From c86ec1c84196c08b0f45054ec80aa92b24b21878 Mon Sep 17 00:00:00 2001
From: Chase Wilson <31453523+chasewilson@users.noreply.github.com>
Date: Tue, 9 Oct 2018 05:15:35 -0700
Subject: [PATCH] 2.2.0.0 branch for release (#157)
* Added IISSite composite resource
* Update documentation
* Added IISSite composite resource
* Update documentation
* Updates from pr comments
* Updates from PR Review
* Update xWebAdministration to 2.1.0.0
* Update to resolve test errors
* Reverting xWebAdministration back to 2.2.0.0
* Updates from pr review
* Update to get-resourcetitle
* Updates for IIS Server DSC
* Updates to resolve PR comments
* Fix for failing test
* Updates for IIS Server DSC
* Fix for failing test
* Updates to resolve PR comments
* Update to fix test
* Updated for instance parameter
* Added IISSite composite resource
* Update documentation
* Updates from pr comments
* Updates from PR Review
* Update xWebAdministration to 2.1.0.0
* Update to resolve test errors
* Reverting xWebAdministration back to 2.2.0.0
* Updates from pr review
* Update to get-resourcetitle
* Updates to resolve PR comments
* Update for PR comments
* Updates for OracleJRE composite resource fixes #153 (#154)
* Updates for OracleJRE composite resource
* Update formatting
* Adds FireFox Composite Issue#119 (#155)
* End of day check in
* mid day check in
* firefox composite is working, needs tests
* updates for failing tests
* update for tests.
* update for tests
* Update to pas tests
* update for parameter update
* Update for small things
* update to changelog
* Update to add Unit Test
* updates for PR
* update for PR
* update for bug fix and add integration test
* update for test
* Update to fix issue
* update
* update for fix
* update for minor fixes
* updates for PR comments
---
CHANGELOG.md | 13 ++-
DSCResources/Browser/Browser.psd1 | 2 +-
.../DotNetFramework/DotNetFramework.psd1 | 2 +-
DSCResources/FireFox/FireFox.psd1 | 46 ++++++++
DSCResources/FireFox/FireFox.schema.psm1 | 96 +++++++++++++++
DSCResources/IisServer/IisServer.schema.psm1 | 4 +-
DSCResources/Office/Office.psd1 | 2 +-
DSCResources/OracleJRE/OracleJRE.psd1 | 48 ++++++++
DSCResources/OracleJRE/OracleJRE.schema.psm1 | 109 ++++++++++++++++++
.../Resources/firefox.ReplaceText.ps1 | 50 ++++++++
.../Resources/oraclejre.KeyValuePairFile.ps1 | 24 ++++
DSCResources/helper.psm1 | 45 +++++++-
Module/Common/Common.psm1 | 1 +
.../Stig.TechnologyRole.psm1 | 3 +-
.../Stig.TechnologyVersion.psm1 | 1 +
PowerStig.psd1 | 3 +
.../Processed/Mozilla-All-FireFox-4.21.xml | 4 +-
.../DSCResources/Firefox.config.ps1 | 19 +++
.../Firefox.integration.tests.ps1 | 58 ++++++++++
.../DSCResources/OracleJRE.config.ps1 | 29 +++++
.../OracleJRE.integration.tests.ps1 | 65 +++++++++++
Tests/Unit/DSCResources/Composite.tests.ps1 | 4 +-
Tests/Unit/DSCResources/helper.tests.ps1 | 21 ++++
Tests/Unit/Module/Common.tests.ps1 | 2 +-
.../Unit/Module/Stig.TechnologyRole.tests.ps1 | 11 +-
.../Module/Stig.TechnologyVersion.tests.ps1 | 1 +
Tools/TestHelper/CompositeResourceFilter.psd1 | 2 +
27 files changed, 648 insertions(+), 17 deletions(-)
create mode 100644 DSCResources/FireFox/FireFox.psd1
create mode 100644 DSCResources/FireFox/FireFox.schema.psm1
create mode 100644 DSCResources/OracleJRE/OracleJRE.psd1
create mode 100644 DSCResources/OracleJRE/OracleJRE.schema.psm1
create mode 100644 DSCResources/Resources/firefox.ReplaceText.ps1
create mode 100644 DSCResources/Resources/oraclejre.KeyValuePairFile.ps1
create mode 100644 Tests/Integration/DSCResources/Firefox.config.ps1
create mode 100644 Tests/Integration/DSCResources/Firefox.integration.tests.ps1
create mode 100644 Tests/Integration/DSCResources/OracleJRE.config.ps1
create mode 100644 Tests/Integration/DSCResources/OracleJRE.integration.tests.ps1
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 61ac9c362..b8a08fed6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,11 +13,22 @@
* Added the following DSC Composite Resources
* Microsoft Office 2013 STIGs
+ * FireFox STIG
* IIS Site STIG
* IIS Server STIG
+ * Oracle JRE STIG
* Windows10 STIG
-* Added required module "PolicyFileEditor" for applying Office HKey_Current_User settings
+* Newly required modules
+ * PolicyFileEditor
+ * FileContentDsc
+ * WindowsDefenderDSC
+ * xWebAdministration
+ * xWinEventLog
+
+* Updated required module versions
+ * xDnsServer from 1.9.0.0 to 1.11.0.0
+ * SecurityPolicyDsc from 2.2.0.0 to 2.4.0.0
