From ecb93318ce8b58e91acc40b470d8171ec4865f07 Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Wed, 17 Aug 2022 17:21:28 +0000 Subject: [PATCH 01/26] New Updates for Merge --- controls/SV-221584.rb | 6 ++++++ controls/SV-221588.rb | 17 +++++++++++++++++ controls/SV-221590.rb | 5 +++++ controls/SV-221591.rb | 5 +++++ controls/SV-221592.rb | 5 +++++ controls/SV-221593.rb | 5 +++++ controls/SV-221594.rb | 5 +++++ controls/SV-221595.rb | 5 +++++ controls/SV-221596.rb | 7 +++++++ controls/SV-221597.rb | 5 +++++ controls/SV-221598.rb | 5 +++++ controls/SV-221599.rb | 5 +++++ inspec.yml | 18 ++++++++++++++++++ 13 files changed, 93 insertions(+) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index e209d6a..312190f 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -21,4 +21,10 @@ tag legacy: ["SV-57639","V-44805"] tag cci: ["CCI-002605"] tag nist: ["SI-2 c"] + + version = input('google_chrome_version') + # ??? + describe version do + it { should cmp >= 74.0.0 } + end end \ No newline at end of file diff --git a/controls/SV-221588.rb b/controls/SV-221588.rb index 8f53d43..0b3b5a6 100644 --- a/controls/SV-221588.rb +++ b/controls/SV-221588.rb @@ -56,4 +56,21 @@ tag legacy: ["SV-94635","V-79931"] tag cci: ["CCI-000169"] tag nist: ["AU-12 a"] + + if input('siprnet_system') == 'true' + impact 0.0 + describe 'This Control is Not Applicable to systems on the SIPRNet.' do + skip 'This Control is Not Applicable to systems on the SIPRNet.' + end + else + describe.one do + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'DownloadRestrictions' } + its('DownloadRestrictions') { should cmp 1 } + end + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'DownloadRestrictions' } + its('DownloadRestrictions') { should cmp 2 } + end + end end \ No newline at end of file diff --git a/controls/SV-221590.rb b/controls/SV-221590.rb index ca053df..ffebac9 100644 --- a/controls/SV-221590.rb +++ b/controls/SV-221590.rb @@ -42,4 +42,9 @@ tag legacy: ["SV-96299","V-81585"] tag cci: ["CCI-001166"] tag nist: ["SC-18 (1)"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'SafeBrowsingExtendedReportingEnabled'} + its('SafeBrowsingExtendedReportingEnabled') { should cmp 0 } + end end \ No newline at end of file diff --git a/controls/SV-221591.rb b/controls/SV-221591.rb index 67e0ec8..f1527cd 100644 --- a/controls/SV-221591.rb +++ b/controls/SV-221591.rb @@ -38,4 +38,9 @@ tag legacy: ["SV-96301","V-81587"] tag cci: ["CCI-000381"] tag nist: ["CM-7 a"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'DefaultWebUsbGuardSetting'} + its('DefaultWebUsbGuardSetting') { should cmp 2 } + end end \ No newline at end of file diff --git a/controls/SV-221592.rb b/controls/SV-221592.rb index 6c2116c..3a57432 100644 --- a/controls/SV-221592.rb +++ b/controls/SV-221592.rb @@ -38,4 +38,9 @@ tag legacy: ["SV-96305","V-81591"] tag cci: ["CCI-000169"] tag nist: ["AU-12 a"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'ChromeCleanupEnabled'} + its('ChromeCleanupEnabled') { should cmp 0 } + end end \ No newline at end of file diff --git a/controls/SV-221593.rb b/controls/SV-221593.rb index 9a456f4..368347e 100644 --- a/controls/SV-221593.rb +++ b/controls/SV-221593.rb @@ -48,4 +48,9 @@ tag legacy: ["SV-96307","V-81593"] tag cci: ["CCI-000169"] tag nist: ["AU-12 a"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'ChromeCleanupReportingEnabled'} + its('ChromeCleanupReportingEnabled') { should cmp 0 } + end end \ No newline at end of file diff --git a/controls/SV-221594.rb b/controls/SV-221594.rb index 7ec60f9..401b1fb 100644 --- a/controls/SV-221594.rb +++ b/controls/SV-221594.rb @@ -35,4 +35,9 @@ tag legacy: ["SV-96311","V-81597"] tag cci: ["CCI-000381"] tag nist: ["CM-7 a"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'EnableMediaRouter'} + its('EnableMediaRouter') { should cmp 0 } + end end \ No newline at end of file diff --git a/controls/SV-221595.rb b/controls/SV-221595.rb index 7b4a949..6dd2cb5 100644 --- a/controls/SV-221595.rb +++ b/controls/SV-221595.rb @@ -37,4 +37,9 @@ tag legacy: ["SV-96295","V-81581"] tag cci: ["CCI-000381"] tag nist: ["CM-7 a"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'AutoplayAllowed'} + its('AutoplayAllowed') { should cmp 0 } + end end \ No newline at end of file diff --git a/controls/SV-221596.rb b/controls/SV-221596.rb index 40eb5e1..ec6accb 100644 --- a/controls/SV-221596.rb +++ b/controls/SV-221596.rb @@ -40,4 +40,11 @@ tag legacy: ["SV-96303","V-81589"] tag cci: ["CCI-001170"] tag nist: ["SC-18 (4)"] + + approved_urls = input('administrator_approved_urls') + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'AutoplayAllowlist'} + its('AutoplayAllowlist') { should cmp approved_urls } + end end \ No newline at end of file diff --git a/controls/SV-221597.rb b/controls/SV-221597.rb index f7bd27a..2610d4f 100644 --- a/controls/SV-221597.rb +++ b/controls/SV-221597.rb @@ -41,4 +41,9 @@ tag legacy: ["SV-101303","V-91203"] tag cci: ["CCI-001166"] tag nist: ["SC-18 (1)"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'UrlKeyedAnonymizedDataCollectionEnabled'} + its('UrlKeyedAnonymizedDataCollectionEnabled') { should cmp 0 } + end end \ No newline at end of file diff --git a/controls/SV-221598.rb b/controls/SV-221598.rb index fb40631..09a7e2b 100644 --- a/controls/SV-221598.rb +++ b/controls/SV-221598.rb @@ -42,4 +42,9 @@ tag legacy: ["SV-101305","V-91205"] tag cci: ["CCI-001166"] tag nist: ["SC-18 (1)"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'WebRtcEventLogCollectionAllowed'} + its('WebRtcEventLogCollectionAllowed') { should cmp 0 } + end end \ No newline at end of file diff --git a/controls/SV-221599.rb b/controls/SV-221599.rb index 1380fec..1e6ec0c 100644 --- a/controls/SV-221599.rb +++ b/controls/SV-221599.rb @@ -37,4 +37,9 @@ tag legacy: ["SV-106629","V-97525"] tag cci: ["CCI-001312"] tag nist: ["SI-11 a"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'DeveloperToolsAvailability'} + its('DeveloperToolsAvailability') { should cmp 2 } + end end \ No newline at end of file diff --git a/inspec.yml b/inspec.yml index 055a2e2..d36c01d 100644 --- a/inspec.yml +++ b/inspec.yml @@ -23,4 +23,22 @@ inputs: desc: "This details an organization-approved encrypted search string to perform encrypted searches" type: String value: '' + + - name: google_chrome_version + desc: "This may be manually entered and be found by opening the Chrome browser, going to Settings, then clicking About Chrome (at the bottom) " + type: String + value: '' + + - name: siprnet_system + description: "If this system/machine is on the SIPRNet" + type: Boolean + value: false + + - name: administrator_approved_urls + description: "Administrator approved allowlist of URL patterns that autoplay will always be enabled on" + type: Array + value: + - '' + - '' + \ No newline at end of file From a9da2b53fea0d1c4672784ddd2b983e0ab0ba6ab Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Thu, 18 Aug 2022 18:24:13 +0000 Subject: [PATCH 02/26] Changes to 221584, 221588, and inspec.yml --- controls/SV-221584.rb | 6 +++--- controls/SV-221588.rb | 3 ++- inspec.yml | 9 ++------- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index 312190f..6dfd9c6 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -22,9 +22,9 @@ tag cci: ["CCI-002605"] tag nist: ["SI-2 c"] - version = input('google_chrome_version') - # ??? - describe version do + domain_role = command('(Get-Item (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe').'(Default)').VersionInfo.ProductVersion') + + describe domain_role do it { should cmp >= 74.0.0 } end end \ No newline at end of file diff --git a/controls/SV-221588.rb b/controls/SV-221588.rb index 0b3b5a6..367d680 100644 --- a/controls/SV-221588.rb +++ b/controls/SV-221588.rb @@ -57,7 +57,7 @@ tag cci: ["CCI-000169"] tag nist: ["AU-12 a"] - if input('siprnet_system') == 'true' + if input('siprnet_system') == true impact 0.0 describe 'This Control is Not Applicable to systems on the SIPRNet.' do skip 'This Control is Not Applicable to systems on the SIPRNet.' @@ -73,4 +73,5 @@ its('DownloadRestrictions') { should cmp 2 } end end + end end \ No newline at end of file diff --git a/inspec.yml b/inspec.yml index d36c01d..a9747f7 100644 --- a/inspec.yml +++ b/inspec.yml @@ -22,19 +22,14 @@ inputs: - name: approved_encrytped_search_string desc: "This details an organization-approved encrypted search string to perform encrypted searches" type: String - value: '' - - - name: google_chrome_version - desc: "This may be manually entered and be found by opening the Chrome browser, going to Settings, then clicking About Chrome (at the bottom) " - type: String - value: '' + value: '' - name: siprnet_system description: "If this system/machine is on the SIPRNet" type: Boolean value: false - - name: administrator_approved_urls + - name: administrator_approved_urls description: "Administrator approved allowlist of URL patterns that autoplay will always be enabled on" type: Array value: From dc1bf7b019960227d46e72b406747aeb01da1669 Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Fri, 19 Aug 2022 20:00:40 +0000 Subject: [PATCH 03/26] Change to 221584 --- controls/SV-221584.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index 6dfd9c6..dfd74ef 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -22,9 +22,9 @@ tag cci: ["CCI-002605"] tag nist: ["SI-2 c"] - domain_role = command('(Get-Item (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe').'(Default)').VersionInfo.ProductVersion') + domain_role = command('(Get-Item (Get-ItemProperty \'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\').\'(Default)\').VersionInfo.ProductVersion') describe domain_role do - it { should cmp >= 74.0.0 } + it { should cmp >= '74.0.0' } end end \ No newline at end of file From d984f30474c227114d98388a14a2ac51f7efd78c Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Thu, 25 Aug 2022 13:55:18 +0000 Subject: [PATCH 04/26] Change Request --- controls/SV-221584.rb | 4 +++- controls/SV-221588.rb | 6 +++--- inspec.yml | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index dfd74ef..3ef4615 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -24,7 +24,9 @@ domain_role = command('(Get-Item (Get-ItemProperty \'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\').\'(Default)\').VersionInfo.ProductVersion') + google_version = input('74.0.0') + describe domain_role do - it { should cmp >= '74.0.0' } + it { should cmp >= google_version } end end \ No newline at end of file diff --git a/controls/SV-221588.rb b/controls/SV-221588.rb index 367d680..c00b0f6 100644 --- a/controls/SV-221588.rb +++ b/controls/SV-221588.rb @@ -57,10 +57,10 @@ tag cci: ["CCI-000169"] tag nist: ["AU-12 a"] - if input('siprnet_system') == true + if sensitive_system impact 0.0 - describe 'This Control is Not Applicable to systems on the SIPRNet.' do - skip 'This Control is Not Applicable to systems on the SIPRNet.' + describe 'This Control is Not Applicable to systems for Sensitive Networks.' do + skip 'This Control is Not Applicable to systems for Sensitive Networks.' end else describe.one do diff --git a/inspec.yml b/inspec.yml index a9747f7..fdde1ca 100644 --- a/inspec.yml +++ b/inspec.yml @@ -24,8 +24,8 @@ inputs: type: String value: '' - - name: siprnet_system - description: "If this system/machine is on the SIPRNet" + - name: sensitive_system + description: "If this system/machine is on a Sensitive Network(s)" type: Boolean value: false From e5d0c71dbe9890ba96e0b613119f16401a5aa908 Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Tue, 30 Aug 2022 22:14:13 +0000 Subject: [PATCH 05/26] Inspec.yml, 221584 updates --- controls/SV-221584.rb | 12 +++++++----- inspec.yml | 14 +++++++++----- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index 3ef4615..edec887 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -22,11 +22,13 @@ tag cci: ["CCI-002605"] tag nist: ["SI-2 c"] - domain_role = command('(Get-Item (Get-ItemProperty \'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\').\'(Default)\').VersionInfo.ProductVersion') + current_chrome_version_command = <<-EOH + #find version + $version = (Get-Item (Get-ItemProperty 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\chrome.exe').'(Default)').VersionInfo.ProductVersion + echo $version + EOH - google_version = input('74.0.0') - - describe domain_role do - it { should cmp >= google_version } + describe powershell(current_chrome_version_command) do + its('stdout') { should cmp >= input('google_chrome_version') } end end \ No newline at end of file diff --git a/inspec.yml b/inspec.yml index fdde1ca..4e911d2 100644 --- a/inspec.yml +++ b/inspec.yml @@ -9,18 +9,18 @@ version: 2.6.1 inputs: - name: administrator_approved_extension_ids - desc: 'This is a list of approved extension ids determined by administrators to decide which extensions should be allowed for their users.' + description: 'This is a list of approved extension ids determined by administrators to decide which extensions should be allowed for their users.' type: Array value: - '' - name: approved_encrypted_search_provider_name - desc: "This contains the name of organization approved encrypted search provider that corresponds to the encrypted search provider" + description: "This contains the name of organization approved encrypted search provider that corresponds to the encrypted search provider" type: String value: '' - name: approved_encrytped_search_string - desc: "This details an organization-approved encrypted search string to perform encrypted searches" + description: "This details an organization-approved encrypted search string to perform encrypted searches" type: String value: '' @@ -29,11 +29,15 @@ inputs: type: Boolean value: false + - name: google_chrome_version + description: "This contains the least acceptable version number for Google Chrome" + type: String + value: '74.0.0' + - name: administrator_approved_urls description: "Administrator approved allowlist of URL patterns that autoplay will always be enabled on" type: Array value: - '' - '' - - \ No newline at end of file + \ No newline at end of file From 4f0a54aec0c8e91791e2af6c8804038516b31d2c Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Wed, 31 Aug 2022 14:46:41 +0000 Subject: [PATCH 06/26] SV-221584, SV-221588 --- controls/SV-221584.rb | 4 ++-- controls/SV-221588.rb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index edec887..2d304c3 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -23,8 +23,8 @@ tag nist: ["SI-2 c"] current_chrome_version_command = <<-EOH - #find version - $version = (Get-Item (Get-ItemProperty 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\chrome.exe').'(Default)').VersionInfo.ProductVersion + # $(Get-Package -Name "Google Chrome").Version + $version = (Get-Item (Get-ItemProperty 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\chrome.exe').'(Default)').VersionInfo.ProductVersionwerwe echo $version EOH diff --git a/controls/SV-221588.rb b/controls/SV-221588.rb index c00b0f6..0ce1cd8 100644 --- a/controls/SV-221588.rb +++ b/controls/SV-221588.rb @@ -57,7 +57,7 @@ tag cci: ["CCI-000169"] tag nist: ["AU-12 a"] - if sensitive_system + if input('sensitive_system') impact 0.0 describe 'This Control is Not Applicable to systems for Sensitive Networks.' do skip 'This Control is Not Applicable to systems for Sensitive Networks.' From 394cd851e115d9bb1cc5e34ac4ce0d59ef4a9f3e Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Thu, 8 Sep 2022 18:56:22 +0000 Subject: [PATCH 07/26] 221584 --- controls/SV-221584.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index 2d304c3..ff08624 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -29,6 +29,6 @@ EOH describe powershell(current_chrome_version_command) do - its('stdout') { should cmp >= input('google_chrome_version') } + its('stdout') { should be >= input('google_chrome_version') } end end \ No newline at end of file From fe967ea2f34c11fc46016ef6c65b4a1cd03486b5 Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Thu, 8 Sep 2022 19:00:18 +0000 Subject: [PATCH 08/26] 221584 --- inspec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inspec.yml b/inspec.yml index 4e911d2..ea134ae 100644 --- a/inspec.yml +++ b/inspec.yml @@ -31,7 +31,7 @@ inputs: - name: google_chrome_version description: "This contains the least acceptable version number for Google Chrome" - type: String + type: Numeric value: '74.0.0' - name: administrator_approved_urls From db1b11d57f669466106b8cf4ad4d617782e13525 Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Wed, 14 Sep 2022 22:30:33 +0000 Subject: [PATCH 09/26] 221584 --- inspec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inspec.yml b/inspec.yml index ea134ae..385f632 100644 --- a/inspec.yml +++ b/inspec.yml @@ -32,7 +32,7 @@ inputs: - name: google_chrome_version description: "This contains the least acceptable version number for Google Chrome" type: Numeric - value: '74.0.0' + value: 74.0.0 - name: administrator_approved_urls description: "Administrator approved allowlist of URL patterns that autoplay will always be enabled on" From 45b86cfd2e61da105e2c2370083e59ba1427e156 Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Tue, 27 Sep 2022 17:30:04 +0000 Subject: [PATCH 10/26] Removed 221584 --- controls/SV-221584.rb | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index ff08624..c59bb8e 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -22,13 +22,3 @@ tag cci: ["CCI-002605"] tag nist: ["SI-2 c"] - current_chrome_version_command = <<-EOH - # $(Get-Package -Name "Google Chrome").Version - $version = (Get-Item (Get-ItemProperty 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\chrome.exe').'(Default)').VersionInfo.ProductVersionwerwe - echo $version - EOH - - describe powershell(current_chrome_version_command) do - its('stdout') { should be >= input('google_chrome_version') } - end -end \ No newline at end of file From a6881a4fc2111ac034a5928922ae1f5a3e15edf3 Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Tue, 27 Sep 2022 17:45:17 +0000 Subject: [PATCH 11/26] Removed 221584 --- controls/SV-221584.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index c59bb8e..893fbe1 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -21,4 +21,4 @@ tag legacy: ["SV-57639","V-44805"] tag cci: ["CCI-002605"] tag nist: ["SI-2 c"] - +end From 5548f7ef87c57c6f9ce7443b54048a719d0d2980 Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Tue, 27 Sep 2022 17:56:21 +0000 Subject: [PATCH 12/26] Results.json? --- results.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 results.json diff --git a/results.json b/results.json new file mode 100644 index 0000000..e69de29 From 2f408bf775f2c7d97771ea942fa658370b91e118 Mon Sep 17 00:00:00 2001 From: TSterling76 Date: Tue, 27 Sep 2022 18:04:58 +0000 Subject: [PATCH 13/26] Removed results.json --- results.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 results.json diff --git a/results.json b/results.json deleted file mode 100644 index e69de29..0000000 From fddfb0fc47843add061e003f161a293a03fc8199 Mon Sep 17 00:00:00 2001 From: Amndeep Singh Mann Date: Fri, 30 Sep 2022 15:28:39 -0400 Subject: [PATCH 14/26] Revert "Removed results.json" This reverts commit 2f408bf775f2c7d97771ea942fa658370b91e118. --- results.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 results.json diff --git a/results.json b/results.json new file mode 100644 index 0000000..e69de29 From 24008c7c96a3cca295384129d4bc55c62ce09940 Mon Sep 17 00:00:00 2001 From: Amndeep Singh Mann Date: Fri, 30 Sep 2022 15:28:46 -0400 Subject: [PATCH 15/26] Revert "Results.json?" This reverts commit 5548f7ef87c57c6f9ce7443b54048a719d0d2980. --- results.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 results.json diff --git a/results.json b/results.json deleted file mode 100644 index e69de29..0000000 From 03f03bbc96a6f685795c5ae344e8ce658a993390 Mon Sep 17 00:00:00 2001 From: Amndeep Singh Mann Date: Fri, 30 Sep 2022 15:28:48 -0400 Subject: [PATCH 16/26] Revert "Removed 221584" This reverts commit a6881a4fc2111ac034a5928922ae1f5a3e15edf3. --- controls/SV-221584.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index 893fbe1..c59bb8e 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -21,4 +21,4 @@ tag legacy: ["SV-57639","V-44805"] tag cci: ["CCI-002605"] tag nist: ["SI-2 c"] -end + From 8508249b964ac2ca573668971107d333001f51d1 Mon Sep 17 00:00:00 2001 From: Amndeep Singh Mann Date: Fri, 30 Sep 2022 15:28:49 -0400 Subject: [PATCH 17/26] Revert "Removed 221584" This reverts commit 45b86cfd2e61da105e2c2370083e59ba1427e156. --- controls/SV-221584.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index c59bb8e..ff08624 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -22,3 +22,13 @@ tag cci: ["CCI-002605"] tag nist: ["SI-2 c"] + current_chrome_version_command = <<-EOH + # $(Get-Package -Name "Google Chrome").Version + $version = (Get-Item (Get-ItemProperty 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\chrome.exe').'(Default)').VersionInfo.ProductVersionwerwe + echo $version + EOH + + describe powershell(current_chrome_version_command) do + its('stdout') { should be >= input('google_chrome_version') } + end +end \ No newline at end of file From 999f3f90e1d4012a221d29ae90450a0ae462d112 Mon Sep 17 00:00:00 2001 From: Amndeep Singh Mann Date: Fri, 30 Sep 2022 15:28:50 -0400 Subject: [PATCH 18/26] Revert "221584" This reverts commit db1b11d57f669466106b8cf4ad4d617782e13525. --- inspec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inspec.yml b/inspec.yml index 385f632..ea134ae 100644 --- a/inspec.yml +++ b/inspec.yml @@ -32,7 +32,7 @@ inputs: - name: google_chrome_version description: "This contains the least acceptable version number for Google Chrome" type: Numeric - value: 74.0.0 + value: '74.0.0' - name: administrator_approved_urls description: "Administrator approved allowlist of URL patterns that autoplay will always be enabled on" From 034fbe9e92bbca3606910b5340d5695e85b01e24 Mon Sep 17 00:00:00 2001 From: Amndeep Singh Mann Date: Fri, 30 Sep 2022 15:28:51 -0400 Subject: [PATCH 19/26] Revert "221584" This reverts commit fe967ea2f34c11fc46016ef6c65b4a1cd03486b5. --- inspec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inspec.yml b/inspec.yml index ea134ae..4e911d2 100644 --- a/inspec.yml +++ b/inspec.yml @@ -31,7 +31,7 @@ inputs: - name: google_chrome_version description: "This contains the least acceptable version number for Google Chrome" - type: Numeric + type: String value: '74.0.0' - name: administrator_approved_urls From 3765590e37a82c3ddaab62d2b0062d81b6eef924 Mon Sep 17 00:00:00 2001 From: Amndeep Singh Mann Date: Fri, 30 Sep 2022 15:28:52 -0400 Subject: [PATCH 20/26] Revert "221584" This reverts commit 394cd851e115d9bb1cc5e34ac4ce0d59ef4a9f3e. --- controls/SV-221584.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index ff08624..2d304c3 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -29,6 +29,6 @@ EOH describe powershell(current_chrome_version_command) do - its('stdout') { should be >= input('google_chrome_version') } + its('stdout') { should cmp >= input('google_chrome_version') } end end \ No newline at end of file From 5bb1294682ce77090d24bb36b53ef51979199a58 Mon Sep 17 00:00:00 2001 From: Amndeep Singh Mann Date: Fri, 30 Sep 2022 15:32:27 -0400 Subject: [PATCH 21/26] Reverted the previous commits since we do actually want to keep the control, but also place us back before there was some experimentation to resolve issues that were happening. This commit is also a test to see if making the input a four block semver would resolve the immediate problem. Signed-off-by: Amndeep Singh Mann --- inspec.