http://forum.bigfix.com BigFix User Group en http://backend.userland.com/rss http://forum.bigfix.com/viewtopic.php?pid=16934#16934 16934@http://forum.bigfix.com Topic: Detecting and enforcing secure IIS configurations Message: Hi Ilia,I took a quick look around but couldn't obviously spot it in the metabase either... I am guessing it is there somewhere, but we just need to find it...Ben Mon, 16 Nov 2009 18:30:16 -0800 http://forum.bigfix.com/viewtopic.php?pid=16925#16925 16925@http://forum.bigfix.com Topic: FDCC Checklist Update - Security Patches Up-To-Date for 11.03.09 Message: BigFix has modified the SCM Checklist sites for FDCC to include the updated version of the Security Patches Up-to-Date checks.  This content reflects the update provided by NIST on 11.03.09.  The updated content can be found in the following sites:* SCM Checklist for FDCC on Windows XP* SCM Checklist for FDCC on Windows Vista* SCM Checklist for FDCC on Internet Explorer 7Please let me know if there are any questions!Regards,Jim Mon, 16 Nov 2009 16:06:54 -0800 http://forum.bigfix.com/viewtopic.php?pid=16909#16909 16909@http://forum.bigfix.com Topic: Detecting and enforcing secure IIS configurations Message: Ben,Do you know if we can get the status of Web Service Extensions? I want to know for instance if Active Server Pages -  Allowed  or Prohibited. I looked into metabase and WMI and can't find the status there...Thanks, Ilia Mon, 16 Nov 2009 00:15:22 -0800 http://forum.bigfix.com/viewtopic.php?pid=16581#16581 16581@http://forum.bigfix.com Topic: Security Configuration Management: New Features Available Message: Great username!The information is stored in what we call the 'Dashboard Datastore'.  Basically they are stored in the database and are not directly tied to the underlying fixlet.I believe the exception is indentified by site name and control id so as long as those stay the same the exception will continue to apply.Jesse Fri, 30 Oct 2009 11:21:42 -0700 http://forum.bigfix.com/viewtopic.php?pid=16516#16516 16516@http://forum.bigfix.com Topic: Security Configuration Management: New Features Available Message: Where is the information stored for the exception information created in the new exception management dashboard? Is it adding a property that can be retrieved to the underlying fixlets that can be queried using relevance? If not, does that mean that exceptions will remain working if all the fixlets for a site with FDCC SCM content is updated (all fixlets deleted, then new fixlets copied in)?Thanks in advance. Wed, 28 Oct 2009 12:10:43 -0700 http://forum.bigfix.com/viewtopic.php?pid=16432#16432 16432@http://forum.bigfix.com Topic: 'Network Drivers' analysis for 64-bit clients Message: I will send this info to the Fixlet team and they can update the relevance in the analysis if they deem it stable enough for all customers..Thanks for bringing this up!Ben Mon, 26 Oct 2009 13:34:23 -0700 http://forum.bigfix.com/viewtopic.php?pid=16404#16404 16404@http://forum.bigfix.com Topic: 'Network Drivers' analysis for 64-bit clients Message: Hey hey!  That worked!I ran the full modified expression and got accurate results.  Thanks so much Ben!  I hope others will find this helpful to update the builtin "Network Drivers" analysis to include 64-bit OSes.  Sure wish BigFix had a way to update these for us through a fixlet though.  Thanks again, Ben.q: (( versions of (if (x64 of operating system) then x64 file(it) else file (it)) of  ( pathname of windows folder & "\" & ( value "ImagePath" of it as string ) ) ) as string ) of keys ( ( "HKLM\SYSTEM\CurrentControlSet\Services\" & service key value name of it ) of active devices whose ( ( class of it = "Net" ) AND ( exists location information of it ) ) ) of registry as stringA: 10.62.0.0A: 10.62.0.0 Mon, 26 Oct 2009 06:26:33 -0700 http://forum.bigfix.com/viewtopic.php?pid=16390#16390 16390@http://forum.bigfix.com Topic: 'Network Drivers' analysis for 64-bit clients Message: Hey Darryl,I believe that is expected when you have a pure x64 file because Windows uses different libraries to access them... You can access them in relevance with the x64 file inspector... Try this:q: version of x64 file ("C:\WINDOWS\system32\DRIVERS\b57amd64.sys")And then try the original expression modified to deal with x64 files:q: (( versions of (if (x64 of operating system) then x64 file(it) else file (it)) of  ( pathname of windows folder & "\" & ( value "ImagePath" of it as string ) ) ) as string ) of keys ( ( "HKLM\SYSTEM\CurrentControlSet\Services\" & service key value name of it ) of active devices whose ( ( class of it = "Net" ) AND ( exists location information of it ) ) ) of registry as stringBen Fri, 23 Oct 2009 17:17:31 -0700 http://forum.bigfix.com/viewtopic.php?pid=16380#16380 16380@http://forum.bigfix.com Topic: 'Network Drivers' analysis for 64-bit clients Message: This is VERY interesting.  The files no in fact exist.  