Giters

hubblestack / hubble

Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Win_firewall.py module is giving error though it is not in use in profile YAML file on Windows2008R2 minions

sam0104 opened this issue · comments

commented

salt 'ws' hubble.audit OS_Win : Executing audit only for Windows minions where I have 3 Windows minions ( 2008, 2012 and 2016 ) but below error is only on windows 2008R2 server only

error only on Window 2008 R2 minions only

Error

ti-qa-ws2008r2.lab04.local:
----------
Compliance:
53%
Errors:
|_
----------
\modules\win_firewall.py:
----------
data:
KeyError: 'Name'
error:
exception occurred

In OS_Win.YAML file we are not checking anything related to Windows firewall still during scan it is looking for some firewall scan results.

The only option to supress this error is remove the win_firewall.py module file from hubblestack_nova/modules/

It seems win_firewall.py is executing as mandatory module and trying to get data even if we do not have any windows firewall configurations or not checking anything related to firewall on Windows servers.

commented

This is a side effect of how nova modules are executed. All nova modules are executed in order, and given all the profiles. They filter only the data they care about, execute, and return the results. Looks like there's a bug in that filtering that's bubbling up this error despite not actually having any win_firewall data to process.

Could you run that job on the minion side with salt-call? salt-call.bat hubble.audit OS_Win -ldebug would give us the debug logs, which will have the complete stacktrace which will help track down this issue if we can't reproduce.

@madchills Can you look into this when you get a chance?

