Audit Test Automation Package

Table of contents

• Audit Test Automation Package
  • Table of contents
  • Overview
  • Modules
  • Reports
  • Application
  • Microsoft OS
  • Unix OS
  • Prerequisites
  • Windows
  • How to install
  • Installation from PS Gallery
  • Video tutorial for manual installation
  • Installer
  • Linux
  • Usage
  • How to Update
  • Good to know
  • Sample reports
  • Customization
  • Converting reports to xml instead of HTML
  • Related links
  • AuditTAP information
  • Hardening recommendations in general
  • Questions, issues or project support

Overview

Our Audit Test Automation Package enables you to get an overview about the compliance status of your systems against established hardening guidelines. Below you will find an overview of the integrated hardening standards and their respective authors (such as Microsoft, CIS, BSI, etc.). The resulting HTML-reports provide a transparent and comprehensible overview over the compliance-status for each of the different settings and configurations suggested inside the provided industry standards and hardening guides.

Modules

The package consists of the following PowerShell modules:

• ATAPHtmlReport
• ATAPAuditor

Reports

ATAPAuditor contains reports based on the following benchmarks including the version number. How to read the table below:

• The entries in the DISA column specify the version of the DISA STIG that is used.
• The entries in the CIS column specify the version of the CIS benchmark that is used.
• The entries in the MS column specify the version of the Microsoft security baseline that is used.
• The entries in the BSI column specify the version of the BSI benchmark that is used.
• The entries in the ACSC column specify the version of the ACSC benchmark that is used.

We currently support the following reports, based on these topics:

Application

The report Microsoft Office 2016 aggregates the results of all Microsoft Office 2016 \ reports.

Microsoft OS

The report Microsoft Windows 10 BSI aggregates the results of all BSI recommendations for Microsoft Windows 10 reports.

Unix OS

Prerequisites

Before proceeding with the installation, please ensure the following prerequisites are met:

Windows

• PowerShell version 5.1
• Administrative permissions on the system to be audited

How to install

We offer several ways of how you can use our free of charge . Find several detailed explanations below and use them as follows:

• Installation via PSGallery - just install our package directly from PowerShell Gallery.
• Manual installation - use the manual way in case you do not have internet connectivity on the system you want to check. We are aware of these "non connected" scenarios for example in datacenter environments.
• Use our installer to install or update

Installation from PS Gallery

Simple and straight-forward. Install with a single line of code.

Install-Module -Name ATAPAuditor

Video tutorial for manual installation

Following the well-known phrase "A picture is worth a thousand words" we visualized -installation in a roughly three minute video. The first half of the video guides through the process of manual installation, the second half shows installation via PowerShell Gallery.

See the Installing a PowerShell module guide for more specific instructions.

1. Download the most recent release
2. In case your systems security configuration prevents direct execution / access on internet based ("untrusted") files you may need to "unblock" the file first.

Unblock-File -Path .\Audit-Test-Automation-5.9.0.zip -Verbose

The following screenshot shows the output:

3. Extract the archive, for example by using the following commands in PowerShell or by using your favourite unzipping toolset.
   When using PowerShell, please check correct version number with below code example.

Expand-Archive -Path ".\Audit-Test-Automation-5.9.0.zip" -DestinationPath "AuditTAP"

4. Copy ATAPAuditor and ATAPHtmlReport modules to any of the paths of $env:PSModulePath.

Installer

Download the installer from the releases page. The wizard will guide you through the installation steps to install the necessary modules, along with a convenient Start-menu shortcut.

Linux

For usage on Linux systems a PowerShell installation is required. The necessary steps depend on the Linux distribution and is documented here. Once PowerShell is installed proceed with a manual installation or using PS Gallery.

Usage

Optionally, import ATAPAuditor module:

Import-Module -Name ATAPAuditor

By default the module creates a new report in Documents\ATAPReports folder. A list of all available reports can be found in above table. Just substitute the ReportName with the name of the benchmark. Append -Path to specify output folder.

:exclamation: ATAP is only compatible with PowerShell 5.1. When run in a different PowerShell version, the user will be prompted to open a PowerShell 5 console or stop the script. :exclamation:

Examples:

Save-ATAPHtmlReport -ReportName "Microsoft Windows 11 Stand-alone" -RiskScore -Path C:\Temp\report.html
Save-ATAPHtmlReport -ReportName "Microsoft Windows 10" -RiskScore -Path C:\Temp\report.html
Save-ATAPHtmlReport -ReportName "Microsoft Windows 11" -Path C:\Temp\report.html
Save-ATAPHtmlReport -ReportName "Microsoft Windows 10 BSI" -RiskScore -Path C:\Temp
Save-ATAPHtmlReport -ReportName "Microsoft Windows Server 2022" -Path C:\Temp
Save-ATAPHtmlReport -ReportName "Google Chrome"
Save-ATAPHtmlReport -ReportName "Ubuntu 20.04"

Pro-Tip: After typing Save-ATAPHtmlReport -ReportName, use the keyboard shortcut <ctrl> + <space> to display all available parameters and select the desired report using arrow-keys.

