teal-technology-consulting/Teal-Audit-Proof

The Teal Harding Check gives you the ability to get an overview about the compliance status of several systems. You can easily create HTML-reports and have a transparent overview over compliance and non-compliance of explicit setttings and configurations in comparison to industry standards and hardening guides.

Audit Test Automation Package

Powershell Gallery	Direct download
ATAPHtmlReport: ATAPAuditor:	AuditTAP Release 5.9.0:

Table of contents

• Audit Test Automation Package
  • Table of contents
  • Overview
  • Modules
  • Reports
    • Application
    • Microsoft OS
    • Unix OS
  • Prerequisites
    • Windows
  • How to install
    • Installation from PS Gallery
    • Video tutorial for manual installation
    • Linux
  • Usage
  • How to Update
  • Good to know
  • Sample reports
  • Customization
  • Converting reports to xml instead of HTML
  • Related links
    • AuditTAP information
    • Hardening recommendations in general
  • Questions, issues or project support

Overview

Our Audit Test Automation Package enables you to get an overview about the compliance status of your systems against established hardening guidelines. Below you will find an overview of the integrated hardening standards and their respective authors (such as Microsoft, CIS, BSI, etc.). The resulting HTML-reports provide a transparent and comprehensible overview over the compliance-status for each of the different settings and configurations suggested inside the provided industry standards and hardening guides.

Modules

The package consists of the following PowerShell modules:

• ATAPHtmlReport
• ATAPAuditor

Reports

ATAPAuditor contains reports based on the following benchmarks including the version number. How to read the table below:

• The entries in the DISA column specify the version of the DISA STIG that is used.
• The entries in the CIS column specify the version of the CIS benchmark that is used.
• The entries in the MS column specify the version of the Microsoft security baseline that is used.
• The entries in the BSI column specify the version of the BSI benchmark that is used.
• The entries in the ACSC column specify the version of the ACSC benchmark that is used.

We currently support the following reports, based on these topics:

Application

Report	DISA	CIS	Microsoft	BSI	ACSC
Google Chrome	V1R15	2.0.0	-	-	-
Mozilla Firefox	V4R24	1.0.0	-	-	-
Microsoft Edge	-	2.0.0	99	-	-
Microsoft Internet Explorer 11	V1R16	1.0.0	2004	-	-
Microsoft IIS10	-	1.1.1	-	-	-
Microsoft Office 2016 Excel	V1R2	-	-	-	-
Microsoft Office 2016 Outlook	V1R2	-	-	-	-
Microsoft Office 2016 PowerPoint	V1R1	-	-	-	-
Microsoft Office 2016 SkypeForBusiness	V1R1	-	-	-	-
Microsoft Office 2016 Word	V1R1	-	-	-	-
Microsoft Office 2016	V1R1, V1R2	1.1.0	-	-	-
Microsoft SQL Server 2016	-	1.3.0	-	-	-

The report Microsoft Office 2016 aggregates the results of all Microsoft Office 2016 <Product> reports.

Microsoft OS

Report	DISA	CIS	Microsoft	BSI	ACSC
Microsoft Windows 7	-	3.1.0	-	-	-
Microsoft Windows 10 PAW	Windows 10 V1R23, Chrome V1R15	Windows 10 1.12.0, Google Chrome 2.0.0, Firefox 1.0.0	Windows 10 21H2, Windows 10 16082019, Edge 99	SiM-08202, SiSyPHuS Version March 2021 (HD, ND, NE, Logging), SiSyPHuS 1.3	21H1
Microsoft Windows 10	V1R23	2.0.0	21H1	SiSyPHuS 1.3	21H1
Microsoft Windows 10 GDPR	-	-	16082019	V1.1	-
Microsoft Windows 10 BSI	-	-	-	SiSyPHuS 1.3	-
Microsoft Windows 10 Stand-alone	-	Stand-alone 2.0.0	-	SiSyPHuS 1.3 (Stand-alone)	-
Microsoft Windows 11 Stand-alone	-	Stand-alone 2.0.0	-	SiSyPHuS 1.3 (Stand-alone)	-
Microsoft Windows 11	-	3.0.0	22H2	SiSyPHuS 1.3	-
Microsoft Windows Server 2012	2.19	2.6.0	-	-	-
Microsoft Windows Server 2016	1.12	2.0.0	FINAL	-	-
Microsoft Windows Server 2016 DC	V1R6	2.0.0	FINAL	-	-
Microsoft Windows Server 2019	1.5	2.0.0	FINAL	-	-
Microsoft Windows Server 2019 DC	V1R2	2.0.0	FINAL	-	-
Microsoft Windows Server 2022	V1R1	2.0.0	FINAL	-	-
Microsoft Windows Server 2022 DC	-	2.0.0	FINAL	-	-

The report Microsoft Windows 10 BSI aggregates the results of all BSI recommendations for Microsoft Windows 10 reports.

