microsoft
diff --git a/‎Makefile
+1-1 b/‎Makefile
+1-1
diff --git a/‎Providers/Modules/Plugins/SecurityBaseline/plugin/SecurityBaselineVersion.txt
+1-1 b/‎Providers/Modules/Plugins/SecurityBaseline/plugin/SecurityBaselineVersion.txt
+1-1
diff --git a/‎Providers/Modules/Plugins/SecurityBaseline/plugin/asc_audits.xml
+1-1 b/‎Providers/Modules/Plugins/SecurityBaseline/plugin/asc_audits.xml
+1-1
diff --git a/‎Providers/Modules/Plugins/SecurityBaseline/plugin/cis_audits.xml
+3-3 b/‎Providers/Modules/Plugins/SecurityBaseline/plugin/cis_audits.xml
+3-3
diff --git a/‎Providers/Modules/Plugins/SecurityBaseline/plugin/common_audits.xml
+12-12 b/‎Providers/Modules/Plugins/SecurityBaseline/plugin/common_audits.xml
+12-12
diff --git a/‎Providers/Modules/Plugins/SecurityBaseline/plugin/ssh_audits.xml
+26-26 b/‎Providers/Modules/Plugins/SecurityBaseline/plugin/ssh_audits.xml
+26-26
diff --git a/‎Providers/Modules/Plugins_x64/SecurityBaseline/plugin/omsbaseline
4.96 KB b/‎Providers/Modules/Plugins_x64/SecurityBaseline/plugin/omsbaseline
4.96 KB
diff --git a/‎Providers/Modules/Plugins_x64/SecurityBaseline/plugin/omsremediate
288 Bytes b/‎Providers/Modules/Plugins_x64/SecurityBaseline/plugin/omsremediate
288 Bytes
diff --git a/‎Providers/Modules/Plugins_x86/SecurityBaseline/plugin/omsbaseline
472 KB b/‎Providers/Modules/Plugins_x86/SecurityBaseline/plugin/omsbaseline
472 KB
diff --git a/‎Providers/Modules/Plugins_x86/SecurityBaseline/plugin/omsremediate
466 KB b/‎Providers/Modules/Plugins_x86/SecurityBaseline/plugin/omsremediate
466 KB
diff --git a/‎installbuilder/datafiles/Base_DSC.data
+3-3 b/‎installbuilder/datafiles/Base_DSC.data
+3-3
@@ -613,7 +613,7 @@ nxOMSGenerateInventoryMof:
 
 nxOMSPlugin:
 	rm -rf output/staging; \
-	VERSION="3.73"; \
+	VERSION="3.74"; \
 	PROVIDERS="nxOMSPlugin"; \
 	STAGINGDIR="output/staging/$@/DSCResources"; \
 	cat Providers/Modules/$@.psd1 | sed "s@<MODULE_VERSION>@$${VERSION}@" > intermediate/Modules/$@.psd1; \
 
@@ -1 +1 @@
-2.23.0-207
+2.24.1-261
@@ -76,7 +76,7 @@
       remediation="Run AuditD service (systemctl start auditd)"
       ruleId="c146c4a4-5eb6-4205-88da-5a71a82f2d45">
       <check distro="*" command="CheckServiceEnabled"  expect="running" service="auditd">
-    	<dependency type="PackageInstalled">audit(?:d)?$</dependency>
+      <dependency type="PackageInstalled">audit(?:d)?$</dependency>
       </check>
     </audit>
   </audits>
 
@@ -199,11 +199,11 @@
       impact="If the user's home directory does not exist or is unassigned, the user will be placed in '/' and will not be able to write any files or have local environment variables set."
       remediation="If any users' home directories do not exist, create them and make sure the respective user owns the directory. Users without an assigned home directory should be removed or assigned a home directory as appropriate."
       ruleId="c07e6adc-93ab-1d40-2c6d-f3f16ca9561d">
-      <check distro="*" command="CheckUserDirs" expect="exists"/>
+    <check distro="*" command="CheckUserDirs" expect="exists"/>
     </audit>
 
-    <audit 
-      description="Ensure users own their home directories" 
+    <audit
+      description="Ensure users own their home directories"
       msid="6.2.9"
       impact="Since the user is accountable for files stored in the user home directory, the user must be the owner of the directory."
       remediation="Change the ownership of any home directories that are not owned by the defined user to the correct user."
 
@@ -6,7 +6,7 @@
       impact="Removing support for USB storage devices reduces the local attack surface of the server."
       remediation="Edit or create a file in the `/etc/modprobe.d/` directory ending in .conf and add `install usb-storage /bin/true` then unload the usb-storage module or run '/opt/microsoft/omsagent/plugin/omsremediate -r disable-unnecessary-kernel-mods'"
       ruleId="acffbbca-3e5b-9aa9-65ee-ff7b6116565f">
-     <check distro="*" command="CheckMatchingLinesInDir" regex="^install\s+usb-storage\s+/bin/true" path="/etc/modprobe.d/"/>
+      <check distro="*" command="CheckMatchingLinesInDir" regex="^install\s+usb-storage\s+/bin/true" path="/etc/modprobe.d/"/>
     </audit>
 
     <audit
@@ -332,7 +332,7 @@
       msid="33"
       impact="Requiring authentication in single user mode prevents an unauthorized user from rebooting the system into single user to gain root privileges without credentials."
       remediation="run the following command to set a password for the root user: `passwd root`"
-		  ruleId="13a48ca1-92bc-63a1-a4de-b984375fa332">
+      ruleId="13a48ca1-92bc-63a1-a4de-b984375fa332">
       <check distro="*" command="CheckNoMatchingLines" path="/etc/shadow" regex="^root:\s*:"/>
     </audit>
 
@@ -533,7 +533,7 @@
       impact="If the protocol is not required, it is recommended that the drivers not be installed to reduce the potential attack surface."
       remediation="Edit or create a file in the `/etc/modprobe.d/` directory ending in .conf and add `install sctp /bin/true` then unload the sctp module or run '/opt/microsoft/omsagent/plugin/omsremediate -r disable-unnecessary-kernel-mods'"
       ruleId="78228616-15d4-33fe-0357-88e77f228f05">
-     <check distro="*" command="CheckMatchingLinesInDir" regex="^install\s+sctp\s+/bin/true" path="/etc/modprobe.d/"/>
+      <check distro="*" command="CheckMatchingLinesInDir" regex="^install\s+sctp\s+/bin/true" path="/etc/modprobe.d/"/>
     </audit>
 
     <audit
@@ -1076,7 +1076,7 @@
       severity="Important"
       impact="An attacker could use nfs to mount shares and execute/copy files."
       remediation="Disable the nfs service or run '/opt/microsoft/omsagent/plugin/omsremediate -r disable-nfs'"
-      ruleId="ee372ff3-9221-498b-b467-7406bf421168"> 
+      ruleId="ee372ff3-9221-498b-b467-7406bf421168">
       <check distro="*" command="CheckServiceDisabled" service="nfs-server" />
     </audit>
 
@@ -1207,7 +1207,7 @@
 ```
 password sufficient pam_unix.so sha512
 ```"
-	    ruleId="01ec5346-882b-485d-8960-01dedd608792">
+      ruleId="01ec5346-882b-485d-8960-01dedd608792">
       <check distro="*" command="CheckMatchingLinesInFiles" regex="sha512" filter="^password\s.*\s*pam_unix.so\s+\S+" path="/etc/pam.d/common-password|/etc/pam.d/system-auth|/etc/pam.d/system-password" />
       <check distro="*" command="CheckMatchingLines" regex="^ENCRYPT_METHOD\s+SHA512" path="/etc/login.defs" />
     </audit>
@@ -1236,7 +1236,7 @@ Modify user parameters for all users with a password set to match:
 ```
 # chage --inactive 30 
 ```"
-	    ruleId="91fbaeac-f5d0-4ac9-aa1b-52215aef1ed8">
+      ruleId="91fbaeac-f5d0-4ac9-aa1b-52215aef1ed8">
       <check distro="*" command="CheckShadowDate" key="2" expect="before" value="now" path="/etc/shadow" />
     </audit>
 
