基于安全技术信息指南 (STIG) 配置数据Configure data based on Security Technical Information Guide (STIG)

适用于:Windows PowerShell 5.1Applies To: Windows PowerShell 5.1

首次创建配置内容可能很困难。Creating configuration content for the first time can be challenging. 在许多情况下,目标是按照希望符合行业建议的“基线”自动配置服务器。In many cases, the goal is to automate configuration of servers following a "baseline" that hopefully aligns to an industry recommendation.

备注

本文引用了一个由开源社区维护的解决方案。This article refers to a solution that is maintained by the Open Source community. 支持仅以 GitHub 协作的形式提供,而不是由 Azure 提供。Support is only available in the form of GitHub collaboration, not from Azure.

社区项目:PowerSTIGCommunity project: PowerSTIG

名为 PowerSTIG 的社区项目旨在通过以下方式来解决此问题:基于提供的关于 STIG(安全技术实施指南)的公共信息生成 DSC 内容。A community project named PowerSTIG aims to resolve this issue by generating DSC content based on public information provided about STIG (Security Technical Implementation Guide),

处理基线比听起来要复杂得多。Dealing with baselines is more complicated than it sounds. 许多组织需要记录规则例外并大规模管理该数据。Many organizations need to document exceptions to rules and manage that data at scale. PowerSTIG 通过提供复合资源来处理配置的每个领域,而不是尝试在一个大文件中处理整个设置范围,从而解决了此问题。PowerSTIG addresses the problem by providing Composite Resources to address each area of the configuration rather than trying to address the entire range of settings in one large file.

生成配置后,可以使用 DSC 配置脚本生成 MOF 文件,并将 MOF 文件上传到 Azure 自动化Once the configurations have been generated, you can use the DSC Configuration scripts to generate MOF files and upload the MOF files to Azure Automation. 然后从本地在 Azure 中注册服务器以拉取配置。Then register your servers from either on-premises or in Azure to pull configurations.

若要试用 PowerSTIG,请访问 PowerShell 库并下载解决方案,或者单击“项目站点”以查看文档To try out PowerSTIG, visit the PowerShell Gallery and download the solution or click "Project Site" to view the documentation.

后续步骤Next steps