Unix OS

Report	DISA	CIS	Microsoft	BSI	ACSC	Teal
Debian 10	-	-	-	-	-	Base
Debian 11	-	1.0.0	-	-	-	-
Fedora 35	-	-	-	-	-	Base
Red Hat Enterprise Linux 8	-	-	-	-	-	Base
SUSE Linux Enterprise 15	-	1.1.1	-	-	-	-
Ubuntu 20.04	-	1.1.0	-	-	-	-
Ubuntu 22.04	-	1.0.0	-	-	-	-

Prerequisites

Before proceeding with the installation, please ensure the following prerequisites are met:

Windows

• PowerShell version 5.1
• Administrative permissions on the system to be audited

How to install

We offer several ways of how you can use our free of charge . Find several detailed explanations below and use them as follows:

• Installation via PSGallery - just install our package directly from PowerShell Gallery.
• Manual installation - use the manual way in case you do not have internet connectivity on the system you want to check. We are aware of these "non connected" scenarios for example in datacenter environments.
• Use our installer to install or update

Installation from PS Gallery

Simple and straight-forward. Install with a single line of code.

Install-Module -Name ATAPAuditor

Video tutorial for manual installation

Following the well-known phrase "A picture is worth a thousand words" we visualized -installation in a roughly three minute video. The first half of the video guides through the process of manual installation, the second half shows installation via PowerShell Gallery.

See the Installing a PowerShell module guide for more specific instructions.

1. Download the most recent release
2. In case your systems security configuration prevents direct execution / access on internet based ("untrusted") files you may need to "unblock" the file first.

Unblock-File -Path .\Audit-Test-Automation-5.9.0.zip -Verbose

The following screenshot shows the output:

3. Extract the archive, for example by using the following commands in PowerShell or by using your favourite unzipping toolset.
   When using PowerShell, please check correct version number with below code example.

Expand-Archive -Path ".\Audit-Test-Automation-5.9.0.zip" -DestinationPath "AuditTAP"

4. Copy ATAPAuditor and ATAPHtmlReport modules to any of the paths of $env:PSModulePath.

Linux

For usage on Linux systems a PowerShell installation is required. The necessary steps depend on the Linux distribution and is documented here. Once PowerShell is installed proceed with a manual installation or using PS Gallery.

Usage

Optionally, import ATAPAuditor module:

Import-Module -Name ATAPAuditor

By default the module creates a new report in Documents\ATAPReports folder. A list of all available reports can be found in above table. Just substitute the ReportName with the name of the benchmark. Append -Path to specify output folder.

❗ ATAP is only compatible with PowerShell 5.1. When run in a different PowerShell version, the user will be prompted to open a PowerShell 5 console or stop the script. ❗

Examples:

Save-ATAPHtmlReport -ReportName "Microsoft Windows 11 Stand-alone" -RiskScore -Path C:\Temp\report.html
Save-ATAPHtmlReport -ReportName "Microsoft Windows 10" -RiskScore -Path C:\Temp\report.html
Save-ATAPHtmlReport -ReportName "Microsoft Windows 11" -Path C:\Temp\report.html
Save-ATAPHtmlReport -ReportName "Microsoft Windows 10 BSI" -RiskScore -Path C:\Temp
Save-ATAPHtmlReport -ReportName "Microsoft Windows Server 2022" -Path C:\Temp
Save-ATAPHtmlReport -ReportName "Google Chrome"
Save-ATAPHtmlReport -ReportName "Ubuntu 20.04"

Pro-Tip: After typing Save-ATAPHtmlReport -ReportName, use the keyboard shortcut <ctrl> + <space> to display all available parameters and select the desired report using arrow-keys.

The ATAPAuditor module also provides a simple menu based runner for reports. It can be found in ATAPAuditor\Helpers\Menu.ps1. When using the Windows based installer, a shortcut can be found in the start menu.