## 2.1.0.0
diff --git a/DSCResources/Browser/Browser.psd1 b/DSCResources/Browser/Browser.psd1
index a64ac40d0..cb56279f8 100644
--- a/DSCResources/Browser/Browser.psd1
+++ b/DSCResources/Browser/Browser.psd1
@@ -13,7 +13,7 @@ ModuleVersion = '1.0.0.0'
GUID = '2c710cae-34b9-4557-b19b-7e1da84485ab'
# Author of this module
-Author = 'Wade Baker'
+Author = 'Microsoft Corporation'
# Company or vendor of this module
CompanyName = 'Microsoft Corporation'
diff --git a/DSCResources/DotNetFramework/DotNetFramework.psd1 b/DSCResources/DotNetFramework/DotNetFramework.psd1
index 4afd1b299..a0e669286 100644
--- a/DSCResources/DotNetFramework/DotNetFramework.psd1
+++ b/DSCResources/DotNetFramework/DotNetFramework.psd1
@@ -13,7 +13,7 @@
GUID = '4b1b6e2b-afa0-4396-876e-f7d3ad1efca3'
# Author of this module
- Author = 'LaNika Dillon'
+ Author = 'Microsoft Corporation'
# Company or vendor of this module
CompanyName = 'Microsoft Corporation'
diff --git a/DSCResources/FireFox/FireFox.psd1 b/DSCResources/FireFox/FireFox.psd1
new file mode 100644
index 000000000..7a5d1269a
--- /dev/null
+++ b/DSCResources/FireFox/FireFox.psd1
@@ -0,0 +1,46 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+@{
+ # Script module or binary module file associated with this manifest.
+ RootModule = 'FireFox.schema.psm1'
+
+ # Version number of this module.
+ ModuleVersion = '1.0.0.0'
+
+ # ID used to uniquely identify this module
+ GUID = '4b1b6e2b-afa0-4396-876e-f7d3ad1efca3'
+
+ # Author of this module
+ Author = 'Microsoft Corporation'
+
+ # Company or vendor of this module
+ CompanyName = 'Microsoft Corporation'
+
+ # Copyright statement for this module
+ Copyright = '(c) 2018 Microsoft. All rights reserved.'
+
+ # Description of the functionality provided by this module
+ Description = 'Module for managing the FireFox DISA STIGs'
+
+ # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+ FunctionsToExport = @('FireFox')
+
+ # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+ CmdletsToExport = @()
+
+ # Variables to export from this module
+ VariablesToExport = '*'
+
+ # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+ AliasesToExport = @()
+
+ # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+ PrivateData = @{
+
+ PSData = @{
+
+ } # End of PSData hashtable
+
+ } # End of PrivateData
+}
diff --git a/DSCResources/FireFox/FireFox.schema.psm1 b/DSCResources/FireFox/FireFox.schema.psm1
new file mode 100644
index 000000000..bf34d4eb5
--- /dev/null
+++ b/DSCResources/FireFox/FireFox.schema.psm1
@@ -0,0 +1,96 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+using module ..\helper.psm1
+using module ..\..\PowerStig.psm1
+
+<#
+ .SYNOPSIS
+ A composite DSC resource to manage the Firefox STIG settings
+
+ .PARAMETER StigVersion
+ The version of the STIG to apply and monitor
+
+ .PARAMETER Exception
+ A hash table of key value pairs that are injected into the STIG data and applied to
+ the target node. The title of STIG setting is tagged with the text ‘Exception’ to identify
+ the exceptions to policy across the data center when you centralize DSC log collection.
+
+ .PARAMETER OrgSettings
+ The path to the XML file that contains the local organizations preferred settings for STIG
+ items that have allowable ranges.
+
+ .PARAMETER SkipRule
+ The SkipRule Node is injected into the STIG data and applied to the target node. The title
+ of STIG settings are tagged with the text 'Skip' to identify the skips to policy across the
+ data center when you centralize DSC log collection.
+
+ .PARAMETER SkipRuleType
+ All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule
+ function. Each rule follows the same process as the SkipRule parameter.
+#>
+Configuration FireFox
+{
+ [CmdletBinding()]
+ param
+ (
+ [Parameter()]
+ [string]
+ $InstallDirectory = "$env:ProgramFiles\Mozilla Firefox",
+
+ [Parameter()]
+ [ValidateSet('4.21')]
+ [ValidateNotNullOrEmpty()]
+ [version]
+ $StigVersion,
+
+ [Parameter()]
+ [ValidateNotNullOrEmpty()]
+ [psobject]
+ $Exception,
+
+ [Parameter()]
+ [psobject]
+ $OrgSettings,
+
+ [Parameter()]
+ [psobject]
+ $SkipRule,
+
+ [Parameter()]
+ [psobject]
+ $SkipRuleType
+ )
+
+ ##### BEGIN DO NOT MODIFY #####
+ <#
+ The exception, skipped rule, and organizational settings functionality
+ is universal across all composites, so the code to process it is in a
+ central file that is dot sourced into each composite.
