Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 00:18:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 106

Addressing system test findings (#12210)

Browse source 
This relates to #11245
This commit is contained in:
Marcos Oviedo 2023-06-08 10:47:04 -03:00 committed by GitHub
parent ebac8705ac
commit 05c24caa95
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
ee/cis/win-10/cis-policy-queries.yml
View file

@ -898,7 +898,7 @@ spec:
Ask your system administrator to establish the recommended configuration via GP, ensure that the following UI path is set to 'Administrators, NT SERVICE\WdiServiceHost'
'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Profile system performance'
query: |
SELECT 1 FROM cis_audit where item = "2.2.35" AND (regex_match(value,".*(?=.*Administrators)(?=.*NT SERVICE\WdiServiceHost).*",0) is not null);
SELECT 1 FROM cis_audit where item = "2.2.35" AND (regex_match(value,".*(?=.*Administrators)(?=.*WdiServiceHost).*",0) is not null);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.2.35, english-support-only
contributors: marcosd4h
@ -914,7 +914,7 @@ spec:
different security access token, which can be used to modify the security access token of that sub-process and result in the escalation of privileges.
resolution: |
Automatic method:
Ask your system administrator to establish the recommended configuration via GP, ensure that the following UI path is set to an empty list
Ask your system administrator to establish the recommended configuration via GP, ensure that the following UI path is set to 'LOCAL SERVICE, NETWORK SERVICE'
'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Replace a process level token'
query: |
SELECT 1 FROM cis_audit where item = "2.2.36" AND (regex_match(value,".*(?=.*LOCAL SERVICE)(?=.*NETWORK SERVICE).*",0) is not null);
@ -955,7 +955,7 @@ spec:
environment can shut down the operating system with the Shut Down command. Misuse of this user right can result in a denial of service condition.
resolution: |
Automatic method:
Ask your system administrator to establish the recommended configuration via GP, ensure that the following UI path is set to an empty list
Ask your system administrator to establish the recommended configuration via GP, ensure that the following UI path is set to 'Administrators, Users'
'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Shut down the system'
query: |
SELECT 1 FROM cis_audit where item = "2.2.38" AND (regex_match(value,".*(?=.*Administrators)(?=.*Users).*",0) is not null);