@@ -1358,12 +1358,12 @@ zypper remove rsh
       impact="SMB v1 has well-known, serious vulnerabilities and does not encrypt data in transit. If it must be used for business reasons, it is strongly recommended that additional steps be taken to mitigate the risks inherent to this protocol."
       remediation="If Samba is not running, remove package, otherwise there should be a line in the [global] section of /etc/samba/smb.conf: min protocol = SMB2 or run '/opt/microsoft/omsagent/plugin/omsremediate -r set-smb-min-version"
       ruleId="7624efb0-3026-4c72-8920-48d5be78a50e">
-      <check 
-        distro="*" 
-        command="CheckMatchingLinesSection" 
-        regex="\s*min protocol\s+=\s+SMB2" 
-        expect="^\s*\[global\]" 
-        path="/etc/samba/smb.conf" 
+      <check
+        distro="*"
+        command="CheckMatchingLinesSection"
+        regex="\s*min protocol\s+=\s+SMB2"
+        expect="^\s*\[global\]"
+        path="/etc/samba/smb.conf"
         key="^\s*\[.+\]">
         <dependency type="ServiceStatus">samba|running</dependency>
       </check>
 
@@ -1,18 +1,18 @@
 <baseline BaselineId="SSH.Linux.1" BaseOrigId="1">
-	<audits>
+  <audits>
     <audit
       description="Ensure permissions on /etc/ssh/sshd_config are configured."
       msid="5.2.1"
       impact="The `/etc/ssh/sshd_config` file needs to be protected from unauthorized changes by non-privileged users."
       remediation="Set the owner and group of /etc/ssh/sshd_config to root and set the permissions to 0600  or run '/opt/microsoft/omsagent/plugin/omsremediate -r sshd-config-file-permissions'"
       ruleId="43119747-263c-2c92-4ce5-726e63259049">
-      <check 
-        distro="*" 
-        command="CheckFileStatsIfExists" 
-        path="/etc/ssh/sshd_config" 
-        owner="root" 
-        group="root" 
-        mode="600" 
+      <check
+        distro="*"
+        command="CheckFileStatsIfExists"
+        path="/etc/ssh/sshd_config"
+        owner="root"
+        group="root"
+        mode="600"
         allow-stricter="true"/>
     </audit> 
     <audit
@@ -53,8 +53,8 @@
         LogLevel INFO
         ```"
         ruleId="31f1a912-1b98-42fd-8381-1e8d1033bfd1">
-        <check 
-          distro="*" 
+        <check
+          distro="*"
           command="CheckMatchingConfigValue"
           regex="(?i)^loglevel[[:space:]]+info$"
           exec-command="sshcheck" />
@@ -70,8 +70,8 @@
         MaxAuthTries 6
         ```"
         ruleId="e7708534-5d98-406f-83ae-1de835b2906e">
-        <check 
-          distro="*" 
+        <check
+          distro="*"
           command="CheckMatchingConfigValue"
           regex="(?i)^maxauthtries[[:space:]]+[0-6]$"
           exec-command="sshcheck" />>
@@ -91,8 +91,8 @@
         DenyGroups 
         ```"
         ruleId="dc8da71d-aeba-4c03-8835-36fe158e372a">
-        <check 
-          distro="*" 
+        <check
+          distro="*"
           command="CheckMatchingConfigValue"
           regex="(?i)^(allowusers|allowgroups|denyusers|denygroups)[[:space:]]+[[:ascii:]]"
           exec-command="sshcheck" />
@@ -133,8 +133,8 @@
         impact="An attacker could brute force the root password, or hide their command history by logging in directly as root"
         remediation="Run the command '/usr/local/bin/azsecd remediate -r disable-ssh-root-login'. This will add the line 'PermitRootLogin no' to the file '/etc/ssh/sshd_config'"
         ruleId="16511f6b-f690-43df-9654-642260699eec">
-        <check 
-          distro="*" 
+        <check
+          distro="*"
           command="CheckMatchingConfigValue"
           regex="(?i)^permitrootlogin[[:space:]]+no$"
           exec-command="sshcheck"/>
@@ -160,13 +160,13 @@
       remediation="Edit the /etc/ssh/sshd_config file to set the parameters according to the policy"
       ruleId="fd9f1554-6b72-8610-826e-78578e6f7811">
       <check 
-        distro="*" 
+        distro="*"
         command="CheckMatchingConfigValue"
         regex="(?i)^clientaliveinterval[[:space:]]+([1-9][0-9]*)$"
         exec-command="sshcheck"/>
-      <check 
-        distro="*" 
-        command="CheckMatchingConfigValue" 
+      <check
+        distro="*"
+        command="CheckMatchingConfigValue"
         regex="(?i)^clientalivecountmax[[:space:]]+(0|1)$"
         exec-command="sshcheck" />
     </audit>
@@ -176,8 +176,8 @@
       impact="Setting the `LoginGraceTime` parameter to a low number will minimize the risk of successful brute force attacks to the SSH server. It will also limit the number of concurrent unauthenticated connections While the recommended setting is 60 seconds (1 Minute), set the number based on site policy."
       remediation="Edit the /etc/ssh/sshd_config file to set the parameters according to the policy  or run '/opt/microsoft/omsagent/plugin/omsremediate -r configure-login-grace-time'"
       ruleId="39aa5c2b-5b36-84a7-4022-570a53c86ff9">
-      <check 
-        distro="*" 
+      <check
+        distro="*"
         command="CheckMatchingConfigValue"
         regex="(?i)^logingracetime[[:space:]]+(60|[0-5][0-9])$"
         exec-command="sshcheck" />
@@ -202,8 +202,8 @@
         impact="Users will not be warned that their actions on the system are monitored"
         remediation="Run the command '/usr/local/bin/azsecd remediate -r configure-ssh-banner'. This will add the line 'Banner /etc/azsec/banner.txt' to the file '/etc/ssh/sshd_config'"
         ruleId="9e240540-5e0a-4b60-beb2-57421c65a0b9">
-        <check 
-          distro="*" 
+        <check
+          distro="*"
           command="CheckMatchingConfigValue"
           regex="(?i)^banner[[:space:]]+[^none$]"
           exec-command="sshcheck"/>
@@ -230,8 +230,8 @@
         impact="An attacker could compromise a weakly secured SSH connection"
         remediation="Run the command '/usr/local/bin/azsecd remediate -r configure-ssh-ciphers'. This will add the line 'Ciphers aes128-ctr,aes192-ctr,aes256-ctr' to the file '/etc/ssh/sshd_config'"
         ruleId="b07d4c69-a1d9-4c22-a486-634ec3b8c380">
-        <check 
-          distro="*" 
+        <check
+          distro="*"
           command="CheckMatchingConfigValue"
           regex="(?i)^ciphers[[:space:]]+((\baes128-ctr\b|\baes256-ctr\b|\baes192-ctr\b)(?:,?))+?$"
           exec-command="sshcheck"/>
 
@@ -102,7 +102,7 @@ SHLIB_EXT: 'so'
 /opt/microsoft/omsconfig/module_packages/nxOMSContainers_1.0.zip; release/nxOMSContainers_1.0.zip; 755; ${{RUN_AS_USER}}; root
 /opt/microsoft/omsconfig/module_packages/nxOMSCustomLog_1.0.zip; release/nxOMSCustomLog_1.0.zip; 755; ${{RUN_AS_USER}}; root
 /opt/microsoft/omsconfig/module_packages/nxOMSGenerateInventoryMof_1.5.zip; release/nxOMSGenerateInventoryMof_1.5.zip; 755; ${{RUN_AS_USER}}; root
-/opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.73.zip; release/nxOMSPlugin_3.73.zip; 755; ${{RUN_AS_USER}}; root
+/opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.74.zip; release/nxOMSPlugin_3.74.zip; 755; ${{RUN_AS_USER}}; root
 /opt/microsoft/omsconfig/module_packages/nxOMSWLI_1.46.zip; release/nxOMSWLI_1.46.zip; 755; ${{RUN_AS_USER}}; root
 #endif
 
@@ -418,7 +418,7 @@ if [ "$pythonVersion" = "python3" ]; then
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSContainers_1.0.zip 0"
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSCustomLog_1.0.zip 0"
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSGenerateInventoryMof_1.5.zip 0"
-	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.73.zip 0"
+	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.74.zip 0"
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSWLI_1.46.zip 0"
 else
   echo "Running python2 python version is ", $pythonVersion
@@ -428,7 +428,7 @@ else
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSContainers_1.0.zip 0"
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSCustomLog_1.0.zip 0"
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSGenerateInventoryMof_1.5.zip 0"
-	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.73.zip 0"
+	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.74.zip 0"
 	su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSWLI_1.46.zip 0"
 #endif