+ #>
+ $dscResourcesPath = Split-Path -Path $PSScriptRoot -Parent
+ $userSettingsPath = Join-Path -Path $dscResourcesPath -ChildPath 'stigdata.usersettings.ps1'
+ . $userSettingsPath
+ ##### END DO NOT MODIFY #####
+
+ $technology = [Technology]::Mozilla
+ $technologyVersion = [TechnologyVersion]::New( 'All', $technology )
+ $technologyRole = [TechnologyRole]::New( 'FireFox', $technologyVersion )
+ $stigDataObject = [StigData]::New( $StigVersion, $OrgSettings, $technology,
+ $technologyRole, $technologyVersion, $Exception,
+ $SkipRuleType, $SkipRule )
+ #### BEGIN DO NOT MODIFY ####
+ # $StigData is used in the resources that are dot sourced below
+ [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseDeclaredVarsMoreThanAssignments",'')]
+ $stigData = $stigDataObject.StigXml
+
+ # $resourcePath is exported from the helper module in the header
+
+ # This is required to process Skipped rules
+ Import-DscResource -ModuleName PSDesiredStateConfiguration -ModuleVersion 1.1
+ . "$resourcePath\windows.Script.skip.ps1"
+ ##### END DO NOT MODIFY #####
+
+ Import-DscResource -ModuleName FileContentDsc -ModuleVersion 1.1.0.108
+ . "$resourcePath\firefox.ReplaceText.ps1"
+}
diff --git a/DSCResources/IisServer/IisServer.schema.psm1 b/DSCResources/IisServer/IisServer.schema.psm1
index 7fea8f717..c740b7427 100644
--- a/DSCResources/IisServer/IisServer.schema.psm1
+++ b/DSCResources/IisServer/IisServer.schema.psm1
@@ -73,7 +73,7 @@ Configuration IisServer
[ValidateNotNullOrEmpty()]
[psobject]
$Exception,
-
+
[Parameter()]
[ValidateNotNullOrEmpty()]
[psobject]
@@ -123,7 +123,7 @@ Configuration IisServer
Import-DscResource -ModuleName xPSDesiredStateConfiguration -ModuleVersion 8.3.0.0
. "$resourcePath\windows.xRegistry.ps1"
-
+
Import-DscResource -ModuleName xWebAdministration -ModuleVersion 2.2.0.0
. "$resourcePath\windows.xIisMimeTypeMapping.ps1"
. "$resourcePath\windows.WebConfigProperty.ps1"
diff --git a/DSCResources/Office/Office.psd1 b/DSCResources/Office/Office.psd1
index 05ff8bc0b..4e3e54303 100644
--- a/DSCResources/Office/Office.psd1
+++ b/DSCResources/Office/Office.psd1
@@ -13,7 +13,7 @@
GUID = '345c2922-2447-46ad-bd5a-0c169bd31203'
# Author of this module
- Author = 'Jeff Salas'
+ Author = 'Microsoft Corporation'
# Company or vendor of this module
CompanyName = 'Microsoft Corporation'
diff --git a/DSCResources/OracleJRE/OracleJRE.psd1 b/DSCResources/OracleJRE/OracleJRE.psd1
new file mode 100644
index 000000000..60581e54d
--- /dev/null
+++ b/DSCResources/OracleJRE/OracleJRE.psd1
@@ -0,0 +1,48 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+@{
+
+ # Script module or binary module file associated with this manifest.
+ RootModule = 'OracleJRE.schema.psm1'
+
+ # Version number of this module.
+ ModuleVersion = '1.0.0.0'
+
+ # ID used to uniquely identify this module
+ GUID = '16db8a8b-7ca9-4558-be63-1c88ef394d92'
+
+ # Author of this module
+ Author = 'Microsoft Corporation'
+
+ # Company or vendor of this module
+ CompanyName = 'Microsoft Corporation'
+
+ # Copyright statement for this module
+ Copyright = '(c) 2018 Microsoft. All rights reserved.'
+
+ # Description of the functionality provided by this module
+ Description = 'Module for managing the OracleJRE 8 DISA STIGs'
+
+ # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+ FunctionsToExport = @('OracleJRE')
+
+ # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+ CmdletsToExport = @()
+
+ # Variables to export from this module
+ VariablesToExport = '*'
+
+ # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+ AliasesToExport = @()
+
+ # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+ PrivateData = @{
+
+ PSData = @{
+
+ } # End of PSData hashtable
+
+ } # End of PrivateData
+
+}
diff --git a/DSCResources/OracleJRE/OracleJRE.schema.psm1 b/DSCResources/OracleJRE/OracleJRE.schema.psm1
new file mode 100644
index 000000000..ab45c03ba
--- /dev/null
+++ b/DSCResources/OracleJRE/OracleJRE.schema.psm1
@@ -0,0 +1,109 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+using module ..\helper.psm1
+using module ..\..\PowerStig.psm1
+
+<#
+ .SYNOPSIS
+ A composite DSC resource to manage the OracleJRE 8 STIG settings
+
+ .PARAMETER ConfigPath
+ The path to OracleJRE 8 config file
+
+ .PARAMETER PropertiesPath
+ The path to OracleJRE 8 properties file
+
+ .PARAMETER StigVersion
+ The version of OracleJRE 8 STIG to apply and/or monitor
+
+ .PARAMETER Exception
+ A hashtable of StigId=Value key pairs that are injected into the STIG data and applied to
+ the target node. The title of STIG settings are tagged with the text ‘Exception’ to identify
+ the exceptions to policy across the data center when you centralize DSC log collection.