commented

Here is the salt-call debug logs from Windows 2008R2 minion

PS C:\salt> salt-call.bat hubble.audit OS_Win -ldebug  | out-file -filepath c:\out.txt
[DEBUG   ] Reading configuration from c:\salt\conf\minion
[DEBUG   ] Including configuration from 'c:\salt\conf\minion.d\_schedule.conf'
[DEBUG   ] Reading configuration from c:\salt\conf\minion.d\_schedule.conf
[DEBUG   ] Configuration file path: c:\salt\conf\minion
[WARNING ] Insecure logging configuration detected! Sensitive data may be logged.
[DEBUG   ] Reading configuration from c:\salt\conf\minion
[DEBUG   ] Including configuration from 'c:\salt\conf\minion.d\_schedule.conf'
[DEBUG   ] Reading configuration from c:\salt\conf\minion.d\_schedule.conf
[DEBUG   ] Connecting to master. Attempt 1 (infinite attempts)
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', 'ti-qa-ws2008r2.lab04.local', 'tcp://10.100.25
2.114:4506')
[DEBUG   ] Generated random reconnect delay between '1000ms' and '11000ms' (9549)
[DEBUG   ] Setting zmq_reconnect_ivl to '9549ms'
[DEBUG   ] Setting zmq_reconnect_ivl_max to '11000ms'
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', 'ti-qa-ws2008r2.lab04.local', 'tcp
://10.100.252.114:4506', 'clear')
[DEBUG   ] Decrypting the current master AES key
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[DEBUG   ] SaltEvent PUB socket URI: 4510
[DEBUG   ] SaltEvent PULL socket URI: 4511
[DEBUG   ] Initializing new IPCClient for path: 4511
[DEBUG   ] Sending event: tag = salt/auth/creds; data = {'_stamp': '2018-03-16T13:39:22.501000', 'creds': {'publish_port
': 4505, 'aes': 'l+F5mLcZ0D6yRA65rHmrb18ixq7ndGkHxhDHbpzYrw0az3Rb1IHK+z2egZGy7+EvHcnzE8aphw0=', 'master_uri': 'tcp://10.
100.252.114:4506'}, 'key': ('c:\\salt\\conf\\pki\\minion', 'ti-qa-ws2008r2.lab04.local', 'tcp://10.100.252.114:4506')}
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[DEBUG   ] Determining pillar cache
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', 'ti-qa-ws2008r2.lab04.local', 'tcp
://10.100.252.114:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', 'ti-qa-ws2008r2.lab04.local', 'tcp://10.100.25
2.114:4506')
[DEBUG   ] Loaded minion key: c:\salt\conf\pki\minion\minion.pem
[DEBUG   ] LazyLoaded jinja.render
[DEBUG   ] LazyLoaded yaml.render
[DEBUG   ] LazyLoaded hubble.audit
[DEBUG   ] LazyLoaded config.get
[DEBUG   ] syncing nova modules
[DEBUG   ] LazyLoaded cp.cache_dir
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', 'ti-qa-ws2008r2.lab04.local', 'tcp
://10.100.252.114:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', 'ti-qa-ws2008r2.lab04.local', 'tcp://10.100.25
2.114:4506')
[INFO    ] Caching directory 'hubblestack_nova/' for environment 'base'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/README.rst' to resolve 'salt://hubblestack_nova/READ
ME.rst'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\README.r
st' to resolve 'salt://hubblestack_nova/README.rst'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/audit.sls' to resolve 'salt://hubblestack_nova/audit
.sls'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\audit.sl
s' to resolve 'salt://hubblestack_nova/audit.sls'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/centos-6-level-1-scored-v1.yaml' to resolve 'sal
t://hubblestack_nova/cis/centos-6-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\cent
os-6-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/centos-6-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/centos-7-level-1-scored-v1.yaml' to resolve 'sal
t://hubblestack_nova/cis/centos-7-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\cent
os-7-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/centos-7-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/centos-7-level-1-scored-v2.yaml' to resolve 'sal
t://hubblestack_nova/cis/centos-7-level-1-scored-v2.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\cent
os-7-level-1-scored-v2.yaml' to resolve 'salt://hubblestack_nova/cis/centos-7-level-1-scored-v2.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/debian-8-level-1-scored-v1.yaml' to resolve 'sal
t://hubblestack_nova/cis/debian-8-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\debi
an-8-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/debian-8-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/fedora-24-level-1-scored-v2-1-0.yaml' to resolve
 'salt://hubblestack_nova/cis/fedora-24-level-1-scored-v2-1-0.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\fedo
ra-24-level-1-scored-v2-1-0.yaml' to resolve 'salt://hubblestack_nova/cis/fedora-24-level-1-scored-v2-1-0.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/fedora-25-level-1-scored-v2-1-0.yaml' to resolve
 'salt://hubblestack_nova/cis/fedora-25-level-1-scored-v2-1-0.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\fedo
ra-25-level-1-scored-v2-1-0.yaml' to resolve 'salt://hubblestack_nova/cis/fedora-25-level-1-scored-v2-1-0.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/centos-7/common/cis-1.yaml' to resolve
 'salt://hubblestack_nova/cis/overrides/centos-7/common/cis-1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\centos-7\common\cis-1.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/centos-7/common/cis-1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/centos-7/common/cis-5.yaml' to resolve
 'salt://hubblestack_nova/cis/overrides/centos-7/common/cis-5.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\centos-7\common\cis-5.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/centos-7/common/cis-5.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/fedora-24/common/cis-1.yaml' to resolv
e 'salt://hubblestack_nova/cis/overrides/fedora-24/common/cis-1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\fedora-24\common\cis-1.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/fedora-24/common/cis-1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/fedora-24/common/cis-5.yaml' to resolv
e 'salt://hubblestack_nova/cis/overrides/fedora-24/common/cis-5.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\fedora-24\common\cis-5.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/fedora-24/common/cis-5.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/fedora-25/common/cis-1.yaml' to resolv
e 'salt://hubblestack_nova/cis/overrides/fedora-25/common/cis-1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\fedora-25\common\cis-1.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/fedora-25/common/cis-1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/fedora-25/common/cis-5.yaml' to resolv
e 'salt://hubblestack_nova/cis/overrides/fedora-25/common/cis-5.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\fedora-25\common\cis-5.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/fedora-25/common/cis-5.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-10.yaml' to res
olve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-10.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1404\common\cis-10.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-10.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-2.yaml' to reso
lve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-2.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1404\common\cis-2.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-2.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-4.yaml' to reso
lve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-4.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1404\common\cis-4.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-4.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-6.yaml' to reso
lve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-6.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1404\common\cis-6.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-6.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-9.yaml' to reso
lve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-9.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1404\common\cis-9.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/common/cis-9.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-10.yaml' to resolve
 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-10.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1404\os\cis-10.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-10.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-7.yaml' to resolve
'salt://hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-7.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1404\os\cis-7.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/os/cis-7.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1404/tw/cis-7.yaml' to resolve
'salt://hubblestack_nova/cis/overrides/ubuntu-1404/tw/cis-7.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1404\tw\cis-7.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1404/tw/cis-7.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-10.yaml' to res
olve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-10.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1604\common\cis-10.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-10.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-2.yaml' to reso
lve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-2.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1604\common\cis-2.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-2.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-4.yaml' to reso
lve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-4.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1604\common\cis-4.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-4.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-6.yaml' to reso
lve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-6.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1604\common\cis-6.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-6.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-9.yaml' to reso
lve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-9.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1604\common\cis-9.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/common/cis-9.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-10.yaml' to resolve
 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-10.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1604\os\cis-10.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-10.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-7.yaml' to resolve
'salt://hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-7.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\over
rides\ubuntu-1604\os\cis-7.yaml' to resolve 'salt://hubblestack_nova/cis/overrides/ubuntu-1604/os/cis-7.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/rhels-6-level-1-scored-v1.yaml' to resolve 'salt
://hubblestack_nova/cis/rhels-6-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\rhel
s-6-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/rhels-6-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/rhels-7-level-1-scored-v1.yaml' to resolve 'salt
://hubblestack_nova/cis/rhels-7-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\rhel
s-7-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/rhels-7-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/rhelw-7-level-1-scored-v1.yaml' to resolve 'salt
://hubblestack_nova/cis/rhelw-7-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\rhel
w-7-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/rhelw-7-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/ubuntu-1404-level-1-scored-v1.yaml' to resolve '
salt://hubblestack_nova/cis/ubuntu-1404-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\ubun
tu-1404-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/ubuntu-1404-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/ubuntu-1604-level-1-scored-v1.yaml' to resolve '
salt://hubblestack_nova/cis/ubuntu-1604-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\ubun
tu-1604-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/ubuntu-1604-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/windows-2008r2-level-1-scored-v1.yaml' to resolv
e 'salt://hubblestack_nova/cis/windows-2008r2-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\wind
ows-2008r2-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/windows-2008r2-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cis/windows-2012r2-level-1-scored-v1.yaml' to resolv
e 'salt://hubblestack_nova/cis/windows-2012r2-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cis\wind
ows-2012r2-level-1-scored-v1.yaml' to resolve 'salt://hubblestack_nova/cis/windows-2012r2-level-1-scored-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cve/scan-v1.yaml' to resolve 'salt://hubblestack_nov
a/cve/scan-v1.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cve\scan
-v1.yaml' to resolve 'salt://hubblestack_nova/cve/scan-v1.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cve/scan-v2-salt.yaml' to resolve 'salt://hubblestac
k_nova/cve/scan-v2-salt.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cve\scan
-v2-salt.yaml' to resolve 'salt://hubblestack_nova/cve/scan-v2-salt.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/cve/scan-v2.yaml' to resolve 'salt://hubblestack_nov
