Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create SCA Policy for Windows Server 2012 (non R2) #21794

Merged
merged 15 commits into from
Aug 21, 2024
Merged

Create SCA Policy for Windows Server 2012 (non R2) #21794

merged 15 commits into from
Aug 21, 2024

Conversation

jk-olaoluwa
Copy link
Member

@jk-olaoluwa jk-olaoluwa commented Feb 7, 2024
edited by ooniagbi
Loading

Component Action type Main Issue
SCA Create #18306

Main tasks

  • Use the latest CIS benchmark PDF from https://downloads.cisecurity.org/#/
  • Verify IDs numbers.
  • Verify texts are correct: Title, Description, Rationale and Remediation.
  • Verify Compliance: CIS, CIS_CSC.
  • Verify condtion and rules:
    • To Pass.
    • To Fail.

Checks

Syntax and semantic

  • a) ID of each policy must be contiguous.
  • b) The order and format set in Documentation must be respected.
  • c) YML must be valid to avoid errors.

Content

  • a) Compare each check with its analog from CIS Benchmark.
  • b) Try maintaining each rule as similar as possible with the Audit section from the CIS check.
  • c) Check that the commands provide the expected output.
  • d) When a failure is discovered, check similar policies to avoid repetition of the issue.

Unit testing

  • a) Output from agent.log after the SCA scan and a raw output of the result of the checks.
Tests results

Analysisd (server or local)

analysisd.debug=2

Auth daemon debug (server)

authd.debug=0

Exec daemon debug (server, local, or Unix agent)

execd.debug=0

Monitor daemon debug (server, local, or Unix agent)

monitord.debug=0

Log collector (server, local or Unix agent)

logcollector.debug=0

Integrator daemon debug (server, local or Unix agent)

integrator.debug=0

Unix agentd

agent.debug=2

Deployment

  • a) If the policy it's new, it must be added to the sca.files templates.
  • b) If the OS has many supported SCA policies, a policy must be set as the default policy. (as example)

Documentation

  •  a) Ensure documentation SCA list includes the created or updated SCA.

@jk-olaoluwa jk-olaoluwa mentioned this pull request Feb 7, 2024
Closed
18 tasks
@jk-olaoluwa jk-olaoluwa linked an issue Feb 15, 2024 that may be closed by this pull request
Create SCA Policy for Windows Server 2012 (non R2) #18535
Closed
18 tasks
@jk-olaoluwa jk-olaoluwa marked this pull request as ready for review March 19, 2024 09:20
@ooniagbi ooniagbi changed the base branch from 4.8.2 to 4.9.0 April 4, 2024 09:15
@IsExec IsExec changed the base branch from 4.9.0 to 4.10.0 August 1, 2024 23:59
@IsExec IsExec requested a review from ooniagbi August 1, 2024 23:59
@jk-olaoluwa jk-olaoluwa mentioned this pull request Aug 15, 2024
Closed
ooniagbi
ooniagbi previously approved these changes Aug 15, 2024
View reviewed changes
@ooniagbi ooniagbi merged commit de14271 into 4.10.0 Aug 21, 2024
28 of 29 checks passed
@ooniagbi ooniagbi deleted the 18535-create-sca-policy-for-windows-server-2012-non-r2 branch August 21, 2024 14:44
This was referenced Aug 21, 2024
Closed
Merged
@jk-olaoluwa jk-olaoluwa restored the 18535-create-sca-policy-for-windows-server-2012-non-r2 branch August 27, 2024 10:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ooniagbi ooniagbi ooniagbi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Create SCA Policy for Windows Server 2012 (non R2)
2 participants
@jk-olaoluwa @ooniagbi
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy