Wrong check for the control 2.3.6.4

ansible-lockdown / Windows-2019-CIS

CIS Baseline Ansible Role for Windows 2019

MIT License

130 stars 72 forks source link

Wrong check for the control 2.3.6.4 #34

Closed Julieeeen closed 3 years ago

Julieeeen commented 3 years ago

name: "SCORED | 2.3.6.4 | PATCH | L1 Ensure Domain member Disable machine account password changes is set to Disabled" win_regedit: path: HKLM:\System\Currentcontrolset\Services\Netlogon\Parameters name: disablepasswordchange data: 0 type: dword when: rule_2_3_6_4 not ansible_windows_domain_role == "Primary domain controller" tags: level1-domaincontroller level1-memberserver rule_2.3.6.4 patch

georgenalen commented 3 years ago

Hello, Looking at the role 2.3.6.4 I think is set correctly, I have the control pasted from the role below to double check.

name: "SCORED | 2.3.6.4 | PATCH | L1 Ensure Domain member Disable machine account password changes is set to Disabled" win_regedit: path: HKLM:\System\Currentcontrolset\Services\Netlogon\Parameters name: disablepasswordchange data: 0 type: dword when:
- rule_2_3_6_4
- not ansible_windows_domain_role == "Primary domain controller" tags:
- level1-domaincontroller
- level1-memberserver
- rule_2.3.6.4
- patch

Julieeeen commented 3 years ago

Hi,

My bad it's a bug for windows 2016 cis (too many copy/paste) :)

I close this bug and I will open in the 2016 repo

georgenalen commented 3 years ago

lol no worries. We are glad you are opening issues. I will start the 2016 fixes after I get the 2019 fixes sorted, I started with 2019 since it had fewer issues.

George