a/cve/scan-v2.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\cve\scan
-v2.yaml' to resolve 'salt://hubblestack_nova/cve/scan-v2.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/firewall/ssh.yaml' to resolve 'salt://hubblestack_no
va/firewall/ssh.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\firewall
\ssh.yaml' to resolve 'salt://hubblestack_nova/firewall/ssh.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/generate-yaml.sls' to resolve 'salt://hubblestack_no
va/generate-yaml.sls'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\generate
-yaml.sls' to resolve 'salt://hubblestack_nova/generate-yaml.sls'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/http_proxy/verify.yaml' to resolve 'salt://hubblesta
ck_nova/http_proxy/verify.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\http_pro
xy\verify.yaml' to resolve 'salt://hubblestack_nova/http_proxy/verify.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/map.jinja' to resolve 'salt://hubblestack_nova/map.j
inja'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\map.jinj
a' to resolve 'salt://hubblestack_nova/map.jinja'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/command.py' to resolve 'salt://hubblestack_n
ova/modules/command.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
command.py' to resolve 'salt://hubblestack_nova/modules/command.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/cve_scan.py' to resolve 'salt://hubblestack_
nova/modules/cve_scan.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
cve_scan.py' to resolve 'salt://hubblestack_nova/modules/cve_scan.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/cve_scan_v2.py' to resolve 'salt://hubblesta
ck_nova/modules/cve_scan_v2.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
cve_scan_v2.py' to resolve 'salt://hubblestack_nova/modules/cve_scan_v2.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/firewall.py' to resolve 'salt://hubblestack_
nova/modules/firewall.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
firewall.py' to resolve 'salt://hubblestack_nova/modules/firewall.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/grep.py' to resolve 'salt://hubblestack_nova
/modules/grep.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
grep.py' to resolve 'salt://hubblestack_nova/modules/grep.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/misc.py' to resolve 'salt://hubblestack_nova
/modules/misc.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
misc.py' to resolve 'salt://hubblestack_nova/modules/misc.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/mount.py' to resolve 'salt://hubblestack_nov
a/modules/mount.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
mount.py' to resolve 'salt://hubblestack_nova/modules/mount.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/netstat.py' to resolve 'salt://hubblestack_n
ova/modules/netstat.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
netstat.py' to resolve 'salt://hubblestack_nova/modules/netstat.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/openssl.py' to resolve 'salt://hubblestack_n
ova/modules/openssl.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
openssl.py' to resolve 'salt://hubblestack_nova/modules/openssl.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/pkg.py' to resolve 'salt://hubblestack_nova/
modules/pkg.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
pkg.py' to resolve 'salt://hubblestack_nova/modules/pkg.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/pkgng_audit.py' to resolve 'salt://hubblesta
ck_nova/modules/pkgng_audit.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
pkgng_audit.py' to resolve 'salt://hubblestack_nova/modules/pkgng_audit.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/service.py' to resolve 'salt://hubblestack_n
ova/modules/service.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
service.py' to resolve 'salt://hubblestack_nova/modules/service.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/stat_nova.py' to resolve 'salt://hubblestack
_nova/modules/stat_nova.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
stat_nova.py' to resolve 'salt://hubblestack_nova/modules/stat_nova.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/sysctl.py' to resolve 'salt://hubblestack_no
va/modules/sysctl.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
sysctl.py' to resolve 'salt://hubblestack_nova/modules/sysctl.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/systemctl.py' to resolve 'salt://hubblestack
_nova/modules/systemctl.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
systemctl.py' to resolve 'salt://hubblestack_nova/modules/systemctl.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/vulners_scanner.py' to resolve 'salt://hubbl
estack_nova/modules/vulners_scanner.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
vulners_scanner.py' to resolve 'salt://hubblestack_nova/modules/vulners_scanner.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/win_auditpol.py' to resolve 'salt://hubblest
ack_nova/modules/win_auditpol.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
win_auditpol.py' to resolve 'salt://hubblestack_nova/modules/win_auditpol.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/win_firewall.py' to resolve 'salt://hubblest
ack_nova/modules/win_firewall.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
win_firewall.py' to resolve 'salt://hubblestack_nova/modules/win_firewall.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/win_gp.py' to resolve 'salt://hubblestack_no
va/modules/win_gp.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
win_gp.py' to resolve 'salt://hubblestack_nova/modules/win_gp.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/win_pkg.py' to resolve 'salt://hubblestack_n
ova/modules/win_pkg.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
win_pkg.py' to resolve 'salt://hubblestack_nova/modules/win_pkg.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/win_reg.py' to resolve 'salt://hubblestack_n
ova/modules/win_reg.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
win_reg.py' to resolve 'salt://hubblestack_nova/modules/win_reg.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/modules/win_secedit.py' to resolve 'salt://hubblesta
ck_nova/modules/win_secedit.py'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\
win_secedit.py' to resolve 'salt://hubblestack_nova/modules/win_secedit.py'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/network/smtp.yaml' to resolve 'salt://hubblestack_no
