diff --git a/WAPT/control b/WAPT/control index c84ecdc..8437ebf 100644 --- a/WAPT/control +++ b/WAPT/control @@ -1,5 +1,5 @@ package : comi-hardening -version : 1.0-5 +version : 1.0-6 architecture : all section : base priority : optional @@ -29,7 +29,7 @@ editor : keywords : licence : homepage : -package_uuid : 1b55c367-39f8-4b2d-92a4-a36a70fcc28b +package_uuid : 586628a4-9be6-4b2c-8b69-53ef9ba5d87a valid_from : valid_until : forced_install_on : @@ -39,6 +39,6 @@ max_os_version : icon_sha256sum : 0c223120ac1a6e4cd0d0abe04cd831c7d4a4c2661947e758c0f703b656933d9a signer : ggendron_pem signer_fingerprint: 244cdf15fa2ea3ead58e4abf232fdf9a30a8a28a798677f71d6a3e76e65f9003 -signature_date : 2024-03-18T14:51:46.000000 +signature_date : 2024-03-18T15:04:14.000000 signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes -signature : PRu7i9MlIfT7VU6/xjZ1k4x6T/DXyc7dSM16FIk5GkjDqpEqzmZ1ucSUXCjx2dPPJVbr04NQJqT0Qc+TEUrJGgfyc2zhG/sY8qzteEafhtwO/wXpAAXek00ncj79Fa0PfitCGJoZxsEf/ZU8hBa33w/ygTDPutVL/hQ0FKDpYuANp1Bo/CfOqbW68tsdaxgX5zOWC5qM9CuHuWbIuI6pFWa2ODEU8d0nu4P6bWDLyOXoP2BLISw7PdnKk16JE2T7cQ1BCd7RRr7RntHJj9BGZ9CJBzasuQ9sR4T7ACkf+yD4+uSFdk8Xv6e0TmTf6/tYvg0sIiLM3CaRpVSOzVApGA== \ No newline at end of file +signature : StcNfPzYMZ5R2+fCpp6bNChK2B3zc4Zs/9aKRW64eUexiBRFDNDvbaCYnWWps46nRl6oKyJtnknf8e/Y03mQceLaa/kJ4KnAlGdimNl89H8x2EujG74fxCGJZBFMqF7dLN9yaDuktyikux6rLMSYXVfybdzjSyPIvCFiJYeN8t4GhfT0il0pqSlsGgnvC4MpVMbodtxKYPqdNOzIxxrvnv4MNKqAMnaVUpwdrjan82ip3bg0s/t7JKb5Lp744lyzoxLkhSsL272s8Gi6tGd4uljcFg+5sHsxa7taXsQgj1O5CdTa6FX7lVtOG9i1B7WMtbcMggnhdFdd525aD22yaA== \ No newline at end of file diff --git a/WAPT/manifest.sha256 b/WAPT/manifest.sha256 index 35eacc4..9f701b4 100644 --- a/WAPT/manifest.sha256 +++ b/WAPT/manifest.sha256 @@ -1 +1 @@ -[[".env","720b2be3b2d977425b68892f478262e7d3f764ca56c86e4d6aa2f639ea3dd214"],[".vscode/launch.json","7185f7797616d2fefe06cdb959ccb08bf0f677287a21aacc3111a65d4f072584"],[".vscode/settings.json","c4ef3e7d26642471ae3a2faaa131a40791fda1542ede085de266c5144adb2a3c"],["README.CSV","22dd78a4853cb10c91896d896adb761a757f190e6dce0462ff3ed43cedb56237"],["WAPT/certificate.crt","68194bca04eef7aaf4dc3c3bd12b017a1263bb5fcc034919fc7edda0c62db266"],["WAPT/control","00109f5ac0be7f7397f0f9f248408e03307c3a2950c2cfbc6e54cceea964b1c9"],["WAPT/icon.png","0c223120ac1a6e4cd0d0abe04cd831c7d4a4c2661947e758c0f703b656933d9a"],["WAPT/wapt.psproj","c6246be77fa0d87cb8860fc9de433dfc02b56edaaca368712d5b6267141eeee4"],["setup.py","5cec9433a44fb8bc2a4c68b613b628f040287667150f28ba749f2041ede0c8ee"]] \ No newline at end of file +[[".env","720b2be3b2d977425b68892f478262e7d3f764ca56c86e4d6aa2f639ea3dd214"],[".vscode/launch.json","7185f7797616d2fefe06cdb959ccb08bf0f677287a21aacc3111a65d4f072584"],[".vscode/settings.json","c4ef3e7d26642471ae3a2faaa131a40791fda1542ede085de266c5144adb2a3c"],["README.CSV","22dd78a4853cb10c91896d896adb761a757f190e6dce0462ff3ed43cedb56237"],["WAPT/certificate.crt","68194bca04eef7aaf4dc3c3bd12b017a1263bb5fcc034919fc7edda0c62db266"],["WAPT/control","63170f3966865a4d2ade4a6ecfdd8ce9164aac80a60c8aa043d34350b6abd888"],["WAPT/icon.png","0c223120ac1a6e4cd0d0abe04cd831c7d4a4c2661947e758c0f703b656933d9a"],["WAPT/wapt.psproj","c6246be77fa0d87cb8860fc9de433dfc02b56edaaca368712d5b6267141eeee4"],["setup.py","0fc68a63eb37e66069639e9a0a0aae1bfa1f5c9ed6a16ce896f6390491a8624a"]] \ No newline at end of file diff --git a/WAPT/signature.sha256 b/WAPT/signature.sha256 index b1092cd..3c5798d 100644 --- a/WAPT/signature.sha256 +++ b/WAPT/signature.sha256 @@ -1 +1 @@ -kme8NcsT03G19j7YWhQ/IZFcbZuxgAI9Tfs1dyQomNAN6vKyJSuKbrp/V5U0vtBFbFZVXheRoQ0Kdriy5oY0P28lK6ImVIjPeuFep4ZGFDNL89ZsFG3tEf9o5hOI1w13ut6oN4Kqqd4T/nn4QpAq4pPY9uIL5U6J2DNvpAVscsX2sUy2GVQSgom5py46+hXuz/p9MzIECwJUoACGVqrC8SrRohck3QEXu3cdL3BznjLy/VWbffNkG5UP3aPfogSqCDzTWzYwp12+tBeSEKG2HIyXkEmOZBwRm5TOpptkLzBJoyxicIIyYEUglFfKp9KUc+/53rkOLMEIASXmlFZyJg== \ No newline at end of file +kHEp4QtH1TIKF0RGaBLj5hNbzqr3VcMOzLt1nB3EYtZY6DJpLTEHeXEl5+Eil+WnogLQcA5bBzhgZvO3ljq6z2fC46ZTW/HZvlLW7ork7i4hrGRynwsl7E56mfEenkjTJal1S6GBNtwnGDoVR5cybD78oPyDyBFWZbUZ3tZmD/5Kn8tKOQwKR3DkDcKtC1X2xlBWrcMG7uCXBbcl9zOiKCRSaKYXcodppuBsx9yJZiBlLeB1EftivaE0Z9tDno5e+/154kzsg4tPSA/CCgsavJYmqp14dp4kr3q6Gf8cM+ALgQ241mrefXUpxnxdWMknUVTIqa4MWt3Y6x/7Ppg6xg== \ No newline at end of file diff --git a/setup.py b/setup.py index d94839e..c9bae2d 100644 --- a/setup.py +++ b/setup.py @@ -126,7 +126,8 @@ def install(): #CIS - Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'. registry_set(HKEY_LOCAL_MACHINE, r"System\CurrentControlSet\Control\Session Manager\Kernel", "ObCaseInsensitive","1") #CIS - Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'. - registry_set(HKEY_LOCAL_MACHINE, r"System\CurrentControlSet\Control\Session Manager", "ProtectionMode","1") + # registry_set(HKEY_LOCAL_MACHINE, r"System\CurrentControlSet\Control\Session Manager", "ProtectionMode","1") + registry_set(HKEY_LOCAL_MACHINE, r"System\CurrentControlSet\Control\Session Manager", "ProtectionMode","0") #CIS - Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'. registry_set(HKEY_LOCAL_MACHINE, r"Software\Microsoft\Windows\CurrentVersion\Policies\System", "FilterAdministratorToken","1") #CIS - Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation @@ -244,7 +245,7 @@ def install(): #CIS - Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'. run('netsh advfirewall firewall add rule name="BlockOutbound" dir=out action=allow') #CIS - Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'. - run("netsh advfirewall set allprofiles settings notifications off") + #run("netsh advfirewall set allprofiles settings notifications off") #CIS - Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'. run(r'netsh advfirewall set domain logging filename "%SystemRoot%\System32\logfiles\firewall\domainfw.log"') #CIS - Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log'.