vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 2.1.6 simplified output and added object comment

Browse Source
This commit is contained in:
DrIOS
2024-06-29 11:01:40 -05:00
parent 3ecc8f4466
commit ad6ec465c8
2 changed files with 127 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
source/Private/Get-CISExoOutput.ps1
View File

@@ -313,9 +313,39 @@ function Get-CISExoOutput {
} }
'2.1.6' { '2.1.6' {
# Test-SpamPolicyAdminNotify.ps1 # Test-SpamPolicyAdminNotify.ps1
# Retrieve the default hosted outbound spam filter policy # Retrieve the hosted outbound spam filter policies
$hostedOutboundSpamFilterPolicy = Get-HostedOutboundSpamFilterPolicy | Where-Object { $_.IsDefault -eq $true } # $spamPolicies Mock Object:
return $hostedOutboundSpamFilterPolicy <#
# Mock data representing multiple spam filter policies
$spamPolicies = @(
[PSCustomObject]@{
Name = "Default"
IsDefault = $true
NotifyOutboundSpam = $true
BccSuspiciousOutboundMail = $true
NotifyOutboundSpamRecipients = "admin@example.com"
BccSuspiciousOutboundAdditionalRecipients = "bccadmin@example.com"
},
[PSCustomObject]@{
Name = "Custom Policy 1"
IsDefault = $false
NotifyOutboundSpam = $false
BccSuspiciousOutboundMail = $true
NotifyOutboundSpamRecipients = ""
BccSuspiciousOutboundAdditionalRecipients = ""
},
[PSCustomObject]@{
Name = "Custom Policy 2"
IsDefault = $false
NotifyOutboundSpam = $true
BccSuspiciousOutboundMail = $false
NotifyOutboundSpamRecipients = "notify@example.com"
BccSuspiciousOutboundAdditionalRecipients = "bccnotify@example.com"
}
)
#>
$spamPolicies = Get-HostedOutboundSpamFilterPolicy
return $spamPolicies
} }
'2.1.7' { '2.1.7' {
# Test-AntiPhishingPolicy.ps1 # Test-AntiPhishingPolicy.ps1

144
source/tests/Test-SpamPolicyAdminNotify.ps1
View File

@@ -1,78 +1,120 @@
function Test-SpamPolicyAdminNotify { function Test-SpamPolicyAdminNotify {
[CmdletBinding()] [CmdletBinding()]
[OutputType([CISAuditResult])] [OutputType([CISAuditResult])]
param ( param ()
# Aligned
# Parameters can be added if needed
)
begin { begin {
# Dot source the class script if necessary # Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1 #. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed # Initialization code, if needed
$recnum = "2.1.6"
<# <#
Conditions for 2.1.6 (L1) Ensure Exchange Online Spam Policies are set to notify administrators Conditions for 2.1.6 (L1) Ensure Exchange Online Spam Policies are set to notify administrators:
Description:
Validate recommendation details: - This test ensures that Exchange Online Spam Policies are configured to notify administrators when a sender in the organization has been blocked for sending spam. It checks for the proper setup of both Bcc and Notify properties and the inclusion of valid email addresses.
- Confirm that the recommendation details are accurate and complete as per the CIS benchmark. Validate test for a pass:
- Checks that the 'BccSuspiciousOutboundMail' and 'NotifyOutboundSpam' properties are enabled for the default policy.
Validate test for a pass: - Ensures that valid email addresses are provided for 'NotifyOutboundSpamRecipients' and 'BccSuspiciousOutboundAdditionalRecipients'.
- Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark. Validate test for a fail:
- Specific conditions to check: - If the default policy is not found, this is flagged as a critical compliance issue.
- Condition A: In the Microsoft 365 Security & Compliance Center, the Exchange Online Spam Policies are set to notify administrators when a sender in the organization has been blocked for sending spam emails. - The test fails if any of the following settings are incorrect:
- Condition B: Using PowerShell, the `NotifyOutboundSpam` and `NotifyOutboundSpamContact` properties are correctly set in all relevant spam filter policies. - 'BccSuspiciousOutboundMail' is not enabled.
- 'NotifyOutboundSpam' is not enabled.
Validate test for a fail: - 'NotifyOutboundSpamRecipients' does not contain at least one valid email address.
- Confirm that the failure conditions in the automated test are consistent with the manual audit results. - 'BccSuspiciousOutboundAdditionalRecipients' does not contain at least one valid email address.
- Specific conditions to check: Note:
- Condition A: In the Microsoft 365 Security & Compliance Center, the Exchange Online Spam Policies are not set to notify administrators when a sender in the organization has been blocked for sending spam emails. - While the primary focus is on the default policy, the function also retrieves and displays settings from additional policies that are not default, providing comprehensive insight into the organization's configuration. These additional policies are not used to determine the test's pass/fail status but are included in the details for informational purposes.
- Condition B: Using PowerShell, the `NotifyOutboundSpam` and `NotifyOutboundSpamContact` properties are not correctly set in all relevant spam filter policies.
#> #>
$recnum = "2.1.6"
Write-Verbose "Running Test-SpamPolicyAdminNotify for $recnum..."
} }
process { process {
try { try {
# 2.1.6 Ensure Exchange Online Spam Policies are set to notify administrators # Mock data representing multiple spam filter policies
<#
# Retrieve the default hosted outbound spam filter policy $spamPolicies = @(
$hostedOutboundSpamFilterPolicy = Get-CISExoOutput -Rec $recnum [PSCustomObject]@{
Name = "Default"
# Check if both settings are enabled (Condition A and Condition B for pass) IsDefault = $true
$bccSuspiciousOutboundMailEnabled = $hostedOutboundSpamFilterPolicy.BccSuspiciousOutboundMail NotifyOutboundSpam = $false
$notifyOutboundSpamEnabled = $hostedOutboundSpamFilterPolicy.NotifyOutboundSpam BccSuspiciousOutboundMail = $true
$areSettingsEnabled = $bccSuspiciousOutboundMailEnabled -and $notifyOutboundSpamEnabled NotifyOutboundSpamRecipients = "admin@example.com"
BccSuspiciousOutboundAdditionalRecipients = "bccadmin@example.com"
# Prepare failure details if any setting is not enabled (Condition A and Condition B for fail) },
$failureDetails = @() [PSCustomObject]@{
if (-not $bccSuspiciousOutboundMailEnabled) { Name = "Custom Policy 1"
$failureDetails += "BccSuspiciousOutboundMail is not enabled." IsDefault = $false
NotifyOutboundSpam = $false
BccSuspiciousOutboundMail = $true
NotifyOutboundSpamRecipients = ""
BccSuspiciousOutboundAdditionalRecipients = ""
},
[PSCustomObject]@{
Name = "Custom Policy 2"
IsDefault = $false
NotifyOutboundSpam = $true
BccSuspiciousOutboundMail = $false
NotifyOutboundSpamRecipients = "notify@example.com"
BccSuspiciousOutboundAdditionalRecipients = "bccnotify@example.com"
}
)
#>
$spamPolicies = Get-CISExoOutput -Rec $recnum
$defaultPolicy = $spamPolicies | Where-Object { $_.IsDefault -eq $true }
$additionalPolicies = $spamPolicies | Where-Object { $_.IsDefault -eq $false }
$details = @()
$failureReasons = @()
# Check the default policy settings and format details
# Build the details string for the default policy
if ($defaultPolicy) {
$details += "Default Policy: $($defaultPolicy.Name)`n`n" +
"Bcc Suspicious Outbound Mail: $($defaultPolicy.BccSuspiciousOutboundMail)`n" +
"Notify Outbound Spam: $($defaultPolicy.NotifyOutboundSpam)`n" +
"Notify Emails: $($defaultPolicy.NotifyOutboundSpamRecipients -join ', ')`n" +
"Bcc Emails: $($defaultPolicy.BccSuspiciousOutboundAdditionalRecipients -join ', ')"
if (-not $defaultPolicy.BccSuspiciousOutboundMail) {
$failureReasons += "BccSuspiciousOutboundMail should be enabled."
}
if (-not $defaultPolicy.NotifyOutboundSpam) {
$failureReasons += "NotifyOutboundSpam should be enabled."
}
if (-not $defaultPolicy.NotifyOutboundSpamRecipients) {
$failureReasons += "NotifyOutboundSpamRecipients should have at least one valid email."
}
if (-not $defaultPolicy.BccSuspiciousOutboundAdditionalRecipients) {
$failureReasons += "BccSuspiciousOutboundAdditionalRecipients should have at least one valid email."
}
} }
if (-not $notifyOutboundSpamEnabled) { else {
$failureDetails += "NotifyOutboundSpam is not enabled." $failureReasons += "No default policy found. This is critical for compliance."
} }
# Format additional policy details
# Create an instance of CISAuditResult and populate it foreach ($policy in $additionalPolicies) {
$details += "`n`nAdditional Policy: $($policy.Name)`n`n" +
"Bcc Suspicious Outbound Mail: $($policy.BccSuspiciousOutboundMail)`n" +
"Notify Outbound Spam: $($policy.NotifyOutboundSpam)`n" +
"Notify Emails: $($policy.NotifyOutboundSpamRecipients -join ', ')`n" +
"Bcc Emails: $($policy.BccSuspiciousOutboundAdditionalRecipients -join ', ')"
}
$result = $failureReasons.Count -eq 0
$detailsString = $details -join "`n"
$failureReasonsString = $failureReasons -join "`n"
# Create and populate the CISAuditResult object
$params = @{ $params = @{
Rec = $recnum Rec = $recnum
Result = $areSettingsEnabled Result = $result
Status = if ($areSettingsEnabled) { "Pass" } else { "Fail" } Status = if ($result) { "Pass" } else { "Fail" }
Details = if ($areSettingsEnabled) { "Both BccSuspiciousOutboundMail and NotifyOutboundSpam are enabled." } else { $failureDetails -join ' ' } Details = $detailsString
FailureReason = if (-not $areSettingsEnabled) { "One or both spam policies are not set to notify administrators." } else { "N/A" } FailureReason = if (-not $result) { $failureReasonsString } else { "All settings are correct based on the default policy." }
} }
$auditResult = Initialize-CISAuditResult @params $auditResult = Initialize-CISAuditResult @params
} }
catch { catch {
$LastError = $_ Write-Error "An error occurred during the test: $_"
$auditResult = Get-TestError -LastError $LastError -recnum $recnum $auditResult = Get-TestError -LastError $_ -recnum $recnum
} }
} }
end { end {
# Return auditResult # Return the audit result
return $auditResult return $auditResult
} }
} }