microsoft
IIS 8.5 STIG issue
Describe the bug after apply IIS 8.5 v1.7 STIG on windows 2016 with IIS on failed to report as true
To Reproduce on a windows 2016 member server, with web server feature turned on, asp.net 4.7.2 installed, verify the sample iis site is working - apply the following dsc config
configuration IisServerSTIG { param ( [parameter()] [string] $NodeName = 'localhost' )
Import-DscResource -ModuleName PowerStig
Node $NodeName
{
IisServer BaseLine
{
IisVersion = '8.5'
LogPath = 'C:\inetpub\logs\LogFiles'
StigVersion = '1.7'
}
}
}
IisServerSTIG -OutputPath C:\STIG\IIS\STIGConfig Start-dscconfiguration -path c:\stig\IIS\stigconfig
{[NTFSAccessEntry][V-76745][medium][SRG-APP-000340-WSR-000029]::[IisServer]BaseLine} reported as not in desired state ... I manually checked the state of v-76745 and I think it is in desired state even though it does not have the following entry in ACL but the rule state that "Verify the permissions for the following users; if the permissions are less restrictive, this is a finding.", in this case, missing one entry is more restrictive and should be validated as in desired state.
ALL APPLICATION PACKAGES (built-in security group): Read and execute
Expected behavior ALL APPLICATION PACKAGES (built-in security group): Read and execute should be applied to inetpub folder permissions
or report back as true with this permission missing because it is more restrictive.
Screenshots
Additional context
Hi @pursca, we are aware of this issue. It's the same issue documented here - https://github.com/PowerShell/Win32-OpenSSH/issues/750
We have it on the todo list