va/network/smtp.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\network\
smtp.yaml' to resolve 'salt://hubblestack_nova/network/smtp.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/network/ssh.yaml' to resolve 'salt://hubblestack_nov
a/network/ssh.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\network\
ssh.yaml' to resolve 'salt://hubblestack_nova/network/ssh.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/samples/sample_cis.yaml' to resolve 'salt://hubblest
ack_nova/samples/sample_cis.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\samples\
sample_cis.yaml' to resolve 'salt://hubblestack_nova/samples/sample_cis.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/samples/sample_command.yaml' to resolve 'salt://hubb
lestack_nova/samples/sample_command.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\samples\
sample_command.yaml' to resolve 'salt://hubblestack_nova/samples/sample_command.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/samples/sample_control.yaml' to resolve 'salt://hubb
lestack_nova/samples/sample_control.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\samples\
sample_control.yaml' to resolve 'salt://hubblestack_nova/samples/sample_control.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/samples/sample_firewall.yaml' to resolve 'salt://hub
blestack_nova/samples/sample_firewall.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\samples\
sample_firewall.yaml' to resolve 'salt://hubblestack_nova/samples/sample_firewall.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/samples/sample_openssl.yaml' to resolve 'salt://hubb
lestack_nova/samples/sample_openssl.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\samples\
sample_openssl.yaml' to resolve 'salt://hubblestack_nova/samples/sample_openssl.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/stig/rhel-6-mac-1-classified.yaml' to resolve 'salt:
//hubblestack_nova/stig/rhel-6-mac-1-classified.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\stig\rhe
l-6-mac-1-classified.yaml' to resolve 'salt://hubblestack_nova/stig/rhel-6-mac-1-classified.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova/test.sls' to resolve 'salt://hubblestack_nova/test.s
ls'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\test.sls
' to resolve 'salt://hubblestack_nova/test.sls'
[INFO    ] Caching directory 'hubblestack_nova_profiles/' for environment 'base'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/DB_HANA.yaml' to resolve 'salt://hubblestac
k_nova_profiles/DB_HANA.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova_profiles
\DB_HANA.yaml' to resolve 'salt://hubblestack_nova_profiles/DB_HANA.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/OS_Linux.yaml' to resolve 'salt://hubblesta
ck_nova_profiles/OS_Linux.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova_profiles
\OS_Linux.yaml' to resolve 'salt://hubblestack_nova_profiles/OS_Linux.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/OS_Linux.yaml.bkp' to resolve 'salt://hubbl
estack_nova_profiles/OS_Linux.yaml.bkp'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova_profiles
\OS_Linux.yaml.bkp' to resolve 'salt://hubblestack_nova_profiles/OS_Linux.yaml.bkp'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/OS_Win.yaml' to resolve 'salt://hubblestack
_nova_profiles/OS_Win.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova_profiles
\OS_Win.yaml' to resolve 'salt://hubblestack_nova_profiles/OS_Win.yaml'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/top.nova' to resolve 'salt://hubblestack_no
va_profiles/top.nova'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova_profiles
\top.nova' to resolve 'salt://hubblestack_nova_profiles/top.nova'
[DEBUG   ] In saltenv 'base', looking at rel_path 'hubblestack_nova_profiles/ubuntu-1404-level-1-scored-v1-0-0.yaml' to
resolve 'salt://hubblestack_nova_profiles/ubuntu-1404-level-1-scored-v1-0-0.yaml'
[DEBUG   ] In saltenv 'base', ** considering ** path 'c:\salt\var\cache\salt\minion\files\base\hubblestack_nova_profiles
\ubuntu-1404-level-1-scored-v1-0-0.yaml' to resolve 'salt://hubblestack_nova_profiles/ubuntu-1404-level-1-scored-v1-0-0.
yaml'
[DEBUG   ] loading nova modules
[DEBUG   ] Error loading nova.\modules\firewall.py: This audit module only runs on linux
[DEBUG   ] Error loading nova.\modules\pkg.py: This audit module only runs on linux
[DEBUG   ] LazyLoaded network.netstat
[DEBUG   ] Error loading nova.\modules\mount.py: This audit module only runs on linux
[DEBUG   ] Error loading nova.\modules\cve_scan.py: This module requires Linux and the oscap binary
[DEBUG   ] Error loading nova.\modules\pkgng_audit.py: This audit module only runs on FreeBSD
[DEBUG   ] Error loading nova.\modules\stat_nova.py: This audit module only runs on linux
[DEBUG   ] Error loading nova.\modules\grep.py: This audit module only runs on linux
[DEBUG   ] Error loading nova.\modules\systemctl.py: This audit module only runs on linux
[DEBUG   ] Error loading nova.\modules\service.py: This audit module only runs on linux
[DEBUG   ] Error loading nova.\modules\sysctl.py: This audit module only runs on linux
[DEBUG   ] Error loading nova.\modules\openssl.py: This audit module only runs on linux
[DEBUG   ] nova_kwargs: {'__pub_fun': 'hubble.audit', '__pub_jid': '20180316093923609000', '__pub_pid': 2972, '__pub_tgt
': 'salt-call'}
[DEBUG   ] LazyLoaded cmd.run
[INFO    ] Executing command 'Powershell -NonInteractive -NoProfile "Get-NetFirewallProfile -PolicyStore ActiveStore"' i
n directory 'C:\Users\Administrator'
[ERROR   ] Command 'Get-NetFirewallProfile -PolicyStore ActiveStore' failed with return code: 1
[ERROR   ] output: Get-NetFirewallProfile : The term 'Get-NetFirewallProfile' is not recognized as the name of a cmdlet,
 function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At line:1 char:1
+ Get-NetFirewallProfile -PolicyStore ActiveStore
+ ~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Get-NetFirewallProfile:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
[ERROR   ] Exception occurred in nova module:
[ERROR   ] Traceback (most recent call last):
  File "c:\salt\var\cache\salt\minion\extmods\modules\hubble.py", line 286, in _run_audit
    ret = func(data_list, tags, **kwargs)
  File "c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\win_firewall.py", line 34, in audit
    __firewalldata__ = _import_firewall()
  File "c:\salt\var\cache\salt\minion\files\base\hubblestack_nova\modules\win_firewall.py", line 178, in _import_firewal
l
    dict_return[temp_vals['Name']] = temp_vals
KeyError: 'Name'

