-
Notifications
You must be signed in to change notification settings - Fork 16
/
inspec.yml
165 lines (144 loc) · 6.22 KB
/
inspec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
name: microsoft-windows-server-2016-stig-baseline
title: microsoft-windows-server-2016-stig-baseline
maintainer: MITRE InSpec Team
copyright: MITRE InSpec Team
copyright_email: inspec@mitre.org
license: Apache-2.0
summary: "Inspec Validation Profile for Microsoft Windows Member Server 2016 v1r7 STIG"
version: 1.7.1
inspec_version: ">= 4.0"
inputs:
- name: backup_operators
description: 'List of authorized users in the Backup Operators Group'
type: Array
value: []
- name: administrators
description: 'List of authorized users in the local Administrators group'
type: Array
sensitive: true
value:
- "Administrator"
- "Domain Admins"
- "Enterprise Admins"
- name: administrators_domain
description: 'List of authorized users in the local Administrators domain group'
type: Array
sensitive: true
value:
- "Administrator"
- "Domain Admins"
- "Enterprise Admins"
- name: temporary_accounts
description: 'List of temporary accounts on the system'
type: Array
value:
-
- name: temporary_account_period
desc: "List the number of days that temporary accounts remain active for"
type: Numeric
value: 3
- name: emergency_accounts
description: 'List of emergency accounts on the system'
type: Array
value:
-
- name: emergency_account_period
desc: "List the number of days that emergency accounts remain active for"
type: Numeric
value: 3
- name: administrator_domain_group
description: 'List of authorized users in the local Administrators domain group'
type: Array
sensitive: true
value:
- "Administrator"
- name: shared_accounts
description: 'List of shared accounts on the system'
type: Array
value: []
- name: has_ftp_server_role
description: 'Set to true server has the ftp server role'
type: Boolean
value: true
- name: forrest
description: 'Domain Controller forrest name'
type: String
value: 'dc=testdomain, dc=com'
- name: admin_account
description: 'Default administator account'
type: String
value: 'Administrator'
- name: is_AD_only_system
description: 'Set to true if the system is dedicated to the management of Active Directory'
type: Boolean
value: false
- name: legal_notice_text
description: 'Standard Legal Notice Text shown to the user on login'
type: String
value: "You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
By using this IS (which includes any device attached to this IS), you consent
to the following conditions:
-The USG routinely intercepts and monitors communications on this IS for
purposes including, but not limited to, penetration testing, COMSEC monitoring,
network operations and defense, personnel misconduct (PM), law enforcement
(LE), and counterintelligence (CI) investigations.
-At any time, the USG may inspect and seize data stored on this IS.
-Communications using, or data stored on, this IS are not private, are subject
to routine monitoring, interception, and search, and may be disclosed or used
for any USG-authorized purpose.
-This IS includes security measures (e.g., authentication and access controls)
to protect USG interests--not for your personal benefit or privacy.
-Notwithstanding the above, using this IS does not constitute consent to PM, LE
or CI investigative searching or monitoring of the content of privileged
communications, or work product, related to personal representation or services
by attorneys, psychotherapists, or clergy, and their assistants. Such
communications and work product are private and confidential. See User
Agreement for details."
- name: legal_notice_caption
description: 'Standard Legal Notice Caption to go along with the Standard Legal Notice Text'
type: String
value: "DoD Notice and Consent Banner, US Department of Defense Warning Statement, or a site-defined equivalent."
- name: max_conn_idle_time
description: 'Maximum connectivity time to directory server in seconds'
type: Numeric
value: 300
- name: is_unclassified_system
description: 'Set flag to true if the target system is unclassified'
type: Boolean
value: true
- name: dod_certificates
description: 'List of DoD Interoperability Root Certificates'
type: Array
value:
- :Subject: "CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US"
:Issuer: "CN=DoD Interoperability Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US"
:Thumbprint: "FFAD03329B9E527A43EEC66A56F9CBB5393E6E13"
:NotAfter: "Sunday, September 23, 2018"
- :Subject: "CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US"
:Issuer: "CN=DoD Interoperability Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US"
:Thumbprint: "FCE1B1E25374DD94F5935BEB86CA643D8C8D1FF4"
:NotAfter: "Sunday, February 17, 2019"
- :Subject: "CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US"
:Issuer: "CN=DoD Interoperability Root CA 1, OU=PKI, OU=DoD, O=U.S. Government, C=US"
:Thumbprint: "22BBE981F0694D246CC1472ED2B021DC8540A22F"
:NotAfter: "Friday, September 06, 2019"
- name: dod_cceb_certificates
description: 'List of DoD Interoperability Root Certificates'
type: Array
value:
- :Subject: "CN=DoD Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US"
:Issuer: "CN=US DoD CCEB Interoperability Root CA 1, OU=PKI, OU=DoD, O=U.S. Government, C=US"
:Thumbprint: "DA36FAF56B2F6FBA1604F5BE46D864C9FA013BA3"
:NotAfter: "Saturday, March 09, 2019"
- :Subject: "CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US"
:Issuer: "CN=US DoD CCEB Interoperability Root CA 2, OU=PKI, OU=DoD, O=U.S. Government, C=US"
:Thumbprint: "929BF3196896994C0A201DF4A5B71F603FEFBF2E"
:NotAfter: "Friday, September 27, 2019"
- name: built_in_admin_account
description: 'Default account name for Built-In Administrator'
type: String
value: "Administrator"
- name: manually_managed_app_service_accounts
description: 'A list of all manually managed Application and Service account names'
type: Array
value: []