M
MuradMomani
Hi,
I'm trying to make my winServer2016 compliance with the CIS benchmark (https://www.cisecurity.org/cis-benchmarks/), I have installed Microsoft Security Compliance Toolkit for Windows Server 2016 and run the Script in this path .....\Windows-10-RS1-and-Server-2016-Security-Baseline\Local_Script\Member_Server_Install.cmd, which will get group Policy configuration template from the GPOs Folder in the same path and apply it to the local policy as a member server.
After that what I'm expecting is to have all the points of CIS Benchmark being configured on the server as Microsoft claims here (Center for Internet Security (CIS) Benchmarks - Microsoft Compliance) that the Microsoft Security Compliance Toolkit is covering CIS Benchmark. for checking what points of CIS Benchmark V1.1.0 have been pointed or not, I used an auditing framework called Inspect (Install and Uninstall) which will do automated audit check on my windows server. Inspec needs Control auditing files to check against and validated the implemented points from those are not. for that, you can clone the following repository (dev-sec/windows-baseline) and use it with Inspec to make the auditing process (CISv1.1.0 same as one used by Security Compliance Toolkit for Windows Server 2016), and the command can be run as follows :
inspec exec Path\To\Windows\Base\Line\Auditing\repo
It will show you Results as follows :
Screenshot Link :
as seen the audit shows only 194 successful controls while there are 149 failures!
I tried to figure what is the problem and why the Security Compliance Toolkit did not apply all Secure configurations, noting that the logs of the Security Compliance toolkit did not show any error !!
so what is behind this, and how to make sure that the Security Compliance Toolkit works as expected with configuring most of the failed points from the audit output?
Continue reading...
I'm trying to make my winServer2016 compliance with the CIS benchmark (https://www.cisecurity.org/cis-benchmarks/), I have installed Microsoft Security Compliance Toolkit for Windows Server 2016 and run the Script in this path .....\Windows-10-RS1-and-Server-2016-Security-Baseline\Local_Script\Member_Server_Install.cmd, which will get group Policy configuration template from the GPOs Folder in the same path and apply it to the local policy as a member server.
After that what I'm expecting is to have all the points of CIS Benchmark being configured on the server as Microsoft claims here (Center for Internet Security (CIS) Benchmarks - Microsoft Compliance) that the Microsoft Security Compliance Toolkit is covering CIS Benchmark. for checking what points of CIS Benchmark V1.1.0 have been pointed or not, I used an auditing framework called Inspect (Install and Uninstall) which will do automated audit check on my windows server. Inspec needs Control auditing files to check against and validated the implemented points from those are not. for that, you can clone the following repository (dev-sec/windows-baseline) and use it with Inspec to make the auditing process (CISv1.1.0 same as one used by Security Compliance Toolkit for Windows Server 2016), and the command can be run as follows :
inspec exec Path\To\Windows\Base\Line\Auditing\repo
It will show you Results as follows :
Screenshot Link :
Google Drive: Sign-in
Access Google Drive with a Google account (for personal use) or Google Workspace account (for business use).
drive.google.com
as seen the audit shows only 194 successful controls while there are 149 failures!
I tried to figure what is the problem and why the Security Compliance Toolkit did not apply all Secure configurations, noting that the logs of the Security Compliance toolkit did not show any error !!
so what is behind this, and how to make sure that the Security Compliance Toolkit works as expected with configuring most of the failed points from the audit output?
Continue reading...