ptoal/product-demos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

STIG Compliance (#61)

Browse Source
This commit is contained in:
willtome
2023-05-09 12:46:18 -04:00
committed by GitHub
parent cef7c1d043
commit 2085e6f15d
31 changed files with 30484 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.ansible-lint Normal file
View File

@@ -0,0 +1,4 @@
---
exclude_paths:
- collections/ansible_collections/demo/compliance/roles/
- .github/

4
.github/workflows/ansible-lint.yml vendored
View File

@@ -1,6 +1,8 @@
---
name: Ansible Lint
on: [push, pull_request]
on:
- push
- pull_request
env:
ANSIBLE_GALAXY_SERVER_LIST: ah,galaxy

98
collections/ansible_collections/demo/compliance/roles/iosxeSTIG/callback_plugins/stig_xml.py Normal file
View File

@@ -0,0 +1,98 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
from ansible.plugins.callback import CallbackBase
from time import gmtime, strftime
import platform
import tempfile
import re
import sys
import os
import json
import xml.etree.ElementTree as ET
import xml.dom.minidom
role = "iosxeSTIG"
class CallbackModule(CallbackBase):
CALLBACK_VERSION = 2.0
CALLBACK_TYPE = 'xml'
CALLBACK_NAME = 'stig_xml'
CALLBACK_NEEDS_WHITELIST = True
def __init__(self):
super(CallbackModule, self).__init__()
self.rules = {}
self.stig_path = os.environ.get('STIG_PATH')
self.XML_path = os.environ.get('XML_PATH')
if self.stig_path is None:
self.stig_path = os.path.join(os.getcwd(), "roles", role, "files")
self._display.display('Using STIG_PATH: {}'.format(self.stig_path))
if self.XML_path is None:
self.XML_path = os.getcwd()
self._display.display('Using XML_PATH: {}'.format(self.XML_path))
print("Writing: {}".format(self.XML_path))
STIG_name = os.path.basename(self.stig_path)
ET.register_namespace('cdf', 'http://checklists.nist.gov/xccdf/1.2')
self.tr = ET.Element('{http://checklists.nist.gov/xccdf/1.2}TestResult')
self.tr.set('id', 'xccdf_mil.disa.stig_testresult_scap_mil.disa_comp_{}'.format(STIG_name))
endtime = strftime("%Y-%m-%dT%H:%M:%S", gmtime())
self.tr.set('end-time', endtime)
tg = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}target')
tg.text = platform.node()
def __get_rev(self, nid):
rev = '0'
# Check all files for the rule number.
for file in os.listdir(self.stig_path):
with open(os.path.join(self.stig_path, file), 'r') as f:
r = 'SV-{}r(?P<rev>\d)_rule'.format(nid)
m = re.search(r, f.read())
if m:
rev = m.group('rev')
break
return rev
def v2_runner_on_ok(self, result):
name = result._task.get_name()
m = re.search('stigrule_(?P<id>\d+)', name)
if m:
nid = m.group('id')
else:
return
rev = self.__get_rev(nid)
key = "{}r{}".format(nid, rev)
if self.rules.get(key, 'Unknown') != False:
self.rules[key] = result.is_changed()
def __set_duplicates(self):
with open(os.path.join(self.stig_path, 'duplicates.json')) as f:
dups = json.load(f)
for d in dups:
dup_of = str(dups[d][0])
rev = self.__get_rev(d)
key = "{}r{}".format(d, rev)
dup_of_rev = self.__get_rev(dup_of)
dup_of_key = "{}r{}".format(dup_of, dup_of_rev)
if dup_of_key in self.rules:
self.rules[key] = self.rules[dup_of_key]
def v2_playbook_on_stats(self, stats):
self.__set_duplicates()
for rule, changed in self.rules.items():
state = 'fail' if changed else 'pass'
rr = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}rule-result')
rr.set('idref', 'xccdf_mil.disa.stig_rule_SV-{}_rule'.format(rule))
rs = ET.SubElement(rr, '{http://checklists.nist.gov/xccdf/1.2}result')
rs.text = state
passing = len(self.rules) - sum(self.rules.values())
sc = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}score')
sc.set('maximum', str(len(self.rules)))
sc.set('system', 'urn:xccdf:scoring:flat-unweighted')
sc.text = str(passing)
with open(os.path.join(self.XML_path, "xccdf-results.xml"), 'w') as f:
out = ET.tostring(self.tr)
pretty = xml.dom.minidom.parseString(out).toprettyxml(encoding='utf-8')
f.write(pretty)

280
collections/ansible_collections/demo/compliance/roles/iosxeSTIG/defaults/main.yml Normal file
View File

@@ -0,0 +1,280 @@
# R-215807 CISC-ND-000010
iosxeSTIG_stigrule_215807_Manage: True
iosxeSTIG_stigrule_215807_ip_http_max_connections_2_Lines:
- ip http max-connections 2
iosxeSTIG_stigrule_215807_session_limit_for_all_line_vty_sections_Lines:
- session-limit 2
# R-215808 CISC-ND-000090
# A partial of 215815
# duplicate of 215815
# R-215809 CISC-ND-000100
# A partial of 215815
# duplicate of 215815
# R-215810 CISC-ND-000110
# A partial of 215815
# duplicate of 215815
# R-215811 CISC-ND-000120
# A partial of 215815
# duplicate of 215815
# R-215813 CISC-ND-000150
iosxeSTIG_stigrule_215813_Manage: True
iosxeSTIG_stigrule_215813_login_block_for_900_attempts_3_within_120_Lines:
- login block-for 900 attempts 3 within 120
# R-215814 CISC-ND-000160
iosxeSTIG_stigrule_215814_Manage: True
iosxeSTIG_stigrule_215814_login_Text: 'You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
By using this IS (which includes any device attached to this IS), you consent to the following conditions:
-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and
counterintelligence (CI) investigations.
-At any time, the USG may inspect and seize data stored on this IS.
-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG authorized purpose.
-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
-Notwithstanding the above, using this IS does not constitute consent to PM, LE, or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys,
psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'
# R-215815 CISC-ND-000210
iosxeSTIG_stigrule_215815_Manage: True
iosxeSTIG_stigrule_215815_login_logging_Lines:
- logging userinfo
iosxeSTIG_stigrule_215815_logging_enable_Lines:
- logging enable
iosxeSTIG_stigrule_215815_logging_enable_Parents:
- archive
- log config
# R-215816 CISC-ND-000250
iosxeSTIG_stigrule_215816_Manage: True
iosxeSTIG_stigrule_215816_login_logging_Lines:
- login on-failure log
- login on-success log
# R-215817 CISC-ND-000280
iosxeSTIG_stigrule_215817_Manage: True
iosxeSTIG_stigrule_215817_service_timestamps_log_datetime_localtime_Lines:
- service timestamps log datetime localtime
# R-215819 CISC-ND-000330
# A partial of 215815
# duplicate of 215815
# R-215820 CISC-ND-000380
iosxeSTIG_stigrule_215820_Manage: True
iosxeSTIG_stigrule_215820_file_privilege_Lines:
- file privilege 15
# R-215821 CISC-ND-000390
# A duplicate of 215820
# duplicate of 215820
# R-215822 CISC-ND-000460
# A duplicate of 215820
# duplicate of 215820
# R-215823 CISC-ND-000470
iosxeSTIG_stigrule_215823_Manage: True
iosxeSTIG_stigrule_215823_disable_boot_network_Lines:
- no boot network
iosxeSTIG_stigrule_215823_disable_boot_server_Lines:
- no ip boot server
iosxeSTIG_stigrule_215823_disable_bootp_server_Lines:
- no ip bootp server
iosxeSTIG_stigrule_215823_disable_dns_server_Lines:
- no ip dns server
iosxeSTIG_stigrule_215823_disable_identd_Lines:
- no ip identd
iosxeSTIG_stigrule_215823_disable_finger_Lines:
- no ip finger
iosxeSTIG_stigrule_215823_disable_http_server_Lines:
- no ip http server
iosxeSTIG_stigrule_215823_disable_rcmd_rcp_enable_Lines:
- no ip rcmd rcp-enable
iosxeSTIG_stigrule_215823_disable_rcmd_rsh_enable_Lines:
- no ip rcmd rsh-enable
iosxeSTIG_stigrule_215823_disable_tcp_small_servers_Lines:
- no service tcp-small-servers
iosxeSTIG_stigrule_215823_disable_udp_small_servers_Lines:
- no service udp-small-servers
iosxeSTIG_stigrule_215823_disable_service_finger_Lines:
- no service finger
iosxeSTIG_stigrule_215823_disable_service_config_Lines:
- no service config
iosxeSTIG_stigrule_215823_disable_service_pad_Lines:
- no service pad
# R-215825 CISC-ND-000530
# ip ssh server algorithm encryption is set in 215845.
iosxeSTIG_stigrule_215825_Manage: True
iosxeSTIG_stigrule_215825_ip_ssh_version_2_Lines:
- ip ssh version 2
# R-215826 CISC-ND-000550
iosxeSTIG_stigrule_215826_Manage: False
iosxeSTIG_stigrule_215826_password_min_len_Lines:
- min-length 15
iosxeSTIG_stigrule_215826_password_min_len_Parents:
- aaa common-criteria policy PASSWORD_POLICY
# R-215827 CISC-ND-000570
iosxeSTIG_stigrule_215827_Manage: False
iosxeSTIG_stigrule_215827_password_upper_case_Lines:
- upper-case 1
iosxeSTIG_stigrule_215827_password_upper_case_Parents:
- aaa common-criteria policy PASSWORD_POLICY
# R-215828 CISC-ND-000580
iosxeSTIG_stigrule_215828_Manage: False
iosxeSTIG_stigrule_215828_password_lower_case_Lines:
- lower-case 1
iosxeSTIG_stigrule_215828_password_lower_case_Parents:
- aaa common-criteria policy PASSWORD_POLICY
# R-215829 CISC-ND-000590
iosxeSTIG_stigrule_215829_Manage: False
iosxeSTIG_stigrule_215829_password_numeric_count_Lines:
- numeric-count 1
iosxeSTIG_stigrule_215829_password_numeric_count_Parents:
- aaa common-criteria policy PASSWORD_POLICY
# R-215830 CISC-ND-000600
iosxeSTIG_stigrule_215830_Manage: False
iosxeSTIG_stigrule_215830_password_special_case_Lines:
- special-case 1
iosxeSTIG_stigrule_215830_password_special_case_Parents:
- aaa common-criteria policy PASSWORD_POLICY
# R-215831 CISC-ND-000610
iosxeSTIG_stigrule_215831_Manage: False
iosxeSTIG_stigrule_215831_password_upper_case_Lines:
- char-changes 8
iosxeSTIG_stigrule_215831_password_upper_case_Parents:
- aaa common-criteria policy PASSWORD_POLICY
# R-215832 CISC-ND-000620
iosxeSTIG_stigrule_215832_Manage: True
iosxeSTIG_stigrule_215832_service_password_encryption_Lines:
- service password-encryption
# R-215833 CISC-ND-000720
iosxeSTIG_stigrule_215833_Manage: True
iosxeSTIG_stigrule_215833_exec_timeout_for_console_Lines:
- exec-timeout 10 0
iosxeSTIG_stigrule_215833_exec_timeout_for_console_Parents:
- line con 0
iosxeSTIG_stigrule_215833_exec_timeout_for_all_line_vty_sections_Lines:
- exec-timeout 10 0
iosxeSTIG_stigrule_215833_ip_http_timeout_policy_idle_600_life_3600_requests_10_Lines:
- ip http timeout-policy idle 600 life 3600 requests 10
# R-215834 CISC-ND-000880
# A partial of 215815
# duplicate of 215815
# R-215835 CISC-ND-000940
# A duplicate of 215815
# duplicate of 215815
# R-215836 CISC-ND-000980
iosxeSTIG_stigrule_215836_Manage: True
iosxeSTIG_stigrule_215836_logging_buffered_4096_informational_Lines:
- logging buffered 4096 informational
# R-215837 CISC-ND-001000
# Please configure name IP address to a valid one.
iosxeSTIG_stigrule_215837_Manage: False
iosxeSTIG_stigrule_215837_host_Name: '192.0.2.128'
iosxeSTIG_stigrule_215837_logging_trap_critical_Lines:
- logging trap critical
# R-215838 CISC-ND-001030
# Replace ntp servers' IP address before enabling.
iosxeSTIG_stigrule_215838_Manage: False
iosxeSTIG_stigrule_215838_ntp_server_1_Server: '192.0.2.0'
iosxeSTIG_stigrule_215838_ntp_server_2_Server: '192.0.2.1'
# R-215839 CISC-ND-001040
# A duplicate of 215817
# duplicate of 215817
# R-215840 CISC-ND-001050
# service timestamps log datetime localtime is set in 215817.
iosxeSTIG_stigrule_215840_Manage: True
iosxeSTIG_stigrule_215840_service_timestamps_log_datetime_localtime_Lines:
- clock timezone EST -5 0
# R-215844 CISC-ND-001200
iosxeSTIG_stigrule_215844_Manage: True
iosxeSTIG_stigrule_215844_ip_ssh_server_algorithm_mac_hmac_sha1_Lines:
- ip ssh server algorithm mac hmac-sha1
iosxeSTIG_stigrule_215844_ip_http_secure_ciphersuite_aes_128_cbc_sha_Lines:
- ip http secure-ciphersuite aes-128-cbc-sha
# R-215845 CISC-ND-001210
# Option ip http secure-ciphersuite is set in 215844
iosxeSTIG_stigrule_215845_Manage: True
iosxeSTIG_stigrule_215845_ip_ssh_server_algorithm_encryption_aes128_cbc_aes128_ctr_aes192_cbc_aes192_ctr_Lines:
- ip ssh server algorithm encryption aes128-cbc aes128-ctr aes192-cbc aes192-ctr
# R-215847 CISC-ND-001240
# A duplicate of 215815
# duplicate of 215815
# R-215848 CISC-ND-001250
# A partial of 215815
# duplicate of 215815
# R-215849 CISC-ND-001260
# A subset of 215816
# duplicate of 215816
# R-215850 CISC-ND-001270
# A partial of 215815
# duplicate of 215815
# R-215852 CISC-ND-001290
# A subset of 215816
# duplicate of 215816
# R-215853 CISC-ND-001310
# A duplicate of 215837
# duplicate of 215837
# R-215854 CISC-ND-001370
# Configure the authentication server key before enabling.
iosxeSTIG_stigrule_215854_Manage: False
iosxeSTIG_stigrule_215854_radius_host_10_1_48_2_key_xxxxxx_Lines:
- radius host 10.1.48.2 key xxxxxx
iosxeSTIG_stigrule_215854_aaa_authentication_login_LOGIN_AUTHENTICATION_group_radius_local_Lines:
- aaa authentication login LOGIN_AUTHENTICATION group radius local
iosxeSTIG_stigrule_215854_ip_http_authentication_aaa_login_authentication_LOGIN_AUTHENTICATION_Lines:
- ip http authentication aaa login-authentication LOGIN_AUTHENTICATION
iosxeSTIG_stigrule_215854_login_authentication_for_console_Lines:
- login authentication LOGIN_AUTHENTICATION
iosxeSTIG_stigrule_215854_login_authentication_for_console_Parents:
- line con 0
iosxeSTIG_stigrule_215854_login_authentication_for_all_line_vty_sections_Lines:
- login authentication LOGIN_AUTHENTICATION
# R-215856 CISC-ND-001440
# Insert an appropriate URL (including protocol and port)
iosxeSTIG_stigrule_215856_Manage: False
iosxeSTIG_stigrule_215856_enrollment_url_Lines:
- enrollment url http://trustpoint1.example.com:80
iosxeSTIG_stigrule_215856_enrollment_url_Parents:
- crypto pki trustpoint CA_X
# R-216647 CISC-RT-000070
# A duplicate of 215823
# duplicate of 215823
# R-216661 CISC-RT-000230
iosxeSTIG_stigrule_216661_Manage: False
iosxeSTIG_stigrule_216661_Disable_the_auxiliary_port_Lines:
- no exec
- transport input none
iosxeSTIG_stigrule_216661_Disable_the_auxiliary_port_Parents:
- line aux 0
# R-216675 CISC-RT-000370
iosxeSTIG_stigrule_216675_Manage: True
iosxeSTIG_stigrule_216675_no_cdp_run_Lines:
- no cdp run
# R-216700 CISC-RT-000620
iosxeSTIG_stigrule_216700_Manage: True
iosxeSTIG_stigrule_216700_no_mpls_ip_propagate_ttl_Lines:
- no mpls ip propagate-ttl
# R-216723 CISC-RT-000850
iosxeSTIG_stigrule_216723_Manage: False
iosxeSTIG_stigrule_216723_ip_pim_register_rate_limit_10_Lines:
- ip pim register-rate-limit 10
# R-216726 CISC-RT-000880
iosxeSTIG_stigrule_216726_Manage: True
iosxeSTIG_stigrule_216726_ip_igmp_limit_Lines:
- ip igmp limit 2
# R-216727 CISC-RT-000890
iosxeSTIG_stigrule_216727_Manage: True
iosxeSTIG_stigrule_216727_ip_pim_spt_threshold_infinity_Lines:
- ip pim spt-threshold infinity
# R-216996 CISC-RT-000080
iosxeSTIG_stigrule_216996_Manage: True
iosxeSTIG_stigrule_216996_no_call_home_Lines:
- no call-home
# R-217001 CISC-RT-000750
# Options drop or ignore are allowed.
iosxeSTIG_stigrule_217001_Manage: True
iosxeSTIG_stigrule_217001_ip_options_drop_Lines:
- ip options drop
# R-220139 CISC-ND-001450
# A duplicate of 215837
# duplicate of 215837
iosxeSTIG_save_configuration_Manage: False

1010
collections/ansible_collections/demo/compliance/roles/iosxeSTIG/files/U_Cisco_IOS-XE_Router_NDM_STIG_V2R1_Manual-xccdf.xml Normal file
View File

File diff suppressed because one or more lines are too long

3272
collections/ansible_collections/demo/compliance/roles/iosxeSTIG/files/U_Cisco_IOS-XE_Router_RTR_STIG_V2R1_Manual-xccdf.xml Normal file
View File

File diff suppressed because one or more lines are too long

20
collections/ansible_collections/demo/compliance/roles/iosxeSTIG/files/duplicates.json Normal file
View File

@@ -0,0 +1,20 @@
{
"215808":[ "215815" ],
"215809":[ "215815" ],
"215810":[ "215815" ],
"215811":[ "215815" ],
"215819":[ "215815" ],
"215821":[ "215820" ],
"215822":[ "215820" ],
"215834":[ "215815" ],
"215835":[ "215815" ],
"215839":[ "215817" ],
"215847":[ "215815" ],
"215848":[ "215815" ],
"215849":[ "215816" ],
"215850":[ "215815" ],
"215852":[ "215816" ],
"215853":[ "215837" ],
"216647":[ "215823" ],
"220139":[ "215837" ]
}

4
collections/ansible_collections/demo/compliance/roles/iosxeSTIG/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: save configuration
ios_command:
commands: write memory
when: iosxeSTIG_save_configuration_Manage

595
collections/ansible_collections/demo/compliance/roles/iosxeSTIG/tasks/main.yml Normal file
View File

@@ -0,0 +1,595 @@
# R-215807 CISC-ND-000010
- name : stigrule_215807_ip_http_max_connections_2
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215807_ip_http_max_connections_2_Lines }}"
when:
- iosxeSTIG_stigrule_215807_Manage
# R-215807 CISC-ND-000010
- name: get line vty sections
ios_command:
commands: show running-config all | include ^line vty
register: cmd_result
- name : stigrule_215807_session_limit_for_all_line_vty_sections
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215807_session_limit_for_all_line_vty_sections_Lines }}"
parents: "{{ item }}"
loop: "{{ cmd_result.stdout_lines|flatten(levels=1) }}"
when:
- iosxeSTIG_stigrule_215807_Manage
# R-215813 CISC-ND-000150
- name : stigrule_215813_login_block_for_900_attempts_3_within_120
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215813_login_block_for_900_attempts_3_within_120_Lines }}"
when:
- iosxeSTIG_stigrule_215813_Manage
# R-215814 CISC-ND-000160
- name : stigrule_215814_login
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_banner:
banner: login
text: "{{ iosxeSTIG_stigrule_215814_login_Text }}"
when: iosxeSTIG_stigrule_215814_Manage
# R-215815 CISC-ND-000210
- name : stigrule_215815_login_logging
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215815_login_logging_Lines }}"
when:
- iosxeSTIG_stigrule_215815_Manage
# R-215815 CISC-ND-000210
- name : stigrule_215815_logging_enable
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215815_logging_enable_Lines }}"
parents: "{{ iosxeSTIG_stigrule_215815_logging_enable_Parents }}"
when:
- iosxeSTIG_stigrule_215815_Manage
# R-215816 CISC-ND-000250
- name : stigrule_215816_login_logging
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215816_login_logging_Lines }}"
when:
- iosxeSTIG_stigrule_215816_Manage
# R-215817 CISC-ND-000280
- name : stigrule_215817_service_timestamps_log_datetime_localtime
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215817_service_timestamps_log_datetime_localtime_Lines }}"
when:
- iosxeSTIG_stigrule_215817_Manage
# R-215820 CISC-ND-000380
- name : stigrule_215820_file_privilege
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215820_file_privilege_Lines }}"
when:
- iosxeSTIG_stigrule_215820_Manage
# R-215823 CISC-ND-000470
- name: check for boot network
ios_command:
commands: show running-config all | include ^boot network
register: cmd_result
- name : stigrule_215823_disable_boot_network
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_boot_network_Lines }}"
when:
- (cmd_result.stdout|join('\n')).find('boot network') != -1
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name: check for ip boot server
ios_command:
commands: show running-config all | include ^ip boot server
register: cmd_result
- name : stigrule_215823_disable_boot_server
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_boot_server_Lines }}"
when:
- (cmd_result.stdout|join('\n')).find('ip boot server') != -1
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name : stigrule_215823_disable_bootp_server
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_bootp_server_Lines }}"
when:
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name: check for DNS server configuration
ios_command:
commands: show running-config all | include ^ip dns server
register: cmd_result
- name : stigrule_215823_disable_dns_server
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_dns_server_Lines }}"
when:
- (cmd_result.stdout|join('\n')).find('ip dns server') != -1
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name : stigrule_215823_disable_identd
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_identd_Lines }}"
when:
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name : stigrule_215823_disable_finger
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_finger_Lines }}"
when:
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name : stigrule_215823_disable_http_server
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_http_server_Lines }}"
when:
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name: check for ip rcmd rcp-enable
ios_command:
commands: show running-config all | include ^ip rcmd rcp-enable
register: cmd_result
- name : stigrule_215823_disable_rcmd_rcp_enable
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_rcmd_rcp_enable_Lines }}"
when:
- (cmd_result.stdout|join('\n')).find('ip rcmd rcp-enable') != -1
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name: check for ip rcmd rsh-enable
ios_command:
commands: show running-config all | include ^ip rcmd rsh-enable
register: cmd_result
- name : stigrule_215823_disable_rcmd_rsh_enable
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_rcmd_rsh_enable_Lines }}"
when:
- (cmd_result.stdout|join('\n')).find('ip rcmd rsh-enable') != -1
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name: check for tcp-small-servers
ios_command:
commands: show running-config all | include ^service tcp-small-servers
register: cmd_result
- name : stigrule_215823_disable_tcp_small_servers
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_tcp_small_servers_Lines }}"
when:
- (cmd_result.stdout|join('\n')).find('service tcp-small-servers') != -1
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name: check for udp-small-servers
ios_command:
commands: show running-config all | include ^service udp-small-servers
register: cmd_result
- name : stigrule_215823_disable_udp_small_servers
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_udp_small_servers_Lines }}"
when:
- (cmd_result.stdout|join('\n')).find('service udp-small-servers') != -1
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name: check for service finger
ios_command:
commands: show running-config all | include ^service finger
register: cmd_result
- name : stigrule_215823_disable_service_finger
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_service_finger_Lines }}"
when:
- (cmd_result.stdout|join('\n')).find('service finger') != -1
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name : stigrule_215823_disable_service_config
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_service_config_Lines }}"
when:
- iosxeSTIG_stigrule_215823_Manage
# R-215823 CISC-ND-000470
- name : stigrule_215823_disable_service_pad
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215823_disable_service_pad_Lines }}"
when:
- iosxeSTIG_stigrule_215823_Manage
# R-215825 CISC-ND-000530
# ip ssh server algorithm encryption is set in 215845.
- name : stigrule_215825_ip_ssh_version_2
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215825_ip_ssh_version_2_Lines }}"
when:
- iosxeSTIG_stigrule_215825_Manage
# R-215826 CISC-ND-000550
- name : stigrule_215826_password_min_len
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215826_password_min_len_Lines }}"
parents: "{{ iosxeSTIG_stigrule_215826_password_min_len_Parents }}"
when:
- iosxeSTIG_stigrule_215826_Manage
# R-215827 CISC-ND-000570
- name : stigrule_215827_password_upper_case
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215827_password_upper_case_Lines }}"
parents: "{{ iosxeSTIG_stigrule_215827_password_upper_case_Parents }}"
when:
- iosxeSTIG_stigrule_215827_Manage
# R-215828 CISC-ND-000580
- name : stigrule_215828_password_lower_case
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215828_password_lower_case_Lines }}"
parents: "{{ iosxeSTIG_stigrule_215828_password_lower_case_Parents }}"
when:
- iosxeSTIG_stigrule_215828_Manage
# R-215829 CISC-ND-000590
- name : stigrule_215829_password_numeric_count
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215829_password_numeric_count_Lines }}"
parents: "{{ iosxeSTIG_stigrule_215829_password_numeric_count_Parents }}"
when:
- iosxeSTIG_stigrule_215829_Manage
# R-215830 CISC-ND-000600
- name : stigrule_215830_password_special_case
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215830_password_special_case_Lines }}"
parents: "{{ iosxeSTIG_stigrule_215830_password_special_case_Parents }}"
when:
- iosxeSTIG_stigrule_215830_Manage
# R-215831 CISC-ND-000610
- name : stigrule_215831_password_upper_case
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215831_password_upper_case_Lines }}"
parents: "{{ iosxeSTIG_stigrule_215831_password_upper_case_Parents }}"
when:
- iosxeSTIG_stigrule_215831_Manage
# R-215832 CISC-ND-000620
- name : stigrule_215832_service_password_encryption
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215832_service_password_encryption_Lines }}"
when:
- iosxeSTIG_stigrule_215832_Manage
# R-215833 CISC-ND-000720
- name : stigrule_215833_exec_timeout_for_console
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215833_exec_timeout_for_console_Lines }}"
parents: "{{ iosxeSTIG_stigrule_215833_exec_timeout_for_console_Parents }}"
when:
- iosxeSTIG_stigrule_215833_Manage
# R-215833 CISC-ND-000720
- name: get line vty sections
ios_command:
commands: show running-config all | include ^line vty
register: cmd_result
- name : stigrule_215833_exec_timeout_for_all_line_vty_sections
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215833_exec_timeout_for_all_line_vty_sections_Lines }}"
parents: "{{ item }}"
loop: "{{ cmd_result.stdout_lines|flatten(levels=1) }}"
when:
- iosxeSTIG_stigrule_215833_Manage
# R-215833 CISC-ND-000720
- name : stigrule_215833_ip_http_timeout_policy_idle_600_life_3600_requests_10
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215833_ip_http_timeout_policy_idle_600_life_3600_requests_10_Lines }}"
when:
- iosxeSTIG_stigrule_215833_Manage
# R-215836 CISC-ND-000980
- name : stigrule_215836_logging_buffered_4096_informational
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215836_logging_buffered_4096_informational_Lines }}"
when:
- iosxeSTIG_stigrule_215836_Manage
# R-215837 CISC-ND-001000
# Please configure name IP address to a valid one.
- name : stigrule_215837_host
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_logging:
dest: host
name: "{{ iosxeSTIG_stigrule_215837_host_Name }}"
when: iosxeSTIG_stigrule_215837_Manage
# R-215837 CISC-ND-001000
# Please configure name IP address to a valid one.
- name : stigrule_215837_logging_trap_critical
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215837_logging_trap_critical_Lines }}"
when:
- iosxeSTIG_stigrule_215837_Manage
# R-215838 CISC-ND-001030
# Replace ntp servers' IP address before enabling.
- name : stigrule_215838_ntp_server_1
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_ntp:
server: "{{ iosxeSTIG_stigrule_215838_ntp_server_1_Server }}"
when: iosxeSTIG_stigrule_215838_Manage
# R-215838 CISC-ND-001030
# Replace ntp servers' IP address before enabling.
- name : stigrule_215838_ntp_server_2
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_ntp:
server: "{{ iosxeSTIG_stigrule_215838_ntp_server_2_Server }}"
when: iosxeSTIG_stigrule_215838_Manage
# R-215840 CISC-ND-001050
# service timestamps log datetime localtime is set in 215817.
- name : stigrule_215840_service_timestamps_log_datetime_localtime
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215840_service_timestamps_log_datetime_localtime_Lines }}"
when:
- iosxeSTIG_stigrule_215840_Manage
# R-215844 CISC-ND-001200
- name : stigrule_215844_ip_ssh_server_algorithm_mac_hmac_sha1
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215844_ip_ssh_server_algorithm_mac_hmac_sha1_Lines }}"
when:
- iosxeSTIG_stigrule_215844_Manage
# R-215844 CISC-ND-001200
- name : stigrule_215844_ip_http_secure_ciphersuite_aes_128_cbc_sha
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215844_ip_http_secure_ciphersuite_aes_128_cbc_sha_Lines }}"
when:
- iosxeSTIG_stigrule_215844_Manage
# R-215845 CISC-ND-001210
# Option ip http secure-ciphersuite is set in 215844
- name : stigrule_215845_ip_ssh_server_algorithm_encryption_aes128_cbc_aes128_ctr_aes192_cbc_aes192_ctr
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215845_ip_ssh_server_algorithm_encryption_aes128_cbc_aes128_ctr_aes192_cbc_aes192_ctr_Lines }}"
when:
- iosxeSTIG_stigrule_215845_Manage
# R-215854 CISC-ND-001370
# Configure the authentication server key before enabling.
- name : stigrule_215854_radius_host_10_1_48_2_key_xxxxxx
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215854_radius_host_10_1_48_2_key_xxxxxx_Lines }}"
when:
- iosxeSTIG_stigrule_215854_Manage
# R-215854 CISC-ND-001370
# Configure the authentication server key before enabling.
- name : stigrule_215854_aaa_authentication_login_LOGIN_AUTHENTICATION_group_radius_local
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215854_aaa_authentication_login_LOGIN_AUTHENTICATION_group_radius_local_Lines }}"
when:
- iosxeSTIG_stigrule_215854_Manage
# R-215854 CISC-ND-001370
# Configure the authentication server key before enabling.
- name : stigrule_215854_ip_http_authentication_aaa_login_authentication_LOGIN_AUTHENTICATION
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215854_ip_http_authentication_aaa_login_authentication_LOGIN_AUTHENTICATION_Lines }}"
when:
- iosxeSTIG_stigrule_215854_Manage
# R-215854 CISC-ND-001370
# Configure the authentication server key before enabling.
- name : stigrule_215854_login_authentication_for_console
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215854_login_authentication_for_console_Lines }}"
parents: "{{ iosxeSTIG_stigrule_215854_login_authentication_for_console_Parents }}"
when:
- iosxeSTIG_stigrule_215854_Manage
# R-215854 CISC-ND-001370
# Configure the authentication server key before enabling.
- name: get line vty sections
ios_command:
commands: show running-config all | include ^line vty
register: cmd_result
- name : stigrule_215854_login_authentication_for_all_line_vty_sections
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215854_login_authentication_for_all_line_vty_sections_Lines }}"
parents: "{{ item }}"
loop: "{{ cmd_result.stdout_lines|flatten(levels=1) }}"
when:
- iosxeSTIG_stigrule_215854_Manage
# R-215856 CISC-ND-001440
# Insert an appropriate URL (including protocol and port)
- name : stigrule_215856_enrollment_url
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_215856_enrollment_url_Lines }}"
parents: "{{ iosxeSTIG_stigrule_215856_enrollment_url_Parents }}"
when:
- iosxeSTIG_stigrule_215856_Manage
# R-216661 CISC-RT-000230
- name : stigrule_216661_Disable_the_auxiliary_port
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_216661_Disable_the_auxiliary_port_Lines }}"
parents: "{{ iosxeSTIG_stigrule_216661_Disable_the_auxiliary_port_Parents }}"
when:
- iosxeSTIG_stigrule_216661_Manage
# R-216675 CISC-RT-000370
- name : stigrule_216675_no_cdp_run
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_216675_no_cdp_run_Lines }}"
when:
- iosxeSTIG_stigrule_216675_Manage
# R-216700 CISC-RT-000620
- name : stigrule_216700_no_mpls_ip_propagate_ttl
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_216700_no_mpls_ip_propagate_ttl_Lines }}"
when:
- iosxeSTIG_stigrule_216700_Manage
# R-216723 CISC-RT-000850
- name : stigrule_216723_ip_pim_register_rate_limit_10
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_216723_ip_pim_register_rate_limit_10_Lines }}"
when:
- iosxeSTIG_stigrule_216723_Manage
# R-216726 CISC-RT-000880
- name : stigrule_216726_ip_igmp_limit
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_216726_ip_igmp_limit_Lines }}"
when:
- iosxeSTIG_stigrule_216726_Manage
# R-216727 CISC-RT-000890
- name : stigrule_216727_ip_pim_spt_threshold_infinity
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_216727_ip_pim_spt_threshold_infinity_Lines }}"
when:
- iosxeSTIG_stigrule_216727_Manage
# R-216996 CISC-RT-000080
- name: check for call-home
ios_command:
commands: show running-config | include ^call-home
register: cmd_result
- name : stigrule_216996_no_call_home
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_216996_no_call_home_Lines }}"
when:
- (cmd_result.stdout|join('\n')).find('call-home') != -1
- iosxeSTIG_stigrule_216996_Manage
# R-217001 CISC-RT-000750
# Options drop or ignore are allowed.
- name : stigrule_217001_ip_options_drop
ignore_errors: "{{ ignore_all_errors }}"
notify: "save configuration"
ios_config:
defaults: yes
lines: "{{ iosxeSTIG_stigrule_217001_ip_options_drop_Lines }}"
when:
- iosxeSTIG_stigrule_217001_Manage

86
collections/ansible_collections/demo/compliance/roles/rhel7STIG/callback_plugins/stig_xml.py Normal file
View File

@@ -0,0 +1,86 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
from ansible.plugins.callback import CallbackBase
from time import gmtime, strftime
import platform
import tempfile
import re
import sys
import os
import xml.etree.ElementTree as ET
import xml.dom.minidom
class CallbackModule(CallbackBase):
CALLBACK_VERSION = 2.0
CALLBACK_TYPE = 'xml'
CALLBACK_NAME = 'stig_xml'
CALLBACK_NEEDS_WHITELIST = True
def _get_STIG_path(self):
cwd = os.path.abspath('.')
for dirpath, dirs, files in os.walk(cwd):
if os.path.sep + 'files' in dirpath and '.xml' in files[0]:
return os.path.join(cwd, dirpath, files[0])
def __init__(self):
super(CallbackModule, self).__init__()
self.rules = {}
self.stig_path = os.environ.get('STIG_PATH')
self.XML_path = os.environ.get('XML_PATH')
if self.stig_path is None:
self.stig_path = self._get_STIG_path()
self._display.display('Using STIG_PATH: {}'.format(self.stig_path))
if self.XML_path is None:
self.XML_path = tempfile.mkdtemp() + "/xccdf-results.xml"
self._display.display('Using XML_PATH: {}'.format(self.XML_path))
print("Writing: {}".format(self.XML_path))
STIG_name = os.path.basename(self.stig_path)
ET.register_namespace('cdf', 'http://checklists.nist.gov/xccdf/1.2')
self.tr = ET.Element('{http://checklists.nist.gov/xccdf/1.2}TestResult')
self.tr.set('id', 'xccdf_mil.disa.stig_testresult_scap_mil.disa_comp_{}'.format(STIG_name))
endtime = strftime("%Y-%m-%dT%H:%M:%S", gmtime())
self.tr.set('end-time', endtime)
tg = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}target')
tg.text = platform.node()
def _get_rev(self, nid):
with open(self.stig_path, 'r') as f:
r = 'SV-{}r(?P<rev>\d+)_rule'.format(nid)
m = re.search(r, f.read())
if m:
rev = m.group('rev')
else:
rev = '0'
return rev
def v2_runner_on_ok(self, result):
name = result._task.get_name()
m = re.search('stigrule_(?P<id>\d+)', name)
if m:
nid = m.group('id')
else:
return
rev = self._get_rev(nid)
key = "{}r{}".format(nid, rev)
if self.rules.get(key, 'Unknown') != False:
self.rules[key] = result.is_changed()
def v2_playbook_on_stats(self, stats):
for rule, changed in self.rules.items():
state = 'fail' if changed else 'pass'
rr = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}rule-result')
rr.set('idref', 'xccdf_mil.disa.stig_rule_SV-{}_rule'.format(rule))
rs = ET.SubElement(rr, '{http://checklists.nist.gov/xccdf/1.2}result')
rs.text = state
passing = len(self.rules) - sum(self.rules.values())
sc = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}score')
sc.set('maximum', str(len(self.rules)))
sc.set('system', 'urn:xccdf:scoring:flat-unweighted')
sc.text = str(passing)
with open(self.XML_path, 'wb') as f:
out = ET.tostring(self.tr)
pretty = xml.dom.minidom.parseString(out).toprettyxml(encoding='utf-8')
f.write(pretty)

503
collections/ansible_collections/demo/compliance/roles/rhel7STIG/defaults/main.yml Normal file
View File

@@ -0,0 +1,503 @@
# R-204393 RHEL-07-010030
rhel7STIG_stigrule_204393_Manage: True
rhel7STIG_stigrule_204393__etc_dconf_db_local_d_01_banner_message_Value: 'true'
# R-204394 RHEL-07-010040
rhel7STIG_stigrule_204394_Manage: True
rhel7STIG_stigrule_204394__etc_dconf_db_local_d_01_banner_message_Value: '''You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n-At any time, the USG may inspect and seize data stored on this IS.\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'''
# R-204395 RHEL-07-010050
rhel7STIG_stigrule_204395_Manage: True
rhel7STIG_stigrule_204395__etc_issue_Dest: /etc/issue
rhel7STIG_stigrule_204395__etc_issue_Content: 'You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
By using this IS (which includes any device attached to this IS), you consent to the following conditions:
-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
-At any time, the USG may inspect and seize data stored on this IS.
-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.
'
# R-204396 RHEL-07-010060
rhel7STIG_stigrule_204396_Manage: True
rhel7STIG_stigrule_204396__etc_dconf_db_local_d_00_screensaver_Value: 'true'
# R-204397 RHEL-07-010061
rhel7STIG_stigrule_204397_Manage: True
rhel7STIG_stigrule_204397__etc_dconf_db_local_d_00_defaults_Value: 'true'
# R-204398 RHEL-07-010070
rhel7STIG_stigrule_204398_Manage: True
rhel7STIG_stigrule_204398__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 900'
# R-204399 RHEL-07-010081
rhel7STIG_stigrule_204399_Manage: True
rhel7STIG_stigrule_204399__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/screensaver/lock-delay'
# R-204400 RHEL-07-010082
rhel7STIG_stigrule_204400_Manage: True
rhel7STIG_stigrule_204400__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/session/idle-delay'
# R-204402 RHEL-07-010100
rhel7STIG_stigrule_204402_Manage: True
rhel7STIG_stigrule_204402__etc_dconf_db_local_d_00_screensaver_Value: 'true'
# R-204403 RHEL-07-010101
rhel7STIG_stigrule_204403_Manage: True
rhel7STIG_stigrule_204403__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/screensaver/idle-activation-enabled'
# R-204404 RHEL-07-010110
rhel7STIG_stigrule_204404_Manage: True
rhel7STIG_stigrule_204404__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 5'
# R-204407 RHEL-07-010120
rhel7STIG_stigrule_204407_Manage: True
rhel7STIG_stigrule_204407__etc_security_pwquality_conf_Line: 'ucredit = -1'
# R-204408 RHEL-07-010130
rhel7STIG_stigrule_204408_Manage: True
rhel7STIG_stigrule_204408__etc_security_pwquality_conf_Line: 'lcredit = -1'
# R-204409 RHEL-07-010140
rhel7STIG_stigrule_204409_Manage: True
rhel7STIG_stigrule_204409__etc_security_pwquality_conf_Line: 'dcredit = -1'
# R-204410 RHEL-07-010150
rhel7STIG_stigrule_204410_Manage: True
rhel7STIG_stigrule_204410__etc_security_pwquality_conf_Line: 'ocredit = -1'
# R-204411 RHEL-07-010160
rhel7STIG_stigrule_204411_Manage: True
rhel7STIG_stigrule_204411__etc_security_pwquality_conf_Line: 'difok = 8'
# R-204412 RHEL-07-010170
rhel7STIG_stigrule_204412_Manage: True
rhel7STIG_stigrule_204412__etc_security_pwquality_conf_Line: 'minclass = 4'
# R-204413 RHEL-07-010180
rhel7STIG_stigrule_204413_Manage: True
rhel7STIG_stigrule_204413__etc_security_pwquality_conf_Line: 'maxrepeat = 3'
# R-204414 RHEL-07-010190
rhel7STIG_stigrule_204414_Manage: True
rhel7STIG_stigrule_204414__etc_security_pwquality_conf_Line: 'maxclassrepeat = 4'
# R-204416 RHEL-07-010210
rhel7STIG_stigrule_204416_Manage: True
rhel7STIG_stigrule_204416__etc_login_defs_Line: 'ENCRYPT_METHOD SHA512'
# R-204417 RHEL-07-010220
rhel7STIG_stigrule_204417_Manage: True
rhel7STIG_stigrule_204417__etc_libuser_conf_Value: 'sha512'
# R-204418 RHEL-07-010230
rhel7STIG_stigrule_204418_Manage: True
rhel7STIG_stigrule_204418__etc_login_defs_Line: 'PASS_MIN_DAYS 1'
# R-204419 RHEL-07-010240
rhel7STIG_stigrule_204419_Manage: True
rhel7STIG_stigrule_204419_chage__m_1_user_Command: chage -m 1
# R-204420 RHEL-07-010250
rhel7STIG_stigrule_204420_Manage: True
rhel7STIG_stigrule_204420__etc_login_defs_Line: 'PASS_MAX_DAYS 60'
# R-204421 RHEL-07-010260
rhel7STIG_stigrule_204421_Manage: True
rhel7STIG_stigrule_204421_chage__M_60_user_Command: chage -M 60
# R-204423 RHEL-07-010280
rhel7STIG_stigrule_204423_Manage: True
rhel7STIG_stigrule_204423__etc_security_pwquality_conf_Line: 'minlen = 15'
# R-204425 RHEL-07-010300
rhel7STIG_stigrule_204425_Manage: True
rhel7STIG_stigrule_204425_PermitEmptyPasswords_Line: PermitEmptyPasswords no
# R-204426 RHEL-07-010310
rhel7STIG_stigrule_204426_Manage: True
rhel7STIG_stigrule_204426__etc_default_useradd_Line: 'INACTIVE=0'
# R-204431 RHEL-07-010430
rhel7STIG_stigrule_204431_Manage: True
rhel7STIG_stigrule_204431__etc_login_defs_Line: 'FAIL_DELAY 4'
# R-204432 RHEL-07-010440
rhel7STIG_stigrule_204432_Manage: True
rhel7STIG_stigrule_204432__etc_gdm_custom_conf_Value: 'false'
# R-204433 RHEL-07-010450
rhel7STIG_stigrule_204433_Manage: True
rhel7STIG_stigrule_204433__etc_gdm_custom_conf_Value: 'false'
# R-204434 RHEL-07-010460
rhel7STIG_stigrule_204434_Manage: True
rhel7STIG_stigrule_204434_PermitUserEnvironment_Line: PermitUserEnvironment no
# R-204435 RHEL-07-010470
rhel7STIG_stigrule_204435_Manage: True
rhel7STIG_stigrule_204435_HostbasedAuthentication_Line: HostbasedAuthentication no
# R-204442 RHEL-07-020000
rhel7STIG_stigrule_204442_Manage: True
rhel7STIG_stigrule_204442_rsh_server_State: removed
# R-204443 RHEL-07-020010
rhel7STIG_stigrule_204443_Manage: True
rhel7STIG_stigrule_204443_ypserv_State: removed
# R-204445 RHEL-07-020030
# Edit email address.
rhel7STIG_stigrule_204445_Manage: True
rhel7STIG_stigrule_204445__etc_cron_daily_aide_Dest: /etc/cron.daily/aide
rhel7STIG_stigrule_204445__etc_cron_daily_aide_Content: '#!/bin/bash
/usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root'
rhel7STIG_stigrule_204445__etc_cron_daily_aide_Mode: '700'
rhel7STIG_stigrule_204445_aide_State: installed
# R-204446 RHEL-07-020040
# Edit email address.
rhel7STIG_stigrule_204446_Manage: True
rhel7STIG_stigrule_204446__etc_cron_daily_aide_notify_Dest: /etc/cron.daily/aide
rhel7STIG_stigrule_204446__etc_cron_daily_aide_notify_Content: '#!/bin/bash
/usr/sbin/aide --check | /bin/mail -s "$HOSTNAME - Daily aide integrity check run" root'
rhel7STIG_stigrule_204446__etc_cron_daily_aide_notify_Mode: '700'
rhel7STIG_stigrule_204446_aide_notify_State: installed
# R-204447 RHEL-07-020050
rhel7STIG_stigrule_204447_Manage: True
rhel7STIG_stigrule_204447__etc_yum_conf_Value: '1'
# R-204448 RHEL-07-020060
rhel7STIG_stigrule_204448_Manage: True
rhel7STIG_stigrule_204448__etc_yum_conf_Value: '1'
# R-204449 RHEL-07-020100
rhel7STIG_stigrule_204449_Manage: True
rhel7STIG_stigrule_204449__etc_modprobe_d_blacklist_conf_Line: 'blacklist usb-storage'
rhel7STIG_stigrule_204449__etc_modprobe_d_usb_storage_conf_Line: 'install usb-storage /bin/true'
# R-204450 RHEL-07-020101
rhel7STIG_stigrule_204450_Manage: True
rhel7STIG_stigrule_204450__etc_modprobe_d_dccp_conf_Dest: /etc/modprobe.d/dccp.conf
rhel7STIG_stigrule_204450__etc_modprobe_d_dccp_conf_Content: 'install dccp /bin/true'
rhel7STIG_stigrule_204450__etc_modprobe_d_blacklist_conf_Line: 'blacklist dccp'
# R-204451 RHEL-07-020110
rhel7STIG_stigrule_204451_Manage: True
rhel7STIG_stigrule_204451_autofs_disable_Enabled: no
rhel7STIG_stigrule_204451_autofs_stop_State: stopped
# R-204452 RHEL-07-020200
rhel7STIG_stigrule_204452_Manage: True
rhel7STIG_stigrule_204452__etc_yum_conf_Value: '1'
# R-204453 RHEL-07-020210
rhel7STIG_stigrule_204453_Manage: True
rhel7STIG_stigrule_204453__etc_selinux_config_Line: 'SELINUX=enforcing'
# R-204454 RHEL-07-020220
rhel7STIG_stigrule_204454_Manage: True
rhel7STIG_stigrule_204454__etc_selinux_config_Line: 'SELINUXTYPE=targeted'
# R-204455 RHEL-07-020230
rhel7STIG_stigrule_204455_Manage: True
rhel7STIG_stigrule_204455_systemctl_mask_ctrl_alt_del_target_Command: systemctl mask ctrl-alt-del.target
# R-204457 RHEL-07-020240
rhel7STIG_stigrule_204457_Manage: True
rhel7STIG_stigrule_204457__etc_login_defs_Line: 'UMASK 077'
# R-204466 RHEL-07-020610
rhel7STIG_stigrule_204466_Manage: True
rhel7STIG_stigrule_204466__etc_login_defs_Line: 'CREATE_HOME yes'
# R-204489 RHEL-07-021100
rhel7STIG_stigrule_204489_Manage: True
rhel7STIG_stigrule_204489__etc_rsyslog_conf_Line: 'cron.* /var/log/cron.log'
# R-204490 RHEL-07-021110
rhel7STIG_stigrule_204490_Manage: True
rhel7STIG_stigrule_204490__etc_cron_allow_Dest: /etc/cron.allow
rhel7STIG_stigrule_204490__etc_cron_allow_Owner: root
# R-204491 RHEL-07-021120
rhel7STIG_stigrule_204491_Manage: True
rhel7STIG_stigrule_204491__etc_cron_allow_Dest: /etc/cron.allow
rhel7STIG_stigrule_204491__etc_cron_allow_Group: root
# R-204492 RHEL-07-021300
# If kernel core dumps are required, document the need with the ISSO.
rhel7STIG_stigrule_204492_Manage: True
rhel7STIG_stigrule_204492_kdump_disable_Enabled: no
rhel7STIG_stigrule_204492_kdump_stop_State: stopped
# R-204496 RHEL-07-021340
rhel7STIG_stigrule_204496_Manage: True
rhel7STIG_stigrule_204496_tmp_mount_Enabled: yes
# R-204502 RHEL-07-021710
rhel7STIG_stigrule_204502_Manage: True
rhel7STIG_stigrule_204502_telnet_server_State: removed
# R-204503 RHEL-07-030000
rhel7STIG_stigrule_204503_Manage: True
rhel7STIG_stigrule_204503_auditd_enable_Enabled: yes
rhel7STIG_stigrule_204503_auditd_start_State: started
# R-204504 RHEL-07-030010
rhel7STIG_stigrule_204504_Manage: True
rhel7STIG_stigrule_204504__etc_audit_rules_d_audit_rules_critical_error_Line: '-f 2'
# R-204506 RHEL-07-030201
rhel7STIG_stigrule_204506_Manage: True
rhel7STIG_stigrule_204506__etc_audisp_plugins_d_au_remote_conf_direction_Line: 'direction = out'
rhel7STIG_stigrule_204506__etc_audisp_plugins_d_au_remote_conf_path_Line: 'path = /sbin/audisp-remote'
rhel7STIG_stigrule_204506__etc_audisp_plugins_d_au_remote_conf_type_Line: 'type = always'
# R-204507 RHEL-07-030210
rhel7STIG_stigrule_204507_Manage: True
rhel7STIG_stigrule_204507__etc_audisp_audispd_conf_Line: 'overflow_action = syslog'
# R-204508 RHEL-07-030211
rhel7STIG_stigrule_204508_Manage: True
rhel7STIG_stigrule_204508__etc_audisp_audispd_conf_Line: 'name_format = hostname'
# R-204509 RHEL-07-030300
# Ensure to set the IP address of the log aggregation server.
rhel7STIG_stigrule_204509_Manage: False
rhel7STIG_stigrule_204509__etc_audisp_audisp_remote_conf_Line: 'remote_server = 192.0.2.255'
# R-204510 RHEL-07-030310
# Ensure to set the IP address of the log aggregation server.
rhel7STIG_stigrule_204510_Manage: True
rhel7STIG_stigrule_204510__etc_audisp_audisp_remote_conf_Line: 'enable_krb5 = yes'
# R-204511 RHEL-07-030320
rhel7STIG_stigrule_204511_Manage: True
rhel7STIG_stigrule_204511__etc_audisp_audisp_remote_conf_Line: 'disk_full_action = single'
# R-204512 RHEL-07-030321
rhel7STIG_stigrule_204512_Manage: True
rhel7STIG_stigrule_204512__etc_audisp_audisp_remote_conf_Line: 'network_failure_action = syslog'
# R-204514 RHEL-07-030340
rhel7STIG_stigrule_204514_Manage: True
rhel7STIG_stigrule_204514__etc_audit_auditd_conf_Line: 'space_left_action = email'
# R-204515 RHEL-07-030350
rhel7STIG_stigrule_204515_Manage: True
rhel7STIG_stigrule_204515__etc_audit_auditd_conf_Line: 'action_mail_acct = root'
# R-204516 RHEL-07-030360
rhel7STIG_stigrule_204516_Manage: True
rhel7STIG_stigrule_204516__etc_audit_rules_d_audit_rules_euid_b32_Line: '-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k setuid'
rhel7STIG_stigrule_204516__etc_audit_rules_d_audit_rules_euid_b64_Line: '-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k setuid'
rhel7STIG_stigrule_204516__etc_audit_rules_d_audit_rules_egid_b32_Line: '-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k setgid'
rhel7STIG_stigrule_204516__etc_audit_rules_d_audit_rules_egid_b64_Line: '-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k setgid'
# R-204517 RHEL-07-030370
rhel7STIG_stigrule_204517_Manage: True
rhel7STIG_stigrule_204517__etc_audit_rules_d_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod'
rhel7STIG_stigrule_204517__etc_audit_rules_d_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod'
# R-204521 RHEL-07-030410
rhel7STIG_stigrule_204521_Manage: True
rhel7STIG_stigrule_204521__etc_audit_rules_d_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod'
rhel7STIG_stigrule_204521__etc_audit_rules_d_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod'
# R-204524 RHEL-07-030440
rhel7STIG_stigrule_204524_Manage: True
rhel7STIG_stigrule_204524__etc_audit_rules_d_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod'
rhel7STIG_stigrule_204524__etc_audit_rules_d_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod'
# R-204531 RHEL-07-030510
rhel7STIG_stigrule_204531_Manage: True
rhel7STIG_stigrule_204531__etc_audit_rules_d_audit_rules_EPERM_b32_Line: '-a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -k access'
rhel7STIG_stigrule_204531__etc_audit_rules_d_audit_rules_EPERM_b64_Line: '-a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -k access'
rhel7STIG_stigrule_204531__etc_audit_rules_d_audit_rules_EACCES_b32_Line: '-a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -k access'
rhel7STIG_stigrule_204531__etc_audit_rules_d_audit_rules_EACCES_b64_Line: '-a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -k access'
# R-204536 RHEL-07-030560
rhel7STIG_stigrule_204536_Manage: True
rhel7STIG_stigrule_204536__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/semanage -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
# R-204537 RHEL-07-030570
rhel7STIG_stigrule_204537_Manage: True
rhel7STIG_stigrule_204537__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/setsebool -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
# R-204538 RHEL-07-030580
rhel7STIG_stigrule_204538_Manage: True
rhel7STIG_stigrule_204538__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/chcon -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
# R-204539 RHEL-07-030590
rhel7STIG_stigrule_204539_Manage: True
rhel7STIG_stigrule_204539__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/setfiles -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
# R-204540 RHEL-07-030610
rhel7STIG_stigrule_204540_Manage: True
rhel7STIG_stigrule_204540__etc_audit_rules_d_audit_rules_Line: '-w /var/run/faillock -p wa -k logins'
# R-204541 RHEL-07-030620
rhel7STIG_stigrule_204541_Manage: True
rhel7STIG_stigrule_204541__etc_audit_rules_d_audit_rules_Line: '-w /var/log/lastlog -p wa -k logins'
# R-204542 RHEL-07-030630
rhel7STIG_stigrule_204542_Manage: True
rhel7STIG_stigrule_204542__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/passwd -F auid>=1000 -F auid!=4294967295 -k privileged-passwd'
# R-204543 RHEL-07-030640
rhel7STIG_stigrule_204543_Manage: True
rhel7STIG_stigrule_204543__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/unix_chkpwd -F auid>=1000 -F auid!=4294967295 -k privileged-passwd'
# R-204544 RHEL-07-030650
rhel7STIG_stigrule_204544_Manage: True
rhel7STIG_stigrule_204544__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/gpasswd -F auid>=1000 -F auid!=4294967295 -k privileged-passwd'
# R-204545 RHEL-07-030660
rhel7STIG_stigrule_204545_Manage: True
rhel7STIG_stigrule_204545__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/chage -F auid>=1000 -F auid!=4294967295 -k privileged-passwd'
# R-204546 RHEL-07-030670
rhel7STIG_stigrule_204546_Manage: True
rhel7STIG_stigrule_204546__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/userhelper -F auid>=1000 -F auid!=4294967295 -k privileged-passwd'
# R-204547 RHEL-07-030680
rhel7STIG_stigrule_204547_Manage: True
rhel7STIG_stigrule_204547__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/su -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
# R-204548 RHEL-07-030690
rhel7STIG_stigrule_204548_Manage: True
rhel7STIG_stigrule_204548__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/sudo -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
# R-204549 RHEL-07-030700
rhel7STIG_stigrule_204549_Manage: True
rhel7STIG_stigrule_204549__etc_audit_rules_d_audit_rules_sudoers_Line: '-w /etc/sudoers -p wa -k privileged-actions'
rhel7STIG_stigrule_204549__etc_audit_rules_d_audit_rules_sudoers_d_Line: '-w /etc/sudoers.d/ -p wa -k privileged-actions'
# R-204550 RHEL-07-030710
rhel7STIG_stigrule_204550_Manage: True
rhel7STIG_stigrule_204550__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
# R-204551 RHEL-07-030720
rhel7STIG_stigrule_204551_Manage: True
rhel7STIG_stigrule_204551__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/chsh -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change'
# R-204552 RHEL-07-030740
rhel7STIG_stigrule_204552_Manage: True
rhel7STIG_stigrule_204552__etc_audit_rules_d_audit_rules_mount_b32_Line: '-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=4294967295 -k privileged-mount'
rhel7STIG_stigrule_204552__etc_audit_rules_d_audit_rules_mount_b64_Line: '-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=4294967295 -k privileged-mount'
rhel7STIG_stigrule_204552__etc_audit_rules_d_audit_rules__usr_bin_mount_Line: '-a always,exit -F path=/usr/bin/mount -F auid>=1000 -F auid!=4294967295 -k privileged-mount'
# R-204553 RHEL-07-030750
rhel7STIG_stigrule_204553_Manage: True
rhel7STIG_stigrule_204553__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/bin/umount -F auid>=1000 -F auid!=4294967295 -k privileged-mount'
# R-204554 RHEL-07-030760
rhel7STIG_stigrule_204554_Manage: True
rhel7STIG_stigrule_204554__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/postdrop -F auid>=1000 -F auid!=4294967295 -k privileged-postfix'
# R-204555 RHEL-07-030770
rhel7STIG_stigrule_204555_Manage: True
rhel7STIG_stigrule_204555__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/postqueue -F auid>=1000 -F auid!=4294967295 -k privileged-postfix'
# R-204556 RHEL-07-030780
rhel7STIG_stigrule_204556_Manage: True
rhel7STIG_stigrule_204556__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F auid>=1000 -F auid!=4294967295 -k privileged-ssh'
# R-204557 RHEL-07-030800
rhel7STIG_stigrule_204557_Manage: True
rhel7STIG_stigrule_204557__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/crontab -F auid>=1000 -F auid!=4294967295 -k privileged-cron'
# R-204558 RHEL-07-030810
rhel7STIG_stigrule_204558_Manage: True
rhel7STIG_stigrule_204558__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/sbin/pam_timestamp_check -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
# R-204559 RHEL-07-030819
rhel7STIG_stigrule_204559_Manage: True
rhel7STIG_stigrule_204559__etc_audit_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S create_module -k module-change'
rhel7STIG_stigrule_204559__etc_audit_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S create_module -k module-change'
# R-204560 RHEL-07-030820
rhel7STIG_stigrule_204560_Manage: True
rhel7STIG_stigrule_204560__etc_audit_rules_d_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S init_module,finit_module -k modulechange'
rhel7STIG_stigrule_204560__etc_audit_rules_d_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S init_module,finit_module -k modulechange'
# R-204562 RHEL-07-030830
rhel7STIG_stigrule_204562_Manage: True
rhel7STIG_stigrule_204562__etc_audit_rules_d_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S delete_module -k module-change'
rhel7STIG_stigrule_204562__etc_audit_rules_d_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S delete_module -k module-change'
# R-204563 RHEL-07-030840
rhel7STIG_stigrule_204563_Manage: True
rhel7STIG_stigrule_204563__etc_audit_rules_d_audit_rules_Line: '-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules'
# R-204564 RHEL-07-030870
rhel7STIG_stigrule_204564_Manage: True
rhel7STIG_stigrule_204564__etc_audit_rules_d_audit_rules_Line: '-w /etc/passwd -p wa -k identity'
# R-204565 RHEL-07-030871
rhel7STIG_stigrule_204565_Manage: True
rhel7STIG_stigrule_204565__etc_audit_audit_rules_Line: '-w /etc/group -p wa -k identity'
# R-204566 RHEL-07-030872
rhel7STIG_stigrule_204566_Manage: True
rhel7STIG_stigrule_204566__etc_audit_audit_rules_Line: '-w /etc/gshadow -p wa -k identity'
# R-204567 RHEL-07-030873
rhel7STIG_stigrule_204567_Manage: True
rhel7STIG_stigrule_204567__etc_audit_audit_rules_Line: '-w /etc/shadow -p wa -k identity'
# R-204568 RHEL-07-030874
rhel7STIG_stigrule_204568_Manage: True
rhel7STIG_stigrule_204568__etc_audit_audit_rules_Line: '-w /etc/security/opasswd -p wa -k identity'
# R-204572 RHEL-07-030910
rhel7STIG_stigrule_204572_Manage: True
rhel7STIG_stigrule_204572__etc_audit_rules_d_audit_rules_b32_Line: '-a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat,rmdir -F auid>=1000 -F auid!=unset -k delete'
rhel7STIG_stigrule_204572__etc_audit_rules_d_audit_rules_b64_Line: '-a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat,rmdir -F auid>=1000 -F auid!=unset -k delete'
# R-204576 RHEL-07-040000
rhel7STIG_stigrule_204576_Manage: True
rhel7STIG_stigrule_204576__etc_security_limits_conf_Line: '* hard maxlogins 10'
# R-204578 RHEL-07-040110
rhel7STIG_stigrule_204578_Manage: True
rhel7STIG_stigrule_204578_Ciphers_Line: Ciphers aes256-ctr,aes192-ctr,aes128-ctr
# R-204579 RHEL-07-040160
rhel7STIG_stigrule_204579_Manage: True
rhel7STIG_stigrule_204579__etc_profile_d_tmout_sh_Dest: /etc/profile.d/tmout.sh
rhel7STIG_stigrule_204579__etc_profile_d_tmout_sh_Content: '#!/bin/bash
declare -xr TMOUT=900'
# R-204580 RHEL-07-040170
rhel7STIG_stigrule_204580_Manage: True
rhel7STIG_stigrule_204580_banner_Line: banner /etc/issue
# R-204584 RHEL-07-040201
rhel7STIG_stigrule_204584_Manage: True
rhel7STIG_stigrule_204584_kernel_randomize_va_space_Value: 2
# R-204585 RHEL-07-040300
rhel7STIG_stigrule_204585_Manage: True
rhel7STIG_stigrule_204585_openssh_clients_x86_64_State: installed
rhel7STIG_stigrule_204585_openssh_server_x86_64_State: installed
# R-204586 RHEL-07-040310
rhel7STIG_stigrule_204586_Manage: True
rhel7STIG_stigrule_204586_sshd_enable_Enabled: yes
rhel7STIG_stigrule_204586_sshd_start_State: started
# R-204587 RHEL-07-040320
rhel7STIG_stigrule_204587_Manage: True
rhel7STIG_stigrule_204587_ClientAliveInterval_Line: ClientAliveInterval 600
# R-204588 RHEL-07-040330
rhel7STIG_stigrule_204588_Manage: True
rhel7STIG_stigrule_204588_RhostsRSAAuthentication_Line: RhostsRSAAuthentication no
# R-204589 RHEL-07-040340
rhel7STIG_stigrule_204589_Manage: True
rhel7STIG_stigrule_204589_ClientAliveCountMax_Line: ClientAliveCountMax 0
# R-204590 RHEL-07-040350
rhel7STIG_stigrule_204590_Manage: True
rhel7STIG_stigrule_204590_IgnoreRhosts_Line: IgnoreRhosts yes
# R-204591 RHEL-07-040360
rhel7STIG_stigrule_204591_Manage: True
rhel7STIG_stigrule_204591_PrintLastLog_Line: PrintLastLog yes
# R-204592 RHEL-07-040370
rhel7STIG_stigrule_204592_Manage: True
rhel7STIG_stigrule_204592_PermitRootLogin_Line: PermitRootLogin no
# R-204593 RHEL-07-040380
rhel7STIG_stigrule_204593_Manage: True
rhel7STIG_stigrule_204593_IgnoreUserKnownHosts_Line: IgnoreUserKnownHosts yes
# R-204594 RHEL-07-040390
rhel7STIG_stigrule_204594_Manage: True
rhel7STIG_stigrule_204594_Protocol_Line: Protocol 2
# R-204595 RHEL-07-040400
rhel7STIG_stigrule_204595_Manage: True
rhel7STIG_stigrule_204595_MACs_Line: MACs hmac-sha2-512,hmac-sha2-256
# R-204598 RHEL-07-040430
rhel7STIG_stigrule_204598_Manage: True
rhel7STIG_stigrule_204598_GSSAPIAuthentication_Line: GSSAPIAuthentication no
# R-204599 RHEL-07-040440
rhel7STIG_stigrule_204599_Manage: True
rhel7STIG_stigrule_204599_KerberosAuthentication_Line: KerberosAuthentication no
# R-204600 RHEL-07-040450
rhel7STIG_stigrule_204600_Manage: True
rhel7STIG_stigrule_204600_StrictModes_Line: StrictModes yes
# R-204601 RHEL-07-040460
rhel7STIG_stigrule_204601_Manage: True
rhel7STIG_stigrule_204601_UsePrivilegeSeparation_Line: UsePrivilegeSeparation sandbox
# R-204602 RHEL-07-040470
rhel7STIG_stigrule_204602_Manage: True
rhel7STIG_stigrule_204602_Compression_Line: Compression no
# R-204604 RHEL-07-040520
rhel7STIG_stigrule_204604_Manage: True
rhel7STIG_stigrule_204604_firewalld_service_State: installed
rhel7STIG_stigrule_204604_firewalld_active_Enabled: yes
rhel7STIG_stigrule_204604_firewalld_start_State: started
# R-204609 RHEL-07-040610
rhel7STIG_stigrule_204609_Manage: True
rhel7STIG_stigrule_204609_net_ipv4_conf_all_accept_source_route_Value: 0
# R-204610 RHEL-07-040611
rhel7STIG_stigrule_204610_Manage: True
rhel7STIG_stigrule_204610_net_ipv4_conf_all_rp_filter_Value: 1
rhel7STIG_stigrule_204610_net_ipv4_conf_default_rp_filter_Value: 1
# R-204612 RHEL-07-040620
rhel7STIG_stigrule_204612_Manage: True
rhel7STIG_stigrule_204612_net_ipv4_conf_default_accept_source_route_Value: 0
# R-204613 RHEL-07-040630
rhel7STIG_stigrule_204613_Manage: True
rhel7STIG_stigrule_204613_net_ipv4_icmp_echo_ignore_broadcasts_Value: 1
# R-204614 RHEL-07-040640
rhel7STIG_stigrule_204614_Manage: True
rhel7STIG_stigrule_204614_net_ipv4_conf_default_accept_redirects_Value: 0
# R-204615 RHEL-07-040641
rhel7STIG_stigrule_204615_Manage: True
rhel7STIG_stigrule_204615_net_ipv4_conf_all_accept_redirects_Value: 0
# R-204616 RHEL-07-040650
rhel7STIG_stigrule_204616_Manage: True
rhel7STIG_stigrule_204616_net_ipv4_conf_default_send_redirects_Value: 0
# R-204617 RHEL-07-040660
rhel7STIG_stigrule_204617_Manage: True
rhel7STIG_stigrule_204617_net_ipv4_conf_all_send_redirects_Value: 0
# R-204619 RHEL-07-040680
rhel7STIG_stigrule_204619_Manage: True
rhel7STIG_stigrule_204619_postconf__e__smtpd_client_restrictions___permit_mynetworks_reject__Command: postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'
# R-204620 RHEL-07-040690
rhel7STIG_stigrule_204620_Manage: True
rhel7STIG_stigrule_204620_vsftpd_State: removed
# R-204621 RHEL-07-040700
rhel7STIG_stigrule_204621_Manage: True
rhel7STIG_stigrule_204621_tftp_server_State: removed
# R-204622 RHEL-07-040710
rhel7STIG_stigrule_204622_Manage: True
rhel7STIG_stigrule_204622_X11Forwarding_Line: X11Forwarding no
# R-204624 RHEL-07-040730
# Document the requirement for an X Windows server with the ISSO or remove.
rhel7STIG_stigrule_204624_Manage: False
rhel7STIG_stigrule_204624_xorg_x11_server_common_State: removed
# R-204625 RHEL-07-040740
rhel7STIG_stigrule_204625_Manage: True
rhel7STIG_stigrule_204625_net_ipv4_ip_forward_Value: 0
# R-204630 RHEL-07-040830
rhel7STIG_stigrule_204630_Manage: True
rhel7STIG_stigrule_204630_net_ipv6_conf_all_accept_source_route_Value: 0
# R-204631 RHEL-07-041001
rhel7STIG_stigrule_204631_Manage: True
rhel7STIG_stigrule_204631_pam_pkcs11_State: installed
# R-204634 RHEL-07-041010
rhel7STIG_stigrule_204634_Manage: True
rhel7STIG_stigrule_204634_nmcli_radio_wifi_off_Command: nmcli radio wifi off
# R-214937 RHEL-07-010062
rhel7STIG_stigrule_214937_Manage: True
rhel7STIG_stigrule_214937__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/screensaver/lock-enabled'
# R-233307 RHEL-07-040711
rhel7STIG_stigrule_233307_Manage: True
rhel7STIG_stigrule_233307_X11UseLocalhost_Line: X11UseLocalhost yes

4762
collections/ansible_collections/demo/compliance/roles/rhel7STIG/files/U_RHEL_7_STIG_V3R10_Manual-xccdf.xml Normal file
View File

File diff suppressed because one or more lines are too long

11
collections/ansible_collections/demo/compliance/roles/rhel7STIG/handlers/main.yml Normal file
View File

@@ -0,0 +1,11 @@
- name: dconf_update
command: dconf update
- name: auditd_restart
command: /usr/sbin/service auditd restart
- name: ssh_restart
service:
name: sshd
state: restarted
- name: do_reboot
reboot:
pre_reboot_delay: 60

1544
collections/ansible_collections/demo/compliance/roles/rhel7STIG/tasks/main.yml Normal file
View File

File diff suppressed because it is too large Load Diff

86
collections/ansible_collections/demo/compliance/roles/rhel8STIG/callback_plugins/stig_xml.py Normal file
View File

@@ -0,0 +1,86 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
from ansible.plugins.callback import CallbackBase
from time import gmtime, strftime
import platform
import tempfile
import re
import sys
import os
import xml.etree.ElementTree as ET
import xml.dom.minidom
class CallbackModule(CallbackBase):
CALLBACK_VERSION = 2.0
CALLBACK_TYPE = 'xml'
CALLBACK_NAME = 'stig_xml'
CALLBACK_NEEDS_WHITELIST = True
def _get_STIG_path(self):
cwd = os.path.abspath('.')
for dirpath, dirs, files in os.walk(cwd):
if os.path.sep + 'files' in dirpath and '.xml' in files[0]:
return os.path.join(cwd, dirpath, files[0])
def __init__(self):
super(CallbackModule, self).__init__()
self.rules = {}
self.stig_path = os.environ.get('STIG_PATH')
self.XML_path = os.environ.get('XML_PATH')
if self.stig_path is None:
self.stig_path = self._get_STIG_path()
self._display.display('Using STIG_PATH: {}'.format(self.stig_path))
if self.XML_path is None:
self.XML_path = tempfile.mkdtemp() + "/xccdf-results.xml"
self._display.display('Using XML_PATH: {}'.format(self.XML_path))
print("Writing: {}".format(self.XML_path))
STIG_name = os.path.basename(self.stig_path)
ET.register_namespace('cdf', 'http://checklists.nist.gov/xccdf/1.2')
self.tr = ET.Element('{http://checklists.nist.gov/xccdf/1.2}TestResult')
self.tr.set('id', 'xccdf_mil.disa.stig_testresult_scap_mil.disa_comp_{}'.format(STIG_name))
endtime = strftime("%Y-%m-%dT%H:%M:%S", gmtime())
self.tr.set('end-time', endtime)
tg = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}target')
tg.text = platform.node()
def _get_rev(self, nid):
with open(self.stig_path, 'r') as f:
r = 'SV-{}r(?P<rev>\d+)_rule'.format(nid)
m = re.search(r, f.read())
if m:
rev = m.group('rev')
else:
rev = '0'
return rev
def v2_runner_on_ok(self, result):
name = result._task.get_name()
m = re.search('stigrule_(?P<id>\d+)', name)
if m:
nid = m.group('id')
else:
return
rev = self._get_rev(nid)
key = "{}r{}".format(nid, rev)
if self.rules.get(key, 'Unknown') != False:
self.rules[key] = result.is_changed()
def v2_playbook_on_stats(self, stats):
for rule, changed in self.rules.items():
state = 'fail' if changed else 'pass'
rr = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}rule-result')
rr.set('idref', 'xccdf_mil.disa.stig_rule_SV-{}_rule'.format(rule))
rs = ET.SubElement(rr, '{http://checklists.nist.gov/xccdf/1.2}result')
rs.text = state
passing = len(self.rules) - sum(self.rules.values())
sc = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}score')
sc.set('maximum', str(len(self.rules)))
sc.set('system', 'urn:xccdf:scoring:flat-unweighted')
sc.text = str(passing)
with open(self.XML_path, 'wb') as f:
out = ET.tostring(self.tr)
pretty = xml.dom.minidom.parseString(out).toprettyxml(encoding='utf-8')
f.write(pretty)

571
collections/ansible_collections/demo/compliance/roles/rhel8STIG/defaults/main.yml Normal file
View File

@@ -0,0 +1,571 @@
# R-230225 RHEL-08-010040
rhel8STIG_stigrule_230225_Manage: True
rhel8STIG_stigrule_230225_banner_Line: banner /etc/issue
# R-230226 RHEL-08-010050
rhel8STIG_stigrule_230226_Manage: True
rhel8STIG_stigrule_230226__etc_dconf_db_local_d_01_banner_message_Value: '''You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.\nBy using this IS (which includes any device attached to this IS), you consent to the following conditions:\n-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.\n-At any time, the USG may inspect and seize data stored on this IS.\n-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.\n-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.\n-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'''
# R-230227 RHEL-08-010060
rhel8STIG_stigrule_230227_Manage: True
rhel8STIG_stigrule_230227__etc_issue_Dest: /etc/issue
rhel8STIG_stigrule_230227__etc_issue_Content: 'You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
By using this IS (which includes any device attached to this IS), you consent to the following conditions:
-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
-At any time, the USG may inspect and seize data stored on this IS.
-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.
'
# R-230228 RHEL-08-010070
rhel8STIG_stigrule_230228_Manage: True
rhel8STIG_stigrule_230228__etc_rsyslog_conf_Line: 'auth.*;authpriv.*;daemon.* /var/log/secure'
# R-230231 RHEL-08-010110
rhel8STIG_stigrule_230231_Manage: True
rhel8STIG_stigrule_230231__etc_login_defs_Line: 'ENCRYPT_METHOD SHA512'
# R-230236 RHEL-08-010151
rhel8STIG_stigrule_230236_Manage: True
rhel8STIG_stigrule_230236__usr_lib_systemd_system_rescue_service_Value: '-/usr/lib/systemd/systemd-sulogin-shell rescue'
# R-230239 RHEL-08-010162
rhel8STIG_stigrule_230239_Manage: True
rhel8STIG_stigrule_230239_krb5_workstation_State: removed
# R-230240 RHEL-08-010170
rhel8STIG_stigrule_230240_Manage: True
rhel8STIG_stigrule_230240__etc_selinux_config_Line: 'SELINUX=enforcing'
# R-230241 RHEL-08-010171
rhel8STIG_stigrule_230241_Manage: True
rhel8STIG_stigrule_230241_policycoreutils_State: installed
# R-230244 RHEL-08-010200
rhel8STIG_stigrule_230244_Manage: True
rhel8STIG_stigrule_230244_ClientAliveCountMax_Line: ClientAliveCountMax 1
# R-230252 RHEL-08-010291
rhel8STIG_stigrule_230252_Manage: True
rhel8STIG_stigrule_230252__etc_sysconfig_sshd_Line: '# CRYPTO_POLICY='
# R-230255 RHEL-08-010294
rhel8STIG_stigrule_230255_Manage: True
rhel8STIG_stigrule_230255__etc_crypto_policies_back_ends_opensslcnf_config_Line: 'MinProtocol = TLSv1.2'
# R-230256 RHEL-08-010295
rhel8STIG_stigrule_230256_Manage: True
rhel8STIG_stigrule_230256__etc_crypto_policies_back_ends_gnutls_config_Line: '+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0'
# R-230265 RHEL-08-010371
rhel8STIG_stigrule_230265_Manage: True
rhel8STIG_stigrule_230265__etc_dnf_dnf_conf_Value: '1'
# R-230266 RHEL-08-010372
rhel8STIG_stigrule_230266_Manage: True
rhel8STIG_stigrule_230266__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.kexec_load_disabled = 1'
# R-230267 RHEL-08-010373
rhel8STIG_stigrule_230267_Manage: True
rhel8STIG_stigrule_230267__etc_sysctl_d_99_sysctl_conf_Line: 'fs.protected_symlinks = 1'
# R-230268 RHEL-08-010374
rhel8STIG_stigrule_230268_Manage: True
rhel8STIG_stigrule_230268__etc_sysctl_d_99_sysctl_conf_Line: 'fs.protected_hardlinks = 1'
# R-230269 RHEL-08-010375
rhel8STIG_stigrule_230269_Manage: True
rhel8STIG_stigrule_230269__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.dmesg_restrict = 1'
# R-230270 RHEL-08-010376
rhel8STIG_stigrule_230270_Manage: True
rhel8STIG_stigrule_230270__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.perf_event_paranoid = 2'
# R-230273 RHEL-08-010390
rhel8STIG_stigrule_230273_Manage: True
rhel8STIG_stigrule_230273_esc_State: installed
rhel8STIG_stigrule_230273_openssl_pkcs11_State: installed
# R-230275 RHEL-08-010410
rhel8STIG_stigrule_230275_Manage: True
rhel8STIG_stigrule_230275_opensc_State: installed
# R-230280 RHEL-08-010430
rhel8STIG_stigrule_230280_Manage: True
rhel8STIG_stigrule_230280__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.randomize_va_space = 2'
# R-230281 RHEL-08-010440
rhel8STIG_stigrule_230281_Manage: True
rhel8STIG_stigrule_230281__etc_dnf_dnf_conf_Value: 'True'
# R-230282 RHEL-08-010450
rhel8STIG_stigrule_230282_Manage: True
rhel8STIG_stigrule_230282__etc_selinux_config_Line: 'SELINUXTYPE=targeted'
# R-230285 RHEL-08-010471
rhel8STIG_stigrule_230285_Manage: True
rhel8STIG_stigrule_230285_rngd_enable_Enabled: yes
rhel8STIG_stigrule_230285_rngd_start_State: started
# R-230288 RHEL-08-010500
rhel8STIG_stigrule_230288_Manage: True
rhel8STIG_stigrule_230288_StrictModes_Line: StrictModes yes
# R-230290 RHEL-08-010520
rhel8STIG_stigrule_230290_Manage: True
rhel8STIG_stigrule_230290_IgnoreUserKnownHosts_Line: IgnoreUserKnownHosts yes
# R-230291 RHEL-08-010521
rhel8STIG_stigrule_230291_Manage: True
rhel8STIG_stigrule_230291_KerberosAuthentication_Line: KerberosAuthentication no
# R-230296 RHEL-08-010550
rhel8STIG_stigrule_230296_Manage: True
rhel8STIG_stigrule_230296_PermitRootLogin_Line: PermitRootLogin no
# R-230298 RHEL-08-010561
rhel8STIG_stigrule_230298_Manage: True
rhel8STIG_stigrule_230298_rsyslog_enable_Enabled: yes
rhel8STIG_stigrule_230298_rsyslog_start_State: started
# R-230310 RHEL-08-010670
# If kernel core dumps are required, document the need with the ISSO.
rhel8STIG_stigrule_230310_Manage: True
rhel8STIG_stigrule_230310_kdump_disable_Enabled: no
# R-230311 RHEL-08-010671
rhel8STIG_stigrule_230311_Manage: True
rhel8STIG_stigrule_230311__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.core_pattern=|/bin/false'
rhel8STIG_stigrule_230311_kernel_core_pattern_Value: '|/bin/false'
# R-230313 RHEL-08-010673
rhel8STIG_stigrule_230313_Manage: True
rhel8STIG_stigrule_230313__etc_security_limits_conf_Line: '* hard core 0'
# R-230314 RHEL-08-010674
rhel8STIG_stigrule_230314_Manage: True
rhel8STIG_stigrule_230314__etc_systemd_coredump_conf_Line: 'Storage=none'
# R-230315 RHEL-08-010675
rhel8STIG_stigrule_230315_Manage: True
rhel8STIG_stigrule_230315__etc_systemd_coredump_conf_Line: 'ProcessSizeMax=0'
# R-230324 RHEL-08-010760
rhel8STIG_stigrule_230324_Manage: True
rhel8STIG_stigrule_230324__etc_login_defs_Line: 'CREATE_HOME yes'
# R-230329 RHEL-08-010820
rhel8STIG_stigrule_230329_Manage: True
rhel8STIG_stigrule_230329__etc_gdm_custom_conf_Value: 'false'
# R-230330 RHEL-08-010830
rhel8STIG_stigrule_230330_Manage: True
rhel8STIG_stigrule_230330_PermitUserEnvironment_Line: PermitUserEnvironment no
# R-230346 RHEL-08-020024
rhel8STIG_stigrule_230346_Manage: True
rhel8STIG_stigrule_230346__etc_security_limits_conf_Line: '* hard maxlogins 10'
# R-230347 RHEL-08-020030
rhel8STIG_stigrule_230347_Manage: True
rhel8STIG_stigrule_230347__etc_dconf_db_local_d_00_screensaver_Value: 'true'
# R-230348 RHEL-08-020040
rhel8STIG_stigrule_230348_Manage: True
rhel8STIG_stigrule_230348_ensure_tmux_is_installed_State: installed
rhel8STIG_stigrule_230348__etc_tmux_conf_Line: 'set -g lock-command vlock'
# R-230349 RHEL-08-020041
rhel8STIG_stigrule_230349_Manage: True
rhel8STIG_stigrule_230349__etc_bashrc_Line: '[ -n "$PS1" -a -z "$TMUX" ] && exec tmux'
# R-230352 RHEL-08-020060
rhel8STIG_stigrule_230352_Manage: True
rhel8STIG_stigrule_230352__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 900'
# R-230353 RHEL-08-020070
rhel8STIG_stigrule_230353_Manage: True
rhel8STIG_stigrule_230353__etc_tmux_conf_Line: 'set -g lock-after-time 900'
# R-230354 RHEL-08-020080
rhel8STIG_stigrule_230354_Manage: True
rhel8STIG_stigrule_230354__etc_dconf_db_local_d_locks_session_Line: '/org/gnome/desktop/screensaver/lock-delay'
# R-230357 RHEL-08-020110
rhel8STIG_stigrule_230357_Manage: True
rhel8STIG_stigrule_230357__etc_security_pwquality_conf_Line: 'ucredit = -1'
# R-230358 RHEL-08-020120
rhel8STIG_stigrule_230358_Manage: True
rhel8STIG_stigrule_230358__etc_security_pwquality_conf_Line: 'lcredit = -1'
# R-230359 RHEL-08-020130
rhel8STIG_stigrule_230359_Manage: True
rhel8STIG_stigrule_230359__etc_security_pwquality_conf_Line: 'dcredit = -1'
# R-230360 RHEL-08-020140
rhel8STIG_stigrule_230360_Manage: True
rhel8STIG_stigrule_230360__etc_security_pwquality_conf_Line: 'maxclassrepeat = 4'
# R-230361 RHEL-08-020150
rhel8STIG_stigrule_230361_Manage: True
rhel8STIG_stigrule_230361__etc_security_pwquality_conf_Line: 'maxrepeat = 3'
# R-230362 RHEL-08-020160
rhel8STIG_stigrule_230362_Manage: True
rhel8STIG_stigrule_230362__etc_security_pwquality_conf_Line: 'minclass = 4'
# R-230363 RHEL-08-020170
rhel8STIG_stigrule_230363_Manage: True
rhel8STIG_stigrule_230363__etc_security_pwquality_conf_Line: 'difok = 8'
# R-230365 RHEL-08-020190
rhel8STIG_stigrule_230365_Manage: True
rhel8STIG_stigrule_230365__etc_login_defs_Line: 'PASS_MIN_DAYS 1'
# R-230366 RHEL-08-020200
rhel8STIG_stigrule_230366_Manage: True
rhel8STIG_stigrule_230366__etc_login_defs_Line: 'PASS_MAX_DAYS 60'
# R-230369 RHEL-08-020230
rhel8STIG_stigrule_230369_Manage: True
rhel8STIG_stigrule_230369__etc_security_pwquality_conf_Line: 'minlen = 15'
# R-230370 RHEL-08-020231
rhel8STIG_stigrule_230370_Manage: True
rhel8STIG_stigrule_230370__etc_login_defs_Line: 'PASS_MIN_LEN 15'
# R-230375 RHEL-08-020280
rhel8STIG_stigrule_230375_Manage: True
rhel8STIG_stigrule_230375__etc_security_pwquality_conf_Line: 'ocredit = -1'
# R-230377 RHEL-08-020300
rhel8STIG_stigrule_230377_Manage: True
rhel8STIG_stigrule_230377__etc_security_pwquality_conf_Line: 'dictcheck = 1'
# R-230378 RHEL-08-020310
rhel8STIG_stigrule_230378_Manage: True
rhel8STIG_stigrule_230378__etc_login_defs_Line: 'FAIL_DELAY 4'
# R-230382 RHEL-08-020350
rhel8STIG_stigrule_230382_Manage: True
rhel8STIG_stigrule_230382_PrintLastLog_Line: PrintLastLog yes
# R-230383 RHEL-08-020351
rhel8STIG_stigrule_230383_Manage: True
rhel8STIG_stigrule_230383__etc_login_defs_Line: 'UMASK 077'
# R-230386 RHEL-08-030000
rhel8STIG_stigrule_230386_Manage: True
rhel8STIG_stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b32_Line: '-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k execpriv'
rhel8STIG_stigrule_230386__etc_audit_rules_d_audit_rules_execve_euid_b64_Line: '-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k execpriv'
rhel8STIG_stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b32_Line: '-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k execpriv'
rhel8STIG_stigrule_230386__etc_audit_rules_d_audit_rules_execve_egid_b64_Line: '-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k execpriv'
# R-230387 RHEL-08-030010
rhel8STIG_stigrule_230387_Manage: True
rhel8STIG_stigrule_230387__etc_rsyslog_conf_Line: 'cron.* /var/log/cron'
# R-230388 RHEL-08-030020
rhel8STIG_stigrule_230388_Manage: True
rhel8STIG_stigrule_230388__etc_audit_auditd_conf_Line: 'action_mail_acct = root'
# R-230389 RHEL-08-030030
rhel8STIG_stigrule_230389_Manage: True
rhel8STIG_stigrule_230389__etc_aliases_Line: 'postmaster: root'
# R-230390 RHEL-08-030040
rhel8STIG_stigrule_230390_Manage: True
rhel8STIG_stigrule_230390__etc_audit_auditd_conf_Line: 'disk_error_action = HALT'
# R-230392 RHEL-08-030060
rhel8STIG_stigrule_230392_Manage: True
rhel8STIG_stigrule_230392__etc_audit_auditd_conf_Line: 'disk_full_action = HALT'
# R-230393 RHEL-08-030061
rhel8STIG_stigrule_230393_Manage: True
rhel8STIG_stigrule_230393__etc_audit_auditd_conf_Line: 'local_events = yes'
# R-230394 RHEL-08-030062
rhel8STIG_stigrule_230394_Manage: True
rhel8STIG_stigrule_230394__etc_audit_auditd_conf_Line: 'name_format = hostname'
# R-230395 RHEL-08-030063
rhel8STIG_stigrule_230395_Manage: True
rhel8STIG_stigrule_230395__etc_audit_auditd_conf_Line: 'log_format = ENRICHED'
# R-230396 RHEL-08-030070
rhel8STIG_stigrule_230396_Manage: True
rhel8STIG_stigrule_230396__etc_audit_auditd_conf_Line: 'log_group = root'
# R-230398 RHEL-08-030090
# A duplicate of 230396
# duplicate of 230396
# R-230402 RHEL-08-030121
rhel8STIG_stigrule_230402_Manage: True
rhel8STIG_stigrule_230402__etc_audit_rules_d_audit_rules_e2_Line: '-e 2'
# R-230403 RHEL-08-030122
rhel8STIG_stigrule_230403_Manage: True
rhel8STIG_stigrule_230403__etc_audit_rules_d_audit_rules_loginuid_immutable_Line: '--loginuid-immutable'
# R-230404 RHEL-08-030130
rhel8STIG_stigrule_230404_Manage: True
rhel8STIG_stigrule_230404__etc_audit_rules_d_audit_rules__etc_shadow_Line: '-w /etc/shadow -p wa -k identity'
# R-230405 RHEL-08-030140
rhel8STIG_stigrule_230405_Manage: True
rhel8STIG_stigrule_230405__etc_audit_rules_d_audit_rules__etc_security_opasswd_Line: '-w /etc/security/opasswd -p wa -k identity'
# R-230406 RHEL-08-030150
rhel8STIG_stigrule_230406_Manage: True
rhel8STIG_stigrule_230406__etc_audit_rules_d_audit_rules__etc_passwd_Line: '-w /etc/passwd -p wa -k identity'
# R-230407 RHEL-08-030160
rhel8STIG_stigrule_230407_Manage: True
rhel8STIG_stigrule_230407__etc_audit_rules_d_audit_rules__etc_gshadow_Line: '-w /etc/gshadow -p wa -k identity'
# R-230408 RHEL-08-030170
rhel8STIG_stigrule_230408_Manage: True
rhel8STIG_stigrule_230408__etc_audit_rules_d_audit_rules__etc_group_Line: '-w /etc/group -p wa -k identity'
# R-230409 RHEL-08-030171
rhel8STIG_stigrule_230409_Manage: True
rhel8STIG_stigrule_230409__etc_audit_rules_d_audit_rules__etc_sudoers_Line: '-w /etc/sudoers -p wa -k identity'
# R-230410 RHEL-08-030172
rhel8STIG_stigrule_230410_Manage: True
rhel8STIG_stigrule_230410__etc_audit_rules_d_audit_rules__etc_sudoers_d__Line: '-w /etc/sudoers.d/ -p wa -k identity'
# R-230411 RHEL-08-030180
rhel8STIG_stigrule_230411_Manage: True
rhel8STIG_stigrule_230411_audit_State: installed
# R-230412 RHEL-08-030190
rhel8STIG_stigrule_230412_Manage: True
rhel8STIG_stigrule_230412__etc_audit_rules_d_audit_rules__usr_bin_su_Line: '-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=unset -k privileged-priv_change'
# R-230413 RHEL-08-030200
rhel8STIG_stigrule_230413_Manage: True
rhel8STIG_stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32_unset_Line: '-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod'
rhel8STIG_stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64_unset_Line: '-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid>=1000 -F auid!=unset -k perm_mod'
rhel8STIG_stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b32_Line: '-a always,exit -F arch=b32 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod'
rhel8STIG_stigrule_230413__etc_audit_rules_d_audit_rules_lremovexattr_b64_Line: '-a always,exit -F arch=b64 -S setxattr,fsetxattr,lsetxattr,removexattr,fremovexattr,lremovexattr -F auid=0 -k perm_mod'
# R-230418 RHEL-08-030250
rhel8STIG_stigrule_230418_Manage: True
rhel8STIG_stigrule_230418__etc_audit_rules_d_audit_rules__usr_bin_chage_Line: '-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-chage'
# R-230419 RHEL-08-030260
rhel8STIG_stigrule_230419_Manage: True
rhel8STIG_stigrule_230419__etc_audit_rules_d_audit_rules__usr_bin_chcon_Line: '-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod'
# R-230421 RHEL-08-030280
rhel8STIG_stigrule_230421_Manage: True
rhel8STIG_stigrule_230421__etc_audit_rules_d_audit_rules__usr_bin_ssh_agent_Line: '-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh'
# R-230422 RHEL-08-030290
rhel8STIG_stigrule_230422_Manage: True
rhel8STIG_stigrule_230422__etc_audit_rules_d_audit_rules__usr_bin_passwd_Line: '-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-passwd'
# R-230423 RHEL-08-030300
rhel8STIG_stigrule_230423_Manage: True
rhel8STIG_stigrule_230423__etc_audit_rules_d_audit_rules__usr_bin_mount_Line: '-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount'
# R-230424 RHEL-08-030301
rhel8STIG_stigrule_230424_Manage: True
rhel8STIG_stigrule_230424__etc_audit_rules_d_audit_rules__usr_bin_umount_Line: '-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=unset -k privileged-mount'
# R-230425 RHEL-08-030302
rhel8STIG_stigrule_230425_Manage: True
rhel8STIG_stigrule_230425__etc_audit_rules_d_audit_rules_mount_b32_Line: '-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=unset -k privileged-mount'
rhel8STIG_stigrule_230425__etc_audit_rules_d_audit_rules_mount_b64_Line: '-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=unset -k privileged-mount'
# R-230426 RHEL-08-030310
rhel8STIG_stigrule_230426_Manage: True
rhel8STIG_stigrule_230426__etc_audit_rules_d_audit_rules__usr_sbin_unix_update_Line: '-a always,exit -F path=/usr/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
# R-230427 RHEL-08-030311
rhel8STIG_stigrule_230427_Manage: True
rhel8STIG_stigrule_230427__etc_audit_rules_d_audit_rules__usr_sbin_postdrop_Line: '-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
# R-230428 RHEL-08-030312
rhel8STIG_stigrule_230428_Manage: True
rhel8STIG_stigrule_230428__etc_audit_rules_d_audit_rules__usr_sbin_postqueue_Line: '-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
# R-230429 RHEL-08-030313
rhel8STIG_stigrule_230429_Manage: True
rhel8STIG_stigrule_230429__etc_audit_rules_d_audit_rules__usr_sbin_semanage_Line: '-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
# R-230430 RHEL-08-030314
rhel8STIG_stigrule_230430_Manage: True
rhel8STIG_stigrule_230430__etc_audit_rules_d_audit_rules__usr_sbin_setfiles_Line: '-a always,exit -F path=/usr/sbin/setfiles -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
# R-230431 RHEL-08-030315
rhel8STIG_stigrule_230431_Manage: True
rhel8STIG_stigrule_230431__etc_audit_rules_d_audit_rules__usr_sbin_userhelper_Line: '-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
# R-230432 RHEL-08-030316
rhel8STIG_stigrule_230432_Manage: True
rhel8STIG_stigrule_230432__etc_audit_rules_d_audit_rules__usr_sbin_setsebool_Line: '-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
# R-230433 RHEL-08-030317
rhel8STIG_stigrule_230433_Manage: True
rhel8STIG_stigrule_230433__etc_audit_rules_d_audit_rules__usr_sbin_unix_chkpwd_Line: '-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-unix-update'
# R-230434 RHEL-08-030320
rhel8STIG_stigrule_230434_Manage: True
rhel8STIG_stigrule_230434__etc_audit_rules_d_audit_rules__usr_libexec_openssh_ssh_keysign_Line: '-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=unset -k privileged-ssh'
# R-230435 RHEL-08-030330
rhel8STIG_stigrule_230435_Manage: True
rhel8STIG_stigrule_230435__etc_audit_rules_d_audit_rules__usr_bin_setfacl_Line: '-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod'
# R-230436 RHEL-08-030340
rhel8STIG_stigrule_230436_Manage: True
rhel8STIG_stigrule_230436__etc_audit_rules_d_audit_rules__usr_sbin_pam_timestamp_check_Line: '-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=unset -k privileged-pam_timestamp_check'
# R-230437 RHEL-08-030350
rhel8STIG_stigrule_230437_Manage: True
rhel8STIG_stigrule_230437__etc_audit_rules_d_audit_rules__usr_bin_newgrp_Line: '-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd'
# R-230438 RHEL-08-030360
rhel8STIG_stigrule_230438_Manage: True
rhel8STIG_stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b32_Line: '-a always,exit -F arch=b32 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng'
rhel8STIG_stigrule_230438__etc_audit_rules_d_audit_rules_init_module_b64_Line: '-a always,exit -F arch=b64 -S init_module,finit_module -F auid>=1000 -F auid!=unset -k module_chng'
# R-230439 RHEL-08-030361
rhel8STIG_stigrule_230439_Manage: True
rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b32_Line: '-a always,exit -F arch=b32 -S rename -F auid>=1000 -F auid!=unset -k module_chng'
rhel8STIG_stigrule_230439__etc_audit_rules_d_audit_rules_rename_b64_Line: '-a always,exit -F arch=b64 -S rename -F auid>=1000 -F auid!=unset -k module_chng'
# R-230444 RHEL-08-030370
rhel8STIG_stigrule_230444_Manage: True
rhel8STIG_stigrule_230444__etc_audit_rules_d_audit_rules__usr_bin_gpasswd_Line: '-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=unset -k privileged-gpasswd'
# R-230446 RHEL-08-030390
rhel8STIG_stigrule_230446_Manage: True
rhel8STIG_stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b32_Line: '-a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng'
rhel8STIG_stigrule_230446__etc_audit_rules_d_audit_rules_delete_module_b64_Line: '-a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=unset -k module_chng'
# R-230447 RHEL-08-030400
rhel8STIG_stigrule_230447_Manage: True
rhel8STIG_stigrule_230447__etc_audit_rules_d_audit_rules__usr_bin_crontab_Line: '-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=unset -k privileged-crontab'
# R-230448 RHEL-08-030410
rhel8STIG_stigrule_230448_Manage: True
rhel8STIG_stigrule_230448__etc_audit_rules_d_audit_rules__usr_bin_chsh_Line: '-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd'
# R-230449 RHEL-08-030420
rhel8STIG_stigrule_230449_Manage: True
rhel8STIG_stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b32_Line: '-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access'
rhel8STIG_stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EPERM_b64_Line: '-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=unset -k perm_access'
rhel8STIG_stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b32_Line: '-a always,exit -F arch=b32 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access'
rhel8STIG_stigrule_230449__etc_audit_rules_d_audit_rules_truncate_EACCES_b64_Line: '-a always,exit -F arch=b64 -S truncate,ftruncate,creat,open,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=unset -k perm_access'
# R-230455 RHEL-08-030480
rhel8STIG_stigrule_230455_Manage: True
rhel8STIG_stigrule_230455__etc_audit_rules_d_audit_rules_chown_b32_Line: '-a always,exit -F arch=b32 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod'
rhel8STIG_stigrule_230455__etc_audit_rules_d_audit_rules_chown_b64_Line: '-a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=unset -k perm_mod'
# R-230456 RHEL-08-030490
rhel8STIG_stigrule_230456_Manage: True
rhel8STIG_stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b32_Line: '-a always,exit -F arch=b32 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod'
rhel8STIG_stigrule_230456__etc_audit_rules_d_audit_rules_chmod_b64_Line: '-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=unset -k perm_mod'
# R-230462 RHEL-08-030550
rhel8STIG_stigrule_230462_Manage: True
rhel8STIG_stigrule_230462__etc_audit_rules_d_audit_rules__usr_bin_sudo_Line: '-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=unset -k priv_cmd'
# R-230463 RHEL-08-030560
rhel8STIG_stigrule_230463_Manage: True
rhel8STIG_stigrule_230463__etc_audit_rules_d_audit_rules__usr_sbin_usermod_Line: '-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=unset -k privileged-usermod'
# R-230464 RHEL-08-030570
rhel8STIG_stigrule_230464_Manage: True
rhel8STIG_stigrule_230464__etc_audit_rules_d_audit_rules__usr_bin_chacl_Line: '-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=unset -k perm_mod'
# R-230465 RHEL-08-030580
rhel8STIG_stigrule_230465_Manage: True
rhel8STIG_stigrule_230465__etc_audit_rules_d_audit_rules__usr_bin_kmod_Line: '-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -k modules'
# R-230466 RHEL-08-030590
rhel8STIG_stigrule_230466_Manage: True
rhel8STIG_stigrule_230466__etc_audit_rules_d_audit_rules__var_log_faillock_Line: '-w /var/log/faillock -p wa -k logins'
# R-230467 RHEL-08-030600
rhel8STIG_stigrule_230467_Manage: True
rhel8STIG_stigrule_230467__etc_audit_rules_d_audit_rules__var_log_lastlog_Line: '-w /var/log/lastlog -p wa -k logins'
# R-230477 RHEL-08-030670
rhel8STIG_stigrule_230477_Manage: True
rhel8STIG_stigrule_230477_rsyslog_State: installed
# R-230478 RHEL-08-030680
rhel8STIG_stigrule_230478_Manage: True
rhel8STIG_stigrule_230478_rsyslog_gnutls_State: installed
# R-230480 RHEL-08-030700
rhel8STIG_stigrule_230480_Manage: True
rhel8STIG_stigrule_230480__etc_audit_auditd_conf_Line: 'overflow_action = syslog'
# R-230481 RHEL-08-030710
rhel8STIG_stigrule_230481_Manage: True
rhel8STIG_stigrule_230481__etc_rsyslog_conf_DefaultNetstreamDriver_Line: '$DefaultNetstreamDriver gtls'
rhel8STIG_stigrule_230481__etc_rsyslog_conf_ActionSendStreamDriverMode_Line: '$ActionSendStreamDriverMode 1'
# R-230482 RHEL-08-030720
rhel8STIG_stigrule_230482_Manage: True
rhel8STIG_stigrule_230482__etc_rsyslog_conf_DefaultNetstreamDriver_Line: '$ActionSendStreamDriverAuthMode x509/name'
# R-230483 RHEL-08-030730
rhel8STIG_stigrule_230483_Manage: True
rhel8STIG_stigrule_230483__etc_audit_auditd_conf_space_left_Line: 'space_left = 25%'
# R-230487 RHEL-08-040000
rhel8STIG_stigrule_230487_Manage: True
rhel8STIG_stigrule_230487_telnet_server_State: removed
# R-230488 RHEL-08-040001
rhel8STIG_stigrule_230488_Manage: True
rhel8STIG_stigrule_230488_abrt__State: removed
# R-230489 RHEL-08-040002
rhel8STIG_stigrule_230489_Manage: True
rhel8STIG_stigrule_230489_sendmail_State: removed
# R-230492 RHEL-08-040010
rhel8STIG_stigrule_230492_Manage: True
rhel8STIG_stigrule_230492_rsh_server_State: removed
# R-230502 RHEL-08-040070
rhel8STIG_stigrule_230502_Manage: True
rhel8STIG_stigrule_230502_autofs_stop_State: stopped
rhel8STIG_stigrule_230502_autofs_disable_Enabled: no
# R-230505 RHEL-08-040100
rhel8STIG_stigrule_230505_Manage: True
rhel8STIG_stigrule_230505_firewalld_noarch_State: installed
# R-230506 RHEL-08-040110
rhel8STIG_stigrule_230506_Manage: True
rhel8STIG_stigrule_230506_nmcli_radio_wifi_off_Command: nmcli radio wifi off
# R-230526 RHEL-08-040160
rhel8STIG_stigrule_230526_Manage: True
rhel8STIG_stigrule_230526_ensure_openssh_server_x86_64_is_installed_State: installed
rhel8STIG_stigrule_230526_sshd_enable_Enabled: yes
# R-230527 RHEL-08-040161
rhel8STIG_stigrule_230527_Manage: True
rhel8STIG_stigrule_230527_RekeyLimit_Line: RekeyLimit 1G 1h
# R-230529 RHEL-08-040170
rhel8STIG_stigrule_230529_Manage: True
rhel8STIG_stigrule_230529_systemctl_mask_ctrl_alt_del_target_Command: systemctl mask ctrl-alt-del.target
# R-230531 RHEL-08-040172
rhel8STIG_stigrule_230531_Manage: True
rhel8STIG_stigrule_230531__etc_systemd_system_conf_Value: 'none'
# R-230533 RHEL-08-040190
rhel8STIG_stigrule_230533_Manage: True
rhel8STIG_stigrule_230533_tftp_server_State: removed
# R-230535 RHEL-08-040210
rhel8STIG_stigrule_230535_Manage: True
rhel8STIG_stigrule_230535_net_ipv6_conf_default_accept_redirects_Value: 0
# R-230536 RHEL-08-040220
rhel8STIG_stigrule_230536_Manage: True
rhel8STIG_stigrule_230536_net_ipv4_conf_all_send_redirects_Value: 0
# R-230537 RHEL-08-040230
rhel8STIG_stigrule_230537_Manage: True
rhel8STIG_stigrule_230537_net_ipv4_icmp_echo_ignore_broadcasts_Value: 1
# R-230538 RHEL-08-040240
rhel8STIG_stigrule_230538_Manage: True
rhel8STIG_stigrule_230538_net_ipv6_conf_all_accept_source_route_Value: 0
# R-230539 RHEL-08-040250
rhel8STIG_stigrule_230539_Manage: True
rhel8STIG_stigrule_230539_net_ipv6_conf_default_accept_source_route_Value: 0
# R-230540 RHEL-08-040260
rhel8STIG_stigrule_230540_Manage: True
rhel8STIG_stigrule_230540_net_ipv4_ip_forward_Value: 0
rhel8STIG_stigrule_230540_net_ipv6_conf_all_forwarding_Value: 0
# R-230541 RHEL-08-040261
rhel8STIG_stigrule_230541_Manage: True
rhel8STIG_stigrule_230541_net_ipv6_conf_all_accept_ra_Value: 0
# R-230542 RHEL-08-040262
rhel8STIG_stigrule_230542_Manage: True
rhel8STIG_stigrule_230542_net_ipv6_conf_default_accept_ra_Value: 0
# R-230543 RHEL-08-040270
rhel8STIG_stigrule_230543_Manage: True
rhel8STIG_stigrule_230543_net_ipv4_conf_default_send_redirects_Value: 0
# R-230544 RHEL-08-040280
rhel8STIG_stigrule_230544_Manage: True
rhel8STIG_stigrule_230544_net_ipv6_conf_all_accept_redirects_Value: 0
# R-230545 RHEL-08-040281
rhel8STIG_stigrule_230545_Manage: True
rhel8STIG_stigrule_230545__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.unprivileged_bpf_disabled = 1'
# R-230546 RHEL-08-040282
rhel8STIG_stigrule_230546_Manage: True
rhel8STIG_stigrule_230546__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.yama.ptrace_scope = 1'
rhel8STIG_stigrule_230546_kernel_yama_ptrace_scope_Value: 1
# R-230547 RHEL-08-040283
rhel8STIG_stigrule_230547_Manage: True
rhel8STIG_stigrule_230547__etc_sysctl_d_99_sysctl_conf_Line: 'kernel.kptr_restrict = 1'
# R-230548 RHEL-08-040284
rhel8STIG_stigrule_230548_Manage: True
rhel8STIG_stigrule_230548__etc_sysctl_d_99_sysctl_conf_Line: 'user.max_user_namespaces = 0'
rhel8STIG_stigrule_230548_user_max_user_namespaces_Value: 0
# R-230549 RHEL-08-040285
rhel8STIG_stigrule_230549_Manage: True
rhel8STIG_stigrule_230549__etc_sysctl_d_99_sysctl_conf_Line: 'net.ipv4.conf.all.rp_filter = 1'
# R-230555 RHEL-08-040340
rhel8STIG_stigrule_230555_Manage: True
rhel8STIG_stigrule_230555_X11Forwarding_Line: X11Forwarding no
# R-230556 RHEL-08-040341
rhel8STIG_stigrule_230556_Manage: True
rhel8STIG_stigrule_230556_X11UseLocalhost_Line: X11UseLocalhost yes
# R-230558 RHEL-08-040360
rhel8STIG_stigrule_230558_Manage: True
rhel8STIG_stigrule_230558_vsftpd_State: removed
# R-230559 RHEL-08-040370
rhel8STIG_stigrule_230559_Manage: True
rhel8STIG_stigrule_230559_gssproxy_State: removed
# R-230560 RHEL-08-040380
rhel8STIG_stigrule_230560_Manage: True
rhel8STIG_stigrule_230560_iprutils_State: removed
# R-230561 RHEL-08-040390
rhel8STIG_stigrule_230561_Manage: True
rhel8STIG_stigrule_230561_tuned_State: removed
# R-244519 RHEL-08-010049
rhel8STIG_stigrule_244519_Manage: True
rhel8STIG_stigrule_244519__etc_dconf_db_local_d_01_banner_message_Value: 'true'
# R-244523 RHEL-08-010152
rhel8STIG_stigrule_244523_Manage: True
rhel8STIG_stigrule_244523__usr_lib_systemd_system_emergency_service_Value: '-/usr/lib/systemd/systemd-sulogin-shell emergency'
# R-244525 RHEL-08-010201
rhel8STIG_stigrule_244525_Manage: True
rhel8STIG_stigrule_244525_ClientAliveInterval_Line: ClientAliveInterval 600
# R-244527 RHEL-08-010472
rhel8STIG_stigrule_244527_Manage: True
rhel8STIG_stigrule_244527_rng_tools_State: installed
# R-244528 RHEL-08-010522
rhel8STIG_stigrule_244528_Manage: True
rhel8STIG_stigrule_244528_GSSAPIAuthentication_Line: GSSAPIAuthentication no
# R-244535 RHEL-08-020031
rhel8STIG_stigrule_244535_Manage: True
rhel8STIG_stigrule_244535__etc_dconf_db_local_d_00_screensaver_Value: 'uint32 5'
# R-244536 RHEL-08-020032
rhel8STIG_stigrule_244536_Manage: True
rhel8STIG_stigrule_244536__etc_dconf_db_local_d_02_login_screen_Value: 'true'
# R-244537 RHEL-08-020039
rhel8STIG_stigrule_244537_Manage: True
rhel8STIG_stigrule_244537_tmux_State: installed
# R-244538 RHEL-08-020081
rhel8STIG_stigrule_244538_Manage: True
rhel8STIG_stigrule_244538__etc_dconf_db_local_d_locks_session_idle_delay_Line: '/org/gnome/desktop/session/idle-delay'
# R-244539 RHEL-08-020082
rhel8STIG_stigrule_244539_Manage: True
rhel8STIG_stigrule_244539__etc_dconf_db_local_d_locks_session_lock_enabled_Line: '/org/gnome/desktop/screensaver/lock-enabled'
# R-244542 RHEL-08-030181
rhel8STIG_stigrule_244542_Manage: True
rhel8STIG_stigrule_244542_auditd_enable_Enabled: yes
rhel8STIG_stigrule_244542_auditd_start_State: started
# R-244543 RHEL-08-030731
rhel8STIG_stigrule_244543_Manage: True
rhel8STIG_stigrule_244543__etc_audit_auditd_conf_space_left_action_Line: 'space_left_action = email'
# R-244544 RHEL-08-040101
rhel8STIG_stigrule_244544_Manage: True
rhel8STIG_stigrule_244544_firewalld_enable_Enabled: yes
# R-244549 RHEL-08-040159
rhel8STIG_stigrule_244549_Manage: True
rhel8STIG_stigrule_244549_openssh_server_x86_64_State: installed
# R-244550 RHEL-08-040209
rhel8STIG_stigrule_244550_Manage: True
rhel8STIG_stigrule_244550_net_ipv4_conf_default_accept_redirects_Value: 0
# R-244551 RHEL-08-040239
rhel8STIG_stigrule_244551_Manage: True
rhel8STIG_stigrule_244551_net_ipv4_conf_all_accept_source_route_Value: 0
# R-244552 RHEL-08-040249
rhel8STIG_stigrule_244552_Manage: True
rhel8STIG_stigrule_244552_net_ipv4_conf_default_accept_source_route_Value: 0
# R-244553 RHEL-08-040279
rhel8STIG_stigrule_244553_Manage: True
rhel8STIG_stigrule_244553_net_ipv4_conf_all_accept_redirects_Value: 0
# R-244554 RHEL-08-040286
rhel8STIG_stigrule_244554_Manage: True
rhel8STIG_stigrule_244554__etc_sysctl_d_99_sysctl_conf_Line: 'net.core.bpf_jit_harden = 2'

7608
collections/ansible_collections/demo/compliance/roles/rhel8STIG/files/U_RHEL_8_STIG_V1R9_Manual-xccdf.xml Normal file
View File

File diff suppressed because one or more lines are too long

11
collections/ansible_collections/demo/compliance/roles/rhel8STIG/handlers/main.yml Normal file
View File

@@ -0,0 +1,11 @@
- name: dconf_update
command: dconf update
- name: auditd_restart
command: /usr/sbin/service auditd restart
- name: ssh_restart
service:
name: sshd
state: restarted
- name: do_reboot
reboot:
pre_reboot_delay: 60

1800
collections/ansible_collections/demo/compliance/roles/rhel8STIG/tasks/main.yml Normal file
View File

File diff suppressed because it is too large Load Diff

86
collections/ansible_collections/demo/compliance/roles/win2022STIG/callback_plugins/stig_xml.py Normal file
View File

@@ -0,0 +1,86 @@
from __future__ import (absolute_import, division, print_function)
__metaclass__ = type
from ansible.plugins.callback import CallbackBase
from time import gmtime, strftime
import platform
import tempfile
import re
import sys
import os
import xml.etree.ElementTree as ET
import xml.dom.minidom
class CallbackModule(CallbackBase):
CALLBACK_VERSION = 2.0
CALLBACK_TYPE = 'xml'
CALLBACK_NAME = 'stig_xml'
CALLBACK_NEEDS_WHITELIST = True
def _get_STIG_path(self):
cwd = os.path.abspath('.')
for dirpath, dirs, files in os.walk(cwd):
if os.path.sep + 'files' in dirpath and '.xml' in files[0]:
return os.path.join(cwd, dirpath, files[0])
def __init__(self):
super(CallbackModule, self).__init__()
self.rules = {}
self.stig_path = os.environ.get('STIG_PATH')
self.XML_path = os.environ.get('XML_PATH')
if self.stig_path is None:
self.stig_path = self._get_STIG_path()
self._display.display('Using STIG_PATH: {}'.format(self.stig_path))
if self.XML_path is None:
self.XML_path = tempfile.mkdtemp() + "/xccdf-results.xml"
self._display.display('Using XML_PATH: {}'.format(self.XML_path))
print("Writing: {}".format(self.XML_path))
STIG_name = os.path.basename(self.stig_path)
ET.register_namespace('cdf', 'http://checklists.nist.gov/xccdf/1.2')
self.tr = ET.Element('{http://checklists.nist.gov/xccdf/1.2}TestResult')
self.tr.set('id', 'xccdf_mil.disa.stig_testresult_scap_mil.disa_comp_{}'.format(STIG_name))
endtime = strftime("%Y-%m-%dT%H:%M:%S", gmtime())
self.tr.set('end-time', endtime)
tg = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}target')
tg.text = platform.node()
def _get_rev(self, nid):
with open(self.stig_path, 'r') as f:
r = 'SV-{}r(?P<rev>\d+)_rule'.format(nid)
m = re.search(r, f.read())
if m:
rev = m.group('rev')
else:
rev = '0'
return rev
def v2_runner_on_ok(self, result):
name = result._task.get_name()
m = re.search('stigrule_(?P<id>\d+)', name)
if m:
nid = m.group('id')
else:
return
rev = self._get_rev(nid)
key = "{}r{}".format(nid, rev)
if self.rules.get(key, 'Unknown') != False:
self.rules[key] = result.is_changed()
def v2_playbook_on_stats(self, stats):
for rule, changed in self.rules.items():
state = 'fail' if changed else 'pass'
rr = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}rule-result')
rr.set('idref', 'xccdf_mil.disa.stig_rule_SV-{}_rule'.format(rule))
rs = ET.SubElement(rr, '{http://checklists.nist.gov/xccdf/1.2}result')
rs.text = state
passing = len(self.rules) - sum(self.rules.values())
sc = ET.SubElement(self.tr, '{http://checklists.nist.gov/xccdf/1.2}score')
sc.set('maximum', str(len(self.rules)))
sc.set('system', 'urn:xccdf:scoring:flat-unweighted')
sc.text = str(passing)
with open(self.XML_path, 'wb') as f:
out = ET.tostring(self.tr)
pretty = xml.dom.minidom.parseString(out).toprettyxml(encoding='utf-8')
f.write(pretty)

939
collections/ansible_collections/demo/compliance/roles/win2022STIG/defaults/main.yml Normal file
View File

@@ -0,0 +1,939 @@
# R-254269 WN22-00-000320
win2022STIG_stigrule_254269_Manage: True
win2022STIG_stigrule_254269_Fax_State: absent
# R-254270 WN22-00-000330
win2022STIG_stigrule_254270_Manage: True
win2022STIG_stigrule_254270_Web_Ftp_Service_State: absent
# R-254271 WN22-00-000340
win2022STIG_stigrule_254271_Manage: True
win2022STIG_stigrule_254271_PNRP_State: absent
# R-254272 WN22-00-000350
win2022STIG_stigrule_254272_Manage: True
win2022STIG_stigrule_254272_Simple_TCPIP_State: absent
# R-254273 WN22-00-000360
win2022STIG_stigrule_254273_Manage: True
win2022STIG_stigrule_254273_Telnet_Client_State: absent
# R-254275 WN22-00-000380
win2022STIG_stigrule_254275_Manage: True
win2022STIG_stigrule_254275_FS_SMB1_State: absent
# R-254276 WN22-00-000390
win2022STIG_stigrule_254276_Manage: True
win2022STIG_stigrule_254276_SMB1_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\'
win2022STIG_stigrule_254276_SMB1_State: 'Present'
win2022STIG_stigrule_254276_SMB1_ValueData: '0'
win2022STIG_stigrule_254276_SMB1_ValueType: 'Dword'
win2022STIG_stigrule_254276_TFTP_Client_State: absent
# R-254277 WN22-00-000400
win2022STIG_stigrule_254277_Manage: True
win2022STIG_stigrule_254277_Start_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\mrxsmb10\'
win2022STIG_stigrule_254277_Start_State: 'Present'
win2022STIG_stigrule_254277_Start_ValueData: '4'
win2022STIG_stigrule_254277_Start_ValueType: 'Dword'
# R-254278 WN22-00-000410
win2022STIG_stigrule_254278_Manage: True
win2022STIG_stigrule_254278_PowerShell_v2_State: absent
# R-254281 WN22-00-000440
# Please choose an appropriate DoD time source from http://tycho.usno.navy.mil/ntp.html
win2022STIG_stigrule_254281_Manage: False
win2022STIG_stigrule_254281_NtpServer_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\Parameters'
win2022STIG_stigrule_254281_NtpServer_State: 'Present'
win2022STIG_stigrule_254281_NtpServer_ValueData: 'your|DoD|time|server|url|here'
win2022STIG_stigrule_254281_NtpServer_ValueType: 'String'
win2022STIG_stigrule_254281_Type_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\Parameters'
win2022STIG_stigrule_254281_Type_State: 'Present'
win2022STIG_stigrule_254281_Type_ValueData: 'NTP'
win2022STIG_stigrule_254281_Type_ValueType: 'String'
win2022STIG_stigrule_254281_CrossSiteSyncFlags_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
win2022STIG_stigrule_254281_CrossSiteSyncFlags_State: 'Present'
win2022STIG_stigrule_254281_CrossSiteSyncFlags_ValueData: '2'
win2022STIG_stigrule_254281_CrossSiteSyncFlags_ValueType: 'Dword'
win2022STIG_stigrule_254281_EventLogFlags_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
win2022STIG_stigrule_254281_EventLogFlags_State: 'Present'
win2022STIG_stigrule_254281_EventLogFlags_ValueData: '0'
win2022STIG_stigrule_254281_EventLogFlags_ValueType: 'Dword'
win2022STIG_stigrule_254281_ResolvePeerBackoffMaxTimes_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
win2022STIG_stigrule_254281_ResolvePeerBackoffMaxTimes_State: 'Present'
win2022STIG_stigrule_254281_ResolvePeerBackoffMaxTimes_ValueData: '7'
win2022STIG_stigrule_254281_ResolvePeerBackoffMaxTimes_ValueType: 'Dword'
win2022STIG_stigrule_254281_ResolvePeerBackoffMinutes_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
win2022STIG_stigrule_254281_ResolvePeerBackoffMinutes_State: 'Present'
win2022STIG_stigrule_254281_ResolvePeerBackoffMinutes_ValueData: '15'
win2022STIG_stigrule_254281_ResolvePeerBackoffMinutes_ValueType: 'Dword'
win2022STIG_stigrule_254281_SpecialPollInterval_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient'
win2022STIG_stigrule_254281_SpecialPollInterval_State: 'Present'
win2022STIG_stigrule_254281_SpecialPollInterval_ValueData: '3600'
win2022STIG_stigrule_254281_SpecialPollInterval_ValueType: 'Dword'
# R-254285 WN22-AC-000010
win2022STIG_stigrule_254285_Manage: False
win2022STIG_stigrule_254285_Account_lockout_duration_Value: 15
# R-254286 WN22-AC-000020
win2022STIG_stigrule_254286_Manage: False
win2022STIG_stigrule_254286_Account_lockout_threshold_Value: 3
# R-254287 WN22-AC-000030
win2022STIG_stigrule_254287_Manage: False
win2022STIG_stigrule_254287_Reset_account_lockout_counter_after_Value: 15
# R-254288 WN22-AC-000040
win2022STIG_stigrule_254288_Manage: True
win2022STIG_stigrule_254288_Enforce_password_history_Value: 24
# R-254289 WN22-AC-000050
win2022STIG_stigrule_254289_Manage: True
win2022STIG_stigrule_254289_Maximum_Password_Age_Value: 60
# R-254290 WN22-AC-000060
win2022STIG_stigrule_254290_Manage: True
win2022STIG_stigrule_254290_Minimum_Password_Age_Value: 1
# R-254291 WN22-AC-000070
win2022STIG_stigrule_254291_Manage: True
win2022STIG_stigrule_254291_Minimum_Password_Length_Value: 14
# R-254292 WN22-AC-000080
win2022STIG_stigrule_254292_Manage: True
win2022STIG_stigrule_254292_Password_must_meet_complexity_requirements_Value: 1
# R-254293 WN22-AC-000090
win2022STIG_stigrule_254293_Manage: True
win2022STIG_stigrule_254293_Store_passwords_using_reversible_encryption_Value: 0
# R-254296 WN22-AU-000030
win2022STIG_stigrule_254296_Manage: True
# R-254297 WN22-AU-000040
win2022STIG_stigrule_254297_Manage: True
# R-254298 WN22-AU-000050
win2022STIG_stigrule_254298_Manage: True
# R-254300 WN22-AU-000070
win2022STIG_stigrule_254300_Manage: True
win2022STIG_stigrule_254300_Credential_Validation_AuditType: success,failure
# R-254301 WN22-AU-000080
win2022STIG_stigrule_254301_Manage: True
win2022STIG_stigrule_254301_Credential_Validation_AuditType: success,failure
# R-254302 WN22-AU-000090
win2022STIG_stigrule_254302_Manage: True
win2022STIG_stigrule_254302_Other_Account_Management_Events_AuditType: success
# R-254303 WN22-AU-000100
win2022STIG_stigrule_254303_Manage: True
win2022STIG_stigrule_254303_Security_Group_Management_AuditType: success
# R-254304 WN22-AU-000110
win2022STIG_stigrule_254304_Manage: True
win2022STIG_stigrule_254304_User_Account_Management_AuditType: success,failure
# R-254305 WN22-AU-000120
win2022STIG_stigrule_254305_Manage: True
win2022STIG_stigrule_254305_User_Account_Management_AuditType: success,failure
# R-254306 WN22-AU-000130
win2022STIG_stigrule_254306_Manage: True
win2022STIG_stigrule_254306_PNP_Activity_AuditType: success
# R-254307 WN22-AU-000140
win2022STIG_stigrule_254307_Manage: True
win2022STIG_stigrule_254307_Process_Creation_AuditType: success
# R-254308 WN22-AU-000150
win2022STIG_stigrule_254308_Manage: True
win2022STIG_stigrule_254308_Account_Lockout_AuditType: success,failure
# R-254309 WN22-AU-000160
win2022STIG_stigrule_254309_Manage: True
win2022STIG_stigrule_254309_Account_Lockout_AuditType: success,failure
# R-254310 WN22-AU-000170
win2022STIG_stigrule_254310_Manage: True
win2022STIG_stigrule_254310_Group_Membership_AuditType: success
# R-254311 WN22-AU-000180
win2022STIG_stigrule_254311_Manage: True
win2022STIG_stigrule_254311_Logoff_AuditType: success
# R-254312 WN22-AU-000190
win2022STIG_stigrule_254312_Manage: True
win2022STIG_stigrule_254312_Logon_AuditType: success,failure
# R-254313 WN22-AU-000200
win2022STIG_stigrule_254313_Manage: True
win2022STIG_stigrule_254313_Logon_AuditType: success,failure
# R-254314 WN22-AU-000210
win2022STIG_stigrule_254314_Manage: True
win2022STIG_stigrule_254314_Special_Logon_AuditType: success
# R-254315 WN22-AU-000220
win2022STIG_stigrule_254315_Manage: True
win2022STIG_stigrule_254315_Other_Object_Access_Events_AuditType: success,failure
# R-254316 WN22-AU-000230
win2022STIG_stigrule_254316_Manage: True
win2022STIG_stigrule_254316_Other_Object_Access_Events_AuditType: success,failure
# R-254317 WN22-AU-000240
win2022STIG_stigrule_254317_Manage: True
win2022STIG_stigrule_254317_Removable_Storage_AuditType: success,failure
# R-254318 WN22-AU-000250
win2022STIG_stigrule_254318_Manage: True
win2022STIG_stigrule_254318_Removable_Storage_AuditType: success,failure
# R-254319 WN22-AU-000260
win2022STIG_stigrule_254319_Manage: True
win2022STIG_stigrule_254319_Policy_Change_AuditType: success,failure
# R-254320 WN22-AU-000270
win2022STIG_stigrule_254320_Manage: True
win2022STIG_stigrule_254320_Policy_Change_AuditType: success,failure
# R-254321 WN22-AU-000280
win2022STIG_stigrule_254321_Manage: True
win2022STIG_stigrule_254321_Authentication_Policy_Change_AuditType: success
# R-254322 WN22-AU-000290
win2022STIG_stigrule_254322_Manage: True
win2022STIG_stigrule_254322_Authorization_Policy_Change_AuditType: success
# R-254323 WN22-AU-000300
win2022STIG_stigrule_254323_Manage: True
win2022STIG_stigrule_254323_Sensitive_Privilege_Use_AuditType: success,failure
# R-254324 WN22-AU-000310
win2022STIG_stigrule_254324_Manage: True
win2022STIG_stigrule_254324_Sensitive_Privilege_Use_AuditType: success,failure
# R-254325 WN22-AU-000320
win2022STIG_stigrule_254325_Manage: True
win2022STIG_stigrule_254325_IPsec_Driver_AuditType: success,failure
# R-254326 WN22-AU-000330
win2022STIG_stigrule_254326_Manage: True
win2022STIG_stigrule_254326_IPsec_Driver_AuditType: success,failure
# R-254327 WN22-AU-000340
win2022STIG_stigrule_254327_Manage: True
win2022STIG_stigrule_254327_Other_System_Events_AuditType: success,failure
# R-254328 WN22-AU-000350
win2022STIG_stigrule_254328_Manage: True
win2022STIG_stigrule_254328_Other_System_Events_AuditType: success,failure
# R-254329 WN22-AU-000360
win2022STIG_stigrule_254329_Manage: True
win2022STIG_stigrule_254329_Security_State_Change_AuditType: success
# R-254330 WN22-AU-000370
win2022STIG_stigrule_254330_Manage: True
win2022STIG_stigrule_254330_Security_System_Extension_AuditType: success
# R-254331 WN22-AU-000380
win2022STIG_stigrule_254331_Manage: True
win2022STIG_stigrule_254331_System_Integrity_AuditType: success,failure
# R-254332 WN22-AU-000390
win2022STIG_stigrule_254332_Manage: True
win2022STIG_stigrule_254332_System_Integrity_AuditType: success,failure
# R-254333 WN22-CC-000010
win2022STIG_stigrule_254333_Manage: True
win2022STIG_stigrule_254333_NoLockScreenSlideshow_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Personalization\'
win2022STIG_stigrule_254333_NoLockScreenSlideshow_State: 'Present'
win2022STIG_stigrule_254333_NoLockScreenSlideshow_ValueData: '1'
win2022STIG_stigrule_254333_NoLockScreenSlideshow_ValueType: 'Dword'
# R-254334 WN22-CC-000020
win2022STIG_stigrule_254334_Manage: True
win2022STIG_stigrule_254334_UseLogonCredential_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\Wdigest\'
win2022STIG_stigrule_254334_UseLogonCredential_State: 'Present'
win2022STIG_stigrule_254334_UseLogonCredential_ValueData: '0'
win2022STIG_stigrule_254334_UseLogonCredential_ValueType: 'Dword'
# R-254335 WN22-CC-000030
win2022STIG_stigrule_254335_Manage: True
win2022STIG_stigrule_254335_DisableIPSourceRouting_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\'
win2022STIG_stigrule_254335_DisableIPSourceRouting_State: 'Present'
win2022STIG_stigrule_254335_DisableIPSourceRouting_ValueData: '2'
win2022STIG_stigrule_254335_DisableIPSourceRouting_ValueType: 'Dword'
# R-254336 WN22-CC-000040
win2022STIG_stigrule_254336_Manage: True
win2022STIG_stigrule_254336_DisableIPSourceRouting_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\'
win2022STIG_stigrule_254336_DisableIPSourceRouting_State: 'Present'
win2022STIG_stigrule_254336_DisableIPSourceRouting_ValueData: '2'
win2022STIG_stigrule_254336_DisableIPSourceRouting_ValueType: 'Dword'
# R-254337 WN22-CC-000050
win2022STIG_stigrule_254337_Manage: True
win2022STIG_stigrule_254337_EnableICMPRedirect_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\'
win2022STIG_stigrule_254337_EnableICMPRedirect_State: 'Present'
win2022STIG_stigrule_254337_EnableICMPRedirect_ValueData: '0'
win2022STIG_stigrule_254337_EnableICMPRedirect_ValueType: 'Dword'
# R-254338 WN22-CC-000060
win2022STIG_stigrule_254338_Manage: True
win2022STIG_stigrule_254338_NoNameReleaseOnDemand_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\'
win2022STIG_stigrule_254338_NoNameReleaseOnDemand_State: 'Present'
win2022STIG_stigrule_254338_NoNameReleaseOnDemand_ValueData: '1'
win2022STIG_stigrule_254338_NoNameReleaseOnDemand_ValueType: 'Dword'
# R-254339 WN22-CC-000070
win2022STIG_stigrule_254339_Manage: True
win2022STIG_stigrule_254339_AllowInsecureGuestAuth_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\LanmanWorkstation\'
win2022STIG_stigrule_254339_AllowInsecureGuestAuth_State: 'Present'
win2022STIG_stigrule_254339_AllowInsecureGuestAuth_ValueData: '0'
win2022STIG_stigrule_254339_AllowInsecureGuestAuth_ValueType: 'Dword'
# R-254340 WN22-CC-000080
win2022STIG_stigrule_254340_Manage: True
win2022STIG_stigrule_254340_____NETLOGON_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\'
win2022STIG_stigrule_254340_____NETLOGON_State: 'Present'
win2022STIG_stigrule_254340_____NETLOGON_ValueData: 'RequireMutualAuthentication=1, RequireIntegrity=1'
win2022STIG_stigrule_254340_____NETLOGON_ValueType: 'String'
win2022STIG_stigrule_254340_____SYSVOL_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths\'
win2022STIG_stigrule_254340_____SYSVOL_State: 'Present'
win2022STIG_stigrule_254340_____SYSVOL_ValueData: 'RequireMutualAuthentication=1, RequireIntegrity=1'
win2022STIG_stigrule_254340_____SYSVOL_ValueType: 'String'
# R-254341 WN22-CC-000090
win2022STIG_stigrule_254341_Manage: True
win2022STIG_stigrule_254341_ProcessCreationIncludeCmdLine_Enabled_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit\'
win2022STIG_stigrule_254341_ProcessCreationIncludeCmdLine_Enabled_State: 'Present'
win2022STIG_stigrule_254341_ProcessCreationIncludeCmdLine_Enabled_ValueData: '1'
win2022STIG_stigrule_254341_ProcessCreationIncludeCmdLine_Enabled_ValueType: 'Dword'
# R-254342 WN22-CC-000100
win2022STIG_stigrule_254342_Manage: True
win2022STIG_stigrule_254342_AllowProtectedCreds_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\'
win2022STIG_stigrule_254342_AllowProtectedCreds_State: 'Present'
win2022STIG_stigrule_254342_AllowProtectedCreds_ValueData: '1'
win2022STIG_stigrule_254342_AllowProtectedCreds_ValueType: 'Dword'
# R-254343 WN22-CC-000110
# Please ensure the hardware requirements are met. See https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-requirements
win2022STIG_stigrule_254343_Manage: False
win2022STIG_stigrule_254343_EnableVirtualizationBasedSecurity_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\'
win2022STIG_stigrule_254343_EnableVirtualizationBasedSecurity_State: 'Present'
win2022STIG_stigrule_254343_EnableVirtualizationBasedSecurity_ValueData: '1'
win2022STIG_stigrule_254343_EnableVirtualizationBasedSecurity_ValueType: 'Dword'
win2022STIG_stigrule_254343_RequirePlatformSecurityFeatures_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\'
win2022STIG_stigrule_254343_RequirePlatformSecurityFeatures_State: 'Present'
win2022STIG_stigrule_254343_RequirePlatformSecurityFeatures_ValueData: '1'
win2022STIG_stigrule_254343_RequirePlatformSecurityFeatures_ValueType: 'Dword'
# R-254344 WN22-CC-000130
win2022STIG_stigrule_254344_Manage: True
win2022STIG_stigrule_254344_DriverLoadPolicy_Key: 'HKLM:\SYSTEM\CurrentControlSet\Policies\EarlyLaunch\'
win2022STIG_stigrule_254344_DriverLoadPolicy_State: 'Present'
win2022STIG_stigrule_254344_DriverLoadPolicy_ValueData: '1'
win2022STIG_stigrule_254344_DriverLoadPolicy_ValueType: 'Dword'
# R-254345 WN22-CC-000140
win2022STIG_stigrule_254345_Manage: True
win2022STIG_stigrule_254345_NoGPOListChanges_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\'
win2022STIG_stigrule_254345_NoGPOListChanges_State: 'Present'
win2022STIG_stigrule_254345_NoGPOListChanges_ValueData: '0'
win2022STIG_stigrule_254345_NoGPOListChanges_ValueType: 'Dword'
# R-254346 WN22-CC-000150
win2022STIG_stigrule_254346_Manage: True
win2022STIG_stigrule_254346_DisableWebPnPDownload_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\'
win2022STIG_stigrule_254346_DisableWebPnPDownload_State: 'Present'
win2022STIG_stigrule_254346_DisableWebPnPDownload_ValueData: '1'
win2022STIG_stigrule_254346_DisableWebPnPDownload_ValueType: 'Dword'
# R-254347 WN22-CC-000160
win2022STIG_stigrule_254347_Manage: True
win2022STIG_stigrule_254347_DisableHTTPPrinting_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Printers\'
win2022STIG_stigrule_254347_DisableHTTPPrinting_State: 'Present'
win2022STIG_stigrule_254347_DisableHTTPPrinting_ValueData: '1'
win2022STIG_stigrule_254347_DisableHTTPPrinting_ValueType: 'Dword'
# R-254348 WN22-CC-000170
win2022STIG_stigrule_254348_Manage: True
win2022STIG_stigrule_254348_DontDisplayNetworkSelectionUI_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\'
win2022STIG_stigrule_254348_DontDisplayNetworkSelectionUI_State: 'Present'
win2022STIG_stigrule_254348_DontDisplayNetworkSelectionUI_ValueData: '1'
win2022STIG_stigrule_254348_DontDisplayNetworkSelectionUI_ValueType: 'Dword'
# R-254349 WN22-CC-000180
win2022STIG_stigrule_254349_Manage: True
win2022STIG_stigrule_254349_DCSettingIndex_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\'
win2022STIG_stigrule_254349_DCSettingIndex_State: 'Present'
win2022STIG_stigrule_254349_DCSettingIndex_ValueData: '1'
win2022STIG_stigrule_254349_DCSettingIndex_ValueType: 'Dword'
# R-254350 WN22-CC-000190
win2022STIG_stigrule_254350_Manage: True
win2022STIG_stigrule_254350_ACSettingIndex_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\'
win2022STIG_stigrule_254350_ACSettingIndex_State: 'Present'
win2022STIG_stigrule_254350_ACSettingIndex_ValueData: '1'
win2022STIG_stigrule_254350_ACSettingIndex_ValueType: 'Dword'
# R-254351 WN22-CC-000200
win2022STIG_stigrule_254351_Manage: True
win2022STIG_stigrule_254351_DisableInventory_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppCompat\'
win2022STIG_stigrule_254351_DisableInventory_State: 'Present'
win2022STIG_stigrule_254351_DisableInventory_ValueData: '1'
win2022STIG_stigrule_254351_DisableInventory_ValueType: 'Dword'
# R-254352 WN22-CC-000210
win2022STIG_stigrule_254352_Manage: True
win2022STIG_stigrule_254352_NoAutoplayfornonVolume_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\'
win2022STIG_stigrule_254352_NoAutoplayfornonVolume_State: 'Present'
win2022STIG_stigrule_254352_NoAutoplayfornonVolume_ValueData: '1'
win2022STIG_stigrule_254352_NoAutoplayfornonVolume_ValueType: 'Dword'
# R-254353 WN22-CC-000220
win2022STIG_stigrule_254353_Manage: True
win2022STIG_stigrule_254353_NoAutorun_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\'
win2022STIG_stigrule_254353_NoAutorun_State: 'Present'
win2022STIG_stigrule_254353_NoAutorun_ValueData: '1'
win2022STIG_stigrule_254353_NoAutorun_ValueType: 'Dword'
# R-254354 WN22-CC-000230
win2022STIG_stigrule_254354_Manage: True
win2022STIG_stigrule_254354_NoDriveTypeAutoRun_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\'
win2022STIG_stigrule_254354_NoDriveTypeAutoRun_State: 'Present'
win2022STIG_stigrule_254354_NoDriveTypeAutoRun_ValueData: '255'
win2022STIG_stigrule_254354_NoDriveTypeAutoRun_ValueType: 'Dword'
# R-254355 WN22-CC-000240
win2022STIG_stigrule_254355_Manage: True
win2022STIG_stigrule_254355_EnumerateAdministrators_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI\'
win2022STIG_stigrule_254355_EnumerateAdministrators_State: 'Present'
win2022STIG_stigrule_254355_EnumerateAdministrators_ValueData: '0'
win2022STIG_stigrule_254355_EnumerateAdministrators_ValueType: 'Dword'
# R-254356 WN22-CC-000250
win2022STIG_stigrule_254356_Manage: True
win2022STIG_stigrule_254356_AllowTelemetry_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection\'
win2022STIG_stigrule_254356_AllowTelemetry_State: 'Present'
win2022STIG_stigrule_254356_AllowTelemetry_ValueData: '1'
win2022STIG_stigrule_254356_AllowTelemetry_ValueType: 'Dword'
# R-254357 WN22-CC-000260
win2022STIG_stigrule_254357_Manage: True
win2022STIG_stigrule_254357_DODownloadMode_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization\'
win2022STIG_stigrule_254357_DODownloadMode_State: 'Present'
win2022STIG_stigrule_254357_DODownloadMode_ValueData: '100'
win2022STIG_stigrule_254357_DODownloadMode_ValueType: 'Dword'
# R-254358 WN22-CC-000270
win2022STIG_stigrule_254358_Manage: True
win2022STIG_stigrule_254358_MaxSize_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application\'
win2022STIG_stigrule_254358_MaxSize_State: 'Present'
win2022STIG_stigrule_254358_MaxSize_ValueData: '32768'
win2022STIG_stigrule_254358_MaxSize_ValueType: 'Dword'
# R-254359 WN22-CC-000280
win2022STIG_stigrule_254359_Manage: True
win2022STIG_stigrule_254359_MaxSize_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security\'
win2022STIG_stigrule_254359_MaxSize_State: 'Present'
win2022STIG_stigrule_254359_MaxSize_ValueData: '196608'
win2022STIG_stigrule_254359_MaxSize_ValueType: 'Dword'
# R-254360 WN22-CC-000290
win2022STIG_stigrule_254360_Manage: True
win2022STIG_stigrule_254360_MaxSize_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\EventLog\System\'
win2022STIG_stigrule_254360_MaxSize_State: 'Present'
win2022STIG_stigrule_254360_MaxSize_ValueData: '32768'
win2022STIG_stigrule_254360_MaxSize_ValueType: 'Dword'
# R-254361 WN22-CC-000300
win2022STIG_stigrule_254361_Manage: True
win2022STIG_stigrule_254361_EnableSmartScreen_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\'
win2022STIG_stigrule_254361_EnableSmartScreen_State: 'Present'
win2022STIG_stigrule_254361_EnableSmartScreen_ValueData: '1'
win2022STIG_stigrule_254361_EnableSmartScreen_ValueType: 'Dword'
# R-254362 WN22-CC-000310
win2022STIG_stigrule_254362_Manage: True
win2022STIG_stigrule_254362_NoDataExecutionPrevention_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\'
win2022STIG_stigrule_254362_NoDataExecutionPrevention_State: 'Present'
win2022STIG_stigrule_254362_NoDataExecutionPrevention_ValueData: '0'
win2022STIG_stigrule_254362_NoDataExecutionPrevention_ValueType: 'Dword'
# R-254363 WN22-CC-000320
win2022STIG_stigrule_254363_Manage: True
win2022STIG_stigrule_254363_NoHeapTerminationOnCorruption_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer\'
win2022STIG_stigrule_254363_NoHeapTerminationOnCorruption_State: 'Present'
win2022STIG_stigrule_254363_NoHeapTerminationOnCorruption_ValueData: '0'
win2022STIG_stigrule_254363_NoHeapTerminationOnCorruption_ValueType: 'Dword'
# R-254364 WN22-CC-000330
win2022STIG_stigrule_254364_Manage: True
win2022STIG_stigrule_254364_PreXPSP2ShellProtocolBehavior_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\'
win2022STIG_stigrule_254364_PreXPSP2ShellProtocolBehavior_State: 'Present'
win2022STIG_stigrule_254364_PreXPSP2ShellProtocolBehavior_ValueData: '0'
win2022STIG_stigrule_254364_PreXPSP2ShellProtocolBehavior_ValueType: 'Dword'
# R-254365 WN22-CC-000340
win2022STIG_stigrule_254365_Manage: True
win2022STIG_stigrule_254365_DisablePasswordSaving_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\'
win2022STIG_stigrule_254365_DisablePasswordSaving_State: 'Present'
win2022STIG_stigrule_254365_DisablePasswordSaving_ValueData: '1'
win2022STIG_stigrule_254365_DisablePasswordSaving_ValueType: 'Dword'
# R-254366 WN22-CC-000350
win2022STIG_stigrule_254366_Manage: True
win2022STIG_stigrule_254366_fDisableCdm_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\'
win2022STIG_stigrule_254366_fDisableCdm_State: 'Present'
win2022STIG_stigrule_254366_fDisableCdm_ValueData: '1'
win2022STIG_stigrule_254366_fDisableCdm_ValueType: 'Dword'
# R-254367 WN22-CC-000360
win2022STIG_stigrule_254367_Manage: True
win2022STIG_stigrule_254367_fPromptForPassword_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\'
win2022STIG_stigrule_254367_fPromptForPassword_State: 'Present'
win2022STIG_stigrule_254367_fPromptForPassword_ValueData: '1'
win2022STIG_stigrule_254367_fPromptForPassword_ValueType: 'Dword'
# R-254368 WN22-CC-000370
win2022STIG_stigrule_254368_Manage: True
win2022STIG_stigrule_254368_fEncryptRPCTraffic_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\'
win2022STIG_stigrule_254368_fEncryptRPCTraffic_State: 'Present'
win2022STIG_stigrule_254368_fEncryptRPCTraffic_ValueData: '1'
win2022STIG_stigrule_254368_fEncryptRPCTraffic_ValueType: 'Dword'
# R-254369 WN22-CC-000380
win2022STIG_stigrule_254369_Manage: True
win2022STIG_stigrule_254369_MinEncryptionLevel_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\'
win2022STIG_stigrule_254369_MinEncryptionLevel_State: 'Present'
win2022STIG_stigrule_254369_MinEncryptionLevel_ValueData: '3'
win2022STIG_stigrule_254369_MinEncryptionLevel_ValueType: 'Dword'
# R-254370 WN22-CC-000390
win2022STIG_stigrule_254370_Manage: True
win2022STIG_stigrule_254370_DisableEnclosureDownload_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds\'
win2022STIG_stigrule_254370_DisableEnclosureDownload_State: 'Present'
win2022STIG_stigrule_254370_DisableEnclosureDownload_ValueData: '1'
win2022STIG_stigrule_254370_DisableEnclosureDownload_ValueType: 'Dword'
# R-254371 WN22-CC-000400
win2022STIG_stigrule_254371_Manage: True
win2022STIG_stigrule_254371_AllowBasicAuthInClear_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds\'
win2022STIG_stigrule_254371_AllowBasicAuthInClear_State: 'Present'
win2022STIG_stigrule_254371_AllowBasicAuthInClear_ValueData: '0'
win2022STIG_stigrule_254371_AllowBasicAuthInClear_ValueType: 'Dword'
# R-254372 WN22-CC-000410
win2022STIG_stigrule_254372_Manage: True
win2022STIG_stigrule_254372_AllowIndexingEncryptedStoresOrItems_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search\'
win2022STIG_stigrule_254372_AllowIndexingEncryptedStoresOrItems_State: 'Present'
win2022STIG_stigrule_254372_AllowIndexingEncryptedStoresOrItems_ValueData: '0'
win2022STIG_stigrule_254372_AllowIndexingEncryptedStoresOrItems_ValueType: 'Dword'
# R-254373 WN22-CC-000420
win2022STIG_stigrule_254373_Manage: True
win2022STIG_stigrule_254373_EnableUserControl_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer\'
win2022STIG_stigrule_254373_EnableUserControl_State: 'Present'
win2022STIG_stigrule_254373_EnableUserControl_ValueData: '0'
win2022STIG_stigrule_254373_EnableUserControl_ValueType: 'Dword'
# R-254374 WN22-CC-000430
win2022STIG_stigrule_254374_Manage: True
win2022STIG_stigrule_254374_AlwaysInstallElevated_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer\'
win2022STIG_stigrule_254374_AlwaysInstallElevated_State: 'Present'
win2022STIG_stigrule_254374_AlwaysInstallElevated_ValueData: '0'
win2022STIG_stigrule_254374_AlwaysInstallElevated_ValueType: 'Dword'
# R-254375 WN22-CC-000440
win2022STIG_stigrule_254375_Manage: True
win2022STIG_stigrule_254375_SafeForScripting_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer\'
win2022STIG_stigrule_254375_SafeForScripting_State: 'Present'
win2022STIG_stigrule_254375_SafeForScripting_ValueData: '0'
win2022STIG_stigrule_254375_SafeForScripting_ValueType: 'Dword'
# R-254376 WN22-CC-000450
win2022STIG_stigrule_254376_Manage: True
win2022STIG_stigrule_254376_DisableAutomaticRestartSignOn_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
win2022STIG_stigrule_254376_DisableAutomaticRestartSignOn_State: 'Present'
win2022STIG_stigrule_254376_DisableAutomaticRestartSignOn_ValueData: '1'
win2022STIG_stigrule_254376_DisableAutomaticRestartSignOn_ValueType: 'Dword'
# R-254378 WN22-CC-000470
win2022STIG_stigrule_254378_Manage: True
win2022STIG_stigrule_254378_EnableScriptBlockLogging_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\'
win2022STIG_stigrule_254378_EnableScriptBlockLogging_State: 'Present'
win2022STIG_stigrule_254378_EnableScriptBlockLogging_ValueData: '1'
win2022STIG_stigrule_254378_EnableScriptBlockLogging_ValueType: 'Dword'
# R-254379 WN22-CC-000480
win2022STIG_stigrule_254379_Manage: True
win2022STIG_stigrule_254379_AllowBasic_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\'
win2022STIG_stigrule_254379_AllowBasic_State: 'Present'
win2022STIG_stigrule_254379_AllowBasic_ValueData: '0'
win2022STIG_stigrule_254379_AllowBasic_ValueType: 'Dword'
# R-254380 WN22-CC-000490
win2022STIG_stigrule_254380_Manage: True
win2022STIG_stigrule_254380_AllowUnencryptedTraffic_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\'
win2022STIG_stigrule_254380_AllowUnencryptedTraffic_State: 'Present'
win2022STIG_stigrule_254380_AllowUnencryptedTraffic_ValueData: '0'
win2022STIG_stigrule_254380_AllowUnencryptedTraffic_ValueType: 'Dword'
# R-254381 WN22-CC-000500
win2022STIG_stigrule_254381_Manage: True
win2022STIG_stigrule_254381_AllowDigest_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\'
win2022STIG_stigrule_254381_AllowDigest_State: 'Present'
win2022STIG_stigrule_254381_AllowDigest_ValueData: '0'
win2022STIG_stigrule_254381_AllowDigest_ValueType: 'Dword'
# R-254382 WN22-CC-000510
win2022STIG_stigrule_254382_Manage: True
win2022STIG_stigrule_254382_AllowBasic_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\'
win2022STIG_stigrule_254382_AllowBasic_State: 'Present'
win2022STIG_stigrule_254382_AllowBasic_ValueData: '0'
win2022STIG_stigrule_254382_AllowBasic_ValueType: 'Dword'
# R-254383 WN22-CC-000520
win2022STIG_stigrule_254383_Manage: True
win2022STIG_stigrule_254383_AllowUnencryptedTraffic_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\'
win2022STIG_stigrule_254383_AllowUnencryptedTraffic_State: 'Present'
win2022STIG_stigrule_254383_AllowUnencryptedTraffic_ValueData: '0'
win2022STIG_stigrule_254383_AllowUnencryptedTraffic_ValueType: 'Dword'
# R-254384 WN22-CC-000530
win2022STIG_stigrule_254384_Manage: True
win2022STIG_stigrule_254384_DisableRunAs_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\'
win2022STIG_stigrule_254384_DisableRunAs_State: 'Present'
win2022STIG_stigrule_254384_DisableRunAs_ValueData: '1'
win2022STIG_stigrule_254384_DisableRunAs_ValueType: 'Dword'
# R-254407 WN22-DC-000230
win2022STIG_stigrule_254407_Manage: True
win2022STIG_stigrule_254407_Computer_Account_Management_AuditType: success
# R-254408 WN22-DC-000240
win2022STIG_stigrule_254408_Manage: True
win2022STIG_stigrule_254408_Directory_Service_Access_AuditType: success,failure
# R-254409 WN22-DC-000250
win2022STIG_stigrule_254409_Manage: True
win2022STIG_stigrule_254409_Directory_Service_Access_AuditType: success,failure
# R-254410 WN22-DC-000260
win2022STIG_stigrule_254410_Manage: True
win2022STIG_stigrule_254410_Directory_Service_Changes_AuditType: success,failure
# R-254411 WN22-DC-000270
win2022STIG_stigrule_254411_Manage: True
win2022STIG_stigrule_254411_Directory_Service_Changes_AuditType: success,failure
# R-254416 WN22-DC-000320
win2022STIG_stigrule_254416_Manage: True
win2022STIG_stigrule_254416_Domain_controller_LDAP_server_signing_requirements_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\'
win2022STIG_stigrule_254416_Domain_controller_LDAP_server_signing_requirements_State: 'Present'
win2022STIG_stigrule_254416_Domain_controller_LDAP_server_signing_requirements_ValueData: '2'
win2022STIG_stigrule_254416_Domain_controller_LDAP_server_signing_requirements_ValueType: 'Dword'
# R-254417 WN22-DC-000330
win2022STIG_stigrule_254417_Manage: True
win2022STIG_stigrule_254417_Domain_controller_Refuse_machine_account_password_changes_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
win2022STIG_stigrule_254417_Domain_controller_Refuse_machine_account_password_changes_State: 'Present'
win2022STIG_stigrule_254417_Domain_controller_Refuse_machine_account_password_changes_ValueData: '0'
win2022STIG_stigrule_254417_Domain_controller_Refuse_machine_account_password_changes_ValueType: 'Dword'
# R-254418 WN22-DC-000340
win2022STIG_stigrule_254418_Manage: False
win2022STIG_stigrule_254418_SeNetworkLogonRight_Users: ['Administrators','Authenticated Users','Enterprise Domain Controllers']
# R-254419 WN22-DC-000350
win2022STIG_stigrule_254419_Manage: True
win2022STIG_stigrule_254419_SeMachineAccountPrivilege_Users: ['Administrators']
# R-254420 WN22-DC-000360
win2022STIG_stigrule_254420_Manage: True
win2022STIG_stigrule_254420_SeRemoteInteractiveLogonRight_Users: ['Administrators']
# R-254421 WN22-DC-000370
win2022STIG_stigrule_254421_Manage: False
win2022STIG_stigrule_254421_SeDenyNetworkLogonRight_Users: ['Guests']
# R-254422 WN22-DC-000380
win2022STIG_stigrule_254422_Manage: False
win2022STIG_stigrule_254422_SeDenyBatchLogonRight_Users: ['Guests']
# R-254423 WN22-DC-000390
win2022STIG_stigrule_254423_Manage: False
win2022STIG_stigrule_254423_SeDenyServiceLogonRight_Users: []
# R-254424 WN22-DC-000400
win2022STIG_stigrule_254424_Manage: False
win2022STIG_stigrule_254424_SeDenyInteractiveLogonRight_Users: ['Guests']
# R-254425 WN22-DC-000410
win2022STIG_stigrule_254425_Manage: False
win2022STIG_stigrule_254425_SeDenyRemoteInteractiveLogonRight_Users: ['Guests']
# R-254426 WN22-DC-000420
win2022STIG_stigrule_254426_Manage: False
win2022STIG_stigrule_254426_SeEnableDelegationPrivilege_Users: ['Administrators']
# R-254429 WN22-MS-000020
win2022STIG_stigrule_254429_Manage: False
win2022STIG_stigrule_254429_LocalAccountTokenFilterPolicy_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
win2022STIG_stigrule_254429_LocalAccountTokenFilterPolicy_State: 'Present'
win2022STIG_stigrule_254429_LocalAccountTokenFilterPolicy_ValueData: '0'
win2022STIG_stigrule_254429_LocalAccountTokenFilterPolicy_ValueType: 'Dword'
# R-254430 WN22-MS-000030
win2022STIG_stigrule_254430_Manage: True
win2022STIG_stigrule_254430_EnumerateLocalUsers_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\System\'
win2022STIG_stigrule_254430_EnumerateLocalUsers_State: 'Present'
win2022STIG_stigrule_254430_EnumerateLocalUsers_ValueData: '0'
win2022STIG_stigrule_254430_EnumerateLocalUsers_ValueType: 'Dword'
# R-254431 WN22-MS-000040
win2022STIG_stigrule_254431_Manage: True
win2022STIG_stigrule_254431_RestrictRemoteClients_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Rpc\'
win2022STIG_stigrule_254431_RestrictRemoteClients_State: 'Present'
win2022STIG_stigrule_254431_RestrictRemoteClients_ValueData: '1'
win2022STIG_stigrule_254431_RestrictRemoteClients_ValueType: 'Dword'
# R-254432 WN22-MS-000050
win2022STIG_stigrule_254432_Manage: True
win2022STIG_stigrule_254432_Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available_Key: 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\'
win2022STIG_stigrule_254432_Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available_State: 'Present'
win2022STIG_stigrule_254432_Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available_ValueData: '4'
win2022STIG_stigrule_254432_Interactive_logon_Number_of_previous_logons_to_cache_in_case_domain_controller_is_not_available_ValueType: 'string'
# R-254434 WN22-MS-000070
win2022STIG_stigrule_254434_Manage: False
win2022STIG_stigrule_254434_SeNetworkLogonRight_Users: ['Administrators','Authenticated Users']
# R-254436 WN22-MS-000090
win2022STIG_stigrule_254436_Manage: False
win2022STIG_stigrule_254436_SeDenyBatchLogonRight_Users: ['Enterprise Admins','Domain Admins','Guests']
# R-254437 WN22-MS-000100
win2022STIG_stigrule_254437_Manage: False
win2022STIG_stigrule_254437_SeDenyServiceLogonRight_Users: ['Enterprise Admins','Domain Admins']
# R-254438 WN22-MS-000110
win2022STIG_stigrule_254438_Manage: False
win2022STIG_stigrule_254438_SeDenyInteractiveLogonRight_Users: ['Enterprise Admins','Domain Admins','Guests']
# R-254440 WN22-MS-000130
win2022STIG_stigrule_254440_Manage: False
win2022STIG_stigrule_254440_SeEnableDelegationPrivilege_Users: []
# R-254441 WN22-MS-000140
# Please ensure the hardware requirements are met. See https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-requirements
win2022STIG_stigrule_254441_Manage: False
win2022STIG_stigrule_254441_LsaCfgFlags_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\'
win2022STIG_stigrule_254441_LsaCfgFlags_State: 'Present'
win2022STIG_stigrule_254441_LsaCfgFlags_ValueData: '1'
win2022STIG_stigrule_254441_LsaCfgFlags_ValueType: 'Dword'
# R-254445 WN22-SO-000010
win2022STIG_stigrule_254445_Manage: True
win2022STIG_stigrule_254445_Accounts_Guest_account_status_ValueData: '0'
# R-254446 WN22-SO-000020
win2022STIG_stigrule_254446_Manage: True
win2022STIG_stigrule_254446_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\'
win2022STIG_stigrule_254446_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_State: 'Present'
win2022STIG_stigrule_254446_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_ValueData: '1'
win2022STIG_stigrule_254446_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_ValueType: 'Dword'
# R-254448 WN22-SO-000040
win2022STIG_stigrule_254448_Manage: False
win2022STIG_stigrule_254448_Accounts_Rename_guest_account_ValueData: 'RenamedGuest'
# R-254449 WN22-SO-000050
win2022STIG_stigrule_254449_Manage: True
win2022STIG_stigrule_254449_Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\'
win2022STIG_stigrule_254449_Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings_State: 'Present'
win2022STIG_stigrule_254449_Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings_ValueData: '1'
win2022STIG_stigrule_254449_Audit_Force_audit_policy_subcategory_settings_Windows_Vista_or_later_to_override_audit_policy_category_settings_ValueType: 'Dword'
# R-254450 WN22-SO-000060
win2022STIG_stigrule_254450_Manage: True
win2022STIG_stigrule_254450_Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
win2022STIG_stigrule_254450_Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always_State: 'Present'
win2022STIG_stigrule_254450_Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always_ValueData: '1'
win2022STIG_stigrule_254450_Domain_member_Digitally_encrypt_or_sign_secure_channel_data_always_ValueType: 'Dword'
# R-254451 WN22-SO-000070
win2022STIG_stigrule_254451_Manage: True
win2022STIG_stigrule_254451_Domain_member_Digitally_encrypt_secure_channel_data_when_possible_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
win2022STIG_stigrule_254451_Domain_member_Digitally_encrypt_secure_channel_data_when_possible_State: 'Present'
win2022STIG_stigrule_254451_Domain_member_Digitally_encrypt_secure_channel_data_when_possible_ValueData: '1'
win2022STIG_stigrule_254451_Domain_member_Digitally_encrypt_secure_channel_data_when_possible_ValueType: 'Dword'
# R-254452 WN22-SO-000080
win2022STIG_stigrule_254452_Manage: True
win2022STIG_stigrule_254452_Domain_member_Digitally_sign_secure_channel_data_when_possible_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
win2022STIG_stigrule_254452_Domain_member_Digitally_sign_secure_channel_data_when_possible_State: 'Present'
win2022STIG_stigrule_254452_Domain_member_Digitally_sign_secure_channel_data_when_possible_ValueData: '1'
win2022STIG_stigrule_254452_Domain_member_Digitally_sign_secure_channel_data_when_possible_ValueType: 'Dword'
# R-254453 WN22-SO-000090
win2022STIG_stigrule_254453_Manage: True
win2022STIG_stigrule_254453_Domain_member_Disable_machine_account_password_changes_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
win2022STIG_stigrule_254453_Domain_member_Disable_machine_account_password_changes_State: 'Present'
win2022STIG_stigrule_254453_Domain_member_Disable_machine_account_password_changes_ValueData: '0'
win2022STIG_stigrule_254453_Domain_member_Disable_machine_account_password_changes_ValueType: 'Dword'
# R-254454 WN22-SO-000100
win2022STIG_stigrule_254454_Manage: True
win2022STIG_stigrule_254454_Domain_member_Maximum_machine_account_password_age_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
win2022STIG_stigrule_254454_Domain_member_Maximum_machine_account_password_age_State: 'Present'
win2022STIG_stigrule_254454_Domain_member_Maximum_machine_account_password_age_ValueData: '30'
win2022STIG_stigrule_254454_Domain_member_Maximum_machine_account_password_age_ValueType: 'Dword'
# R-254455 WN22-SO-000110
win2022STIG_stigrule_254455_Manage: True
win2022STIG_stigrule_254455_Domain_member_Require_strong_Windows_2000_or_later_session_key_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\'
win2022STIG_stigrule_254455_Domain_member_Require_strong_Windows_2000_or_later_session_key_State: 'Present'
win2022STIG_stigrule_254455_Domain_member_Require_strong_Windows_2000_or_later_session_key_ValueData: '1'
win2022STIG_stigrule_254455_Domain_member_Require_strong_Windows_2000_or_later_session_key_ValueType: 'Dword'
# R-254456 WN22-SO-000120
win2022STIG_stigrule_254456_Manage: True
win2022STIG_stigrule_254456_Interactive_logon_Machine_inactivity_limit_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
win2022STIG_stigrule_254456_Interactive_logon_Machine_inactivity_limit_State: 'Present'
win2022STIG_stigrule_254456_Interactive_logon_Machine_inactivity_limit_ValueData: '900'
win2022STIG_stigrule_254456_Interactive_logon_Machine_inactivity_limit_ValueType: 'Dword'
# R-254457 WN22-SO-000130
win2022STIG_stigrule_254457_Manage: True
win2022STIG_stigrule_254457_Interactive_logon_Message_text_for_users_attempting_to_log_on_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
win2022STIG_stigrule_254457_Interactive_logon_Message_text_for_users_attempting_to_log_on_State: 'Present'
win2022STIG_stigrule_254457_Interactive_logon_Message_text_for_users_attempting_to_log_on_ValueData: 'You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
By using this IS (which includes any device attached to this IS), you consent to the following conditions:
-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintelligence (CI) investigations.
-At any time, the USG may inspect and seize data stored on this IS.
-Communications using, or data stored on, this IS are not private, are subject to routine monitoring, interception, and search, and may be disclosed or used for any USG-authorized purpose.
-This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.'
win2022STIG_stigrule_254457_Interactive_logon_Message_text_for_users_attempting_to_log_on_ValueType: 'string'
# R-254458 WN22-SO-000140
win2022STIG_stigrule_254458_Manage: True
win2022STIG_stigrule_254458_Interactive_logon_Message_title_for_users_attempting_to_log_on_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
win2022STIG_stigrule_254458_Interactive_logon_Message_title_for_users_attempting_to_log_on_State: 'Present'
win2022STIG_stigrule_254458_Interactive_logon_Message_title_for_users_attempting_to_log_on_ValueData: 'DoD Notice and Consent Banner'
win2022STIG_stigrule_254458_Interactive_logon_Message_title_for_users_attempting_to_log_on_ValueType: 'string'
# R-254459 WN22-SO-000150
win2022STIG_stigrule_254459_Manage: True
win2022STIG_stigrule_254459_Interactive_logon_Smart_card_removal_behavior_Key: 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\'
win2022STIG_stigrule_254459_Interactive_logon_Smart_card_removal_behavior_State: 'Present'
win2022STIG_stigrule_254459_Interactive_logon_Smart_card_removal_behavior_ValueData: '1'
win2022STIG_stigrule_254459_Interactive_logon_Smart_card_removal_behavior_ValueType: 'string'
# R-254460 WN22-SO-000160
win2022STIG_stigrule_254460_Manage: True
win2022STIG_stigrule_254460_Microsoft_network_client_Digitally_sign_communications_always_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\'
win2022STIG_stigrule_254460_Microsoft_network_client_Digitally_sign_communications_always_State: 'Present'
win2022STIG_stigrule_254460_Microsoft_network_client_Digitally_sign_communications_always_ValueData: '1'
win2022STIG_stigrule_254460_Microsoft_network_client_Digitally_sign_communications_always_ValueType: 'Dword'
# R-254461 WN22-SO-000170
win2022STIG_stigrule_254461_Manage: True
win2022STIG_stigrule_254461_Microsoft_network_client_Digitally_sign_communications_if_server_agrees_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\'
win2022STIG_stigrule_254461_Microsoft_network_client_Digitally_sign_communications_if_server_agrees_State: 'Present'
win2022STIG_stigrule_254461_Microsoft_network_client_Digitally_sign_communications_if_server_agrees_ValueData: '1'
win2022STIG_stigrule_254461_Microsoft_network_client_Digitally_sign_communications_if_server_agrees_ValueType: 'Dword'
# R-254462 WN22-SO-000180
win2022STIG_stigrule_254462_Manage: True
win2022STIG_stigrule_254462_Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\'
win2022STIG_stigrule_254462_Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers_State: 'Present'
win2022STIG_stigrule_254462_Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers_ValueData: '0'
win2022STIG_stigrule_254462_Microsoft_network_client_Send_unencrypted_password_to_third_party_SMB_servers_ValueType: 'Dword'
# R-254463 WN22-SO-000190
win2022STIG_stigrule_254463_Manage: True
win2022STIG_stigrule_254463_Microsoft_network_server_Digitally_sign_communications_always_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\'
win2022STIG_stigrule_254463_Microsoft_network_server_Digitally_sign_communications_always_State: 'Present'
win2022STIG_stigrule_254463_Microsoft_network_server_Digitally_sign_communications_always_ValueData: '1'
win2022STIG_stigrule_254463_Microsoft_network_server_Digitally_sign_communications_always_ValueType: 'Dword'
# R-254464 WN22-SO-000200
win2022STIG_stigrule_254464_Manage: True
win2022STIG_stigrule_254464_Microsoft_network_server_Digitally_sign_communications_if_client_agrees_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\'
win2022STIG_stigrule_254464_Microsoft_network_server_Digitally_sign_communications_if_client_agrees_State: 'Present'
win2022STIG_stigrule_254464_Microsoft_network_server_Digitally_sign_communications_if_client_agrees_ValueData: '1'
win2022STIG_stigrule_254464_Microsoft_network_server_Digitally_sign_communications_if_client_agrees_ValueType: 'Dword'
# R-254465 WN22-SO-000210
win2022STIG_stigrule_254465_Manage: False
win2022STIG_stigrule_254465_Network_access_Allow_anonymous_SID_Name_translation_ValueData: '0'
# R-254466 WN22-SO-000220
win2022STIG_stigrule_254466_Manage: True
win2022STIG_stigrule_254466_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\'
win2022STIG_stigrule_254466_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_State: 'Present'
win2022STIG_stigrule_254466_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_ValueData: '1'
win2022STIG_stigrule_254466_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_ValueType: 'Dword'
# R-254467 WN22-SO-000230
win2022STIG_stigrule_254467_Manage: True
win2022STIG_stigrule_254467_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\'
win2022STIG_stigrule_254467_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares_State: 'Present'
win2022STIG_stigrule_254467_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares_ValueData: '1'
win2022STIG_stigrule_254467_Network_access_Do_not_allow_anonymous_enumeration_of_SAM_accounts_and_shares_ValueType: 'Dword'
# R-254468 WN22-SO-000240
win2022STIG_stigrule_254468_Manage: True
win2022STIG_stigrule_254468_Network_access_Let_Everyone_permissions_apply_to_anonymous_users_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\'
win2022STIG_stigrule_254468_Network_access_Let_Everyone_permissions_apply_to_anonymous_users_State: 'Present'
win2022STIG_stigrule_254468_Network_access_Let_Everyone_permissions_apply_to_anonymous_users_ValueData: '0'
win2022STIG_stigrule_254468_Network_access_Let_Everyone_permissions_apply_to_anonymous_users_ValueType: 'Dword'
# R-254469 WN22-SO-000250
win2022STIG_stigrule_254469_Manage: True
win2022STIG_stigrule_254469_Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\'
win2022STIG_stigrule_254469_Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares_State: 'Present'
win2022STIG_stigrule_254469_Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares_ValueData: '1'
win2022STIG_stigrule_254469_Network_access_Restrict_anonymous_access_to_Named_Pipes_and_Shares_ValueType: 'Dword'
# R-254470 WN22-SO-000260
win2022STIG_stigrule_254470_Manage: True
win2022STIG_stigrule_254470_Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\'
win2022STIG_stigrule_254470_Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM_State: 'Present'
win2022STIG_stigrule_254470_Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM_ValueData: '1'
win2022STIG_stigrule_254470_Network_security_Allow_Local_System_to_use_computer_identity_for_NTLM_ValueType: 'Dword'
# R-254471 WN22-SO-000270
win2022STIG_stigrule_254471_Manage: True
win2022STIG_stigrule_254471_Network_security_Allow_LocalSystem_NULL_session_fallback_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\MSV1_0\'
win2022STIG_stigrule_254471_Network_security_Allow_LocalSystem_NULL_session_fallback_State: 'Present'
win2022STIG_stigrule_254471_Network_security_Allow_LocalSystem_NULL_session_fallback_ValueData: '0'
win2022STIG_stigrule_254471_Network_security_Allow_LocalSystem_NULL_session_fallback_ValueType: 'Dword'
# R-254472 WN22-SO-000280
win2022STIG_stigrule_254472_Manage: True
win2022STIG_stigrule_254472_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\pku2u\'
win2022STIG_stigrule_254472_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_State: 'Present'
win2022STIG_stigrule_254472_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_ValueData: '0'
win2022STIG_stigrule_254472_Network_Security_Allow_PKU2U_authentication_requests_to_this_computer_to_use_online_identities_ValueType: 'Dword'
# R-254474 WN22-SO-000300
win2022STIG_stigrule_254474_Manage: True
win2022STIG_stigrule_254474_Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\'
win2022STIG_stigrule_254474_Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change_State: 'Present'
win2022STIG_stigrule_254474_Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change_ValueData: '1'
win2022STIG_stigrule_254474_Network_security_Do_not_store_LAN_Manager_hash_value_on_next_password_change_ValueType: 'Dword'
# R-254475 WN22-SO-000310
win2022STIG_stigrule_254475_Manage: True
win2022STIG_stigrule_254475_Network_security_LAN_Manager_authentication_level_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\LSA\'
win2022STIG_stigrule_254475_Network_security_LAN_Manager_authentication_level_State: 'Present'
win2022STIG_stigrule_254475_Network_security_LAN_Manager_authentication_level_ValueData: '5'
win2022STIG_stigrule_254475_Network_security_LAN_Manager_authentication_level_ValueType: 'Dword'
# R-254476 WN22-SO-000320
win2022STIG_stigrule_254476_Manage: True
win2022STIG_stigrule_254476_Network_security_LDAP_client_signing_requirements_Key: 'HKLM:\SYSTEM\CurrentControlSet\Services\LDAP\'
win2022STIG_stigrule_254476_Network_security_LDAP_client_signing_requirements_State: 'Present'
win2022STIG_stigrule_254476_Network_security_LDAP_client_signing_requirements_ValueData: '1'
win2022STIG_stigrule_254476_Network_security_LDAP_client_signing_requirements_ValueType: 'Dword'
# R-254477 WN22-SO-000330
win2022STIG_stigrule_254477_Manage: True
win2022STIG_stigrule_254477_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\'
win2022STIG_stigrule_254477_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients_State: 'Present'
win2022STIG_stigrule_254477_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients_ValueData: '537395200'
win2022STIG_stigrule_254477_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_clients_ValueType: 'Dword'
# R-254478 WN22-SO-000340
win2022STIG_stigrule_254478_Manage: True
win2022STIG_stigrule_254478_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\'
win2022STIG_stigrule_254478_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers_State: 'Present'
win2022STIG_stigrule_254478_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers_ValueData: '537395200'
win2022STIG_stigrule_254478_Network_security_Minimum_session_security_for_NTLM_SSP_based_including_secure_RPC_servers_ValueType: 'Dword'
# R-254479 WN22-SO-000350
win2022STIG_stigrule_254479_Manage: True
win2022STIG_stigrule_254479_System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer_Key: 'HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\'
win2022STIG_stigrule_254479_System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer_State: 'Present'
win2022STIG_stigrule_254479_System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer_ValueData: '2'
win2022STIG_stigrule_254479_System_cryptography_Force_strong_key_protection_for_user_keys_stored_on_the_computer_ValueType: 'Dword'
# R-254480 WN22-SO-000360
win2022STIG_stigrule_254480_Manage: True
win2022STIG_stigrule_254480_System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\'
win2022STIG_stigrule_254480_System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing_State: 'Present'
win2022STIG_stigrule_254480_System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing_ValueData: '1'
win2022STIG_stigrule_254480_System_cryptography_Use_FIPS_compliant_algorithms_for_encryption_hashing_and_signing_ValueType: 'Dword'
# R-254481 WN22-SO-000370
win2022STIG_stigrule_254481_Manage: True
win2022STIG_stigrule_254481_System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links_Key: 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\'
win2022STIG_stigrule_254481_System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links_State: 'Present'
win2022STIG_stigrule_254481_System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links_ValueData: '1'
win2022STIG_stigrule_254481_System_objects_Strengthen_default_permissions_of_internal_system_objects_eg_Symbolic_Links_ValueType: 'Dword'
# R-254482 WN22-SO-000380
win2022STIG_stigrule_254482_Manage: True
win2022STIG_stigrule_254482_User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
win2022STIG_stigrule_254482_User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account_State: 'Present'
win2022STIG_stigrule_254482_User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account_ValueData: '1'
win2022STIG_stigrule_254482_User_Account_Control_Admin_Approval_Mode_for_the_Built_in_Administrator_account_ValueType: 'Dword'
# R-254483 WN22-SO-000390
win2022STIG_stigrule_254483_Manage: True
win2022STIG_stigrule_254483_User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
win2022STIG_stigrule_254483_User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_State: 'Present'
win2022STIG_stigrule_254483_User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_ValueData: '0'
win2022STIG_stigrule_254483_User_Account_Control_Allow_UIAccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_ValueType: 'Dword'
# R-254484 WN22-SO-000400
win2022STIG_stigrule_254484_Manage: True
win2022STIG_stigrule_254484_User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
win2022STIG_stigrule_254484_User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode_State: 'Present'
win2022STIG_stigrule_254484_User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode_ValueData: '2'
win2022STIG_stigrule_254484_User_Account_Control_Behavior_of_the_elevation_prompt_for_administrators_in_Admin_Approval_Mode_ValueType: 'Dword'
# R-254485 WN22-SO-000410
win2022STIG_stigrule_254485_Manage: True
win2022STIG_stigrule_254485_User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
win2022STIG_stigrule_254485_User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users_State: 'Present'
win2022STIG_stigrule_254485_User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users_ValueData: '0'
win2022STIG_stigrule_254485_User_Account_Control_Behavior_of_the_elevation_prompt_for_standard_users_ValueType: 'Dword'
# R-254486 WN22-SO-000420
win2022STIG_stigrule_254486_Manage: True
win2022STIG_stigrule_254486_User_Account_Control_Detect_application_installations_and_prompt_for_elevation_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
win2022STIG_stigrule_254486_User_Account_Control_Detect_application_installations_and_prompt_for_elevation_State: 'Present'
win2022STIG_stigrule_254486_User_Account_Control_Detect_application_installations_and_prompt_for_elevation_ValueData: '1'
win2022STIG_stigrule_254486_User_Account_Control_Detect_application_installations_and_prompt_for_elevation_ValueType: 'Dword'
# R-254487 WN22-SO-000430
win2022STIG_stigrule_254487_Manage: True
win2022STIG_stigrule_254487_User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
win2022STIG_stigrule_254487_User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations_State: 'Present'
win2022STIG_stigrule_254487_User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations_ValueData: '1'
win2022STIG_stigrule_254487_User_Account_Control_Only_elevate_UIAccess_applications_that_are_installed_in_secure_locations_ValueType: 'Dword'
# R-254488 WN22-SO-000440
win2022STIG_stigrule_254488_Manage: True
win2022STIG_stigrule_254488_User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
win2022STIG_stigrule_254488_User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode_State: 'Present'
win2022STIG_stigrule_254488_User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode_ValueData: '1'
win2022STIG_stigrule_254488_User_Account_Control_Run_all_administrators_in_Admin_Approval_Mode_ValueType: 'Dword'
# R-254489 WN22-SO-000450
win2022STIG_stigrule_254489_Manage: True
win2022STIG_stigrule_254489_User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\'
win2022STIG_stigrule_254489_User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations_State: 'Present'
win2022STIG_stigrule_254489_User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations_ValueData: '1'
win2022STIG_stigrule_254489_User_Account_Control_Virtualize_file_and_registry_write_failures_to_per_user_locations_ValueType: 'Dword'
# R-254490 WN22-UC-000010
win2022STIG_stigrule_254490_Manage: True
win2022STIG_stigrule_254490_SaveZoneInformation_Key: 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments\'
win2022STIG_stigrule_254490_SaveZoneInformation_State: 'Present'
win2022STIG_stigrule_254490_SaveZoneInformation_ValueData: '2'
win2022STIG_stigrule_254490_SaveZoneInformation_ValueType: 'Dword'
# R-254491 WN22-UR-000010
win2022STIG_stigrule_254491_Manage: True
win2022STIG_stigrule_254491_SeTrustedCredManAccessPrivilege_Users: []
# R-254492 WN22-UR-000020
win2022STIG_stigrule_254492_Manage: True
win2022STIG_stigrule_254492_SeTcbPrivilege_Users: []
# R-254493 WN22-UR-000030
win2022STIG_stigrule_254493_Manage: True
win2022STIG_stigrule_254493_SeInteractiveLogonRight_Users: ['Administrators']
# R-254494 WN22-UR-000040
win2022STIG_stigrule_254494_Manage: True
win2022STIG_stigrule_254494_SeBackupPrivilege_Users: ['Administrators']
# R-254495 WN22-UR-000050
win2022STIG_stigrule_254495_Manage: True
win2022STIG_stigrule_254495_SeCreatePagefilePrivilege_Users: ['Administrators']
# R-254496 WN22-UR-000060
win2022STIG_stigrule_254496_Manage: True
win2022STIG_stigrule_254496_SeCreateTokenPrivilege_Users: []
# R-254497 WN22-UR-000070
win2022STIG_stigrule_254497_Manage: True
win2022STIG_stigrule_254497_SeCreateGlobalPrivilege_Users: ['Administrators','Service','Local Service','Network Service']
# R-254498 WN22-UR-000080
win2022STIG_stigrule_254498_Manage: True
win2022STIG_stigrule_254498_SeCreatePermanentPrivilege_Users: []
# R-254499 WN22-UR-000090
win2022STIG_stigrule_254499_Manage: True
win2022STIG_stigrule_254499_SeCreateSymbolicLinkPrivilege_Users: ['Administrators']
# R-254500 WN22-UR-000100
win2022STIG_stigrule_254500_Manage: True
win2022STIG_stigrule_254500_SeDebugPrivilege_Users: ['Administrators']
# R-254501 WN22-UR-000110
win2022STIG_stigrule_254501_Manage: True
win2022STIG_stigrule_254501_SeRemoteShutdownPrivilege_Users: ['Administrators']
# R-254502 WN22-UR-000120
win2022STIG_stigrule_254502_Manage: True
win2022STIG_stigrule_254502_SeAuditPrivilege_Users: ['Local Service','Network Service']
# R-254503 WN22-UR-000130
win2022STIG_stigrule_254503_Manage: True
win2022STIG_stigrule_254503_SeImpersonatePrivilege_Users: ['Administrators','Service','Local Service','Network Service']
# R-254504 WN22-UR-000140
win2022STIG_stigrule_254504_Manage: True
win2022STIG_stigrule_254504_SeIncreaseBasePriorityPrivilege_Users: ['Administrators']
# R-254505 WN22-UR-000150
win2022STIG_stigrule_254505_Manage: True
win2022STIG_stigrule_254505_SeLoadDriverPrivilege_Users: ['Administrators']
# R-254506 WN22-UR-000160
win2022STIG_stigrule_254506_Manage: True
win2022STIG_stigrule_254506_SeLockMemoryPrivilege_Users: []
# R-254507 WN22-UR-000170
win2022STIG_stigrule_254507_Manage: True
win2022STIG_stigrule_254507_SeSecurityPrivilege_Users: ['Administrators']
# R-254508 WN22-UR-000180
win2022STIG_stigrule_254508_Manage: True
win2022STIG_stigrule_254508_SeSystemEnvironmentPrivilege_Users: ['Administrators']
# R-254509 WN22-UR-000190
win2022STIG_stigrule_254509_Manage: True
win2022STIG_stigrule_254509_SeManageVolumePrivilege_Users: ['Administrators']
# R-254510 WN22-UR-000200
win2022STIG_stigrule_254510_Manage: True
win2022STIG_stigrule_254510_SeProfileSingleProcessPrivilege_Users: ['Administrators']
# R-254511 WN22-UR-000210
win2022STIG_stigrule_254511_Manage: True
win2022STIG_stigrule_254511_SeRestorePrivilege_Users: ['Administrators']
# R-254512 WN22-UR-000220
win2022STIG_stigrule_254512_Manage: True
win2022STIG_stigrule_254512_SeTakeOwnershipPrivilege_Users: ['Administrators']

5488
collections/ansible_collections/demo/compliance/roles/win2022STIG/files/U_MS_Windows_Server_2022_STIG_V1R1_Manual-xccdf.xml Normal file
View File

File diff suppressed because one or more lines are too long

0
collections/ansible_collections/demo/compliance/roles/win2022STIG/handlers/main.yml Normal file
View File

1648
collections/ansible_collections/demo/compliance/roles/win2022STIG/tasks/main.yml Normal file
View File

File diff suppressed because it is too large Load Diff

4
linux/compliance.yml
View File

@@ -10,6 +10,6 @@
ansible.builtin.assert:
that: "ansible_os_family == 'RedHat'"
- name: Run compliance profile
- name: Run Compliance Profile
ansible.builtin.include_role:
name: "redhatofficial.rhel{{ ansible_distribution_major_version }}_{{ compliance_profile }}"
name: "demo.compliance.rhel{{ ansible_distribution_major_version }}STIG"

8
linux/setup.yml
View File

@@ -337,7 +337,7 @@ controller_templates:
- full
required: true
- name: "LINUX / Compliance Enforce"
- name: "LINUX / DISA STIG"
job_type: run
inventory: "Workshop Inventory"
project: "Ansible official demo project"
@@ -358,12 +358,6 @@ controller_templates:
type: text
variable: _hosts
required: true
- question_name: Compliance Profile
type: multiplechoice
variable: compliance_profile
required: true
choices:
- stig
- name: "LINUX / Insights Compliance Scan"
job_type: run

8
network/compliance.yml Normal file
View File

@@ -0,0 +1,8 @@
---
- name: IOS XE Compliance
hosts: "{{ _hosts | default('ios') }}"
vars:
ignore_all_errors: false
ansible_command_timeout: 60
roles:
- demo.compliance.iosxeSTIG

13
network/setup.yml
View File

@@ -104,3 +104,16 @@ controller_templates:
- sandbox-iosxr-1.cisco.com
- sandbox-nxos-1.cisco.com
- routers
- name: "NETWORK / DISA STIG"
job_type: check
organization: Default
inventory: Network Inventory
project: "Ansible official demo project"
playbook: "network/compliance.yml"
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
use_fact_cache: true
ask_job_type_on_launch: true
survey_enabled: true

6
roles/requirements.yml
View File

@@ -1,6 +0,0 @@
---
roles:
- name: redhatofficial.rhel7_stig
version: 0.1.61
- name: redhatofficial.rhel8_stig
version: 0.1.60

11
windows/compliance.yml Normal file
View File

@@ -0,0 +1,11 @@
---
- name: STIG a Windows 2022 Server
hosts: "{{ HOSTS | default('os_windows') }}"
vars:
win2022STIG_stigrule_254269_Manage: false # noqa var-naming
win2022STIG_stigrule_254276_Manage: false # noqa var-naming
tasks:
- name: Include win2022STIG role
ansible.builtin.include_role:
name: demo.compliance.win2022STIG

20
windows/setup.yml
View File

@@ -265,3 +265,23 @@ controller_templates:
variable: telephone_number
default: 555-123456
required: false
- name: "WINDOWS / DISA STIG"
job_type: run
inventory: "Workshop Inventory"
project: "Ansible official demo project"
playbook: "windows/compliance.yml"
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- "Workshop Credential"
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Server Name or Pattern
type: text
variable: HOSTS
required: false