search

zincarla / STIGSupport

This PowerShell module contains several functions to help an administrator automate tasks involving STIGViewer's CKL files.
MIT License
30 stars 8 forks source link

Please make the MAC/IP interface selection configurable in Get-XCCDFHostData -XCCDF $XCCDFData #3

Closed cynthia-rempel closed 3 years ago

cynthia-rempel commented 4 years ago

It would be amazing if I could pick eth0 instead of lo, so if I could somehow pick in STIGSupport/Module/StigSupport.psm1

$HostIP = (@()+$XCCDF.Benchmark.TestResult.'target-address')[1] $HostMAC = (@()+($XCCDF.Benchmark.TestResult.'target-facts'.fact | Where-Object {$.name -eq "urn:scap:fact:asset:identifier:mac"}).'#text')[1] $HostFQDN = (@()+($XCCDF.Benchmark.TestResult.'target-facts'.fact | Where-Object {$.name -eq "urn:scap:fact:asset:identifier:fqdn"}).'#text')[0] $HostGUID = (@()+($XCCDF.Benchmark.TestResult.'target-facts'.fact | Where-Object {$_.name -eq "urn:scap:fact:asset:identifier:guid"}).'#text')[0]

Instead of: $HostIP = (@()+$XCCDF.Benchmark.TestResult.'target-address')[0] $HostMAC = (@()+($XCCDF.Benchmark.TestResult.'target-facts'.fact | Where-Object {$.name -eq "urn:scap:fact:asset:identifier:mac"}).'#text')[0] $HostFQDN = (@()+($XCCDF.Benchmark.TestResult.'target-facts'.fact | Where-Object {$.name -eq "urn:scap:fact:asset:identifier:fqdn"}).'#text')[0] $HostGUID = (@()+($XCCDF.Benchmark.TestResult.'target-facts'.fact | Where-Object {$_.name -eq "urn:scap:fact:asset:identifier:guid"}).'#text')[0]

It would be really amazing! Right now, the IP address is 127.0.0.1 and the MAC is 00:00:00:00:00:00 and it would be way cool if it could be filled with the IP on eth0 and mac of eth0.

zincarla commented 4 years ago

This is a good suggestion. For backwards compatibility I am thinking of adding 2 new parameters. Both optional. -Full which would return all "'target-facts'.fact" in the XCCDF XML, and -InterfaceFilter which would allow filtering to the first matching interface. If neither flag is specified, the function would act exactly as it currently does. I will probably work on this tomorrow.

zincarla commented 4 years ago

Added Get-XCCDFTargetFacts which dumps all target-facts in the XCCDF, and added a -Filter to Get-XCCDFHostData which allows custom interface selection. An example filter could then be {$_.interface_name -like "*ethernet*" -and $_.ipv4 -ne $null}. Or if you know the subnet of the client for the desired ip {$_.ipv4 -like "192.172.*"}. Similar filtering can be done based on $_.mac