Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 60

CIS - WIN10 - Fix 3 policies with false positive bugs (#11668)

Browse source
This commit is contained in:
RachelElysia 2023-05-12 10:57:09 -04:00 committed by GitHub
parent e46d748bd2
commit 9e8698c779
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changes/10367-fix-false-positive-cis-windows-policies Normal file
View file

@ -0,0 +1 @@
- Fix 3 windows cis benchmark policies that had false positive results (Initally merged March 24)

41
ee/cis/win-10/cis-policy-queries.yml
View file

@ -4948,7 +4948,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DoHPolicy' AND data = 2);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.4.1
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -5119,7 +5119,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation' AND data = 1);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.5.11.4
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -5597,7 +5597,7 @@ spec:
);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_domain_joined_required, CIS_bullet_18.8.21.5
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -7356,11 +7356,11 @@ spec:
To establish the recommended configuration via GP, set the following UI path to Enabled:
'Computer Configuration\Policies\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Deny write access to removable drives not protected by BitLocker'
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template VolumeEncryption.admx/adml that is included with the Microsoft Windows 7 & Server 2008 R2 Administrative Templates (or newer).
query:
query: |
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\FVE\RDVDenyWriteAccess' AND data = 1);
purpose: Informational
tags: compliance, CIS, CIS_BitLocker, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.11.3.14
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -7435,7 +7435,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\\Windows\\CloudContent\DisableConsumerAccountStateContent' AND data = 1);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.14.1
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -7602,7 +7602,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection\\DisableOneSettingsDownloads' AND data = 1);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.17.3
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -7677,7 +7677,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection\LimitDumpCollection' AND data = 1);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.17.7
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -8115,7 +8115,7 @@ spec:
);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.5.1.2
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -8172,7 +8172,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\MpEngine\\EnableFileHashComputation' AND data = 1);
purpose: Informational
tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.6.1
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -8253,7 +8253,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableScriptScanning' AND data = 0);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.47.9.4
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -8567,7 +8567,7 @@ spec:
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\\fDisableLocationRedir' AND data = 1);
purpose: Informational
tags: compliance, CIS, CIS_Level2, CIS_win10_enterprise_1.12.0, CIS_bullet_18.9.65.3.3.4
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy
@ -9560,9 +9560,8 @@ spec:
To establish the recommended configuration via GP, set the following UI path to '0 - Every day':
'Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update\Manage end user experience\Configure Automatic Updates: Scheduled install day'
query: |
SELECT EXISTS (
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU\\NoAutoUpdate' AND data = 0)
) AND EXISTS (
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU\\NoAutoUpdate' AND data = 0)
AND EXISTS (
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU\\ScheduledInstallDay' AND data = 0)
);
purpose: Informational
@ -9618,9 +9617,8 @@ spec:
To establish the recommended configuration via GP, set the following UI path to 'Enabled: 180 or more days':
'Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update\Manage updates offered from Windows Update\Windows Update for Business\Select when Preview Builds and Feature Updates are received'
query: |
SELECT EXISTS (
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\DeferFeatureUpdates' AND data = 1)
) AND EXISTS (
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\DeferFeatureUpdates' AND data = 1)
AND EXISTS (
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\DeferFeatureUpdatesPeriodInDays' AND data >= 180)
);
purpose: Informational
@ -9640,9 +9638,8 @@ spec:
To establish the recommended configuration via GP, set the following UI path to 'Enabled: 0 days':
'Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update\Windows Update for Business\Select when Quality Updates are received'
query: |
SELECT EXISTS (
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\DeferQualityUpdates' AND data = 1)
) AND EXISTS (
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\DeferQualityUpdates' AND data = 1)
AND EXISTS (
SELECT 1 FROM registry WHERE (path = 'HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\DeferQualityUpdatesPeriodInDays' AND data = 0)
);
purpose: Informational
@ -9884,7 +9881,7 @@ spec:
SELECT 1 FROM registry WHERE (path LIKE 'HKEY_USERS\%\SOFTWARE\Policies\Microsoft\Windows\CloudContent\DisableSpotlightCollectionOnDesktop' AND data = 1);
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS_win10_enterprise_1.12.0, CIS_bullet_19.7.8.5
contributors: marcosd4h
contributors: marcosd4h
---
apiVersion: v1
kind: policy