1b78af26b5
|
||
|---|---|---|
| .github | ||
| DSCResources | ||
| Module | ||
| StigData | ||
| Tests | ||
| Tools | ||
| .MetaTestOptIn.json | ||
| .NuspecFileList.json | ||
| .codecov.yml | ||
| .gitignore | ||
| CHANGELOG.md | ||
| LICENSE | ||
| PowerStig.Convert.psm1 | ||
| PowerStig.psd1 | ||
| PowerStig.psm1 | ||
| README.CONTRIBUTING.md | ||
| README.TESTGUIDELINES.md | ||
| README.md | ||
| appveyor.yml | ||
README.md
PowerSTIG
PowerStig is a PowerShell module that contains several components to automate different DISA Security Technical Implementation Guides (STIGs) where possible.
| Name | Description | Published to PS Gallery |
|---|---|---|
| PowerStig.Convert | Extract configuration objects from the xccdf | No |
| PowerStig.Data | A PowerShell class to access the PowerSTIG "database" | Yes |
| PowerStig.DSC | Compsite DSC resources to apply and/or audit STIG settings | Yes |
| PowerStig.Document | An experimental module to create prefilled out checklists | Yes |
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
| Branch | Status | Description |
|---|---|---|
| master | Ccontains the latest release - no contributions are made directly to this branch. | |
| dev | Where contributions should be proposed by contributors as pull requests. This branch is merged into the master branch, and be released to PowerShell Gallery. |
Released Module
To see the released PowerStig module, go to the PowerShell Gallery. We recommend that you use PowerShellGet to install PowerStig:
For example:
Install-Module -Name PowerStig -Scope CurrentUuer
Once PowerStig is installed, you can view the list of STIGs that are currently available. The Get-StigList function queries the StigData and returns a full list. This will give you an idea of what you can target in your environment.
Import-Module PowerStig
Get-StigList
To update a previously installed module use this command:
Update-Module -Name PowerStig
PowerStig.Convert
PowerStig.Convert is a utility module that we use to generate PowerStig XML to store in PowerStig.Data. The module uses PowerShell classes to extract settings from check-content elements of the xccdf. This nested module is NOT published to the PS Gallery. The extracted settings are converted into and new PowerStig XML schema. The XML file is saved into a processed StigData folder and released to the PS Gallery on a regular cadence.
For detailed information, please see the Convert Wiki
PowerStig.Data
PowerStig.Data is a module with PowerShell classes and a directory of PowerStig XML to provide a way of retrieving StigData and documenting deviations. The PowerStig.Data classes provide methods to:
- Override a setting defined in a STIG and automatically document the exception to policy
- Apply settings that have a valid range of values (Organizational Settings)
- Exclude a rule if it is already defined in another STIG (de-duplication) and automatically document the exception to policy
- Exclude an entire class of rules (intended for testing and integration) and automatically document the exception to policy
For detailed information, please see the StigData Wiki
PowerStig.DSC
PowerShell Desired State Configuration (DSC) composite resources to manage the configurable items. Each composite uses PowerStig.Data as it's data source. This allows exceptions, Org settings, and skips to be applied uniformly across all composite resources.
Composite Resources
| Name | Description |
|---|---|
| Browser | Provides a mechanism to manage Browser STIG settings. |
| DotNetFramework | Provides a mechanism to manage .Net Framework STIG settings. |
| SqlServer | Provides a mechanism to manage SqlServer STIG settings. |
| WindowsDnsServer | Provides a mechanism to manage Windows DNS Server STIG settings. |
| WindowsFirewall | Provides a mechanism to manage the Windows Firewall STIG settings. |
| WindowsServer | Provides a mechanism to manage the Windows Server STIG settings. |
For detailed information, please see the Composite Resources Wiki
PowerStig.Document
An Experimental module to create checklists and other types of documentation based on the results of the DSC compliance report. This module generates a checklist, but we are not 100% sure on the workflow, so we wanted to publish the idea and build on it.
For detailed information, please see the Document Wiki
Contributing
You are more than welcome to contribute to the development of PowerStig. There are several different ways you can help. You can create new convert modules, add test automation, improve documentation, fix existing issues, or open new ones. See our contributing guide for more info on how to become a contributor. If you would like to contribute to a Composite Resource, please check out common DSC Resources contributing guidelines.
Thank you to everyone that has reviewed the project and provided feedback through issues. We are especially thankful for those who have contributed pull requests to the code and documentation.
Contributors
- @athaynes (Adam Haynes)
- @bgouldman (Brian Gouldman)
- @camusicjunkie
- @chasewilson (Chase Wilson)
- @clcaldwell (Coby Caldwell)
- @JakeDean3631 (Jake Dean)
- @jcwalker (Jason Walker)
- @ldillonel
- @llansey (La'Neice Lansey)
- @mcollera
- @nehrua (Nehru Ali)
- @regedit32 (Reggie Gibson)
- @winthrop28 (Drew Taylor)