Configuration as Code & Security Baselines (PI World 2018)
# Convert Windows Server Security Baseline GPO to DSC Configuration
$GPOPath = $home + "\Documents\Demo\MSBaseline\GPOs\{088E04EC-440C-48CB-A8D7-A89D0162FBFB}"
$ConfigName = 'DSCFromGPO'
$OutputPath = ('.\' + $ConfigName)
ConvertFrom-GPO -OutputConfigurationScript -OutputPath $OutputPath -Path $GPOPath
# Compile and deploy the config on the target server
$ConfigFile = ".\$ConfigName\DSCFromGPO.ps1"
Invoke-Command -Session $pscore -FilePath $ConfigFile
Start-DscConfiguration .\DSCFromGPO -Wait -Verbose# Import the PI Security Audit module
$ModuleFile = gci $ModuleFolder -File -Recurse -Filter 'PISYSAUDIT.psd1'
Import-Module $ModuleFile.FullName
# Create parameters and launch an audit against the PI Data Archive
$cpt = piauditparams $null $TargetMachine "pidataarchive"
piaudit -cpt $cpt
# Run audit with specific check suppression
piaudit -cpt $cpt -SuppressCheckID @('AU10006')# Compile the Basic Windows Implementation config with AD Groups
PIDataArchive_BasicWindowsImplementation `
-PIAdministratorsADGroup "CS\PI Administrators" `
-PIUsersADGroup "CS\PI Readers" `
-PIBuffersADGroup "CS\PI Buffers" `
-PIInterfacesADGroup "CS\PI Interfaces"
# Enforce the configuration
Start-DscConfiguration .\PIDataArchive_BasicWindowsImplementation -Wait -Verbose
# Apply the Audit Baseline and restart PI Services
PIDataArchive_AuditBaseline -NodeName localhost -DaysToAllowEdit 90 -MaxQueryExecutionSeconds 60
Start-DscConfiguration .\PIDataArchive_AuditBaseline -Wait -Verbose# Apply surface reduction measures and analyze binaries
Copy-Item .\Supporting4_AttackSurfaceReduction.ps1 -ToSession $pss -Destination C:\Users\hpaul\Documents\
Invoke-Command -Session $pss -ScriptBlock {
.\Supporting4_AttackSurfaceReduction.ps1
Start-DscConfiguration .\AttackSurfaceReduction -Wait -Verbose
}
# Execute AHA Scraper for deeper binary analysis
Push-Location .\AHA-Scraper
.\AHA-Scraper.ps1
Pop-Location