search

ayohrling / local_security_policy

Apache License 2.0
6 stars 28 forks source link

Disabling builtin administrator duplication #123

Closed canihavethisone closed 1 year ago

canihavethisone commented 1 year ago

There are 2 policy names in lib/puppet_x/lsp/security_policy.rb to disable the builtin administrator

      'Accounts: Administrator account status' => {
        name: 'EnableAdminAccount',
        policy_type: 'System Access',
      },

and

      'EnableAdminAccount' => {
        name: 'EnableAdminAccount',
        policy_type: 'System Access',
      },

I perceive 3 issues with this:

  1. The naming of the first policy is inconsistent with the rule to disable the guest account, which is EnableGuestAccount
  2. The first rule is not in the readme, though the second is
  3. The second rule is not idempotent, though the first is

I imagine this is an easy fix? I upgraded from a previous version of this module and was caught out by this until I read through the code.

Tested using Puppet 6 on Windows 10.21H2

Thanks for an awesome module!

Andy-Adrian commented 1 year ago

The 'EnableAdminAccount' entry was left in the code just in case anyone was still using it. 'Accounts: Administrator account status' has been added to the README, EnableAdminAccount will be removed in a future update.

The 'EnableGuestAccount' entry was the same situation. The correct entry ('Accounts: Guest account status') has been added to the code and the README and the old one removed from README. Thanks!