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/inspec.yml b/inspec.yml index 4e911d2..82a057f 100644 --- a/inspec.yml +++ b/inspec.yml @@ -13,7 +13,7 @@ inputs: type: Array value: - '' - + - name: approved_encrypted_search_provider_name description: "This contains the name of organization approved encrypted search provider that corresponds to the encrypted search provider" type: String @@ -22,7 +22,7 @@ inputs: - name: approved_encrytped_search_string description: "This details an organization-approved encrypted search string to perform encrypted searches" type: String - value: '' + value: '' - name: sensitive_system description: "If this system/machine is on a Sensitive Network(s)" @@ -32,12 +32,12 @@ inputs: - name: google_chrome_version description: "This contains the least acceptable version number for Google Chrome" type: String - value: '74.0.0' + value: '74.0.0.0' - name: administrator_approved_urls description: "Administrator approved allowlist of URL patterns that autoplay will always be enabled on" type: Array - value: + value: + - '' - '' - - '' - \ No newline at end of file + From 842f3ea6be5b8a270040aea9c82d6011989de233 Mon Sep 17 00:00:00 2001 From: Amndeep Singh Mann Date: Wed, 5 Oct 2022 00:22:49 -0400 Subject: [PATCH 22/26] turns out that it does work with comparing 3 and 4 block semvers Signed-off-by: Amndeep Singh Mann --- inspec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inspec.yml b/inspec.yml index 82a057f..cbcdc8a 100644 --- a/inspec.yml +++ b/inspec.yml @@ -32,7 +32,7 @@ inputs: - name: google_chrome_version description: "This contains the least acceptable version number for Google Chrome" type: String - value: '74.0.0.0' + value: '74.0.0' - name: administrator_approved_urls description: "Administrator approved allowlist of URL patterns that autoplay will always be enabled on" From f0b96c7a8174436adb9fbf4d31dfccfbd18250eb Mon Sep 17 00:00:00 2001 From: Amndeep Singh Mann Date: Wed, 5 Oct 2022 00:28:56 -0400 Subject: [PATCH 23/26] could not find that original registry key, the key specified in this answer worked for me: https://stackoverflow.com/a/55531855/645647 Signed-off-by: Amndeep Singh Mann --- controls/SV-221584.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index 2d304c3..4f3e8a4 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -23,12 +23,10 @@ tag nist: ["SI-2 c"] current_chrome_version_command = <<-EOH - # $(Get-Package -Name "Google Chrome").Version - $version = (Get-Item (Get-ItemProperty 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\chrome.exe').'(Default)').VersionInfo.ProductVersionwerwe - echo $version + (Get-ItemProperty -Path Registry::HKEY_CURRENT_USER\\SOFTWARE\\Google\\Chrome\\BLBeacon -Name version).version EOH describe powershell(current_chrome_version_command) do its('stdout') { should cmp >= input('google_chrome_version') } end -end \ No newline at end of file +end From 80684ab8669f6b69a426b537b911b58c4d86144e Mon Sep 17 00:00:00 2001 From: Noel Sterling Jr Date: Thu, 1 Dec 2022 14:50:41 -0700 Subject: [PATCH 24/26] Last few changes --- controls/SV-226401.rb | 5 +++++ controls/SV-226402.rb | 5 +++++ controls/SV-226403.rb | 5 +++++ controls/SV-226404.rb | 5 +++++ controls/SV-241787.rb | 5 +++++ controls/SV-245538.rb | 5 +++++ controls/SV-245539.rb | 6 +++++- 7 files changed, 35 insertions(+), 1 deletion(-) diff --git a/controls/SV-226401.rb b/controls/SV-226401.rb index a77dacb..a6b8c60 100644 --- a/controls/SV-226401.rb +++ b/controls/SV-226401.rb @@ -34,4 +34,9 @@ tag legacy: ["SV-111829","V-102867"] tag cci: ["CCI-001166"] tag nist: ["SC-18 (1)"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'BrowserGuestModeEnabled'} + its('BrowserGuestModeEnabled') { should cmp 0 } + end end \ No newline at end of file diff --git a/controls/SV-226402.rb b/controls/SV-226402.rb index 0894eb6..9bfd46c 100644 --- a/controls/SV-226402.rb +++ b/controls/SV-226402.rb @@ -38,4 +38,9 @@ tag legacy: ["SV-111831","V-102869"] tag cci: ["CCI-001166"] tag nist: ["SC-18 (1)"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'AutofillCreditCardEnabled'} + its('AutofillCreditCardEnabled') { should cmp 0 } + end end \ No newline at end of file diff --git a/controls/SV-226403.rb b/controls/SV-226403.rb index 3ebc131..d29ded2 100644 --- a/controls/SV-226403.rb +++ b/controls/SV-226403.rb @@ -37,4 +37,9 @@ tag legacy: ["SV-111833","V-102871"] tag cci: ["CCI-001166"] tag nist: ["SC-18 (1)"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'AutofillAddressEnabled'} + its('AutofillAddressEnabled') { should cmp 0 } + end end \ No newline at end of file diff --git a/controls/SV-226404.rb b/controls/SV-226404.rb index 18ca516..b77029e 100644 --- a/controls/SV-226404.rb +++ b/controls/SV-226404.rb @@ -37,4 +37,9 @@ tag legacy: ["SV-111835","V-102873"] tag cci: ["CCI-001166"] tag nist: ["SC-18 (1)"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'ImportAutofillFormData'} + its('ImportAutofillFormData') { should cmp 0 } + end end \ No newline at end of file diff --git a/controls/SV-241787.rb b/controls/SV-241787.rb index 98ceab4..335823a 100644 --- a/controls/SV-241787.rb +++ b/controls/SV-241787.rb @@ -43,4 +43,9 @@ tag legacy: ["SV-34246","V-26961"] tag cci: ["CCI-000381"] tag nist: ["CM-7 a"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'DefaultWebBluetoothGuardSetting'} + its('DefaultWebBluetoothGuardSetting') { should cmp 2 } + end end \ No newline at end of file diff --git a/controls/SV-245538.rb b/controls/SV-245538.rb index 302839f..f648663 100644 --- a/controls/SV-245538.rb +++ b/controls/SV-245538.rb @@ -37,4 +37,9 @@ tag fix_id: "F-48769r808523_fix" tag cci: ["CCI-001762"] tag nist: ["CM-7 (1) (b)"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should have_property 'DefaultWebBluetoothGuardSetting'} + its('DefaultWebBluetoothGuardSetting') { should cmp 0 } + end end \ No newline at end of file diff --git a/controls/SV-245539.rb b/controls/SV-245539.rb index e27004f..c81b5f8 100644 --- a/controls/SV-245539.rb +++ b/controls/SV-245539.rb @@ -12,7 +12,7 @@ 2. If the policy \"CookiesSessionOnlyForUrls\" exists and has any defined values, this is a finding. - + Windows method: 1. Start regedit. 