Closed IPvFletch closed 1 year ago
Thank you for catching that I am actually in the process of updating this branch heavily and have been checking each individual control against the new benchmarks. I have this ear marked already in my changes. I have not pushed a update to my branch yet with the changes.
great news - lmk if we can test out a branch with the fixes!
@IPvFletch Updates took longer then expected plus added a bunch of new variables, but they are complete and will do full testing on Monday and then start work on the matching audit files. Lots of changes to this release so I will test as much as I can.
Merged to devel audit has not been done yet.
The 2019 repo uses the 2016 Windows guide. https://github.com/ansible-lockdown/Windows-2019-CIS
Based on [CIS Microsoft Windows Server 2019 Benchmark v1.3.0 - 03-18-2022](https://learn.cisecurity.org/l/799323/2022-03-15/rshpk)
But that link takes you to download CIS_Microsoft_Windows_Server_2016_Benchmark_v1.4.0.pdf
This in itself is not a big deal, but... The rest of the lockdown playbook uses the 2016 guide, not the 2019 guide.
For instance:
https://github.com/ansible-lockdown/Windows-2019-CIS/blob/devel/tasks/section01.yml
- name: "1.1.6 | PATCH | Ensure Store passwords using reversible encryption is set to Disabled"
Which is what CIS Windows 2016 has:
But CIS Windows 2019 is different: