This repository has been archived by the owner on Sep 21, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathinspec.yml
138 lines (118 loc) · 5.78 KB
/
inspec.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
name: cms-ars-3.1-high-microsoft-windows-server-2016-stig-overlay
title: cms-ars-3.1-high-microsoft-windows-server-2016-stig-overlay
maintainer: CMS InSpec Dev Team
copyright:
copyright_email:
license: Apache-2.0
summary: "CMS ARS 3.1 High Overlay InSpec Validation Profile for Windows Server 2016 STIG"
version: 0.1.1
inspec_version: ">= 4.0"
depends:
- name: microsoft-windows-server-2016-stig-baseline
url: https://github.com/mitre/microsoft-windows-server-2016-stig-baseline/archive/master.tar.gz
inputs:
- name: backup_operators
description: 'List of authorized users in the Backup Operators Group'
type: Array
value: []
profile: microsoft-windows-server-2016-stig-baseline
- name: administrators
description: 'List of authorized users in the local Administrators group'
type: Array
value: ["Administrator", "Domain Admins", "Enterprise Admins"]
sensitive: true
profile: microsoft-windows-server-2016-stig-baseline
- name: administrators_domain
description: 'List of authorized users in the local Administrators domain group'
type: Array
value: ["Administrator", "Domain Admins", "Enterprise Admins"]
sensitive: true
profile: microsoft-windows-server-2016-stig-baseline
- name: temp_account
description: 'List of temporary accounts on the system'
type: Array
value: ["tempuser"]
profile: microsoft-windows-server-2016-stig-baseline
- name: emergency_account
description: 'List of emergency accounts on the system'
type: Array
value: []
profile: microsoft-windows-server-2016-stig-baseline
- name: administrator_domain_group
description: 'List of authorized users in the local Administrators domain group'
type: Array
value: ["Administrator"]
sensitive: true
profile: microsoft-windows-server-2016-stig-baseline
- name: shared_accounts
description: 'List of shared accounts on the system'
type: Array
value: []
profile: microsoft-windows-server-2016-stig-baseline
- name: has_ftp_server_role
description: 'Set to true server has the ftp server role'
type: Boolean
value: true
profile: microsoft-windows-server-2016-stig-baseline
- name: forrest
description: 'Domain Controller forrest name'
type: String
value: 'dc=testdomain, dc=com'
profile: microsoft-windows-server-2016-stig-baseline
- name: admin_account
description: 'Default administator account'
type: String
value: 'Administrator'
sensitive: true
profile: microsoft-windows-server-2016-stig-baseline
- name: is_AD_only_system
description: 'Set to true if the system is dedicated to the management of Active Directory'
type: Boolean
value: false
profile: microsoft-windows-server-2016-stig-baseline
- name: legal_notice_text
description: 'Standard Legal Notice Text shown to the user on login'
type: String
value: "* This warning banner provides privacy and security notices consistent with applicable federal laws, directives, and other federal guidance for accessing this Government system, which includes (1) this computer network, (2) all computers connected to this network, and (3) all devices and storage media attached to this network or to a computer on this network.
* This system is provided for Government-authorized use only.
* Unauthorized or improper use of this system is prohibited and may result in disciplinary action and/or civil and criminal penalties.
* Personal use of social media and networking sites on this system is limited as to not interfere with official work duties and is subject to monitoring.
* By using this system, you understand and consent to the following:
- The Government may monitor, record, and audit your system usage, including usage of personal devices and email systems for official duties or to conduct HHS business. Therefore, you have no reasonable expectation of privacy regarding any communication or data transiting or stored on this system. At any time, and for any lawful Government purpose, the government may monitor, intercept, and search and seize any communication or data transiting or stored on this system.
- Any communication or data transiting or stored on this system may be disclosed or used for any lawful Government purpose."
profile: microsoft-windows-server-2016-stig-baseline
- name: legal_notice_caption
description: 'Standard Legal Notice Caption to go along with the Standard Legal Notice Text'
type: String
value: "-= WARNING =- -= WARNING =- -= WARNING =-"
profile: microsoft-windows-server-2016-stig-baseline
- name: max_conn_idle_time
description: 'Maximum connectivity time to directory server in seconds'
type: Numeric
value: 300
profile: microsoft-windows-server-2016-stig-baseline
- name: is_unclassified_system
description: 'Set flag to true if the target system is unclassified'
type: Boolean
value: true
profile: microsoft-windows-server-2016-stig-baseline
- name: dod_certificates
description: 'List of DoD Interoperability Root Certificates'
type: Array
value: []
profile: microsoft-windows-server-2016-stig-baseline
- name: dod_cceb_certificates
description: 'List of DoD Interoperability Root Certificates'
type: Array
value: []
profile: microsoft-windows-server-2016-stig-baseline
- name: built_in_admin_account
description: 'Default account name for Built-In Administrator'
type: String
value: "Administrator"
profile: microsoft-windows-server-2016-stig-baseline
- name: manually_managed_app_service_accounts
description: 'A list of all manually managed Application and Service account names'
type: Array
value: []
profile: microsoft-windows-server-2016-stig-baseline