Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cloud Based Detection should only apply to Azure VMs #58

Open
mfortin opened this issue Jun 8, 2024 · 0 comments
Open

Cloud Based Detection should only apply to Azure VMs #58

mfortin opened this issue Jun 8, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@mfortin
Copy link
Contributor

mfortin commented Jun 8, 2024

Describe the Issue
Controls WN19-AC-000010, WN19-AC-000020, and WN19-AC-000030 need to be in a different order for cloud based systems (AWS, Azure, etc.) vs non-cloud systems (VMWare, VirtualBox, etc.)
This only seems to be true for Azure as, with AWS, there is an error reported.

Expected Behavior
No failures.

Actual Behavior

TASK [Windows-2019-STIG : MEDIUM | WN19-AC-000010 | PATCH | Windows Server 2019 account lockout duration must be configured to 15 minutes or greater. | Apply Variable.] ***
 fatal: [10.0.0.100]: FAILED! => changed=true
  import_log: |-
    Completed 1 percent (0/63)      Process Privilege Rights area
    amazon-ebs.windows:
    Completed 3 percent (1/63)      Process Privilege Rights area
    amazon-ebs.windows:
    Completed 4 percent (2/63)      Process Privilege Rights area
    amazon-ebs.windows:
    Completed 6 percent (3/63)      Process Privilege Rights area
    amazon-ebs.windows:
    Completed 7 percent (4/63)      Process Privilege Rights area
    amazon-ebs.windows:
    Completed 9 percent (5/63)      Process Privilege Rights area
    amazon-ebs.windows:
    Completed 11 percent (6/63)     Process Privilege Rights area
    amazon-ebs.windows:
    Completed 12 percent (7/63)     Process Privilege Rights area
    amazon-ebs.windows:
    Completed 14 percent (8/63)     Process Privilege Rights area
    amazon-ebs.windows:
    Completed 15 percent (9/63)     Process Privilege Rights area
    amazon-ebs.windows:
    Completed 17 percent (10/63)    Process Privilege Rights area
    amazon-ebs.windows:
    Completed 19 percent (11/63)    Process Privilege Rights area
    amazon-ebs.windows:
    Completed 20 percent (12/63)    Process Privilege Rights area
    amazon-ebs.windows:
    Completed 22 percent (13/63)    Process Privilege Rights area
    amazon-ebs.windows:
    Completed 23 percent (14/63)    Process Privilege Rights area
    amazon-ebs.windows:
    Completed 25 percent (15/63)    Process Privilege Rights area
    amazon-ebs.windows:
    Completed 25 percent (15/63)    Process Group Membership area
    amazon-ebs.windows:
    Completed 49 percent (30/63)    Process Group Membership area
    amazon-ebs.windows:
    Completed 49 percent (30/63)    Process Registry Keys area
    amazon-ebs.windows:
    Completed 49 percent (30/63)    Process File Security area
    amazon-ebs.windows:
    Completed 49 percent (30/63)    Process Services area
    amazon-ebs.windows:
    Completed 65 percent (40/63)    Process Services area
    amazon-ebs.windows:
    Completed 73 percent (45/63)    Process Services area
    amazon-ebs.windows:
    Completed 73 percent (45/63)    Process Security Policy area
    amazon-ebs.windows:
    Completed 77 percent (48/63)    Process Security Policy area
    amazon-ebs.windows:
    Completed 84 percent (52/63)    Process Security Policy area
    amazon-ebs.windows:
    Completed 88 percent (55/63)    Process Security Policy area
    amazon-ebs.windows:
    Completed 93 percent (58/63)    Process Security Policy area
    amazon-ebs.windows:
    Completed 100 percent (63/63)   Process Security Policy area
    amazon-ebs.windows:
    amazon-ebs.windows:
    The parameter is incorrect.
    amazon-ebs.windows:
    The task has completed with an error.
  key: LockoutDuration
  msg: Failed to import secedit.ini file from C:\Users\Administrator\AppData\Local\Temp\tmpBFA.tmp
  rc: 1
  section: System Access
  stderr: null
  stderr_lines: 
  stdout: ''
  stdout_lines: 
  value: 15

Control(s) Affected

  • WN19-AC-000010
  • WN19-AC-000020
  • WN19-AC-000030

Environment (please complete the following information):

  • branch being used: devel
  • Ansible Version: 2.16
  • Host Python Version: Python 3.7
  • Ansible Server Python Version: Python 3.7
  • Additional Details:

Additional Notes
Anything additional goes here

Possible Solution
Only detect Azure VMs

@mfortin mfortin added the bug Something isn't working label Jun 8, 2024
mfortin added a commit to mfortin/Windows-2019-STIG that referenced this issue Jun 8, 2024
Signed-off-by: fortinm <mathieu.fortin@autodesk.com>
mfortin added a commit to mfortin/Windows-2019-STIG that referenced this issue Jun 8, 2024
Signed-off-by: fortinm <mathieu.fortin@autodesk.com>
mfortin added a commit to mfortin/Windows-2019-STIG that referenced this issue Jun 9, 2024
Signed-off-by: fortinm <mathieu.fortin@autodesk.com>
frederickw082922 added a commit that referenced this issue Jun 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

1 participant