Customizing DISA STIG for Logon Banner Text

(imported topic written by ktakada91)

Hi,

I am trying to customize the below DISA STIG fixlet so that instead of the government standard banner, the fixlet checks for our own company logon banner. I am not certain how to do this because I don’t understand what

substring separated by “%00”

or

it != “” AND it != “You are accessing…”

does in this context. Can someone help me, please?

Thanks,

Kotaro Takada

if (exists setting “SCM_3120_EXCLUDE” whose (value of it as integer = 1) of current site) then (false) else ((exists (substrings separated by “%00” whose (it != “” AND it != “You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.” AND it != " " AND it != “By using this IS (which includes any device attached to this IS), you consent to the following conditions:” AND it != " " AND it != “-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC, monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintellige” & “nce (CI) investigations.” AND it != " " AND it != “-At any time” AND it != " the USG may inspect and seize data stored on this IS." AND it != " " AND it != “-Communications using” AND it != " or data stored on" AND it != " this IS are not private" AND it != " are subject to routine monitoring" AND it != " interception" AND it != " and search" AND it != " and may be disclosed or used for any USG-authorized purpose." AND it != " " AND it != “-This IS includes security measures (e.g., authentication and access controls) to protect USG interests.not for your personal benefit or privacy.” AND it != " " AND it != “-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychoth” & “erapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.”) of ((value “LegalNoticeText” of key “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System” of native registry) as string))))

(imported comment written by NoahSalzman)

If you drop it into the Fixlet Debugger and click the expand button, it gives you an easier way to see what is going on.

substrings seperated by

breaks up the LegalNoticeText into chunks. The

whose

logic makes sure that each line (substring) doesn’t match (since “true” is equivalent to failure for this type of check).

You can simplify this check a little bit by simply checking that the LegalNoticeCheck is there and contains strings like “You are accessing”, “authorized”, etc… maybe check the length of the key as well.

(

substrings separated by “%00”

whose

(

it != “”

AND

it != “You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.”

AND

it != " "

AND

it != “By using this IS (which includes any device attached to this IS), you consent to the following conditions:”

AND

it != " "

AND

it != “-The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited to, penetration testing, COMSEC, monitoring, network operations and defense, personnel misconduct (PM), law enforcement (LE), and counterintellige” & “nce (CI) investigations.”

AND

it != " "

AND

it != “-At any time”

AND

it != " the USG may inspect and seize data stored on this IS."

AND

it != " "

AND

it != “-Communications using”

AND

it != " or data stored on"

AND

it != " this IS are not private"

AND

it != " are subject to routine monitoring"

AND

it != " interception"

AND

it != " and search"

AND

it != " and may be disclosed or used for any USG-authorized purpose."

AND

it != " "

AND

it != “-This IS includes security measures (e.g., authentication and access controls) to protect USG interests.not for your personal benefit or privacy.”

AND

it != " "

AND

it != “-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychoth” & “erapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.”

)

)

of

(

(

value “LegalNoticeText” of key “HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System” of native registry

)

as string

)

)

)

)