Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookbook supports only English versions of Windows #48

Open
jugatsu opened this issue Jun 28, 2019 · 0 comments
Open

Cookbook supports only English versions of Windows #48

jugatsu opened this issue Jun 28, 2019 · 0 comments
Labels
hacktoberfest
Projects
Hacktoberfest 2019

Comments

@jugatsu
Copy link

jugatsu commented Jun 28, 2019

Describe the bug
When running on non-English version of Windows (for example, Russian version), cookbook fails with Expected process to exit with [0], but received '87'

Expected behavior
Cookbook should support not only English version of Windows.

Actual behavior

* execute[Account Logon Audit Log] action run
       
           ================================================================================
           Error executing action `run` on resource 'execute[Account Logon Audit Log]'
           ================================================================================
       
           Mixlib::ShellOut::ShellCommandFailed
           ------------------------------------
           Expected process to exit with [0], but received '87'
           ---- Begin output of AuditPol /Set /Category:"Account Logon" /Failure:Enable /Success:Enable ----
           STDOUT: €бЇ®«м§®ў ­ЁҐ: AuditPol Є®¬ ­¤  [<Ї®¤Є®¬ ­¤ ><Ї а ¬Ґвал>]

This happens because all categories are hardcoded to english naming.

https://github.com/dev-sec/chef-windows-hardening/blob/master/recipes/audit.rb#L60

execute 'Account Logon Audit Log' do
  command 'AuditPol /Set /Category:"Account Logon" /Failure:Enable /Success:Enable'
  action :run
  not_if { ::File.exist?('C:\accountLogonAudit.lock') }
  notifies :create, 'file[C:\accountLogonAudit.lock]', :immediately
end

Example code

include_recipe 'windows-hardening::default'

OS / Environment

Windows Server 2016 Datacenter Evaluation (Russian)

PS C:\Users\vagrant> Get-WinSystemLocale

LCID             Name             DisplayName
----             ----             -----------
1049             ru-RU            Русский (Россия)

Chef Version

14.13.11

Cookbook Version

0.9.1

Additional context

PS C:\Users\vagrant> auditpol /list /category
Категория или подкатегория
Вход учетной записи
Вход/выход
Доступ к объектам
Доступ к службе каталогов (DS)
Изменение политики
Использование прав
Подробное отслеживание
Система
Учетные записи
PS C:\Users\vagrant> AuditPol /Set /Category:"Вход учетной записи" /Failure:Enable /Success:Enable
Команда выполнена успешно.

As a workaround we can move Categories names to attributes.
@chris-rock chris-rock added this to Up for grabs in Hacktoberfest 2019 via automation Oct 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
hacktoberfest
Projects
No open projects
Hacktoberfest 2019
  
Up for grabs
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chris-rock @jugatsu