add checks
This commit is contained in:
47
setup.py
47
setup.py
@@ -21,7 +21,7 @@ def install():
|
|||||||
#CIS-15508 - Reset lockout counter after
|
#CIS-15508 - Reset lockout counter after
|
||||||
run("net accounts /lockoutwindow:15")
|
run("net accounts /lockoutwindow:15")
|
||||||
#CIS-15509 - Administrator account status disabled (fr)
|
#CIS-15509 - Administrator account status disabled (fr)
|
||||||
run("net user administrateur /active:no")
|
#run("net user administrateur /active:no")
|
||||||
#CIS-15510 - 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'.
|
#CIS-15510 - 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'.
|
||||||
registry_set(HKEY_LOCAL_MACHINE, r"Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoConnectedUser","3")
|
registry_set(HKEY_LOCAL_MACHINE, r"Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoConnectedUser","3")
|
||||||
#CIS-15511 - Guest account status disabled (fr)
|
#CIS-15511 - Guest account status disabled (fr)
|
||||||
@@ -193,6 +193,51 @@ def install():
|
|||||||
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\RemoteRegistry", "Start","4")
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\RemoteRegistry", "Start","4")
|
||||||
#CIS - Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled'.
|
#CIS - Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled'.
|
||||||
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\RemoteAccess", "Start","4")
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\RemoteAccess", "Start","4")
|
||||||
|
#CIS - Ensure 'Server (LanmanServer)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\LanmanServer", "Start","4")
|
||||||
|
#CIS - Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Disabled' or 'Not Installed'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\simptcp", "Start","4")
|
||||||
|
#CIS - Ensure 'SNMP Service (SNMP)' is set to 'Disabled' or 'Not Installed'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\SNMP", "Start","4")
|
||||||
|
#CIS - Ensure 'Special Administration Console Helper (sacsvr)' is set to 'Disabled' or 'Not Installed'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\sacsvr", "Start","4")
|
||||||
|
#CIS - Ensure 'SSDP Discovery (SSDPSRV)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\SSDPSRV", "Start","4")
|
||||||
|
#CIS - Ensure 'UPnP Device Host (upnphost)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\upnphost", "Start","4")
|
||||||
|
#CIS - Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\WMSvc", "Start","4")
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#CIS - Ensure 'Windows Error Reporting Service (WerSvc)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\WerSvc", "Start","4")
|
||||||
|
#CIS - Ensure 'Windows Event Collector (Wecsvc)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\Wecsvc", "Start","4")
|
||||||
|
#CIS - Ensure 'Windows Media Player Network Sharing Service (WMPNetworkSvc)' is set to 'Disabled' or 'Not Installed'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\WMPNetworkSvc", "Start","4")
|
||||||
|
#CIS - Ensure 'Windows Mobile Hotspot Service (icssvc)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\icssvc", "Start","4")
|
||||||
|
#CIS - Ensure 'Windows Push Notifications System Service (WpnService)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\WpnService", "Start","4")
|
||||||
|
#CIS - Ensure 'Windows PushToInstall Service (PushToInstall)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\PushToInstall", "Start","4")
|
||||||
|
#CIS - Ensure 'Windows Remote Management (WS-Management) (WinRM)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\WinRM", "Start","4")
|
||||||
|
|
||||||
|
#CIS - Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\W3SVC", "Start","4")
|
||||||
|
#CIS - Ensure 'Xbox Accessory Management Service (XboxGipSvc)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\XboxGipSvc", "Start","4")
|
||||||
|
#CIS - Ensure 'Xbox Live Auth Manager (XblAuthManager)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\XblAuthManager", "Start","4")
|
||||||
|
#CIS - Ensure 'Xbox Live Game Save (XblGameSave)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\XblGameSave", "Start","4")
|
||||||
|
#CIS - Ensure 'Xbox Live Networking Service (XboxNetApiSvc)' is set to 'Disabled'.
|
||||||
|
registry_set(HKEY_LOCAL_MACHINE, r"SYSTEM\CurrentControlSet\Services\XboxNetApiSvc", "Start","4")
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user