Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Control 18.6.4.3 misconfigured #27

Closed
SwaffelSmurf opened this issue Feb 5, 2024 · 1 comment
Closed

Control 18.6.4.3 misconfigured #27

SwaffelSmurf opened this issue Feb 5, 2024 · 1 comment
Assignees
@frederickw082922
Labels
bug Something isn't working

Comments

@SwaffelSmurf
Copy link
Contributor

SwaffelSmurf commented Feb 5, 2024
edited
Loading

Describe the Issue
CIS Control 18.6.4.3 is misconfigured. Multicast name resolution is enabled instead of disabled via the Ansible Lockdown module.

Expected Behavior
According to the GPO description the value of EnableMulticast should be '0':

If you enable this policy setting, LLMNR will be disabled on all available network adapters on the client computer. See admx.help.

Actual Behavior
Ansible Lockdown enables multicast name resolution by setting the value to '1'.

- name: "18.6.4.3 | PATCH | Ensure Turn off multicast name resolution is set to Enabled MS Only | Member Server"
  ansible.windows.win_regedit:
      path: HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient
      name: EnableMulticast
      data: 1
      type: dword

Control(s) Affected
18.6.4.3. (L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled'

Environment (please complete the following information):

  • branch being used: devel
  • Ansible Version: 2.14.2
  • Host Python Version: Python 3.11.5
  • Ansible Server Python Version: Python 3.11.5
  • Additional Details:

Additional Notes
N/A

Possible Solution
Change the data value:

- name: "18.6.4.3 | PATCH | Ensure Turn off multicast name resolution is set to Enabled MS Only | Member Server"
  ansible.windows.win_regedit:
      path: HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient
      name: EnableMulticast
      data: 0
      type: dword
@SwaffelSmurf SwaffelSmurf added the bug Something isn't working label Feb 5, 2024
@frederickw082922
Copy link
Contributor

Good day @SwaffelSmurf

Good catch!

https://admx.help/?Category=Windows_11_2022&Policy=Microsoft.Policies.DNSClient::Turn_Off_Multicast

Thank you!

CC: @MrSteve81

@frederickw082922 frederickw082922 self-assigned this Feb 21, 2024
frederickw082922 added a commit that referenced this issue Feb 21, 2024
@frederickw082922
#27 Update correct reg value 18.6.4.3
87fc5a2 
Signed-off-by: Frederick Witty <[email protected]>
@frederickw082922 frederickw082922 mentioned this issue Feb 22, 2024
Merged
mfortin pushed a commit to mfortin/Windows-2022-CIS that referenced this issue Apr 16, 2024
@frederickw082922 @mfortin
ansible-lockdown#27 Update correct reg value 18.6.4.3
7423e37 
Signed-off-by: Frederick Witty <[email protected]>
Signed-off-by: Mathieu Fortin <[email protected]>
mfortin pushed a commit to mfortin/Windows-2022-CIS that referenced this issue Apr 16, 2024
@frederickw082922 @mfortin
ansible-lockdown#27 Update correct reg value 18.6.4.3
9be1a1b 
Signed-off-by: Frederick Witty <[email protected]>
Signed-off-by: Mathieu Fortin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@frederickw082922 frederickw082922

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SwaffelSmurf @frederickw082922