Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 17:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 83

Adding COLLATE NOCASE to address case insesitive registry behavior (#11011)

Browse source 
It relates to bugs found in #9922
This commit is contained in:
Marcos Oviedo 2023-04-05 17:22:07 -03:00 committed by GitHub
parent 422c44e17a
commit 242716c905
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
ee/cis/win-10/cis-policy-queries.yml
View file

@ -1607,7 +1607,7 @@ spec:
Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Enabled':
'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow Local System to use computer identity for NTLM'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\UseMachineId' AND data != 0);
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\UseMachineId' COLLATE NOCASE AND data != 0);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.1
contributors: marcosd4h
@ -1625,7 +1625,7 @@ spec:
Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Disabled':
'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow LocalSystem NULL session fallback'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\allownullsessionfallback' AND data == 0);
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\MSV1_0\\allownullsessionfallback' COLLATE NOCASE AND data == 0);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.2
contributors: marcosd4h
@ -1643,7 +1643,7 @@ spec:
Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Disabled':
'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Allow PKU2U authentication requests to this computer to use online identities'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\pku2u\\AllowOnlineID' AND data == 0);
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\pku2u\\AllowOnlineID' COLLATE NOCASE AND data == 0);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.3
contributors: marcosd4h
@ -1661,7 +1661,7 @@ spec:
Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types':
'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Configure encryption types allowed for Kerberos'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters\\SupportedEncryptionTypes' AND ((CAST(data AS INTEGER) & 0x8) AND (CAST(data AS INTEGER) & 0x10) AND (CAST(data AS INTEGER) & 0xe0) AND ((CAST(data AS INTEGER) & 0x1) = 0) AND ((CAST(data AS INTEGER) & 0x2) = 0) AND ((CAST(data AS INTEGER) & 0x4) = 0)));
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Kerberos\\Parameters\\SupportedEncryptionTypes' COLLATE NOCASE AND ((CAST(data AS INTEGER) & 0x8) AND (CAST(data AS INTEGER) & 0x10) AND (CAST(data AS INTEGER) & 0xe0) AND ((CAST(data AS INTEGER) & 0x1) = 0) AND ((CAST(data AS INTEGER) & 0x2) = 0) AND ((CAST(data AS INTEGER) & 0x4) = 0)));
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.4
contributors: marcosd4h
@ -1683,7 +1683,7 @@ spec:
Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Enabled':
'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\NoLmHash' AND data != 0);
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\NoLmHash' COLLATE NOCASE AND data != 0);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.5
contributors: marcosd4h
@ -1705,7 +1705,7 @@ spec:
Ask your system administrator to establish the recommended configuration via GP, set the following UI path to 'Send NTLMv2 response only. Refuse LM & NTLM':
'Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level'
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\LmCompatibilityLevel' AND data == 5);
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\LmCompatibilityLevel' COLLATE NOCASE AND data == 5);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_2.3.11.7
contributors: marcosd4h