PowerStig icon indicating copy to clipboard operation
PowerStig copied to clipboard
verified publisher icon microsoft

Update PowerSTIG to Parse/Apply Mozilla Firefox STIG - Ver 6, Rel 5

Open erjenkin opened this issue 2 years ago • 9 comments

Is your feature request related to a problem? Please describe. Update PowerSTIG to Parse/Apply Mozilla Firefox STIG - Ver 6, Rel 5

Describe the solution you'd like Update PowerSTIG to Parse/Apply Mozilla Firefox STIG - Ver 6, Rel 5

erjenkin avatar Aug 07 '23 16:08 erjenkin

@erjenkin Can you please look at this one. Some rules are failing to convert.

hinderjd avatar Aug 15 '23 19:08 hinderjd

This will require an update to FileContentDSC - to include .json find and replace, currently it handles .ini, .txt, and .conf

erjenkin avatar Aug 18 '23 17:08 erjenkin

FileContentDSC

So we just skip those rules since we do not own that resource?

hinderjd avatar Aug 21 '23 20:08 hinderjd

This is the only type of rule in the STIG, there is no value in skipping them and publishing an update. Path Forward:

  1. Open an Issue with FIleContentDSC - Add .json support.
  2. Wait for support or Fork and create PR to add the functionality to that resource.

We cannot support Firefox STIG without an update to FileContentDSC to support .json

erjenkin avatar Aug 22 '23 14:08 erjenkin

The only solution I had was to open an issue requesting FIleContentDSC be updated to support JSON. Doubt it will make the 9/1 deadline, so this STIG should be skipped.

hinderjd avatar Aug 29 '23 20:08 hinderjd

@hinderjd and @erjenkin, would it not work by doing the same as the MS-Edge-1.7.xml; making changes to the registry instead, since the benchmark for Ver 6 Rel 5 tests for registry changes?

SameerK06 avatar Dec 29 '23 00:12 SameerK06

With this approach we would need to find out what that path and values in the registry are and update the parser, The STIG only has the UI path and values (The chrome STIG does a better job of calling out the reg path also). This approach would allow us to bypass the FileContentDSC dependency though, so I would be on board if anyone wants to find these three values for each of the rules. If we had these values, I should be able to update the parser to convert this.

RegistryPath: (probably something like this HKLM\Software\Policies\Mozilla\Firefox) RegisteryValue Probably 1 or 0 (enabled/disabled for most) RegistryName: (these will be different than the human readable version in UI):

Example Firefox: image Example Chrome: image

erjenkin avatar Jan 04 '24 14:01 erjenkin

I think that you could get the registry path and required values as well as registry name, from an STIG test, I think I could get the list of registry path, names and values. @erjenkin

SameerK06 avatar Jan 04 '24 20:01 SameerK06

@erjenkin , here is the stuff you asked for, you can look through this pdf document. I tried to send an html file, but GitHub doesn't allow that so.. Although this is from a 6.4 Benchmark, 6.5 shouldn't be to different.

SCC - All Settings Report-Test-Instance.pdf

SameerK06 avatar Jan 05 '24 07:01 SameerK06