I've setup my relevance debugger to check the version of a DLL right on the root of the C: drive, another under the Windows\system32 folder, and another under the drivers folder and it seems the only issue is when you attempt to check files versions under the drivers folder.q: version of file ("C:\WINDOWS\system32\DRIVERS\b57amd64.sys")E: Singular expression refers to nonexistent object.q: version of file ("C:\install.res.1028.dll")A: 9.0.21022.8q: version of file ("C:\WINDOWS\system32\aaaamon.dll")A: 5.2.3790.1830q: version of file ("C:\WINDOWS\system32\drivers\afd.sys")E: Singular expression refers to nonexistent object. Fri, 23 Oct 2009 11:02:28 -0700 http://forum.bigfix.com/viewtopic.php?pid=16351#16351 16351@http://forum.bigfix.com Topic: 'Network Drivers' analysis for 64-bit clients Message: Ok... so last check is to see if those files exist... and now that I think about it, that is probably where the problem lies... They probably are not in the system32 folder and instead are in the system64 folder (or something like that)...Can you please verify the file location and I will fix the relevance for you...Thanks,Ben Thu, 22 Oct 2009 15:02:53 -0700 http://forum.bigfix.com/viewtopic.php?pid=16329#16329 16329@http://forum.bigfix.com Topic: 'Network Drivers' analysis for 64-bit clients Message: Again Ben, thanks for the suggestion.  I'm getting a similar result to what you received.  Any further suggestions?q: (service key value names of it,  "HKLM\SYSTEM\CurrentControlSet\Services\" & service key value name of it ) of active devices whose ( ( class of it = "Net" and exists location information of it) )A: b57nd, HKLM\SYSTEM\CurrentControlSet\Services\b57ndA: b57nd, HKLM\SYSTEM\CurrentControlSet\Services\b57ndq: (( ( pathname of windows folder & "\" & ( value "ImagePath" of it as string ) ) ) as string ) of keys ( ( "HKLM\SYSTEM\CurrentControlSet\Services\" & service key value name of it ) of active devices whose ( ( class of it = "Net" ) AND ( exists location information of it ) ) ) of registry as stringA: C:\WINDOWS\system32\DRIVERS\b57amd64.sys%00A: C:\WINDOWS\system32\DRIVERS\b57amd64.sys%00 Thu, 22 Oct 2009 07:57:12 -0700 http://forum.bigfix.com/viewtopic.php?pid=16312#16312 16312@http://forum.bigfix.com Topic: 'Network Drivers' analysis for 64-bit clients Message: This should help decompose the problem by listing the reg keys and the files:q: (service key value names of it,  "HKLM\SYSTEM\CurrentControlSet\Services\" & service key value name of it ) of active devices whose ( ( class of it = "Net" and exists location information of it) )A: b57nd60x, HKLM\SYSTEM\CurrentControlSet\Services\b57nd60xA: NETw5v32, HKLM\SYSTEM\CurrentControlSet\Services\NETw5v32T: 83.895 msI: plural ( string, string )q: (( ( pathname of windows folder & "\" & ( value "ImagePath" of it as string ) ) ) as string ) of keys ( ( "HKLM\SYSTEM\CurrentControlSet\Services\" & service key value name of it ) of active devices whose ( ( class of it = "Net" ) AND ( exists location information of it ) ) ) of registry as stringA: C:\Windows\system32\DRIVERS\b57nd60x.sys%00A: C:\Windows\system32\DRIVERS\NETw5v32.sys%00Ben Wed, 21 Oct 2009 18:36:16 -0700 http://forum.bigfix.com/viewtopic.php?pid=16290#16290 16290@http://forum.bigfix.com Topic: 'Network Drivers' analysis for 64-bit clients Message: Good suggestion Ben.  I tried that and got the following result, which tells me that portion of the code is good.q: number of active devices whose ( ( class of it = "Net" ) and (exists location information of it ))A: 2I'm guessing the issue must lie in the relevance earlier in the code.  Any suggestions on breaking up those parts of the code and testing?  I'm a bit lost on the "whose" and "it" syntax BigFix uses here.   Thanks for the guidance here gents! Wed, 21 Oct 2009 07:35:28 -0700 http://forum.bigfix.com/viewtopic.php?pid=16272#16272 16272@http://forum.bigfix.com Topic: 'Network Drivers' analysis for 64-bit clients Message: It might be an issue with the "active devices" inspector... If you try this on your x64 system, does it work?q: number of active devices whose ( ( class of it = "Net" ) )Ben Tue, 20 Oct 2009 17:38:48 -0700 http://forum.bigfix.com/viewtopic.php?pid=16265#16265 16265@http://forum.bigfix.com Topic: Aug Update to Unix DISA STIG Checklist Message: Hi T4l0r,We are currently reviewing the recent versions of the DISA checklist documents to determine what other changes exist so we can update the content.  In the meantime, you can easily change the default value by using the parameter action to change the value to 14 (or any other value you desire).  Let me know if you need some guidance on how to do this and I can point you to it.  We have also just updated our documentation to hopefully help with this.  The documentation can be found here:http://support.bigfix.com/resources.html Let me know if you need anything further. Tue, 20 Oct 2009 16:53:45 -0700