+
+ .PARAMETER OrgSettings
+ The path to the xml file that contains the local organizations preferred settings for STIG
+ items that have allowable ranges.
+
+ .PARAMETER SkipRule
+ The SkipRule Node is injected into the STIG data and applied to the taget node. The title
+ of STIG settings are tagged with the text 'Skip' to identify the skips to policy across the
+ data center when you centralize DSC log collection.
+
+ .PARAMETER SkipRuleType
+ All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule
+ function. Each rule follows the same process as the SkipRule parameter.
+#>
+Configuration OracleJRE
+{
+ [CmdletBinding()]
+ param
+ (
+ [Parameter(Mandatory = $true)]
+ [string]
+ $ConfigPath,
+
+ [Parameter(Mandatory = $true)]
+ [string]
+ $PropertiesPath,
+
+ [Parameter()]
+ [ValidateSet('1.5')]
+ [ValidateNotNullOrEmpty()]
+ [version]
+ $StigVersion,
+
+ [Parameter()]
+ [ValidateNotNullOrEmpty()]
+ [psobject]
+ $Exception,
+
+ [Parameter()]
+ [ValidateNotNullOrEmpty()]
+ [psobject]
+ $OrgSettings,
+
+ [Parameter()]
+ [ValidateNotNullOrEmpty()]
+ [psobject]
+ $SkipRule,
+
+ [Parameter()]
+ [ValidateNotNullOrEmpty()]
+ [psobject]
+ $SkipRuleType
+ )
+
+ ##### BEGIN DO NOT MODIFY #####
+ <#
+ The exception, skipped rule, and organizational settings functionality
+ is universal across all composites, so the code to process it is in a
+ central file that is dot sourced into each composite.
+ #>
+ $dscResourcesPath = Split-Path -Path $PSScriptRoot -Parent
+ $userSettingsPath = Join-Path -Path $dscResourcesPath -ChildPath 'stigdata.usersettings.ps1'
+ . $userSettingsPath
+ ##### END DO NOT MODIFY #####
+
+ $technology = [Technology]::Windows
+ $technologyVersion = [TechnologyVersion]::New( "All", $technology )
+ $technologyRole = [TechnologyRole]::New( "OracleJRE8", $technologyVersion )
+ $stigDataObject = [StigData]::New( $StigVersion, $orgSettingsObject, $technology,
+ $technologyRole, $technologyVersion, $Exception,
+ $SkipRuleType, $SkipRule )
+ #### BEGIN DO NOT MODIFY ####
+ # $StigData is used in the resources that are dot sourced below
+ [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSUseDeclaredVarsMoreThanAssignments",'')]
+ $StigData = $StigDataObject.StigXml
+
+ # $resourcePath is exported from the helper module in the header
+
+ # This is required to process Skipped rules
+ Import-DscResource -ModuleName PSDesiredStateConfiguration -ModuleVersion 1.1
+ . "$resourcePath\windows.Script.skip.ps1"
+ ##### END DO NOT MODIFY #####
+
+ Import-DscResource -ModuleName FileContentDsc -ModuleVersion 1.1.0.108
+ . "$resourcePath\oraclejre.KeyValuePairFile.ps1"
+}
diff --git a/DSCResources/Resources/firefox.ReplaceText.ps1 b/DSCResources/Resources/firefox.ReplaceText.ps1
new file mode 100644
index 000000000..c430be2e8
--- /dev/null
+++ b/DSCResources/Resources/firefox.ReplaceText.ps1
@@ -0,0 +1,50 @@
+$rules = (Get-RuleClassData -StigData $StigData -Name FileContentRule).Where({ $PSItem.dscresource -eq 'ReplaceText' })
+
+# assert FireFox install directory
+
+if (-not(Test-Path -Path $InstallDirectory))
+{
+ Write-Warning "$InstallDirectory not found. Verify FireFox is installed and the correct Install Directory is defined prior to starting DSC."
