DSCResources: Added Composite for Windows 10 STIG (Fixes #121) (#151)

* Initial Commit * Updating tests and schemas * Added IISSite composite resource * Update documentation * Added IISSite composite resource * Update documentation * updates * Updates from pr comments * Updates from PR Review * Update xWebAdministration to 2.1.0.0 * Update to resolve test errors * Reverting xWebAdministration back to 2.2.0.0 * Updates from pr review * updated composite and stig tech * updat changelog * update for change log mistake * Update to get-resourcetitle * resource conflict updates * Initial Commit * Updating tests and schemas * updates * updated composite and stig tech * updat changelog * update for change log mistake * resource conflict updates * Updates for IIS Server DSC * Updates to resolve PR comments * Fix for failing test * Updates for IIS Server DSC * Fix for failing test * Updates to resolve PR comments * Update to fix test * Updated for instance parameter * Added IISSite composite resource * Update documentation * Updates from pr comments * Updates from PR Review * Update xWebAdministration to 2.1.0.0 * Update to resolve test errors * Reverting xWebAdministration back to 2.2.0.0 * Updates from pr review * Update to get-resourcetitle * Updates to resolve PR comments * Update for PR comments * Code added for WindowsClient composite and tests * add group context * client added to resource filter, int test updates * add policyfileeditor module * update for tests * update for tests * update to remove osrole from test * same * updates to reflect no longer using Client * update for merge with dev and Test fixes * update for test * updated unreleased * removed OSRole param comment * formatting fixes, removed PowerStig.tests folder * removed spaces * remove spaces * added/updated modules
microsoft · Sep 27, 2018 · 6ef32e7 · 6ef32e7
1 parent d9d8a06
commit 6ef32e7
Show file tree

Hide file tree

Showing 35 changed files with 1,613 additions and 21 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,18 +1,24 @@
 # Versions
 
 ## Unreleased
-
+  
 * Added the following STIGs
+  * IIS Site 8.5 STIG V1R2
+  * IIS Site 8.5 STIG V1R3
+  * Oracle JRE 8 STIG V1R5
   * Microsoft Outlook 2013 STIG V1R12
   * Microsoft PowerPoint 2013 Stig V1R6
   * Microsoft Excel 2013 STIG V1R7
   * Microsoft Word 2013 STIG V1R6
-* Added the DSC Composite Resource for Microsoft Office 2013 STIGs
+
+* Added the following DSC Composite Resources
+  * Microsoft Office 2013 STIGs
+  * IIS Site STIG
+  * IIS Server STIG
+  * Windows10 STIG
+
 * Added required module "PolicyFileEditor" for applying Office HKey_Current_User settings
 
-* Updated the following Stigs
-  * WIndows 10 STIG - Updated for xRegistryResource and RegistryRule to Manual Rule
-
 ## 2.1.0.0
 
 * Migrated Composite resources to the xRegistry resource

diff --git a/DSCResources/IisServer/IisServer.psd1 b/DSCResources/IisServer/IisServer.psd1
@@ -0,0 +1,34 @@
+@{
+    # Script module or binary module file associated with this manifest.
+    RootModule = 'IisServer.schema.psm1'
+
+    # Version number of this module.
+    ModuleVersion = '1.0'
+
+    # ID used to uniquely identify this module
+    GUID = '69eee9e9-c4c7-49b5-8e42-449bb8142e03'
+
+    # Author of this module
+    Author = 'Microsoft Corporation'
+
+    # Company or vendor of this module
+    CompanyName = 'Microsoft Corporation'
+
+    # Copyright statement for this module
+    Copyright = '(c) 2017 Microsoft Corporation. All rights reserved.'
+
+    # Description of the functionality provided by this module
+    Description = 'Module for managing the IIS 8.5 Server DISA STIGs'
+
+    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+    FunctionsToExport = @('IisServer')
+
+    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+    CmdletsToExport = @()
+
+    # Variables to export from this module
+    VariablesToExport = '*'
+
+    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+    AliasesToExport = @()
+}
diff --git a/DSCResources/IisServer/IisServer.schema.psm1 b/DSCResources/IisServer/IisServer.schema.psm1
@@ -0,0 +1,135 @@
+#region Header
+using module ..\helper.psm1
+using module ..\..\PowerStig.psm1
+#endregion Header
+
+#region Composite
+<#
+    .SYNOPSIS
+        A composite DSC resource to manage the IIS Server STIG settings
+
+    .PARAMETER OsVersion
+        The version of the server operating system STIG to apply and monitor
+
+    .PARAMETER LogPath
+        The path to store log information 
+
+    .PARAMETER StigVersion
+        The version of the IIS Server STIG to apply and/or monitor
+
+    .PARAMETER Exception
+        A hashtable of StigId=Value key pairs that are injected into the STIG data and applied to 
+        the target node. The title of STIG settings are tagged with the text ‘Exception’ to identify 
+        the exceptions to policy across the data center when you centralize DSC log collection.
+
+    .PARAMETER OrgSettings
+        The path to the xml file that contains the local organizations preferred settings for STIG 
+        items that have allowable ranges.
+
+    .PARAMETER SkipRule
+        The SkipRule Node is injected into the STIG data and applied to the taget node. The title
+        of STIG settings are tagged with the text 'Skip' to identify the skips to policy across the 
+        data center when you centralize DSC log collection.
+
+    .PARAMETER SkipRuleType
+        All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule
+        function. Each rule follows the same process as the SkipRule parameter.
+
+    .EXAMPLE
+        In this example the latest version of the IIS Server STIG is applied.
+
+        Import-DscResource -ModuleName PowerStigDsc
+
+        Node localhost
+        {
+            IisServer 'IISServerConfiguration'
+            {
+                OsVersion = '2012R2'
+                StigVersion = '1.3'
+            }
+        }
+#>
+Configuration IisServer
+{
+    [CmdletBinding()]
+    Param
+    (
+        [Parameter(Mandatory = $true)]
+        [ValidateSet('2012R2')]
+        [string]
+        $OsVersion,
+
+        [Parameter(Mandatory = $true)]
+        [string]
+        $LogPath,
+
+        [Parameter()]
+        [ValidateSet('1.3')]
+        [ValidateNotNullOrEmpty()]
+        [version]
+        $StigVersion,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [psobject]
+        $Exception,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [psobject]
+        $OrgSettings,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [psobject]
+        $SkipRule,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [psobject]
+        $SkipRuleType
+    )
+
+    ##### BEGIN DO NOT MODIFY #####
+    <#
+        The exception, skipped rule, and organizational settings functionality
+        is universal across all composites, so the code to process it is in a
+        central file that is dot sourced into each composite.
+    #>
+
+    $dscResourcesPath = Split-Path -Path $PSScriptRoot -Parent
+    $userSettingsPath = Join-Path -Path $dscResourcesPath -ChildPath 'stigdata.usersettings.ps1'
+    . $userSettingsPath
+    ##### END DO NOT MODIFY #####
+
+    $technology = [Technology]::Windows
+    $technologyVersion = [TechnologyVersion]::New( $OsVersion, $technology )
+    $technologyRole = [TechnologyRole]::New( 'IISServer', $technologyVersion )
+    $stigDataObject = [StigData]::New( $StigVersion, $orgSettingsObject, $technology, $technologyRole, $technologyVersion, $exceptionsObject , $skipRuleTypeObject, $skipRuleObject )
+
+    #### BEGIN DO NOT MODIFY ####
+    # $StigData is used in the resources that are dot sourced below
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseDeclaredVarsMoreThanAssignments",'')]
+    $StigData = $StigDataObject.StigXml
+
+    # $resourcePath is exported from the helper module in the header
+    # This is required to process Skipped rules
+    Import-DscResource -ModuleName PSDesiredStateConfiguration -ModuleVersion 1.1
+    . "$resourcePath\windows.Script.skip.ps1"
+    ##### END DO NOT MODIFY #####
+
+    Import-DscResource -ModuleName PSDesiredStateConfiguration -ModuleVersion 1.1
+    . "$resourcePath\windows.WindowsFeature.ps1"
+
+    Import-DscResource -ModuleName xPSDesiredStateConfiguration -ModuleVersion 8.3.0.0
+    . "$resourcePath\windows.xRegistry.ps1"
+
+    Import-DscResource -ModuleName xWebAdministration -ModuleVersion 2.2.0.0
+    . "$resourcePath\windows.xIisMimeTypeMapping.ps1"
+    . "$resourcePath\windows.WebConfigProperty.ps1"
+    . "$resourcePath\windows.xIisLogging.ps1"
+
+    Import-DscResource -ModuleName AccessControlDsc -ModuleVersion 1.1.0.0
+    . "$resourcePath\windows.AccessControl.ps1"
+}
+#endregion Composite
diff --git a/DSCResources/IisSite/IisSite.psd1 b/DSCResources/IisSite/IisSite.psd1
@@ -0,0 +1,36 @@
+@{
+
+    # Script module or binary module file associated with this manifest.
+    RootModule = 'IisSite.schema.psm1'
+
+    # Version number of this module.
+    ModuleVersion = '1.0'
+
+    # ID used to uniquely identify this module
+    GUID = '448df2b9-54ea-4666-a85d-bdbccc430806'
+
+    # Author of this module
+    Author = 'Microsoft Corporation'
+
+    # Company or vendor of this module
+    CompanyName = 'Microsoft Corporation'
+
+    # Copyright statement for this module
+    Copyright = '(c) 2017 Microsoft Corporation. All rights reserved.'
+
+    # Description of the functionality provided by this module
+    Description = 'Module for managing the IIS 8.5 Site DISA STIGs'
+
+    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+    FunctionsToExport = @('IisSite')
+
+    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+    CmdletsToExport = @()
+
+    # Variables to export from this module
+    VariablesToExport = '*'
+
+    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+    AliasesToExport = @()
+}
+
diff --git a/DSCResources/IisSite/IisSite.schema.psm1 b/DSCResources/IisSite/IisSite.schema.psm1
@@ -0,0 +1,139 @@
+#region Header
+using module ..\helper.psm1
+using module ..\..\PowerStig.psm1
+#endregion Header
+
+#region Composite
+
+<#
+    .SYNOPSIS
+        A composite DSC resource to manage the IIS Site STIG settings
+
+    .PARAMETER WebsiteName
+        Array of website names used for MimeTypeRule, WebConfigurationPropertyRule, and IisLoggingRule.
+
+    .PARAMETER WebAppPool
+        Array of web application pool names used for WebAppPoolRule
+
+    .PARAMETER OsVersion
+        The version of the server operating system STIG to apply and monitor
+
+    .PARAMETER StigVersion
+        The version of the IIS Site STIG version to apply and monitor
+
+    .PARAMETER Exception
+        A hashtable of StigId=Value key pairs that are injected into the STIG data and applied to 
+        the target node. The title of STIG settings are tagged with the text ‘Exception’ to identify 
+        the exceptions to policy across the data center when you centralize DSC log collection.
+
+    .PARAMETER OrgSettings
+        The path to the xml file that contains the local organizations preferred settings for STIG 
+        items that have allowable ranges.
+
+    .PARAMETER SkipRule
+        The SkipRule Node is injected into the STIG data and applied to the taget node. The title
+        of STIG settings are tagged with the text 'Skip' to identify the skips to policy across the 
+        data center when you centralize DSC log collection.
+
+    .PARAMETER SkipRuleType
+        All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule
+        function. Each rule follows the same process as the SkipRule parameter.
+
+    .EXAMPLE
+        In this example the latest version of the IIS Site STIG is applied.
+
+        Import-DscResource -ModuleName PowerStigDsc
+
+        Node localhost
+        {
+            IisSite 'IISConfiguration'
+            {
+                WebAppPool = 'DefaultAppPool'
+                WebSiteName = 'Default Web Site'
+                OsVersion = '2012R2'
+                StigVersion = '1.2'
+            }
+        }
+#>
+Configuration IisSite
+{
+    [CmdletBinding()]
+    Param
+    (
+        [Parameter(Mandatory = $true)]
+        [string[]]
+        $WebsiteName,
+
+        [Parameter()]
+        [string[]]
+        $WebAppPool,
+
+        [Parameter(Mandatory = $true)]
+        [ValidateSet('2012R2')]
+        [string]
+        $OsVersion,
+
+        [Parameter()]
+        [ValidateSet('1.2')]
+        [ValidateNotNullOrEmpty()]
+        [version]
+        $StigVersion,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [psobject]
+        $Exception,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [psobject]
+        $OrgSettings,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [psobject]
+        $SkipRule,
+
+        [Parameter()]
+        [ValidateNotNullOrEmpty()]
+        [psobject]
+        $SkipRuleType
+    )
+
+    ##### BEGIN DO NOT MODIFY #####
+    <#
+        The exception, skipped rule, and organizational settings functionality
+        is universal across all composites, so the code to process it is in a
+        central file that is dot sourced into each composite.
+    #>
+
+    $dscResourcesPath = Split-Path -Path $PSScriptRoot -Parent
+    $userSettingsPath = Join-Path -Path $dscResourcesPath -ChildPath 'stigdata.usersettings.ps1'
+    . $userSettingsPath
+    ##### END DO NOT MODIFY #####
+
+    $technology = [Technology]::Windows
+    $technologyVersion = [TechnologyVersion]::New( $OsVersion, $technology )
+    $technologyRole = [TechnologyRole]::New( "IISSite", $technologyVersion )
+    $stigDataObject = [StigData]::New( $StigVersion, $orgSettingsObject, $technology, $technologyRole, $technologyVersion, $exceptionsObject , $skipRuleTypeObject, $skipRuleObject )
+
+    #### BEGIN DO NOT MODIFY ####
+    # $StigData is used in the resources that are dot sourced below
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseDeclaredVarsMoreThanAssignments",'')]
+    $StigData = $StigDataObject.StigXml
+
+    # $resourcePath is exported from the helper module in the header
+
+    # This is required to process Skipped rules
+    Import-DscResource -ModuleName PSDesiredStateConfiguration -ModuleVersion 1.1
+    . "$resourcePath\windows.Script.skip.ps1"
+    ##### END DO NOT MODIFY #####
+
+    Import-DscResource -ModuleName xWebAdministration -ModuleVersion 2.2.0.0
+    . "$resourcePath\windows.xWebSite.ps1"
+    . "$resourcePath\windows.xWebAppPool.ps1"
+    . "$resourcePath\windows.xIisMimeTypeMapping.ps1"
+    . "$resourcePath\windows.xWebConfigProperty.ps1"
+}
+
+#endregion Composite
diff --git a/DSCResources/Resources/windows.AccessControl.ps1 b/DSCResources/Resources/windows.AccessControl.ps1
@@ -3,7 +3,7 @@
 
 $rules = Get-RuleClassData -StigData $StigData -Name PermissionRule
 
-Foreach ( $rule in $rules )
+foreach ( $rule in $rules )
 {
     # Determine PermissionRule type and handle
     Switch ($rule.dscresource)