Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/simeononsecurity/.net-stig-script
The only script to assist administrators in completing the .NET STIG.
https://github.com/simeononsecurity/.net-stig-script
administrators automation compliance microsoft netframework powershell stig stigs
Last synced: about 6 hours ago
JSON representation
The only script to assist administrators in completing the .NET STIG.
- Host: GitHub
- URL: https://github.com/simeononsecurity/.net-stig-script
- Owner: simeononsecurity
- License: mit
- Created: 2020-08-19T01:22:21.000Z (about 4 years ago)
- Default Branch: master
- Last Pushed: 2024-07-26T22:56:01.000Z (4 months ago)
- Last Synced: 2024-08-03T23:17:58.169Z (3 months ago)
- Topics: administrators, automation, compliance, microsoft, netframework, powershell, stig, stigs
- Language: PowerShell
- Homepage: https://simeononsecurity.com/guides/mastering-dotnet-framework-4-security-best-practices
- Size: 76.2 KB
- Stars: 8
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
# Automate the .NET Framework STIG
[![Sponsor](https://img.shields.io/badge/Sponsor-Click%20Here-ff69b4)](https://github.com/sponsors/simeononsecurity) [![VirusTotal Scan](https://github.com/simeononsecurity/.NET-STIG-Script/actions/workflows/virustotal.yml/badge.svg)](https://github.com/simeononsecurity/.NET-STIG-Script/actions/workflows/virustotal.yml)
Applying the .NET STIG is definitely not straightforward. For many administrators it can take hours to fully implement on a single system. This script applies the required registry changes and modifies the machine.config file to implement FIPS and other controls as required.
## Notes:
This script can not and will not ever get the .NET stig to 100% compliance. Right now, as is, it stands to complete roughly 75% of the checks and does go back and complete the applicable checks on all previous .NET versions.
Manual intervention is required for any .NET application or IIS Site.
## Ansible:
We now offer a playbook collection for this script. Please see the following:
- [Github Repo](https://github.com/simeononsecurity/Windows_STIG_Ansible)
- [Ansible Galaxy](https://galaxy.ansible.com/simeononsecurity/windows_stigs)## Requirements:
- [X] Windows 7, Windows Server 2008 or newer
- [X] Testing in your environment before running on production systems.## STIGS/SRGs Applied:
- [Microsoft .Net Framework 4 V1R9](https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_DotNet_Framework_4-0_V1R9_STIG.zip)
## Sources:
- [Add from one XML data to another existing XML file](http://www.maxtblog.com/2012/11/add-from-one-xml-data-to-another-existing-xml-file/)
- [Caspol.exe (Code Access Security Policy Tool)](https://docs.microsoft.com/en-us/dotnet/framework/tools/caspol-exe-code-access-security-policy-tool)
- [Microsoft .NET Framework Documentation](https://docs.microsoft.com/en-us/dotnet/framework/)
- [PowerShell $PSScriptRoot](https://riptutorial.com/powershell/example/27231/-psscriptroot)
- [PowerShell: Run command from script's directory](https://stackoverflow.com/questions/4724290/powershell-run-command-from-scripts-directory)
- [Powershell XML importnode from different file](https://stackoverflow.com/questions/9944885/powershell-xml-importnode-from-different-file)## Download the required files
You may download the required files from the [GitHub Repository](https://raw.githubusercontent.com/simeononsecurity/.NET-STIG-Script/)
## How to run the script
**The script may be launched from the extracted GitHub download like this:**
## How to run the script
### Manual Install:
If manually downloaded, the script must be launched from an administrative powershell in the directory containing all the files from the [GitHub Repository](https://github.com/simeononsecurity/.NET-STIG-Script)
```powershell
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Get-ChildItem -Recurse *.ps1 | Unblock-File
.\sos-.net-4-stig.ps1
```
### Automated Install:
Use this one-liner to automatically download, unzip all supporting files, and run the latest version of the script.
```powershell
iwr -useb 'https://simeononsecurity.ch/scripts/sosdotnet.ps1'|iex
```
Explore the World of Cybersecurity
### Links:
- #### [github.com/simeononsecurity](https://github.com/simeononsecurity)
- #### [simeononsecurity.ch](https://simeononsecurity.ch)