+}
+
+ReplaceText GeneralConfigFileName
+{
+ Path = "$InstallDirectory\defaults\pref\autoconfig.js"
+ Search = 'pref\("general.config.filename", (.*)\);'
+ Type = 'Text'
+ Text = 'pref("general.config.filename", "firefox.cfg");'
+ AllowAppend = $true
+}
+
+ReplaceText DoNotObscureFile
+{
+ Path = "$InstallDirectory\defaults\pref\autoconfig.js"
+ Search = 'pref\("general.config.obscure_value", (.*)\);'
+ Type = 'Text'
+ Text = 'pref("general.config.obscure_value", 0);'
+ AllowAppend = $true
+}
+
+<#
+ The second file to create is called firefox.cfg and it is placed at the top level of the Firefox directory. It should always begin with a commented line, such as:
+ // IMPORTANT: Start your code on the 2nd line
+#>
+ReplaceText BeginFileWithComment
+{
+ Path = "$InstallDirectory\firefox.cfg"
+ Search = '// FireFox preference file'
+ Type = 'Text'
+ Text = ('// FireFox preference file' + "`r")
+}
+
+foreach ( $rule in $rules )
+{
+ ReplaceText (Get-ResourceTitle -Rule $rule)
+ {
+ Path = "$InstallDirectory\FireFox.cfg"
+ Search = 'lockPref\("{0}", (.*)\);' -f $rule.Key
+ Type = 'Text'
+ Text = ("`r`n" + 'lockPref("{0}", {1});' -f $rule.Key, (Format-FireFoxPreference -Value $rule.Value))
+ AllowAppend = $true
+ }
+}
diff --git a/DSCResources/Resources/oraclejre.KeyValuePairFile.ps1 b/DSCResources/Resources/oraclejre.KeyValuePairFile.ps1
new file mode 100644
index 000000000..87e44dcd8
--- /dev/null
+++ b/DSCResources/Resources/oraclejre.KeyValuePairFile.ps1
@@ -0,0 +1,24 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+$rules = Get-RuleClassData -StigData $StigData -Name FileContentRule
+
+foreach ($rule in $rules)
+{
+ if ($rule.Key -match "config")
+ {
+ $Path = $ConfigPath
+ }
+ else
+ {
+ $Path = $PropertiesPath
+ }
+
+ KeyValuePairFile "$(Get-ResourceTitle -Rule $rule)"
+ {
+ Path = $Path
+ Name = $rule.Key
+ Ensure = 'Present'
+ Text = $rule.Value
+ }
+}
diff --git a/DSCResources/helper.psm1 b/DSCResources/helper.psm1
index 772c6ce5d..1132922ee 100644
--- a/DSCResources/helper.psm1
+++ b/DSCResources/helper.psm1
@@ -30,7 +30,7 @@ function Get-ResourceTitle
[string]
$Instance
)
-
+
if ($Instance)
{
$Rule.title = "$($Rule.title):$Instance"
@@ -40,10 +40,10 @@ function Get-ResourceTitle
<#
.SYNOPSIS
- Filters the STIG items to a specifc type
+ Filters the STIG items to a specifc type.
.PARAMETER Name
- The name of the rule type to return
+ The name of the rule type to return.
.PARAMETER StigData
The main stig data object to filter.
@@ -208,3 +208,42 @@ function Get-LogCustomField
Export-ModuleMember -Function 'Get-ResourceTitle','Get-RuleClassData','Get-UniqueString','Get-UniqueStringArray','Get-LogCustomField' `
-Variable 'resourcePath'
+#region FireFox
+<#
+ .SYNOPSIS
+ Formats the value of a FireFox configuration preference.
+ The FireFox.cfg file wants double quotes around words but not around bools
+ or intergers.
+ .PARAMETER Value
+ Specifies the FireFox preference value to be formated.
+#>
+function Format-FireFoxPreference
+{
+ param
+ (
+ [Parameter()]
+ [string]
+ $Value
+ )
+
+ switch ($value)
+ {
+ {[bool]::TryParse($value, [ref]$null) }
+ {
+ $result = $value; break
+ }
+ { [int]::TryParse($value, [ref]$null) }
+ {
+ $result = $value; break
+ }
+ default
+ {
+ $result = '"' + $value + '"'
+ }
+ }
+ return $result
+}
+#end region
+
+Export-ModuleMember -Function @('Get-ResourceTitle','Get-RuleClassData','Format-FireFoxPreference') `
+ -Variable 'resourcePath'
diff --git a/Module/Common/Common.psm1 b/Module/Common/Common.psm1
index 596b0f7e5..f2c87685e 100644
--- a/Module/Common/Common.psm1
+++ b/Module/Common/Common.psm1
@@ -91,6 +91,7 @@ enum Technology
{
Windows
SqlServer
+ Mozilla
}
#endregion
diff --git a/Module/Stig.TechnologyRole/Stig.TechnologyRole.psm1 b/Module/Stig.TechnologyRole/Stig.TechnologyRole.psm1
index 69ca7e0b6..36df0bc2f 100644
--- a/Module/Stig.TechnologyRole/Stig.TechnologyRole.psm1
+++ b/Module/Stig.TechnologyRole/Stig.TechnologyRole.psm1
@@ -36,7 +36,7 @@ Class TechnologyRole
#>
static $ValidateSet = @"
2012R2 = DNS, DC, MS, IISSite, IISServer
-All = ADDomain, ADForest, FW, IE11, DotNet4, OracleJRE8, Outlook2013, Excel2013, Word2013, PowerPoint2013
+All = ADDomain, ADForest, FW, IE11, DotNet4, OracleJRE8, Outlook2013, Excel2013, Word2013, PowerPoint2013, FireFox
2012 = Instance, Database
10 = Client
"@
@@ -143,4 +143,3 @@ Foreach ($supportFile in Get-ChildItem -Path $PSScriptRoot -Exclude $exclude)
. $supportFile.FullName
}
Export-ModuleMember -Function '*' -Variable '*'
-
diff --git a/Module/Stig.TechnologyVersion/Stig.TechnologyVersion.psm1 b/Module/Stig.TechnologyVersion/Stig.TechnologyVersion.psm1
index 5735adeaf..8f895a83d 100644
--- a/Module/Stig.TechnologyVersion/Stig.TechnologyVersion.psm1
+++ b/Module/Stig.TechnologyVersion/Stig.TechnologyVersion.psm1
@@ -33,6 +33,7 @@ Class TechnologyVersion
static $ValidateSet = @"
Windows = All, 2012R2, 10
SqlServer = 2012
