update inspec.yml and changelog

dev-sec · Jun 18, 2020 · fe887ed · fe887ed
1 parent a06403b
commit fe887ed
Show file tree

Hide file tree

Showing 2 changed files with 153 additions and 111 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,21 +1,61 @@
-# Change Log
+# Changelog
+
+## [2.0.1](https://github.com/dev-sec/windows-baseline/tree/2.0.1) (2020-06-18)
+
+[Full Changelog](https://github.com/dev-sec/windows-baseline/compare/2.1.1...2.0.1)
+
+**Closed issues:**
+
+- formatting error when executing profile [\#34](https://github.com/dev-sec/windows-baseline/issues/34)
+- LAN Manager authentication level incorrect [\#25](https://github.com/dev-sec/windows-baseline/issues/25)
+- Should we close SeNetworkLogonRight for all users? [\#19](https://github.com/dev-sec/windows-baseline/issues/19)
+- The title of each test should clearly state what should be done [\#18](https://github.com/dev-sec/windows-baseline/issues/18)
+
+**Merged pull requests:**
+
+- github actions release [\#39](https://github.com/dev-sec/windows-baseline/pull/39) ([micheelengronne](https://github.com/micheelengronne))
+- replace the german text to english and fix the windows 2012r2 tag [\#37](https://github.com/dev-sec/windows-baseline/pull/37) ([atomic111](https://github.com/atomic111))
+- Feature/inspec4alerts [\#33](https://github.com/dev-sec/windows-baseline/pull/33) ([imjoseangel](https://github.com/imjoseangel))
+
+## [2.1.1](https://github.com/dev-sec/windows-baseline/tree/2.1.1) (2019-06-11)
+
+[Full Changelog](https://github.com/dev-sec/windows-baseline/compare/2.1.0...2.1.1)
+
+**Merged pull requests:**
+
+- Replace German characters to avoid exec failures and bump version to 2.1.1 [\#36](https://github.com/dev-sec/windows-baseline/pull/36) ([alexpop](https://github.com/alexpop))
+- Update administrative\_templates\_computer.rb [\#32](https://github.com/dev-sec/windows-baseline/pull/32) ([Staggerlee011](https://github.com/Staggerlee011))
+- fix missing "o" in windows-245 [\#31](https://github.com/dev-sec/windows-baseline/pull/31) ([rndmh3ro](https://github.com/rndmh3ro))
+
+## [2.1.0](https://github.com/dev-sec/windows-baseline/tree/2.1.0) (2019-05-16)
+
+[Full Changelog](https://github.com/dev-sec/windows-baseline/compare/2.0.0...2.1.0)
+
+**Merged pull requests:**
+
+- Update gems and bump profile version to 2.1.0 [\#30](https://github.com/dev-sec/windows-baseline/pull/30) ([alexpop](https://github.com/alexpop))
 
 ## [2.0.0](https://github.com/dev-sec/windows-baseline/tree/2.0.0) (2019-05-15)
+
 [Full Changelog](https://github.com/dev-sec/windows-baseline/compare/1.2.0...2.0.0)
 
 **Merged pull requests:**
 
 - New windows cis profile for win2012r2 and 2016 [\#27](https://github.com/dev-sec/windows-baseline/pull/27) ([atomic111](https://github.com/atomic111))
 
 ## [1.2.0](https://github.com/dev-sec/windows-baseline/tree/1.2.0) (2019-05-15)
+
 [Full Changelog](https://github.com/dev-sec/windows-baseline/compare/1.1.2...1.2.0)
 
 **Merged pull requests:**
 
 - correct license style and bump version to 1.1.3 [\#28](https://github.com/dev-sec/windows-baseline/pull/28) ([atomic111](https://github.com/atomic111))
 - Update common [\#26](https://github.com/dev-sec/windows-baseline/pull/26) ([atomic111](https://github.com/atomic111))
+- Update issue templates [\#24](https://github.com/dev-sec/windows-baseline/pull/24) ([rndmh3ro](https://github.com/rndmh3ro))
+- fixing control for 'cis-access-cred-manager-2.2.1' [\#23](https://github.com/dev-sec/windows-baseline/pull/23) ([wer-sce](https://github.com/wer-sce))
 
 ## [1.1.2](https://github.com/dev-sec/windows-baseline/tree/1.1.2) (2019-03-26)
+
 [Full Changelog](https://github.com/dev-sec/windows-baseline/compare/1.1.0...1.1.2)
 
 **Closed issues:**
@@ -24,12 +64,11 @@
 
 **Merged pull requests:**
 
-- Update issue templates [\#24](https://github.com/dev-sec/windows-baseline/pull/24) ([rndmh3ro](https://github.com/rndmh3ro))
-- fixing control for 'cis-access-cred-manager-2.2.1' [\#23](https://github.com/dev-sec/windows-baseline/pull/23) ([wer-sce](https://github.com/wer-sce))
 - Fixed spelling error [\#17](https://github.com/dev-sec/windows-baseline/pull/17) ([hannah-radish](https://github.com/hannah-radish))
 - Move SMB1 control to windows-baseline [\#16](https://github.com/dev-sec/windows-baseline/pull/16) ([yvovandoorn](https://github.com/yvovandoorn))
 
 ## [1.1.0](https://github.com/dev-sec/windows-baseline/tree/1.1.0) (2017-05-08)
+
 [Full Changelog](https://github.com/dev-sec/windows-baseline/compare/1.0.1...1.1.0)
 
 **Implemented enhancements:**
@@ -52,6 +91,9 @@
 - add contribution guidelines [\#7](https://github.com/dev-sec/windows-baseline/pull/7) ([chris-rock](https://github.com/chris-rock))
 
 ## [1.0.1](https://github.com/dev-sec/windows-baseline/tree/1.0.1) (2017-02-01)
+
+[Full Changelog](https://github.com/dev-sec/windows-baseline/compare/5b20a47a9d7ce334d28800aa5719e5bf83fd3898...1.0.1)
+
 **Merged pull requests:**
 
 - Removed per control licensing as repo is under Apache 2.0 [\#5](https://github.com/dev-sec/windows-baseline/pull/5) ([grdnrio](https://github.com/grdnrio))
@@ -61,4 +103,4 @@
 
 
 
-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
diff --git a/inspec.yml b/inspec.yml
@@ -2,116 +2,116 @@
 name: windows-baseline
 title: DevSec Windows Security Baseline
 summary: An InSpec Compliance Profile that covers CIS Microsoft Windows Server 2012R2, 2016 RTM (Release 1607) Benchmark Level 1 and 2 and additional controls from MS technet.
-version: 2.1.1
+version: 2.0.1
 maintainer: DevSec Hardening Framework Team
 copyright: DevSec Hardening Framework Team
 copyright_email: [email protected]
 license: Apache-2.0
 supports:
-  - platform-family: windows
+    - platform-family: windows
 attributes:
-  - name: level_1_or_2
-    required: false
-    description: 'define if you want to execute Level 1 or (Level 1 and Level 2)'
-    value: 1,
-    type: numeric
-  - name: ms_or_dc
-    required: false
-    description: 'define if you want to execute the profile in the context of a Memeber Server (MS) or Domain Controler (DC)'
-    value: 'MS'
-    type: string
-  - name: password_history_size
-    required: false
-    description: 'define password history size'
-    value: 24
-    type: numeric
-  - name: maximum_password_age
-    required: false
-    description: 'define MaximumPasswordAge'
-    value: 60
-    type: numeric
-  - name: se_network_logon_right
-    required: false
-    description: 'define which users are allowed to access this computer from the network'
-    value: ['S-1-5-9', 'S-1-5-32-544']
-    type: array
-  - name: se_interactive_logon_right
-    required: false
-    description: 'define which users are allowed to log on locally'
-    value: ['S-1-5-32-544']
-    type: array
-  - name: se_remote_interactive_logon_right
-    required: false
-    description: 'define which users are allowed to log on through Remote Desktop Services'
-    value: ['S-1-5-32-544']
-    type: array
-  - name: se_backup_privilege
-    required: false
-    description: 'define which users are allowed to backup files and directories'
-    value: ['S-1-5-32-544']
-    type: array
-  - name: se_systemtime_privilege
-    required: false
-    description: 'define which users are allowed to change system time'
-    value: ['S-1-5-19', 'S-1-5-32-544']
-    type: array
-  - name: se_time_zone_privilege
-    required: false
-    description: 'define which users are allowed to change system time zone'
-    value: ['S-1-5-19', 'S-1-5-32-544']
-    type: array
-  - name: se_create_symbolic_link_privilege
-    required: false
-    description: 'define which users are allowed to create symbolic links'
-    value: ['S-1-5-32-544']
-    type: array
-  - name: se_deny_network_logon_right
-    required: false
-    description: 'define which users are not allowed to access this computer from the network'
-    value: ['S-1-5-32-546']
-    type: array
-  - name: se_deny_remote_interactive_logon_right
-    required: false
-    description: 'define which users are not allowed to log on through Remote Desktop Services'
-    value: ['S-1-5-32-546']
-    type: array
-  - name: se_enable_delegation_privilege
-    required: false
-    description: 'define which users are allowed to enable computer and user accounts to be trusted'
-    value: []
-    type: array
-  - name: se_impersonate_privilege
-    required: false
-    description: 'define which users are allowed to impersonate a client after authentication'
-    value: ['S-1-5-19', 'S-1-5-20', 'S-1-5-32-544', 'S-1-5-6']
-    type: array
-  - name: se_load_driver_privilege
-    required: false
-    description: 'define which users are allowed to impersonate a client after authentication'
-    value: ['S-1-5-32-544']
-    type: array
-  - name: se_batch_logon_right
-    required: false
-    description: 'define which users are allowed to log on as a batch job'
-    value: ['S-1-5-32-544', 'S-1-5-32-551']
-    type: array
-  - name: se_security_privilege
-    required: false
-    description: 'define which users are allowed to manage auditing and security logs'
-    value: ['S-1-5-32-544']
-    type: array
-  - name: se_assign_primary_token_privilege
-    required: false
-    description: 'define which users are allowed to replace a process level token'
-    value: ['S-1-5-19', 'S-1-5-20']
-    type: array
-  - name: se_restore_privilege
-    required: false
-    description: 'define which users are allowed to restore files and directories'
-    value: ['S-1-5-32-544']
-    type: array
-  - name: hklm_null_session_pipes
-    required: false
-    description: 'define named pipes that can be accessed anonymously'
-    value: []
-    type: array
+    - name: level_1_or_2
+      required: false
+      description: 'define if you want to execute Level 1 or (Level 1 and Level 2)'
+      value: 1,
+      type: numeric
+    - name: ms_or_dc
+      required: false
+      description: 'define if you want to execute the profile in the context of a Memeber Server (MS) or Domain Controler (DC)'
+      value: 'MS'
+      type: string
+    - name: password_history_size
+      required: false
+      description: 'define password history size'
+      value: 24
+      type: numeric
+    - name: maximum_password_age
+      required: false
+      description: 'define MaximumPasswordAge'
+      value: 60
+      type: numeric
+    - name: se_network_logon_right
+      required: false
+      description: 'define which users are allowed to access this computer from the network'
+      value: ['S-1-5-9', 'S-1-5-32-544']
+      type: array
+    - name: se_interactive_logon_right
+      required: false
+      description: 'define which users are allowed to log on locally'
+      value: ['S-1-5-32-544']
+      type: array
+    - name: se_remote_interactive_logon_right
+      required: false
+      description: 'define which users are allowed to log on through Remote Desktop Services'
+      value: ['S-1-5-32-544']
+      type: array
+    - name: se_backup_privilege
+      required: false
+      description: 'define which users are allowed to backup files and directories'
+      value: ['S-1-5-32-544']
+      type: array
+    - name: se_systemtime_privilege
+      required: false
+      description: 'define which users are allowed to change system time'
+      value: ['S-1-5-19', 'S-1-5-32-544']
+      type: array
+    - name: se_time_zone_privilege
+      required: false
+      description: 'define which users are allowed to change system time zone'
+      value: ['S-1-5-19', 'S-1-5-32-544']
+      type: array
+    - name: se_create_symbolic_link_privilege
+      required: false
+      description: 'define which users are allowed to create symbolic links'
+      value: ['S-1-5-32-544']
+      type: array
+    - name: se_deny_network_logon_right
+      required: false
+      description: 'define which users are not allowed to access this computer from the network'
+      value: ['S-1-5-32-546']
+      type: array
+    - name: se_deny_remote_interactive_logon_right
+      required: false
+      description: 'define which users are not allowed to log on through Remote Desktop Services'
+      value: ['S-1-5-32-546']
+      type: array
+    - name: se_enable_delegation_privilege
+      required: false
+      description: 'define which users are allowed to enable computer and user accounts to be trusted'
+      value: []
+      type: array
+    - name: se_impersonate_privilege
+      required: false
+      description: 'define which users are allowed to impersonate a client after authentication'
+      value: ['S-1-5-19', 'S-1-5-20', 'S-1-5-32-544', 'S-1-5-6']
+      type: array
+    - name: se_load_driver_privilege
+      required: false
+      description: 'define which users are allowed to impersonate a client after authentication'
+      value: ['S-1-5-32-544']
+      type: array
+    - name: se_batch_logon_right
+      required: false
+      description: 'define which users are allowed to log on as a batch job'
+      value: ['S-1-5-32-544', 'S-1-5-32-551']
+      type: array
+    - name: se_security_privilege
+      required: false
+      description: 'define which users are allowed to manage auditing and security logs'
+      value: ['S-1-5-32-544']
+      type: array
+    - name: se_assign_primary_token_privilege
+      required: false
+      description: 'define which users are allowed to replace a process level token'
+      value: ['S-1-5-19', 'S-1-5-20']
+      type: array
+    - name: se_restore_privilege
+      required: false
+      description: 'define which users are allowed to restore files and directories'
+      value: ['S-1-5-32-544']
+      type: array
+    - name: hklm_null_session_pipes
+      required: false
+      description: 'define named pipes that can be accessed anonymously'
+      value: []
+      type: array