hsnodgrass · April 10, 2020 20:46
diff --git a/cis1809.pp b/cis1809.pp
 # An example of using https://github.com/ayohrling/local_security_policy
 # to enforce a CIS benchmark against a windows host.
 # The `tags` parameter is a good spot to put things like CIS profile,
 # benchamark number, controls,  or any other metadata about the policy
 # you or an auditor would like to see. More info about tags:
 # https://puppet.com/docs/puppet/latest/lang_tags.html
 # 1.1.1
 local_security_policy { 'Enforce password history':
  ensure       => present,
  policy_value => 24,
  tag          => ['prof_L1', 'bm_1.1.1', 'V6_16.5', 'cis1809'],
 }
 # 1.1.2
 local_security_policy { 'Maximum password age':
  ensure       => present,
  policy_value => 42,
  tag          => ['prof_L1', 'bm_1.1.2', 'V6_16.5', 'cis1809'],
 }
 # 1.1.3
 local_security_policy { 'Minimum password age':
  ensure       => present,
  policy_value => 1,
  tags         => ['prof_L1', 'bm_1.1.3', 'V6_16.5', 'cis1809'],
 }
 # 1.1.4
 local_security_policy { 'Minimum password length':
  ensure       => present,
  policy_value => 14,
  tag          => [
    'prof_L1',
    'bm_1.1.4',
    'V6_5.7',
    'V6_16.2',
    'V6_16.5',
    'V7_16.10',
    'cis1809',
  ],
 }
 # 1.1.5
 local_security_policy { 'Password must meet complexity requirements':
  ensure       => present,
  policy_value => 1,
  tags         => ['prof_L1', 'bm_1.1.5', 'cis1809'],
 }
 # 1.1.6
 local_security_policy { 'Store passwords using reversible encryption':
  ensure       => present,
  policy_value => 0,
  tag          => ['prof_L1', 'bm_1.1.6', 'V6_16.14', 'V6_16.5', 'cis1809'],
 }
 # 1.2.1
 local_security_policy { 'Account lockout duration':
  ensure       => present,
  policy_value => 15,
  tag          => [
    'prof_L1',
    'bm_1.2.1',
    'V6_16',
    'V6_16.7',
    'V7_16.11',
    'cis1809',
  ],
 }
 # 1.2.2
 local_security_policy { 'Account lockout threshold':
  ensure       => present,
  policy_value => 10,
  tag          => [
    'prof_L1',
    'bm_1.2.2',
    'V6_16',
    'V6_16.7',
    'V7_16.11',
    'cis1809',
  ],
 }
	# An example of using https://github.com/ayohrling/local_security_policy
	# to enforce a CIS benchmark against a windows host.
	# The `tags` parameter is a good spot to put things like CIS profile,
	# benchamark number, controls, or any other metadata about the policy
	# you or an auditor would like to see. More info about tags:
	# https://puppet.com/docs/puppet/latest/lang_tags.html
	# 1.1.1
	local_security_policy { 'Enforce password history':
	ensure => present,
	policy_value => 24,
	tag => ['prof_L1', 'bm_1.1.1', 'V6_16.5', 'cis1809'],
	}
	# 1.1.2
	local_security_policy { 'Maximum password age':
	ensure => present,
	policy_value => 42,
	tag => ['prof_L1', 'bm_1.1.2', 'V6_16.5', 'cis1809'],
	}
	# 1.1.3
	local_security_policy { 'Minimum password age':
	ensure => present,
	policy_value => 1,
	tags => ['prof_L1', 'bm_1.1.3', 'V6_16.5', 'cis1809'],
	}
	# 1.1.4
	local_security_policy { 'Minimum password length':
	ensure => present,
	policy_value => 14,
	tag => [
	'prof_L1',
	'bm_1.1.4',
	'V6_5.7',
	'V6_16.2',
	'V6_16.5',
	'V7_16.10',
	'cis1809',
	],
	}
	# 1.1.5
	local_security_policy { 'Password must meet complexity requirements':
	ensure => present,
	policy_value => 1,
	tags => ['prof_L1', 'bm_1.1.5', 'cis1809'],
	}
	# 1.1.6
	local_security_policy { 'Store passwords using reversible encryption':
	ensure => present,
	policy_value => 0,
	tag => ['prof_L1', 'bm_1.1.6', 'V6_16.14', 'V6_16.5', 'cis1809'],
	}
	# 1.2.1
	local_security_policy { 'Account lockout duration':
	ensure => present,
	policy_value => 15,
	tag => [
	'prof_L1',
	'bm_1.2.1',
	'V6_16',
	'V6_16.7',
	'V7_16.11',
	'cis1809',
	],
	}
	# 1.2.2
	local_security_policy { 'Account lockout threshold':
	ensure => present,
	policy_value => 10,
	tag => [
	'prof_L1',
	'bm_1.2.2',
	'V6_16',
	'V6_16.7',
	'V7_16.11',
	'cis1809',
	],
	}