+Mozilla = All
"@
<#
diff --git a/PowerStig.psd1 b/PowerStig.psd1
index 145858565..e19b75eea 100644
--- a/PowerStig.psd1
+++ b/PowerStig.psd1
@@ -38,6 +38,7 @@ CLRVersion = '4.0'
RequiredModules = @(
@{ModuleName = 'AuditPolicyDsc'; ModuleVersion = '1.2.0.0'},
@{ModuleName = 'AccessControlDsc'; ModuleVersion = '1.1.0.0'},
+ @{ModuleName = 'FileContentDsc'; ModuleVersion = '1.1.0.108'},
@{ModuleName = 'PolicyFileEditor'; ModuleVersion = '3.0.1'},
@{ModuleName = 'SecurityPolicyDsc'; ModuleVersion = '2.4.0.0'},
@{ModuleName = 'SqlServerDsc'; ModuleVersion = '11.4.0.0'},
@@ -52,9 +53,11 @@ RequiredModules = @(
DscResourcesToExport = @(
'Browser',
'DotNetFramework',
+ 'FireFox',
'IisServer',
'IisSite',
'Office',
+ 'OracleJRE',
'SqlServer',
'WindowsClient'
'WindowsDnsServer',
diff --git a/StigData/Processed/Mozilla-All-FireFox-4.21.xml b/StigData/Processed/Mozilla-All-FireFox-4.21.xml
index 87644b600..365a5e52f 100644
--- a/StigData/Processed/Mozilla-All-FireFox-4.21.xml
+++ b/StigData/Processed/Mozilla-All-FireFox-4.21.xml
@@ -197,7 +197,7 @@ Criteria: If the parameter is set incorrectly, then this is a finding. If the
true
-
+
False
app.update.enabled
False
@@ -248,7 +248,7 @@ If the value is locked, this is not a finding.
false
-
+
False
datareporting.policy.dataSubmissionEnabled
False
diff --git a/Tests/Integration/DSCResources/Firefox.config.ps1 b/Tests/Integration/DSCResources/Firefox.config.ps1
new file mode 100644
index 000000000..08382cbdc
--- /dev/null
+++ b/Tests/Integration/DSCResources/Firefox.config.ps1
@@ -0,0 +1,19 @@
+Configuration Firefox_config
+{
+ param
+ (
+ [Parameter(Mandatory = $true)]
+ [string]
+ $StigVersion
+ )
+
+ Import-DscResource -ModuleName PowerStig
+
+ Node localhost
+ {
+ Firefox FirefoxConfiguration
+ {
+ Stigversion = $StigVersion
+ }
+ }
+}
diff --git a/Tests/Integration/DSCResources/Firefox.integration.tests.ps1 b/Tests/Integration/DSCResources/Firefox.integration.tests.ps1
new file mode 100644
index 000000000..8bec5b046
--- /dev/null
+++ b/Tests/Integration/DSCResources/Firefox.integration.tests.ps1
@@ -0,0 +1,58 @@
+$script:DSCCompositeResourceName = ($MyInvocation.MyCommand.Name -split '\.')[0]
+. $PSScriptRoot\.tests.header.ps1
+# Header
+
+# Using try/finally to always cleanup even if something awful happens.
+try
+{
+ #region Integration Tests
+ $configFile = Join-Path -Path $PSScriptRoot -ChildPath "$($script:DSCCompositeResourceName).config.ps1"
+ . $configFile
+
+ $stigList = Get-StigVersionTable -CompositeResourceName $script:DSCCompositeResourceName
+
+ #region Integration Tests
+ foreach ($stig in $stigList)
+ {
+ Describe " $($stig.TechnologyRole) $($stig.StigVersion) mof output" {
+
+ It 'Should compile the MOF without throwing' {
+ {
+ & "$($script:DSCCompositeResourceName)_config" `
+ -StigVersion $stig.stigVersion `
+ -OutputPath $TestDrive
+ } | Should not throw
+ }
+
+ [xml] $dscXml = Get-Content -Path $stig.Path
+
+ $configurationDocumentPath = "$TestDrive\localhost.mof"
+ $instances = [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ImportInstances($configurationDocumentPath, 4)
+
+ Context 'FileContentRule' {
+ $hasAllSettings = $true
+ $dscXml = $dscXml.DISASTIG.FileContentRule.Rule
+ $dscMof = $instances |
+ Where-Object {$PSItem.ResourceID -match "\[ReplaceText\]"}
+
+ foreach ( $setting in $dscXml )
+ {
+ If (-not ($dscMof.ResourceID -match $setting.Id) )
+ {
+ Write-Warning -Message "Missing FileContent Setting $($setting.Id)"
+ $hasAllSettings = $false
+ }
+ }
+
+ It "Should have $($dscXml.Count) FileContent settings" {
+ $hasAllSettings | Should Be $true
+ }
+ }
+ }
+ }
+ #endregion Tests
+}
+finally
+{
+ Restore-TestEnvironment -TestEnvironment $TestEnvironment
+}
diff --git a/Tests/Integration/DSCResources/OracleJRE.config.ps1 b/Tests/Integration/DSCResources/OracleJRE.config.ps1
new file mode 100644
index 000000000..6369244e5
--- /dev/null
+++ b/Tests/Integration/DSCResources/OracleJRE.config.ps1
@@ -0,0 +1,29 @@
+Configuration OracleJRE_config
+{
+ param
+ (
+ [Parameter(Mandatory = $true)]
+ [string]
+ $ConfigPath,
+
+ [Parameter(Mandatory = $true)]
+ [string]
+ $PropertiesPath,
+
+ [Parameter(Mandatory = $true)]
+ [string]
+ $StigVersion
+ )
+
+ Import-DscResource -ModuleName PowerStig
+
+ Node localhost
+ {
+ OracleJRE OracleConfiguration
+ {
+ ConfigPath = $ConfigPath
+ PropertiesPath = $PropertiesPath
+ Stigversion = $StigVersion
+ }
+ }
+}
diff --git a/Tests/Integration/DSCResources/OracleJRE.integration.tests.ps1 b/Tests/Integration/DSCResources/OracleJRE.integration.tests.ps1
new file mode 100644
index 000000000..eda6b4e7e
--- /dev/null
+++ b/Tests/Integration/DSCResources/OracleJRE.integration.tests.ps1
@@ -0,0 +1,65 @@
+$script:DSCCompositeResourceName = ($MyInvocation.MyCommand.Name -split '\.')[0]
+. $PSScriptRoot\.tests.header.ps1
+# Header
+
+# Using try/finally to always cleanup even if something awful happens.
