tis-cis-guide-disable-services
9
Désactiver les services selon le guide des recommandations du CIS
131 téléchargements
Voir le résultat de la construction Voir l'analyse de VirusTotal
Description
- package : tis-cis-guide-disable-services
- name : CIS Guide disable services
- version : 9
- categories : Security
- maintainer : WAPT Team, Tranquil IT, Kévin Guérineau
- installed_size :
- editor :
- licence :
- signature_date : 2024-09-11T12:07:31.000000
- size : 7.19 Ko
- locale : all
- target_os : windows
- impacted_process :
- architecture : all
control
package : tis-cis-guide-disable-services
version : 9
architecture : all
section : base
priority : optional
name : CIS Guide disable services
categories : Security
maintainer : WAPT Team, Tranquil IT, Kévin Guérineau
description : Disable services in compliance with the CIS recommendations guide
depends :
conflicts :
maturity : PROD
locale : all
target_os : windows
min_wapt_version : 2.3
sources :
installed_size :
impacted_process :
description_fr : Désactiver les services selon le guide des recommandations du CIS
description_pl : Wyłączenie usług zgodnie z przewodnikiem zaleceń CIS
description_de : Deaktivierung von Diensten in Übereinstimmung mit den CIS-Empfehlungen
description_es : Desactivar servicios de acuerdo con la guía de recomendaciones del CIS
description_pt : Desativar serviços em conformidade com o guia de recomendações do CIS
description_it : Disattivare i servizi in conformità con la guida alle raccomandazioni del CIS.
description_nl : Services uitschakelen in overeenstemming met de CIS-aanbevelingsgids
description_ru : Отключение служб в соответствии с руководством по рекомендациям CIS
audit_schedule :
editor :
keywords :
licence :
homepage :
package_uuid : bff94cbf-c737-4943-a77e-0b9f7c37c825
valid_from :
valid_until :
forced_install_on :
changelog :
min_os_version :
max_os_version :
icon_sha256sum : 9420721210f5d9c50c9e35c9fdbf0a088b30e165df8311c5f2176ce60e122475
signer : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature_date : 2024-09-11T12:07:31.000000
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes
signature : BRSna+U67WtoGn/0iYT39dd+XHdXD+orreyN+VIG0rUQQkKD+SePpk4+4zXuMfIKwFd7NgUgxc5GZeP2z6bCr5Uyj9tz3zZP4LD2f9UQExencOUP8mii3Yyfslpw3ZpkoE37h6POjS9GUbLi4zdsPSRLt3geWmCJFTcaSd/r/8/29pdjnFq8irXytFiPyIYcIo0J1M42dhl4nsY9YJJiSCxvb0KwhQrdjcZn5G5urjMjzCZNAQVH2RWyPCwh2wOgtTVzgf7Ps8NFcJ5KU+vZljEDDvejfP6rDONmCXlDRIpxtpJ8wq/DHQBFYRtW/YOLmK7t0PYIivZUNweRFcooPA==
Setup.py
# -*- coding: utf-8 -*-
from setuphelpers import *
services_to_disabled = {
"BTAGService":{"description":"Bluetooth Audio Gateway Service","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"bthserv":{"description":"Bluetooth Support Service","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
#"Browser":{"description":"Computer Browser","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"MapsBroker":{"description":"Downloaded Maps Manager","service_default_startup":"auto","service_recommended_startup":"Disabled","registry_default_value":2,"registry_recommended_value":4},
"lfsvc":{"description":"Geolocation Service","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"IISADMIN":{"description":"IIS Admin Service","service_default_startup":None,"service_recommended_startup":"Disabled","registry_default_value":None,"registry_recommended_value":4},
"irmon":{"description":"Infrared monitor service","service_default_startup":None,"service_recommended_startup":"Disabled","registry_default_value":None,"registry_recommended_value":4},
"SharedAccess":{"description":"Internet Connection Sharing (ICS)","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"lltdsvc":{"description":"Link-Layer Topology Discovery Mapper","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"LxssManager":{"description":"LxssManager","service_default_startup":None,"service_recommended_startup":"Disabled","registry_default_value":None,"registry_recommended_value":4},
"FTPSVC":{"description":"Microsoft FTP Service","service_default_startup":None,"service_recommended_startup":"Disabled","registry_default_value":None,"registry_recommended_value":4},
"MSiSCSI":{"description":"Microsoft iSCSI Initiator Service","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"sshd":{"description":"OpenSSH SSH Server","service_default_startup":None,"service_recommended_startup":"Disabled","registry_default_value":None,"registry_recommended_value":4},
"PNRPsvc":{"description":"Peer Name Resolution Protocol","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"p2psvc":{"description":"Peer Networking Grouping","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"p2pimsvc":{"description":"Peer Networking Identity Manager","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"PNRPAutoReg":{"description":"PNRP Machine Name Publication Service","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"Spooler":{"description":"Print Spooler","service_default_startup":"auto","service_recommended_startup":"Disabled","registry_default_value":2,"registry_recommended_value":4},
"wercplsupport":{"description":"Problem Reports and Solutions Control Panel Support","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"RasAuto":{"description":"Remote Access Auto Connection Manager","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"SessionEnv":{"description":"Remote Desktop Configuration","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"UmRdpService":{"description":"Remote Desktop Services UserMode Port Redirector","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"RpcLocator":{"description":"Remote Procedure Call (RPC) Locator","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"RemoteRegistry":{"description":"Remote Registry","service_default_startup":"Disabled","service_recommended_startup":"Disabled","registry_default_value":4,"registry_recommended_value":4},