How to Update

In order to update AuditTAP, you need to update both modules "ATAPAuditor" and "ATAPHtmlReport". To do that, just run the following line of code:

For updating ATAPAuditor:

Update-Module ATAPAuditor

For updating ATAPHtmlReport:

Update-Module ATAPHtmlReport

If you want to update via Installer, make sure to download the latest version of AuditTAP. Then just follow the installation steps.

Good to know

• Make sure your execution policy is set to at least remoteSigned (the scripts are not digitally signed)

Set-ExecutionPolicy RemoteSigned -scope CurrentUser

• You can extend your AuditReports with a RiskScore by adding the RiskScore-Switch parameter (currently only available for Windows Reports):

Save-ATAPHtmlReport -ReportName "Microsoft Windows 10" -Force -RiskScore

• ATAPAuditor has a dependency on ATAPHtmlReport.
• Some reports take more than a few seconds because hundreds of individual settings and controls are checked. Please be patient, the result will satisfy your needs 😉
• If you used old versions of AuditTAP you may want to clean up your modules. Be sure you have not integrated AuditTAP functionality in reporting processes. In order to accomplish this task you can use the following script.

# Remove all old AuditTAP Reports if available
$collection = @("ATAPHtmlReport","Excel2016Audit","GoogleChromeAudit","IIS8Audit","IIS10Audit","MicrosoftIE11Audit","MozillaFirefoxAudit","Outlook2016Audit","Powerpoint2016Audit","Skype4Business2016Audit","SQL2016Benchmarks","Windows10Audit","Windows10GDPRAudit","WindowsServer2016Audit","Word2016Audit")
ForEach ($item in $collection)
{
  if (Get-Module -ListAvailable -Name $item)
  {
    # Module found, so remove it
    $installPath = Get-Module -ListAvailable $item | Select-Object -ExpandProperty Path | Split-Path -Parent
    Remove-Item -Path $installPath -Recurse -Force -Confirm:$false
  }
  else
  {
    # Module not installed, do nothing and take next item
  }
}

Sample reports

You can find several sample reports in the "Samples" folder.

Customization

You can change the default folder for Save-ATAPHtmlReport, which is Documents\ATAPReports, by creating and later editing the environment variable ATAPReportPath. Environment variables can be set for different scopes - please choose the one that fits your needs. The following samples will set the default path to 'C:\ATAPReports'.

Temporary scope: CurrentSession

$env:ATAPReportPath = 'C:\ATAPReports'

Permanent scope: CurrentUser

[System.Environment]::SetEnvironmentVariable('ATAPReportPath','C:\ATAPReports',[System.EnvironmentVariableTarget]::User)

Permanent scope: Machine

[System.Environment]::SetEnvironmentVariable('ATAPReportPath','C:\ATAPReports',[System.EnvironmentVariableTarget]::Machine)

Converting reports to xml instead of HTML

For this functionality, it is handy to know the Invoke-ATAPReport command can be used: Just use the following code snippet, and exchange the variables "Reportname" and "FilePath".

$Reportname = "Microsoft Windows 11"
$FilePath = "C://YourPath/YourFileName.xml"
ConvertTo-Xml -InputObject (Invoke-ATAPReport -ReportName $ReportName) -As "String" -Depth 10 | Out-File -FilePath $FilePath

Related links

AuditTAP information

• GitHub-Link: https://github.com/teal-technology-consulting/Audit-Test-Automation
• AuditTAP landing page: https://aktionen.teal-consulting.de/teal-audit-proof/
• YouTube channel with more videos: https://www.youtube.com/channel/UCk50bGHY-_tmOtsTDcYw__g

Hardening recommendations in general

• #NoCodeHardening: https://www.nocodehardening.com
• BSI SiSyPHus: https://www.bsi.bund.de/EN/Topics/Cyber-Security/Recommendations/SiSyPHuS_Win10/SiSyPHuS_node.html
• Center for Internet Security: https://www.cisecurity.org/
• DISA STIGs: https://public.cyber.mil/stigs/
• Microsoft Security baselines: https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines

Questions, issues or project support

Please check the FAQ-section first before opening an issue or contacting us.

• For questions or issues regarding AuditTAP please use GitHub issue tracker.
• For questions regarding project support please write a short mail to info@teal-consulting.de