+try
+{
+ #region Integration Tests
+ $configFile = Join-Path -Path $PSScriptRoot -ChildPath "$($script:DSCCompositeResourceName).config.ps1"
+ . $configFile
+
+ $stigList = Get-StigVersionTable -CompositeResourceName $script:DSCCompositeResourceName
+
+ #region Test Setup
+ $configPath = 'C:\Windows\Sun\Java\Deployment\deployment.config'
+ $propertiesPath = 'C:\Windows\Java\Deployment\deployment.properties'
+ #endregionTest Setup
+
+ #region Integration Tests
+ foreach ($stig in $stigList)
+ {
+ Describe "OracleJRE 8 $($stig.StigVersion) mof output" {
+
+ It 'Should compile the MOF without throwing' {
+ {
+ & "$($script:DSCCompositeResourceName)_config" `
+ -ConfigPath $configPath `
+ -PropertiesPath $propertiesPath `
+ -StigVersion $stig.stigVersion `
+ -OutputPath $TestDrive
+ } | Should not throw
+ }
+
+ [xml] $dscXml = Get-Content -Path $stig.Path
+
+ $configurationDocumentPath = "$TestDrive\localhost.mof"
+ $instances = [Microsoft.PowerShell.DesiredStateConfiguration.Internal.DscClassCache]::ImportInstances($configurationDocumentPath, 4)
+
+ Context 'KeyValuePairRule' {
+ $hasAllSettings = $true
+ $dscXml = $dscXml.DISASTIG.FileContentRule.Rule
+ $dscMof = $instances |
+ Where-Object {$PSItem.ResourceID -match "\[KeyValuePairFile\]"}
+
+ foreach ($setting in $dscXml)
+ {
+ if (-not ($dscMof.ResourceID -match $setting.Id) )
+ {
+ Write-Warning -Message "Missing KeyValuePairFile Setting $($setting.Id)"
+ $hasAllSettings = $false
+ }
+ }
+
+ It "Should have $($dscXml.Count) KeyValuePairFile settings" {
+ $hasAllSettings | Should Be $true
+ }
+ }
+ }
+ }
+ #endregion Tests
+}
+finally
+{
+ Restore-TestEnvironment -TestEnvironment $TestEnvironment
+}
diff --git a/Tests/Unit/DSCResources/Composite.tests.ps1 b/Tests/Unit/DSCResources/Composite.tests.ps1
index 98f1eb5f7..47ce36b4a 100644
--- a/Tests/Unit/DSCResources/Composite.tests.ps1
+++ b/Tests/Unit/DSCResources/Composite.tests.ps1
@@ -81,13 +81,16 @@ Describe 'Common Tests - Configuration Module Requirements' {
DotNetFramework = 'DotNet'
IisServer = 'IISServer'
IisSite = 'IISSite'
+ OracleJRE = 'OracleJRE'
SqlServer = 'Database|Instance'
WindowsDnsServer = 'DNS'
WindowsFirewall = 'FW'
WindowsServer = 'DC|MS'
Office = 'Outlook2013|Excel2013|PowerPoint2013|Word2013'
WindowsClient = 'Client'
+ FireFox = 'FireFox'
}
+
Foreach ($resource in $moduleDscResourceList)
{
Context "$resource Composite Resource" {
@@ -121,4 +124,3 @@ Describe 'Common Tests - Configuration Module Requirements' {
}
}
#endregion Tests
-
diff --git a/Tests/Unit/DSCResources/helper.tests.ps1 b/Tests/Unit/DSCResources/helper.tests.ps1
index c17793b33..56150af65 100644
--- a/Tests/Unit/DSCResources/helper.tests.ps1
+++ b/Tests/Unit/DSCResources/helper.tests.ps1
@@ -28,4 +28,25 @@ Describe "Functions" {
Get-Command 'Get-RuleClassData' | Should Not BeNullOrEmpty
}
}
+
+ Context 'Format-FirefoxPreference' {
+
+ It 'Should return a boolean as a string without double quotes' {
+ $result = Format-FirefoxPreference -Value $true
+ $result | Should -BeOftype 'String'
+ $result | Should -Be 'True'
+ }
+
+ It 'Should return a string wrapped in double quotes' {
+ $result = Format-FireFoxPreference -Value 'Meaning of Life'
+ $result | Should -BeOftype 'String'
+ $result | Should -Be '"Meaning of Life"'
+ }
+
+ It 'Should return and a number as a string without double quotes' {
+ $result = Format-FireFoxPreference -Value 42
+ $result | Should -BeOftype 'String'
+ $result | Should -Be '42'
+ }
+ }
}
