Module/Rule.DnsServerSetting/Convert/DnsServerSettingRule.Convert.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
using module .\..\..\Common\Common.psm1
using module .\..\DnsServerSettingRule.psm1

$exclude = @($MyInvocation.MyCommand.Name,'Template.*.txt')
$supportFileList = Get-ChildItem -Path $PSScriptRoot -Exclude $exclude
foreach ($supportFile in $supportFileList)
{
    Write-Verbose "Loading $($supportFile.FullName)"
    . $supportFile.FullName
}
# Header

<#
    .SYNOPSIS
        Convert the contents of an xccdf check-content element into an Dns Server
        Setting object
    .DESCRIPTION
        The DnsServerSettingRuleConvert class is used to extract the Dns Server settings
        from the check-content of the xccdf. Once a STIG rule is identified as a
        DNS server setting, it is passed to the DnsServerSettingRuleConvert class for
        parsing and validation.
 
#>

class DnsServerSettingRuleConvert : DnsServerSettingRule
{
    <#
        .SYNOPSIS
            Empty constructor for SplitFactory
    #>

    DnsServerSettingRuleConvert ()
    {
    }

    <#
        .SYNOPSIS
            Converts a xccdf stig rule element into a Dns Server Setting Rule
        .PARAMETER XccdfRule
            The STIG rule to convert
    #>

    DnsServerSettingRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true)
    {
        $this.SetDnsServerPropertyName()
        $this.SetDnsServerPropertyValue()
        $this.SetDuplicateRule()
        if ($this.IsExistingRule($global:stigSettings))
        {
            $newId = Get-AvailableId -Id $this.Id
            $this.set_id($newId)
        }

        $this.SetDscResource()
    }

    #region Methods

    <#
        .SYNOPSIS
            Extracts the DNS server setting name from the check-content and sets
            the value
        .DESCRIPTION
            Gets the DNS server setting name from the xccdf content and sets the
            value. If the DNS server setting that is returned is not a valid name,
            the parser status is set to fail.
    #>

    [void] SetDnsServerPropertyName ()
    {
        $thisDnsServerSettingPropertyName = Get-DnsServerSettingProperty -CheckContent $this.SplitCheckContent

        if (-not $this.SetStatus($thisDnsServerSettingPropertyName))
        {
            $this.set_PropertyName($thisDnsServerSettingPropertyName)
        }
    }

    <#
        .SYNOPSIS
            Extracts the DNS server setting value from the check-content and
            sets the value
        .DESCRIPTION
            Gets the DNS server setting value from the xccdf content and sets
            the value. If the DNS server setting that is returned is not a valid
            property, the parser status is set to fail.
    #>

    [void] SetDnsServerPropertyValue ()
    {
        $thisDnsServerSettingPropertyValue = Get-DnsServerSettingPropertyValue -CheckContent $this.SplitCheckContent

        if (-not $this.SetStatus($thisDnsServerSettingPropertyValue))
        {
            $this.set_PropertyValue($thisDnsServerSettingPropertyValue)
        }
    }

    hidden [void] SetDscResource ()
    {
        if ($null -eq $this.DuplicateOf)
        {
            $this.DscResource = 'xDnsServerSetting'
        }
        else
        {
            $this.DscResource = 'None'
        }
    }

    static [bool] Match ([string] $CheckContent)
    {
        if
        (
            $CheckContent -Match 'dnsmgmt\.msc' -and
            $CheckContent -NotMatch 'Forward Lookup Zones' -and
            $CheckContent -Notmatch 'Logs\\Microsoft' -and
            $CheckContent -NotMatch 'Verify the \"root hints\"'
        )
        {
            return $true
        }
        return $false
    }

    #endregion
}