The ATAPAuditor module also provides a simple menu based runner for reports. It can be found in ATAPAuditor\Helpers\Menu.ps1. When using the Windows based installer, a shortcut can be found in the start menu.

How to Update

In order to update AuditTAP, you need to update both modules "ATAPAuditor" and "ATAPHtmlReport". To do that, just run the following line of code:

For updating ATAPAuditor:

Update-Module ATAPAuditor

For updating ATAPHtmlReport:

Update-Module ATAPHtmlReport

If you want to update via Installer, make sure to download the latest version of AuditTAP. Then just follow the installation steps.

Good to know

• Make sure your execution policy is set to at least remoteSigned (the scripts are not digitally signed)

Set-ExecutionPolicy RemoteSigned -scope CurrentUser

• You can extend your AuditReports with a RiskScore by adding the RiskScore-Switch parameter (currently only available for Windows Reports):

  Save-ATAPHtmlReport -ReportName "Microsoft Windows 10" -Force -RiskScore

• ATAPAuditor has a dependency on ATAPHtmlReport.

• Some reports take more than a few seconds because hundreds of individual settings and controls are checked. Please be patient, the result will satisfy your needs 😉

• If you used old versions of AuditTAP you may want to clean up your modules. Be sure you have not integrated AuditTAP functionality in reporting processes. In order to accomplish this task you can use the following script.

# Remove all old AuditTAP Reports if available
$collection = @("ATAPHtmlReport","Excel2016Audit","GoogleChromeAudit","IIS8Audit","IIS10Audit","MicrosoftIE11Audit","MozillaFirefoxAudit","Outlook2016Audit","Powerpoint2016Audit","Skype4Business2016Audit","SQL2016Benchmarks","Windows10Audit","Windows10GDPRAudit","WindowsServer2016Audit","Word2016Audit")
ForEach ($item in $collection)
{
  if (Get-Module -ListAvailable -Name $item)
  {
    # Module found, so remove it
    $installPath = Get-Module -ListAvailable $item | Select-Object -ExpandProperty Path | Split-Path -Parent
    Remove-Item -Path $installPath -Recurse -Force -Confirm:$false
  }
  else
  {
    # Module not installed, do nothing and take next item
  }
}

Sample reports

You can find several sample reports in the "Samples" folder.

Customization

You can change the default folder for Save-ATAPHtmlReport, which is Documents\ATAPReports, by creating and later editing the environment variable ATAPReportPath. Environment variables can be set for different scopes - please choose the one that fits your needs. The following samples will set the default path to 'C:\ATAPReports'.

Temporary scope: CurrentSession

$env:ATAPReportPath = 'C:\ATAPReports'

Permanent scope: CurrentUser

[System.Environment]::SetEnvironmentVariable('ATAPReportPath','C:\ATAPReports',[System.EnvironmentVariableTarget]::User)

Permanent scope: Machine

[System.Environment]::SetEnvironmentVariable('ATAPReportPath','C:\ATAPReports',[System.EnvironmentVariableTarget]::Machine)

Converting reports to xml instead of HTML

For this functionality, it is handy to know the Invoke-ATAPReport command can be used: Just use the following code snippet, and exchange the variables "Reportname" and "FilePath".

$Reportname = "Microsoft Windows 11"
$FilePath = "C://YourPath/YourFileName.xml"
ConvertTo-Xml -InputObject (Invoke-ATAPReport -ReportName $ReportName) -As "String" -Depth 10 | Out-File -FilePath $FilePath

Related links

AuditTAP information

• GitHub-Link: https://github.com/fbprogmbh/Audit-Test-Automation
• AuditTAP landing page: https://www.fb-pro.com/audit-tap-product-information
• YouTube channel with more videos: https://www.youtube.com/channel/UCFolaYgClJ005glpn5owRUg
• For the installer we are using the free Inno Setup for Windows provided by Jordan Russell and Martijn Laan. https://jrsoftware.org/isinfo.php

Hardening recommendations in general

• NoCodeHardening: https://www.nocodehardening.com

• BSI SiSyPHus: https://www.bsi.bund.de/EN/Topics/Cyber-Security/Recommendations/SiSyPHuS_Win10/SiSyPHuS_node.html

• Center for Internet Security: https://www.cisecurity.org/

• DISA STIGs: https://public.cyber.mil/stigs/

• Microsoft Security baselines: https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines

  Questions, issues or project support

  Please check the FAQ-section first before opening an issue or contacting us.

• For questions or issues regarding AuditTAP please use GitHub issue tracker.

• For questions regarding project support please write a short mail to team@fb-pro.com