"RemoteAccess":{"description":"Routing and Remote Access","service_default_startup":"Disabled","service_recommended_startup":"Disabled","registry_default_value":4,"registry_recommended_value":4},
"LanmanServer":{"description":"Server","service_default_startup":"auto","service_recommended_startup":"Disabled","registry_default_value":2,"registry_recommended_value":4},
"simptcp":{"description":"Simple TCP/IP Services","service_default_startup":None,"service_recommended_startup":"Disabled","registry_default_value":None,"registry_recommended_value":4},
"SNMP":{"description":"SNMP Service","service_default_startup":None,"service_recommended_startup":"Disabled","registry_default_value":None,"registry_recommended_value":4},
"sacsvr":{"description":"Special Administration Console Helper","service_default_startup":None,"service_recommended_startup":"Disabled","registry_default_value":None,"registry_recommended_value":4},
"SSDPSRV":{"description":"SSDP Discovery","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"upnphost":{"description":"UPnP Device Host","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"WMSvc":{"description":"Web Management Service","service_default_startup":None,"service_recommended_startup":"Disabled","registry_default_value":None,"registry_recommended_value":4},
"WerSvc":{"description":"Windows Error Reporting Service","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"Wecsvc":{"description":"Windows Event Collector","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"WMPNetworkSvc":{"description":"Windows Media Player Network Sharing Service","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"icssvc":{"description":"Windows Mobile Hotspot Service","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"WpnService":{"description":"Windows Push Notifications System Service","service_default_startup":"auto","service_recommended_startup":"Disabled","registry_default_value":2,"registry_recommended_value":4},
"PushToInstall":{"description":"Windows PushToInstall Service","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"WinRM":{"description":"Windows Remote Management (WS-Management)","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"W3SVC":{"description":"World Wide Web Publishing Service","service_default_startup":None,"service_recommended_startup":"Disabled","registry_default_value":None,"registry_recommended_value":4},
"XboxGipSvc":{"description":"Xbox Accessory Management Service","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"XblAuthManager":{"description":"Xbox Live Auth Manager","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"XblGameSave":{"description":"XblGameSave","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"XboxNetApiSvc":{"description":"Xbox Live Networking Service","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
"TermService":{"description":"Remote Desktop Services","service_default_startup":"demand","service_recommended_startup":"Disabled","registry_default_value":3,"registry_recommended_value":4},
}
def install():
for service in services_to_disabled:
if service_installed(service):
print(f"Disable {services_to_disabled[service]['description']} ({service})")
if service_is_running(service):
try:
service_stop(service)
except:
print(f"Unable to stop {service}, please restart your computer")
run(rf'sc config "{service}" start= {services_to_disabled[service]["service_recommended_startup"].lower()}')
registry_set(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services',service,services_to_disabled[service]['registry_recommended_value'])
def uninstall():
for service in services_to_disabled:
if service_installed(service):
print(f"Set default value for {services_to_disabled[service]['description']} ({service})")
if services_to_disabled[service]['service_default_startup'] is not None:
run(rf'sc config "{service}" start= {services_to_disabled[service]["service_default_startup"].lower()}')
registry_set(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services',service,services_to_disabled[service]['registry_default_value'])
def audit():
error = False
service_in_fault = []
for service in services_to_disabled:
if service_installed(service):
current_value = registry_readstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services',service)
expected_value = str(services_to_disabled[service]['registry_recommended_value'])
if current_value != expected_value:
print(f"Service {service} isn't in correct value : {current_value} expected {expected_value}")
service_in_fault.append(service)
error = True
if error:
WAPT.write_audit_data_if_changed("CIS disable services", 'Service in fault', parameter_in_fault, keep_days=365)
return "ERROR"
else:
WAPT.write_audit_data_if_changed("CIS disable services", 'Service in fault', "OK", keep_days=365)
return "OK"
38d056ab130f7bf7c481c12636a4e9959de36561d3dfcbe54c6e3571bc0c1dc3 : WAPT/certificate.crt
06ffffd973e99f0e7000ea655004f4c4e7bf550dc4c64ac2dfcb44b10e63c7fa : WAPT/control
9420721210f5d9c50c9e35c9fdbf0a088b30e165df8311c5f2176ce60e122475 : WAPT/icon.png
: __pycache__
546f89094d1b171924c97d5828c9deeb4d8cfbbe3ba3258fb2e28629a35b8b7f : luti.json
2f16a806c1f5dab069db3dd7f939b48f96716711c8a907ace1d2ea0576aa3c44 : setup.py
0506431355ece6d296efc398fc457515203e9532b5caa24d3e4c3d28dd277059 : update_package.py