diff --git a/Tests/Unit/Module/Common.tests.ps1 b/Tests/Unit/Module/Common.tests.ps1
index e3cb64855..ebba2f372 100644
--- a/Tests/Unit/Module/Common.tests.ps1
+++ b/Tests/Unit/Module/Common.tests.ps1
@@ -26,7 +26,7 @@ $enumTests = @{
'PermissionRule|ProcessMitigationRule|RegistryRule|SecurityOptionRule|ServiceRule|' +
'|SkipRuleSqlScriptQueryRule|UserRightRule|WebConfigurationPropertyRule|'+
'|WebAppPoolRuleWindowsFeatureRule|WinEventLogRule|WmiRule'
- 'Technology' = 'Windows|SQL'
+ 'Technology' = 'Windows|SQL|Mozilla'
}
foreach( $enum in $enumTests.GetEnumerator() )
diff --git a/Tests/Unit/Module/Stig.TechnologyRole.tests.ps1 b/Tests/Unit/Module/Stig.TechnologyRole.tests.ps1
index 0ccdb33ab..a88a7b5cd 100644
--- a/Tests/Unit/Module/Stig.TechnologyRole.tests.ps1
+++ b/Tests/Unit/Module/Stig.TechnologyRole.tests.ps1
@@ -11,17 +11,20 @@ try
$technologyRole1 = 'DNS'
$technologyRole2 = 'ADDomain'
$technologyRole3 = 'Instance'
+ $technologyRole4 = 'Firefox'
$Technology1 = [Technology]::Windows
$Technology2 = [Technology]::SqlServer
+ $Technology3 = [Technology]::Mozilla
$technologyVersion1 = [TechnologyVersion]::new('2012R2', $Technology1)
$technologyVersion2 = [TechnologyVersion]::new('All', $Technology1)
$technologyVersion3 = [TechnologyVersion]::new('2012', $Technology2)
+ $technologyVersion4 = [TechnologyVersion]::new('All', $Technology3)
$TestValidateSet = @"
2012R2 = DNS, DC, MS, IISSite, IISServer
-All = ADDomain, ADForest, FW, IE11, DotNet4, OracleJRE8, Outlook2013, Excel2013, Word2013, PowerPoint2013
+All = ADDomain, ADForest, FW, IE11, DotNet4, OracleJRE8, Outlook2013, Excel2013, Word2013, PowerPoint2013, FireFox
2012 = Instance, Database
10 = Client
"@
@@ -51,6 +54,11 @@ All = ADDomain, ADForest, FW, IE11, DotNet4, OracleJRE8, Outlook2013, Excel2013,
$technologyRole.Name | Should Be $technologyRole3
$technologyRole.TechnologyVersion | Should Be $technologyVersion3
}
+ It "Should create an technologyRole class instance using technologyRole4 and technologyVersion4 data" {
+ $technologyRole = [technologyRole]::new($technologyRole4, $technologyVersion4)
+ $technologyRole.Name | Should Be $technologyRole4
+ $technologyRole.TechnologyVersion | Should Be $technologyVersion4
+ }
It "Should throw an exception for technologyRole not being available for TechnologyVersion: 2012R2 -> ADDomain" {
{ [technologyRole]::new($technologyRole1, $technologyVersion2) } | Should Throw
@@ -105,4 +113,3 @@ finally
{
. $PSScriptRoot\.tests.footer.ps1
}
-
diff --git a/Tests/Unit/Module/Stig.TechnologyVersion.tests.ps1 b/Tests/Unit/Module/Stig.TechnologyVersion.tests.ps1
index 7d35f09e7..a81c663e2 100644
--- a/Tests/Unit/Module/Stig.TechnologyVersion.tests.ps1
+++ b/Tests/Unit/Module/Stig.TechnologyVersion.tests.ps1
@@ -18,6 +18,7 @@ try
$TestValidateSet = @"
Windows = All, 2012R2, 10
SqlServer = 2012
+Mozilla = All
"@
$TestValidSetData = ConvertFrom-StringData -StringData $TestValidateSet
diff --git a/Tools/TestHelper/CompositeResourceFilter.psd1 b/Tools/TestHelper/CompositeResourceFilter.psd1
index bb9634ce1..8ba280d14 100644
--- a/Tools/TestHelper/CompositeResourceFilter.psd1
+++ b/Tools/TestHelper/CompositeResourceFilter.psd1
@@ -4,7 +4,9 @@
DotNetFramework = @("*DotNet4*")
IisServer = @("*IISServer*")
IisSite = @("*IISSite*")
+ OracleJRE = @("*OracleJRE8*")
SqlServer = @("*Instance*", "*Database*")
+ Firefox = @("*Firefox*")
Office = @("*Excel2013*", "*Outlook2013*", "*PowerPoint2013*", "*Word2013*")
WindowsClient = @("*Client*")
WindowsFirewall = @("*FW*")