QSA requesting information for PCI assessment

This topic contains 1 reply, has 2 voices, and was last updated by  postanote 3 months, 1 week ago.

  • Author
    Posts
  • #93646

    Mossy
    Participant

    I am looking for some help in regards to a QSA who will be asking for server information such as:

    OS
    IP
    Current security patches
    NTP config
    FIM config
    Password Storage
    User listing
    Admin Privileges
    Password enforcement
    Authentication Config
    services/processes

    I have seen some scripts out there and some are very good. Anyone recommend one that can query these items? Anything would be great Thank you

  • #93655

    postanote
    Participant

    Everything you need to pull this type of info, you can do with PoSH, and the examples are in the PoSH bulit-in help files

    Here are just a few examples:

        # Get parameters, examples, full and Online help for a cmdlet or function
    
        (Get-Command -Name Get-Service).Parameters
        Get-help -Name Get-Service -Examples
        Get-help -Name Get-Service -Full
        Get-help -Name Get-Service -Online
    
    
        (Get-Command -Name Get-Process).Parameters
        Get-help -Name Get-Process -Examples
        Get-help -Name Get-Process -Full
        Get-help -Name Get-Process -Online
    

    Well, a simple search with your favorite search engine would turn up several samples of what you are after. Now, that is not to say it will be all in one place. So, you going to do several searches to turn up the sections and you then put them together.

    Literally, just do a serach for each of your points.

    'powershell to get OS version'
    'powershell to get NTP config'
    etc...

    Us folks on the forum are here help you over your code effort hurdles, not write it for you, that is what consultants are for. 8}

    There are many sites with pre-built code for varying needs, that you can download and tweak as needed.

    'powershellgallery.com'
    'technet.microsoft.com/en-us/scriptcenter/bb410849.aspx'

You must be logged in to reply to this topic.