From 684d244c5010e9ce12daca38c86e89759cc0ba67 Mon Sep 17 00:00:00 2001 From: Gabriel Gendron Date: Mon, 18 Mar 2024 14:51:56 +0100 Subject: [PATCH] add checks --- setup.py | 47 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 2994711..5375073 100644 --- a/setup.py +++ b/setup.py @@ -21,7 +21,7 @@ def install(): #CIS-15508 - Reset lockout counter after run("net accounts /lockoutwindow:15") #CIS-15509 - Administrator account status disabled (fr) - run("net user administrateur /active:no") + #run("net user administrateur /active:no") #CIS-15510 - 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'. registry_set(HKEY_LOCAL_MACHINE, r"Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoConnectedUser","3") #CIS-15511 - Guest account status disabled (fr) @@ -193,6 +193,51 @@ def install(): registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\RemoteRegistry", "Start","4") #CIS - Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled'. registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\RemoteAccess", "Start","4") + #CIS - Ensure 'Server (LanmanServer)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\LanmanServer", "Start","4") + #CIS - Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Disabled' or 'Not Installed'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\simptcp", "Start","4") + #CIS - Ensure 'SNMP Service (SNMP)' is set to 'Disabled' or 'Not Installed'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\SNMP", "Start","4") + #CIS - Ensure 'Special Administration Console Helper (sacsvr)' is set to 'Disabled' or 'Not Installed'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\sacsvr", "Start","4") + #CIS - Ensure 'SSDP Discovery (SSDPSRV)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\SSDPSRV", "Start","4") + #CIS - Ensure 'UPnP Device Host (upnphost)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\upnphost", "Start","4") + #CIS - Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\WMSvc", "Start","4") + + + + #CIS - Ensure 'Windows Error Reporting Service (WerSvc)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\WerSvc", "Start","4") + #CIS - Ensure 'Windows Event Collector (Wecsvc)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\Wecsvc", "Start","4") + #CIS - Ensure 'Windows Media Player Network Sharing Service (WMPNetworkSvc)' is set to 'Disabled' or 'Not Installed'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\WMPNetworkSvc", "Start","4") + #CIS - Ensure 'Windows Mobile Hotspot Service (icssvc)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\icssvc", "Start","4") + #CIS - Ensure 'Windows Push Notifications System Service (WpnService)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\WpnService", "Start","4") + #CIS - Ensure 'Windows PushToInstall Service (PushToInstall)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\PushToInstall", "Start","4") + #CIS - Ensure 'Windows Remote Management (WS-Management) (WinRM)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\WinRM", "Start","4") + + #CIS - Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\W3SVC", "Start","4") + #CIS - Ensure 'Xbox Accessory Management Service (XboxGipSvc)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\XboxGipSvc", "Start","4") + #CIS - Ensure 'Xbox Live Auth Manager (XblAuthManager)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\XblAuthManager", "Start","4") + #CIS - Ensure 'Xbox Live Game Save (XblGameSave)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\XblGameSave", "Start","4") + #CIS - Ensure 'Xbox Live Networking Service (XboxNetApiSvc)' is set to 'Disabled'. + registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\XboxNetApiSvc", "Start","4") + + +