Puppet Class: secure_windows::stig::v73395
- Defined in:
- manifests/stig/v73395.pp
Overview
This class manages: V-73375 The Active Directory Domain Controllers Organizational Unit (OU) object must have the proper access control permissions. V-73395 The Active Directory Domain Controllers Organizational Unit (OU) object must be configured with proper audit settings.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'manifests/stig/v73395.pp', line 6
class secure_windows::stig::v73395 (
Boolean $enforced = false,
) {
if $enforced {
if $facts['windows_server_type'] == 'windowsdc' {
$root_domain = $facts['root_domain']
ad_acl { "OU=Domain Controllers,${root_domain}":
audit_rules => [
{
'ad_rights' => 'WriteDacl',
'identity' => 'S-1-1-0',
'audit_flags' => 'Success',
'inheritance_type' => 'None',
},
{
'ad_rights' => 'WriteProperty',
'identity' => 'S-1-1-0',
'audit_flags' => 'Success',
'inheritance_type' => 'All',
},
{
'ad_rights' => 'GenericAll',
'identity' => 'S-1-1-0',
'audit_flags' => 'Failure',
'inheritance_type' => 'None',
},
],
access_rules => [
{
'identity' => 'S-1-5-9',
'ad_rights' => 'GenericRead',
'access_control_type' => 'Allow',
'inheritance_type' => 'None'
},
{
'identity' => 'S-1-5-11',
'ad_rights' => 'GenericRead',
'access_control_type' => 'Allow',
'inheritance_type' => 'None'
},
{
'identity' => 'S-1-5-18',
'ad_rights' => 'GenericAll',
'access_control_type' => 'Allow',
'inheritance_type' => 'None'
},
{
'identity' => "${facts['domain_sid']}-512",
'ad_rights' => 'CreateChild, Self, WriteProperty, ExtendedRight, GenericRead, WriteDacl, WriteOwner',
'access_control_type' => 'Allow',
'inheritance_type' => 'None'
}],
}
}
}
}
|