Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Config File Support #161

Open
3 of 9 tasks
adhilto opened this issue Jan 25, 2024 · 0 comments
Open
3 of 9 tasks

Add Config File Support #161

adhilto opened this issue Jan 25, 2024 · 0 comments
Labels
enhancement epic A high-level objective issue encompassing multiple issues instead of a specific unit of work
Milestone
Driftwood

Comments

@adhilto
Copy link
Collaborator

adhilto commented Jan 25, 2024
edited
Loading

💡 Summary

Add the capability to specify ScubaGoggles parameters via a config file.

Motivation and context

There are some additional parameters that would be useful to add support for via a config file:

  • Custom DKIM selectors. GWS, unlike M365, allows you to specify custom DKIM selectors. If an agency uses a custom selector, ScubaGoggles will produce false positives for the DKIM checks, as the API does not currently allow you to determine what the selectors are.
  • Top-level OU. In most cases, ScubaGoggles is able to correctly determine the top-level OU, but there are certain edge cases where it can't. It would be useful to allow the users to specify the top-level OU name to cover cases where we can't figure it out.
  • "break glass" account names. For common controls, we assert that there should be between 2 and 4 super admin accounts, but note that exceptions are allowed for break class accounts. Unless we allow the users a way to specify the names of the break glass accounts, ScubaGoggles is actually unable to make this exception.
  • Groups/OUs allowed to have Sites enabled. The baseline says exceptions can be made on a per-group and per-OU basis, but currently the ScubaGoggles test fails if any OU/group is non-compliant.

There are likely other useful features we could add, but those are the ones that immediately come to mind.

Implementation notes

I recommend mirroring the syntax used on ScubaGear: https://github.com/cisagov/ScubaGear/tree/main/PowerShell/ScubaGear/Sample-Config-Files

Acceptance criteria
@buidav buidav added this to the Backlog milestone Feb 20, 2024
@snarve snarve modified the milestones: Backlog, Coast Mar 19, 2024
@adhilto adhilto mentioned this issue May 30, 2024
Open
1 task
@adhilto adhilto modified the milestones: Coast, Backlog Jun 18, 2024
@adhilto adhilto added the epic A high-level objective issue encompassing multiple issues instead of a specific unit of work label Aug 15, 2024
This was referenced Aug 15, 2024
Open
Open
Open
Open
Open
@adhilto adhilto modified the milestones: Backlog, Driftwood Sep 12, 2024
@adhilto adhilto mentioned this issue Sep 12, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement epic A high-level objective issue encompassing multiple issues instead of a specific unit of work
Projects
None yet
Milestone
Driftwood
Development

No branches or pull requests
3 participants
@buidav @adhilto @snarve