2. Navigate to @@ -37,4 +37,8 @@ tag fix_id: "F-23287r769362_fix" tag cci: ["CCI-000166"] tag nist: ["AU-10"] + + describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should_not have_property 'CookiesSessionOnlyForUrls'} + end end \ No newline at end of file From 261858bc2cf866418c35dd53f9c5036e576ef700 Mon Sep 17 00:00:00 2001 From: Noel Sterling Jr Date: Wed, 7 Dec 2022 13:53:14 -0700 Subject: [PATCH 25/26] Format changes --- controls/SV-221558.rb | 1 + controls/SV-221559.rb | 1 + controls/SV-221561.rb | 1 + controls/SV-221562.rb | 1 + controls/SV-221563.rb | 8 ++++---- controls/SV-221564.rb | 5 ++--- controls/SV-221565.rb | 5 ++--- controls/SV-221566.rb | 1 + controls/SV-221567.rb | 1 + controls/SV-221570.rb | 1 + controls/SV-221571.rb | 1 + controls/SV-221572.rb | 1 + controls/SV-221573.rb | 1 + controls/SV-221574.rb | 5 +++-- controls/SV-221575.rb | 1 + controls/SV-221576.rb | 1 + controls/SV-221577.rb | 1 + controls/SV-221578.rb | 1 + controls/SV-221579.rb | 1 + controls/SV-221580.rb | 2 ++ controls/SV-221581.rb | 1 + controls/SV-221584.rb | 1 + controls/SV-221586.rb | 1 + controls/SV-221587.rb | 1 + controls/SV-221588.rb | 2 ++ controls/SV-221590.rb | 1 + controls/SV-221591.rb | 1 + controls/SV-221592.rb | 1 + controls/SV-221593.rb | 1 + controls/SV-221594.rb | 1 + controls/SV-221595.rb | 1 + controls/SV-221596.rb | 5 ++--- controls/SV-221597.rb | 1 + controls/SV-221598.rb | 1 + controls/SV-221599.rb | 1 + controls/SV-226401.rb | 1 + controls/SV-226402.rb | 1 + controls/SV-226403.rb | 1 + controls/SV-226404.rb | 1 + controls/SV-234701.rb | 1 + controls/SV-241787.rb | 1 + controls/SV-245538.rb | 1 + inspec.lock | 3 +++ 43 files changed, 55 insertions(+), 15 deletions(-) create mode 100644 inspec.lock diff --git a/controls/SV-221558.rb b/controls/SV-221558.rb index be48adf..44ec305 100644 --- a/controls/SV-221558.rb +++ b/controls/SV-221558.rb @@ -41,6 +41,7 @@ tag nist: ["AC-4"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'RemoteAccessHostFirewallTraversal' } its('RemoteAccessHostFirewallTraversal') { should cmp 0 } end diff --git a/controls/SV-221559.rb b/controls/SV-221559.rb index a1eaa43..57ec0fa 100644 --- a/controls/SV-221559.rb +++ b/controls/SV-221559.rb @@ -46,6 +46,7 @@ tag nist: ["SC-18 (1)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'DefaultGeolocationSetting' } its('DefaultGeolocationSetting') { should cmp 2 } end diff --git a/controls/SV-221561.rb b/controls/SV-221561.rb index 6248eff..81213b5 100644 --- a/controls/SV-221561.rb +++ b/controls/SV-221561.rb @@ -48,6 +48,7 @@ tag nist: ["CM-7 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'DefaultPopupsSetting' } its('DefaultPopupsSetting') { should cmp 2 } end diff --git a/controls/SV-221562.rb b/controls/SV-221562.rb index 02fb113..9b4139c 100644 --- a/controls/SV-221562.rb +++ b/controls/SV-221562.rb @@ -41,6 +41,7 @@ tag nist: ["AU-12 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallBlocklist') do + it { should exist } it { should have_property '1' } its('1') { should cmp '*' } end diff --git a/controls/SV-221563.rb b/controls/SV-221563.rb index 4434c47..bb2081c 100644 --- a/controls/SV-221563.rb +++ b/controls/SV-221563.rb @@ -47,21 +47,21 @@ tag cci: ["CCI-001170"] tag nist: ["SC-18 (4)"] - # list of approved extension ids determined by administrators to decide which extensions should be allowed for their users - approved_ids = input('administrator_approved_extension_ids') - describe.one do describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallAllowlist') do + it { should exist } it { should have_property 'ExtensionInstallAllowlist' } its('ExtensionInstallAllowlist') { should cmp 1 } end describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallAllowlist') do + it { should exist } it { should have_property 'ExtensionInstallAllowlist' } its('ExtensionInstallAllowlist') { should cmp 'oiigbmnaadbkfbmpbfijlflahbdbdgdf' } end describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallAllowlist') do + it { should exist } it { should have_property 'ExtensionInstallAllowlist' } - its('ExtensionInstallAllowlist') { should cmp approved_ids } + its('ExtensionInstallAllowlist') { should cmp input('administrator_approved_extension_ids') } end end end \ No newline at end of file diff --git a/controls/SV-221564.rb b/controls/SV-221564.rb index 6c09f39..c507011 100644 --- a/controls/SV-221564.rb +++ b/controls/SV-221564.rb @@ -42,10 +42,9 @@ tag cci: ["CCI-000381"] tag nist: ["CM-7 a"] - approved_encrypted_search_provider_name = input('approved_encrypted_search_provider_name') - describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'DefaultSearchProviderName' } - its('DefaultSearchProviderName') { should cmp approved_encrypted_search_provider_name } + its('DefaultSearchProviderName') { should cmp input('approved_encrypted_search_provider_name') } end end \ No newline at end of file diff --git a/controls/SV-221565.rb b/controls/SV-221565.rb index f71f083..38decc0 100644 --- a/controls/SV-221565.rb +++ b/controls/SV-221565.rb @@ -50,10 +50,9 @@ tag cci: ["CCI-000381"] tag nist: ["CM-7 a"] - approved_encrytped_search_string = input('approved_encrytped_search_string') - describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'DefaultSearchProviderSearchURL' } - its('DefaultSearchProviderSearchURL') { should cmp approved_encrytped_search_string } + its('DefaultSearchProviderSearchURL') { should cmp input('approved_encrytped_search_string') } end end \ No newline at end of file diff --git a/controls/SV-221566.rb b/controls/SV-221566.rb index f43c18d..a0486e1 100644 --- a/controls/SV-221566.rb +++ b/controls/SV-221566.rb @@ -45,6 +45,7 @@ tag nist: ["CM-7 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'DefaultSearchProviderEnabled' } its('DefaultSearchProviderEnabled') { should cmp 1 } end diff --git a/controls/SV-221567.rb b/controls/SV-221567.rb index 7dfa92a..f52bc43 100644 --- a/controls/SV-221567.rb +++ b/controls/SV-221567.rb @@ -41,6 +41,7 @@ tag nist: ["CM-7 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'PasswordManagerEnabled' } its('PasswordManagerEnabled') { should cmp 0 } end diff --git a/controls/SV-221570.rb b/controls/SV-221570.rb index 5d1f8ae..18cb379 100644 --- a/controls/SV-221570.rb +++ b/controls/SV-221570.rb @@ -44,6 +44,7 @@ tag nist: ["SC-18 (3)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'BackgroundModeEnabled' } its('BackgroundModeEnabled') { should cmp 0 } end diff --git a/controls/SV-221571.rb b/controls/SV-221571.rb index 99db2ff..489f3d5 100644 --- a/controls/SV-221571.rb +++ b/controls/SV-221571.rb @@ -40,6 +40,7 @@ tag nist: ["AC-4 (15)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'SyncDisabled'} its('SyncDisabled') { should cmp 1 } end diff --git a/controls/SV-221572.rb b/controls/SV-221572.rb index b1f4002..bd4fc5c 100644 --- a/controls/SV-221572.rb +++ b/controls/SV-221572.rb @@ -45,6 +45,7 @@ tag nist: ["CM-7 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\URLBlocklist') do + it { should exist } it { should have_property '1'} its('1') { should cmp 'javascript://*' } end diff --git a/controls/SV-221573.rb b/controls/SV-221573.rb index 18aa824..d54bf29 100644 --- a/controls/SV-221573.rb +++ b/controls/SV-221573.rb @@ -39,6 +39,7 @@ tag nist: ["AC-4 (15)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'CloudPrintProxyEnabled'} its('CloudPrintProxyEnabled') { should cmp 0 } end diff --git a/controls/SV-221574.rb b/controls/SV-221574.rb index 555a576..381aac3 100644 --- a/controls/SV-221574.rb +++ b/controls/SV-221574.rb @@ -37,7 +37,8 @@ tag nist: ["CM-6 b"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do - it { should have_property '\"NetworkPredictionOptions\"'} - its('\"NetworkPredictionOptions\"') { should cmp '\"2,\"' } + it { should exist } + it { should have_property 'NetworkPredictionOptions'} + its('NetworkPredictionOptions') { should cmp 2} end end \ No newline at end of file diff --git a/controls/SV-221575.rb b/controls/SV-221575.rb index 5295a4d..bb3e5ce 100644 --- a/controls/SV-221575.rb +++ b/controls/SV-221575.rb @@ -44,6 +44,7 @@ tag nist: ["CM-7 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'MetricsReportingEnabled'} its('MetricsReportingEnabled') { should cmp 0 } end diff --git a/controls/SV-221576.rb b/controls/SV-221576.rb index 15a1ea1..ef970e9 100644 --- a/controls/SV-221576.rb +++ b/controls/SV-221576.rb @@ -38,6 +38,7 @@ tag nist: ["CM-7 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'SearchSuggestEnabled'} its('SearchSuggestEnabled') { should cmp 0 } end diff --git a/controls/SV-221577.rb b/controls/SV-221577.rb index eb3982d..5b11f59 100644 --- a/controls/SV-221577.rb +++ b/controls/SV-221577.rb @@ -38,6 +38,7 @@ tag nist: ["CM-7 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'ImportSavedPasswords'} its('ImportSavedPasswords') { should cmp 0 } end diff --git a/controls/SV-221578.rb b/controls/SV-221578.rb index 11c7fb6..d08ec75 100644 --- a/controls/SV-221578.rb +++ b/controls/SV-221578.rb @@ -45,6 +45,7 @@ tag nist: ["AU-10"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'IncognitoModeAvailability'} its('IncognitoModeAvailability') { should cmp 1 } end diff --git a/controls/SV-221579.rb b/controls/SV-221579.rb index 7610c4c..cc4756e 100644 --- a/controls/SV-221579.rb +++ b/controls/SV-221579.rb @@ -38,6 +38,7 @@ tag nist: ["IA-5 (2) (b) (1)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'EnableOnlineRevocationChecks'} its('EnableOnlineRevocationChecks') { should cmp 1 } end diff --git a/controls/SV-221580.rb b/controls/SV-221580.rb index 9f92840..376e99f 100644 --- a/controls/SV-221580.rb +++ b/controls/SV-221580.rb @@ -47,10 +47,12 @@ describe.one do describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'SafeBrowsingProtectionLevel' } its('SafeBrowsingProtectionLevel') { should cmp 1 } end describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'SafeBrowsingProtectionLevel' } its('SafeBrowsingProtectionLevel') { should cmp 2 } end diff --git a/controls/SV-221581.rb b/controls/SV-221581.rb index a561c28..ff4cf71 100644 --- a/controls/SV-221581.rb +++ b/controls/SV-221581.rb @@ -35,6 +35,7 @@ tag nist: ["SC-28"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'SavingBrowserHistoryDisabled'} its('SavingBrowserHistoryDisabled') { should cmp 0 } end diff --git a/controls/SV-221584.rb b/controls/SV-221584.rb index 4f3e8a4..4be5251 100644 --- a/controls/SV-221584.rb +++ b/controls/SV-221584.rb @@ -27,6 +27,7 @@ EOH describe powershell(current_chrome_version_command) do + it { should exist } its('stdout') { should cmp >= input('google_chrome_version') } end end diff --git a/controls/SV-221586.rb b/controls/SV-221586.rb index 3677a22..8065761 100644 --- a/controls/SV-221586.rb +++ b/controls/SV-221586.rb @@ -38,6 +38,7 @@ tag nist: ["AU-12 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'AllowDeletingBrowserHistory'} its('AllowDeletingBrowserHistory') { should cmp '0' } end diff --git a/controls/SV-221587.rb b/controls/SV-221587.rb index 1b41a11..2714574 100644 --- a/controls/SV-221587.rb +++ b/controls/SV-221587.rb @@ -36,6 +36,7 @@ tag nist: ["AU-12 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'PromptForDownloadLocation'} its('PromptForDownloadLocation') { should cmp '1' } end diff --git a/controls/SV-221588.rb b/controls/SV-221588.rb index 0ce1cd8..8c3acda 100644 --- a/controls/SV-221588.rb +++ b/controls/SV-221588.rb @@ -65,10 +65,12 @@ else describe.one do describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'DownloadRestrictions' } its('DownloadRestrictions') { should cmp 1 } end describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'DownloadRestrictions' } its('DownloadRestrictions') { should cmp 2 } end diff --git a/controls/SV-221590.rb b/controls/SV-221590.rb index ffebac9..cf1f0de 100644 --- a/controls/SV-221590.rb +++ b/controls/SV-221590.rb @@ -44,6 +44,7 @@ tag nist: ["SC-18 (1)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'SafeBrowsingExtendedReportingEnabled'} its('SafeBrowsingExtendedReportingEnabled') { should cmp 0 } end diff --git a/controls/SV-221591.rb b/controls/SV-221591.rb index f1527cd..2960e12 100644 --- a/controls/SV-221591.rb +++ b/controls/SV-221591.rb @@ -40,6 +40,7 @@ tag nist: ["CM-7 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'DefaultWebUsbGuardSetting'} its('DefaultWebUsbGuardSetting') { should cmp 2 } end diff --git a/controls/SV-221592.rb b/controls/SV-221592.rb index 3a57432..7bf28a6 100644 --- a/controls/SV-221592.rb +++ b/controls/SV-221592.rb @@ -40,6 +40,7 @@ tag nist: ["AU-12 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'ChromeCleanupEnabled'} its('ChromeCleanupEnabled') { should cmp 0 } end diff --git a/controls/SV-221593.rb b/controls/SV-221593.rb index 368347e..8aca47b 100644 --- a/controls/SV-221593.rb +++ b/controls/SV-221593.rb @@ -50,6 +50,7 @@ tag nist: ["AU-12 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'ChromeCleanupReportingEnabled'} its('ChromeCleanupReportingEnabled') { should cmp 0 } end diff --git a/controls/SV-221594.rb b/controls/SV-221594.rb index 401b1fb..9189db8 100644 --- a/controls/SV-221594.rb +++ b/controls/SV-221594.rb @@ -37,6 +37,7 @@ tag nist: ["CM-7 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'EnableMediaRouter'} its('EnableMediaRouter') { should cmp 0 } end diff --git a/controls/SV-221595.rb b/controls/SV-221595.rb index 6dd2cb5..01735d0 100644 --- a/controls/SV-221595.rb +++ b/controls/SV-221595.rb @@ -39,6 +39,7 @@ tag nist: ["CM-7 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'AutoplayAllowed'} its('AutoplayAllowed') { should cmp 0 } end diff --git a/controls/SV-221596.rb b/controls/SV-221596.rb index ec6accb..3c7acb3 100644 --- a/controls/SV-221596.rb +++ b/controls/SV-221596.rb @@ -41,10 +41,9 @@ tag cci: ["CCI-001170"] tag nist: ["SC-18 (4)"] - approved_urls = input('administrator_approved_urls') - describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'AutoplayAllowlist'} - its('AutoplayAllowlist') { should cmp approved_urls } + its('AutoplayAllowlist') { should cmp input('administrator_approved_urls') } end end \ No newline at end of file diff --git a/controls/SV-221597.rb b/controls/SV-221597.rb index 2610d4f..bc859ed 100644 --- a/controls/SV-221597.rb +++ b/controls/SV-221597.rb @@ -43,6 +43,7 @@ tag nist: ["SC-18 (1)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'UrlKeyedAnonymizedDataCollectionEnabled'} its('UrlKeyedAnonymizedDataCollectionEnabled') { should cmp 0 } end diff --git a/controls/SV-221598.rb b/controls/SV-221598.rb index 09a7e2b..f88afae 100644 --- a/controls/SV-221598.rb +++ b/controls/SV-221598.rb @@ -44,6 +44,7 @@ tag nist: ["SC-18 (1)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'WebRtcEventLogCollectionAllowed'} its('WebRtcEventLogCollectionAllowed') { should cmp 0 } end diff --git a/controls/SV-221599.rb b/controls/SV-221599.rb index 1e6ec0c..f9457e6 100644 --- a/controls/SV-221599.rb +++ b/controls/SV-221599.rb @@ -39,6 +39,7 @@ tag nist: ["SI-11 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'DeveloperToolsAvailability'} its('DeveloperToolsAvailability') { should cmp 2 } end diff --git a/controls/SV-226401.rb b/controls/SV-226401.rb index a6b8c60..f9adaab 100644 --- a/controls/SV-226401.rb +++ b/controls/SV-226401.rb @@ -36,6 +36,7 @@ tag nist: ["SC-18 (1)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'BrowserGuestModeEnabled'} its('BrowserGuestModeEnabled') { should cmp 0 } end diff --git a/controls/SV-226402.rb b/controls/SV-226402.rb index 9bfd46c..065a33d 100644 --- a/controls/SV-226402.rb +++ b/controls/SV-226402.rb @@ -40,6 +40,7 @@ tag nist: ["SC-18 (1)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'AutofillCreditCardEnabled'} its('AutofillCreditCardEnabled') { should cmp 0 } end diff --git a/controls/SV-226403.rb b/controls/SV-226403.rb index d29ded2..5c3802d 100644 --- a/controls/SV-226403.rb +++ b/controls/SV-226403.rb @@ -39,6 +39,7 @@ tag nist: ["SC-18 (1)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'AutofillAddressEnabled'} its('AutofillAddressEnabled') { should cmp 0 } end diff --git a/controls/SV-226404.rb b/controls/SV-226404.rb index b77029e..2c077b2 100644 --- a/controls/SV-226404.rb +++ b/controls/SV-226404.rb @@ -39,6 +39,7 @@ tag nist: ["SC-18 (1)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'ImportAutofillFormData'} its('ImportAutofillFormData') { should cmp 0 } end diff --git a/controls/SV-234701.rb b/controls/SV-234701.rb index dd7d473..deb0078 100644 --- a/controls/SV-234701.rb +++ b/controls/SV-234701.rb @@ -41,6 +41,7 @@ tag nist: ["SC-13 b"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'SSLVersionMin' } its('SSLVersionMin') { should cmp 'tls1.2' } end diff --git a/controls/SV-241787.rb b/controls/SV-241787.rb index 335823a..f7942d5 100644 --- a/controls/SV-241787.rb +++ b/controls/SV-241787.rb @@ -45,6 +45,7 @@ tag nist: ["CM-7 a"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'DefaultWebBluetoothGuardSetting'} its('DefaultWebBluetoothGuardSetting') { should cmp 2 } end diff --git a/controls/SV-245538.rb b/controls/SV-245538.rb index f648663..651ac06 100644 --- a/controls/SV-245538.rb +++ b/controls/SV-245538.rb @@ -39,6 +39,7 @@ tag nist: ["CM-7 (1) (b)"] describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do + it { should exist } it { should have_property 'DefaultWebBluetoothGuardSetting'} its('DefaultWebBluetoothGuardSetting') { should cmp 0 } end diff --git a/inspec.lock b/inspec.lock new file mode 100644 index 0000000..e687b9b --- /dev/null +++ b/inspec.lock @@ -0,0 +1,3 @@ +--- +lockfile_version: 1 +depends: [] From bb7d6625f398e4734915aecdbda89848bfd8597d Mon Sep 17 00:00:00 2001 From: Noel Sterling Jr Date: Thu, 8 Dec 2022 13:16:09 -0700 Subject: [PATCH 26/26] 245538 --- controls/SV-245538.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/controls/SV-245538.rb b/controls/SV-245538.rb index 651ac06..fc4c042 100644 --- a/controls/SV-245538.rb +++ b/controls/SV-245538.rb @@ -40,7 +40,7 @@ describe registry_key('HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome') do it { should exist } - it { should have_property 'DefaultWebBluetoothGuardSetting'} - its('DefaultWebBluetoothGuardSetting') { should cmp 0 } + it { should have_property 'QuicAllowed'} + its('QuicAllowed') { should cmp 0 } end end \ No newline at end of file