Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing issue #57 and #58 #59

Merged
merged 8 commits into from
Jun 19, 2024
Merged

Fixing issue #57 and #58 #59

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
98ce87f
Fixing issue #57 and #58
mfortin Jun 8, 2024
7c294eb
Forgot to save file
mfortin Jun 8, 2024
5b775b2
Forgot to save file
mfortin Jun 8, 2024
68351db
Forgot to save file
mfortin Jun 8, 2024
4bdb024
Adding default variable for wn19stig_is_server_core
mfortin Jun 8, 2024
a761813
Attempt to avoid naming collisions
mfortin Jun 9, 2024
efc8e45
Updated module as it was error-prone
mfortin Jun 9, 2024
9547586
Updated module as it was error-prone
mfortin Jun 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 3 additions & 21 deletions .github/workflows/devel_pipeline_validation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@ jobs:
ARM_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }}
WIN_USERNAME: ${{ secrets.WIN_USERNAME }}
WIN_PASSWORD: ${{ secrets.WIN_PASSWORD }}
OSVAR: ${{ vars.OSVAR }}
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
TF_VAR_run_job_id: ${{ github.run_id }}

defaults:
run:
Expand Down Expand Up @@ -83,38 +86,20 @@ jobs:
echo "benchmark_type = $benchmark_type"
pwd
ls
env:
# Imported from github variables this is used to load the relvent OS.tfvars file
OSVAR: ${{ vars.OSVAR }}
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
# Initialize The Terraform Working Directory
- name: Terraform_Init
id: init
run: terraform init
env:
# Imported from github variables this is used to load the relvent OS.tfvars file
OSVAR: ${{ vars.OSVAR }}
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}

# Validate The Syntax Of Terraform Files
- name: Terraform_Validate
id: validate
run: terraform validate
env:
# Imported from github variables this is used to load the relvent OS.tfvars file
OSVAR: ${{ vars.OSVAR }}
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}

# Execute The Actions And Build Azure Server
- name: Terraform_Apply
id: apply
env:
# Imported from github variables this is used to load the relvent OS.tfvars file
WIN_USERNAME: ${{ secrets.WIN_USERNAME }}
WIN_PASSWORD: ${{ secrets.WIN_PASSWORD }}
OSVAR: ${{ vars.OSVAR }}
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
run: terraform apply -var-file "${OSVAR}.tfvars" --auto-approve

# Debug Section
Expand All @@ -137,7 +122,4 @@ jobs:
# Destroy The Azure Test System
- name: Terraform_Destroy
if: always() && env.ENABLE_DEBUG == 'false'
env:
OSVAR: ${{ vars.OSVAR }}
TF_VAR_benchmark_type: ${{ vars.BENCHMARK_TYPE }}
run: terraform destroy -var-file "${OSVAR}.tfvars" --auto-approve
4 changes: 2 additions & 2 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -351,8 +351,8 @@ wn19stig_setcbprivilege: []
# If an application requires this user right, this would not be a finding. Vendor documentation must support the
# requirement for having the user right. The requirement must be documented with the ISSO.
# NOTE: Improper Accounts Or Groups listed here will FAIL task.
# Default: ""
wn19stig_secreatetokenprivilege: ""
# Default: []
wn19stig_secreatetokenprivilege: []

# WN19-UR-000100
# Windows Server 2019 Debug programs: user right must only be assigned to the Administrators group.
Expand Down
8 changes: 4 additions & 4 deletions tasks/cat1.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -713,10 +713,10 @@
- V-205750

- name: "HIGH | WN19-UR-000060 | PATCH | Windows Server 2019 Create a token object user right must not be assigned to any groups or accounts."
community.windows.win_security_policy:
section: Privilege Rights
key: SeCreateTokenPrivilege
value: "{{ wn19stig_secreatetokenprivilege }}"
ansible.windows.win_user_right:
name: SeCreateTokenPrivilege
users: "{{ wn19stig_secreatetokenprivilege }}"
action: set
when:
- wn19_ur_000060
tags:
Expand Down
2 changes: 2 additions & 0 deletions tasks/cat2.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -972,6 +972,7 @@
notify: reboot_windows
when:
- wn19_00_000320
- not wn19stig_is_server_core
tags:
- WN19-00-000320
- CAT2
Expand Down Expand Up @@ -1044,6 +1045,7 @@
state: absent
when:
- wn19_00_000370
- not wn19stig_is_server_core
tags:
- WN19-00-000370
- CAT2
Expand Down
8 changes: 8 additions & 0 deletions tasks/prelim.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
ansible.builtin.set_fact:
win19stig_cloud_based_system: true
when:
- ansible_system_vendor == 'Microsoft Corporation'
- ansible_virtualization_type == 'Hyper-V' or
ansible_virtualization_type == 'hvm' or
ansible_virtualization_type == 'kvm'
Expand Down Expand Up @@ -60,3 +61,10 @@
when:
- wn19_00_000390 or
wn19_00_000400

- name: Set Fact If Server Core installation
ansible.builtin.set_fact:
wn19stig_is_server_core: true
when: ansible_os_installation_type == 'Server Core'
tags:
- always
3 changes: 3 additions & 0 deletions vars/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,6 @@ lockdown_banner: "{{lookup('file', './templates/banner.txt')}}"

# This will be changed to true if discovered for cloud based systems.
wn19stig_cloud_based_system: false

# This will be changed to true if discovered for server core type.
wn19stig_is_server_core: false
Loading