win2016DC failed converts and added tests * removed V-73517 from MS-1.9 as the rule no longer exist. * Update PowerSTIG to parse and apply OfficeSystem 2013 STIG V1R9 / 2016 V1R1 (#553) * added Office-System2013 STIG support. * reconverted xccdfs, corrected issues in some processed stigs. * added OfficeSystem 2016 V1R1 STIG * updated changelog.md * Update: duplicate rules for checklist & bug fixes * Updates to fix DSC results bugs * Fixed error in New-StigChecklist * Minor update to support debugging * Final commit prior to PR. Updated changelog. * stevehose#443 and #528 check list bug fixes (#529) * Update to fix checklist bugs * Fixed bug in checklist parameter ManualCheckFile * Updated Checklist Pester tests * Updates based upon PR comments * Updated changelog.md * Add test to assert dependent module versions (#555) * Added helper function And test to verify module versions * Added tests to assert dependant module versions. * Removed commented code * Removed whitespace * Update PowerSTIG to parse and apply Windows Server 2019 V1R2 STIG (#557) * added support for 2019 MS modified hardcoded parser rule ids to support 2019 MS * added support for 2019 DC STIG; parser update to address failed AD permission rules (ActiveDirectoryAuditRule) which isn't currently implemented * Added ProcessMitigation to WindowsServer composite * regenerated all xccdfs, 6 were corrected/modified * updated changelog.md * appveyor build issue - space insert * Updates to fix build bugs * Updated to fix bugs in build * Fix to missing reference * Build error fix - missing newline * prep for 4.2.0 release, update changelog, filehash markdowns and module manifest * Fix for build missing functions reference * Relocated file to be picked up during runtime * Minor update to remove test code * Updated for build errors * Updated processed SQL Server 1.3 files * Updates for PR * Updates for PR * Updated for PR * Updates for PR * Moving changes for SQL to another branch * Update for PR Co-authored-by: Eric Jenkins <erjenkin@microsoft.com> Co-authored-by: Brian Wilhite <bcwilhite@live.com> Co-authored-by: Jason Walker <walkerjason@live.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
While testing the deployment of the Windows 2012 R2 STIGs in my development environment I discovered there is a limitation to the exception properties of the servicerule type which does not allow you to apply an exception for the ensure property. In our environment we have services that are removed/uninstalled rather than disabled as stated in the STIG rules.
Example: V-26604
"Verify the Peer Network Identity Manager (p2pimsvc) service is not installed or is disabled."
Describe the solution you'd like
Add additional support for the ensure property to allow DSC to check if the service is installed or not.
The text was updated successfully, but these errors were encountered: