Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adjust memory quota test allows for other users to be present #22

Open
kewalaka opened this issue Apr 15, 2018 · 2 comments
Open

adjust memory quota test allows for other users to be present #22

kewalaka opened this issue Apr 15, 2018 · 2 comments

Comments

@kewalaka
Copy link

kewalaka commented Apr 15, 2018
edited

This test:

windows-baseline/controls/user_rights.rb

Lines 41 to 50 in c093ac4

control 'cis-adjust-memory-quotas-2.2.5' do
impact 0.7
title '2.2.5 Set Adust memory quotas for a process to Administrators, LOCAL SERVICE, NETWORK SERVICE'
desc 'Set Adust memory quotas for a process to Administrators, LOCAL SERVICE, NETWORK SERVICE'
describe security_policy do
its('SeIncreaseQuotaPrivilege') { should include 'S-1-5-19' }
its('SeIncreaseQuotaPrivilege') { should include 'S-1-5-20' }
its('SeIncreaseQuotaPrivilege') { should include 'S-1-5-32-544' }
end
end

..currently allows for other users to be present. This is potentially necessary, if the server is a web server or SQL server, but is not secure by default, as any user can be arbitrarily added?
@atomic111
Copy link
Member

@kewalaka can you add a new variable within the baseline?

@imjoseangel imjoseangel mentioned this issue Jun 27, 2020
Merged
@imjoseangel
Copy link
Contributor

This issue can be closed. This has been fixed in #44

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kewalaka @imjoseangel @atomic111