packages/CIS-Hardening
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chanfge

Browse Source
This commit is contained in:
Gabriel Gendron
2024-03-18 16:17:47 +01:00
parent d277212a74
commit 4393958b88
4 changed files with 23 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
WAPT/control
View File

@@ -1,5 +1,5 @@
package : comi-hardening package : comi-hardening
version : 1.0-6 version : 1.0-7
architecture : all architecture : all
section : base section : base
priority : optional priority : optional
@@ -29,7 +29,7 @@ editor :
keywords : keywords :
licence : licence :
homepage : homepage :
package_uuid : 586628a4-9be6-4b2c-8b69-53ef9ba5d87a package_uuid : 6eb2d073-c14b-4089-87a7-03acb5c6040f
valid_from : valid_from :
valid_until : valid_until :
forced_install_on : forced_install_on :
@@ -39,6 +39,6 @@ max_os_version :
icon_sha256sum : 0c223120ac1a6e4cd0d0abe04cd831c7d4a4c2661947e758c0f703b656933d9a icon_sha256sum : 0c223120ac1a6e4cd0d0abe04cd831c7d4a4c2661947e758c0f703b656933d9a
signer : ggendron_pem signer : ggendron_pem
signer_fingerprint: 244cdf15fa2ea3ead58e4abf232fdf9a30a8a28a798677f71d6a3e76e65f9003 signer_fingerprint: 244cdf15fa2ea3ead58e4abf232fdf9a30a8a28a798677f71d6a3e76e65f9003
signature_date : 2024-03-18T15:04:14.000000 signature_date : 2024-03-18T15:15:42.000000
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes
signature : StcNfPzYMZ5R2+fCpp6bNChK2B3zc4Zs/9aKRW64eUexiBRFDNDvbaCYnWWps46nRl6oKyJtnknf8e/Y03mQceLaa/kJ4KnAlGdimNl89H8x2EujG74fxCGJZBFMqF7dLN9yaDuktyikux6rLMSYXVfybdzjSyPIvCFiJYeN8t4GhfT0il0pqSlsGgnvC4MpVMbodtxKYPqdNOzIxxrvnv4MNKqAMnaVUpwdrjan82ip3bg0s/t7JKb5Lp744lyzoxLkhSsL272s8Gi6tGd4uljcFg+5sHsxa7taXsQgj1O5CdTa6FX7lVtOG9i1B7WMtbcMggnhdFdd525aD22yaA== signature : lasCdseEYD5bnMCf5kAmRytczGWQbKgudVVYErFJppdgdVqBBNxfJnRwiQquRb32mH4WDpEr4JAPVShlkQskL80uO2ffrVdSo4G1+kQvk4CDIvjd8+E6BpcswLIPhhSymPGO39lVYixKYLtH/eQPrH5mcxCw5eXFKIONJbGcvyvjQ8gn/3JmD1v2TrTgBzQKjoRyJQwlzmvdw8EPqk13SvcvEpvTxCA+oXMX3t2XYgo1JYjOIzOPG2TjaS41dqBpIkOLxKFGqyDhgdGLi9jfeOkKw/+qH+SAZRVt7TeGt/8DwO40XxMxfzJhQHvMmu3cpqC+stVMrOOk/o7h2wzKHg==

2
WAPT/manifest.sha256
View File

@@ -1 +1 @@
[[".env","720b2be3b2d977425b68892f478262e7d3f764ca56c86e4d6aa2f639ea3dd214"],[".vscode/launch.json","7185f7797616d2fefe06cdb959ccb08bf0f677287a21aacc3111a65d4f072584"],[".vscode/settings.json","c4ef3e7d26642471ae3a2faaa131a40791fda1542ede085de266c5144adb2a3c"],["README.CSV","22dd78a4853cb10c91896d896adb761a757f190e6dce0462ff3ed43cedb56237"],["WAPT/certificate.crt","68194bca04eef7aaf4dc3c3bd12b017a1263bb5fcc034919fc7edda0c62db266"],["WAPT/control","63170f3966865a4d2ade4a6ecfdd8ce9164aac80a60c8aa043d34350b6abd888"],["WAPT/icon.png","0c223120ac1a6e4cd0d0abe04cd831c7d4a4c2661947e758c0f703b656933d9a"],["WAPT/wapt.psproj","c6246be77fa0d87cb8860fc9de433dfc02b56edaaca368712d5b6267141eeee4"],["setup.py","0fc68a63eb37e66069639e9a0a0aae1bfa1f5c9ed6a16ce896f6390491a8624a"]] [[".env","720b2be3b2d977425b68892f478262e7d3f764ca56c86e4d6aa2f639ea3dd214"],[".vscode/launch.json","7185f7797616d2fefe06cdb959ccb08bf0f677287a21aacc3111a65d4f072584"],[".vscode/settings.json","c4ef3e7d26642471ae3a2faaa131a40791fda1542ede085de266c5144adb2a3c"],["README.CSV","22dd78a4853cb10c91896d896adb761a757f190e6dce0462ff3ed43cedb56237"],["WAPT/certificate.crt","68194bca04eef7aaf4dc3c3bd12b017a1263bb5fcc034919fc7edda0c62db266"],["WAPT/control","7c1b8cb5e1fe0aab59adb57eeabeb2b08ea026a1e7f6c1a7a5f61eea62e08fd5"],["WAPT/icon.png","0c223120ac1a6e4cd0d0abe04cd831c7d4a4c2661947e758c0f703b656933d9a"],["WAPT/wapt.psproj","c6246be77fa0d87cb8860fc9de433dfc02b56edaaca368712d5b6267141eeee4"],["setup.py","4c45462ddba2518ef82a8ecd513369742b6877f56a60030ea95061f39481381c"]]

2
WAPT/signature.sha256
View File

@@ -1 +1 @@
kHEp4QtH1TIKF0RGaBLj5hNbzqr3VcMOzLt1nB3EYtZY6DJpLTEHeXEl5+Eil+WnogLQcA5bBzhgZvO3ljq6z2fC46ZTW/HZvlLW7ork7i4hrGRynwsl7E56mfEenkjTJal1S6GBNtwnGDoVR5cybD78oPyDyBFWZbUZ3tZmD/5Kn8tKOQwKR3DkDcKtC1X2xlBWrcMG7uCXBbcl9zOiKCRSaKYXcodppuBsx9yJZiBlLeB1EftivaE0Z9tDno5e+/154kzsg4tPSA/CCgsavJYmqp14dp4kr3q6Gf8cM+ALgQ241mrefXUpxnxdWMknUVTIqa4MWt3Y6x/7Ppg6xg== OKv0SBcSlm/+xMmGfN64ii7htR87xTvbFkQkSdKfZoVcHoyFR1eDoJmjcYFQCkK20pZkYXN3mFUkQY4L96XP2K9kQTBImqdenb+aQ6aQRZdHLp0Qs7GX5J3nFEBIPFW3j+bHj4/K7xdLGRR7+atmtU/AWRxufovUOT31VW7irshQYXAPXFnvib+dGD/2GpZ6jggrK5CamgJmFL6bZqb7wESrQN183FSaAi73azOf5wlkh0+daKwLuhta64qbE76dyGIZRTMB4mJBk35mwPjaX2NDBa/VinhcCvtcavSQ5GDwYsqFlrMCrGh6XYL5GpUL+DMobACWHPPQg9ht556wJw==

34
setup.py
View File

@@ -247,23 +247,23 @@ def install():
#CIS - Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'. #CIS - Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'.
#run("netsh advfirewall set allprofiles settings notifications off") #run("netsh advfirewall set allprofiles settings notifications off")
#CIS - Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'. #CIS - Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'.
run(r'netsh advfirewall set domain logging filename "%SystemRoot%\System32\logfiles\firewall\domainfw.log"') # run(r'netsh advfirewall set domain logging filename "%SystemRoot%\System32\logfiles\firewall\domainfw.log"')
#CIS - Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'. # #CIS - Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'.
run(r'netsh advfirewall set private logging filename "%SystemRoot%\System32\logfiles\firewall\privatefw.log"') # run(r'netsh advfirewall set private logging filename "%SystemRoot%\System32\logfiles\firewall\privatefw.log"')
#CIS - Ensure 'Windows Firewall: public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'. # #CIS - Ensure 'Windows Firewall: public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'.
run(r'netsh advfirewall set public logging filename "%SystemRoot%\System32\logfiles\firewall\publicfw.log"') # run(r'netsh advfirewall set public logging filename "%SystemRoot%\System32\logfiles\firewall\publicfw.log"')
#CIS - Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'. # #CIS - Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'.
run('netsh advfirewall set allprofiles logging filename %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log allowedconnections 16384') # run('netsh advfirewall set allprofiles logging filename %SystemRoot%\System32\LogFiles\Firewall\pfirewall.log allowedconnections 16384')
#CIS - Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'. # #CIS - Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'.
run('netsh advfirewall set allprofiles logging droppedpackets enable') # run('netsh advfirewall set allprofiles logging droppedpackets enable')
#CIS - Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'. # #CIS - Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'.
registry_set(HKEY_LOCAL_MACHINE, r"Policies\Microsoft\WindowsFirewall\DomainProfile\Logging", "LogSuccessfulConnections","1") # registry_set(HKEY_LOCAL_MACHINE, r"Policies\Microsoft\WindowsFirewall\DomainProfile\Logging", "LogSuccessfulConnections","1")
#CIS - Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes'. # #CIS - Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes'.
registry_set(HKEY_LOCAL_MACHINE, r"Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging", "LogSuccessfulConnections","1") # registry_set(HKEY_LOCAL_MACHINE, r"Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging", "LogSuccessfulConnections","1")
#CIS - Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'. # #CIS - Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'.
registry_set(HKEY_LOCAL_MACHINE, r"Policies\Microsoft\WindowsFirewall\PublicProfile\Logging", "LogSuccessfulConnections","1") # registry_set(HKEY_LOCAL_MACHINE, r"Policies\Microsoft\WindowsFirewall\PublicProfile\Logging", "LogSuccessfulConnections","1")
#CIS - Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'. # #CIS - Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'.
run("netsh advfirewall set public settings localconsecrules enforce=no") # run("netsh advfirewall set public settings localconsecrules enforce=no")
#CIS - Ensure 'Audit Credential Validation' is set to 'Success and Failure'. #CIS - Ensure 'Audit Credential Validation' is set to 'Success and Failure'.
run('auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable') run('auditpol /set /subcategory:"Credential Validation" /success:enable /failure:enable')
# Ensure 'Audit Application Group Management' is set to 'Success and Failure'. # Ensure 'Audit Application Group Management' is set to 'Success and Failure'.