[INFO    ] Executing command 'secedit /export /cfg C:\ProgramData\c5144112-22f2-4a47-b266-5aeb2af91fa5.inf' in directory
 'C:\Users\Administrator'
[DEBUG   ] output:
The task has completed successfully.
See log %windir%\security\logs\scesrv.log for detail info.
[DEBUG   ] LazyLoaded file.remove
[INFO    ] Executing command 'Powershell -NonInteractive -NoProfile "Get-WmiObject win32_useraccount -Filter \"localacco
unt='True'\" | Format-List -Property Name, SID"' in directory 'C:\Users\Administrator'
[DEBUG   ] output:

Name : Administrator
SID  : S-1-5-21-1563021118-1354106726-2436465028-500

Name : Guest
SID  : S-1-5-21-1563021118-1354106726-2436465028-501
[INFO    ] Executing command 'Powershell -NonInteractive -NoProfile "Get-WmiObject win32_group -Filter \"localaccount='T
rue'\" | Format-List -Property Name, SID"' in directory 'C:\Users\Administrator'
[DEBUG   ] output:

Name : Administrators
SID  : S-1-5-32-544

Name : Backup Operators
SID  : S-1-5-32-551

Name : Certificate Service DCOM Access
SID  : S-1-5-32-574

Name : Cryptographic Operators
SID  : S-1-5-32-569

Name : Distributed COM Users
SID  : S-1-5-32-562

Name : Event Log Readers
SID  : S-1-5-32-573

Name : Guests
SID  : S-1-5-32-546

Name : IIS_IUSRS
SID  : S-1-5-32-568

Name : Network Configuration Operators
SID  : S-1-5-32-556

Name : Performance Log Users
SID  : S-1-5-32-559

Name : Performance Monitor Users
SID  : S-1-5-32-558

Name : Power Users
SID  : S-1-5-32-547

Name : Print Operators
SID  : S-1-5-32-550

Name : Remote Desktop Users
SID  : S-1-5-32-555

Name : Replicator
SID  : S-1-5-32-552

Name : Users
SID  : S-1-5-32-545

Name : WinRMRemoteWMIUsers__
SID  : S-1-5-21-1563021118-1354106726-2436465028-1000
[DEBUG   ] error translating evaluator from enabled/disabled or success/failure.  Could have received incorrect string
[DEBUG   ] LazyLoaded pkg.list_pkgs
[DEBUG   ] Using existing pkg metadata db for saltenv 'base' (age is 0:11:33.888885)
[DEBUG   ] LazyLoaded reg.list_keys
[INFO    ] Executing command 'reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s|findstr /i /C:"Lim
eWire" /C:"p2p" /C:"eMule" /C:"KaZaA" /C:"Zultrax" /C:"Shareaza" /C:"Morpheus" /C:"MLNET" /C:"KiwiAlpha" /C:"Spyware" /C
:"KCeasy" /C:"iMesh" /C:"GNUCLEUS" /C:"gift.exe" /C:"aMule.exe" /C:"eDonkey" /C:"Malware/p2p" /C:"dc++.exe" /C:"Bittorre
nt" /C:"BCDC++" /C:"Ares" /C:"warez.exe" /C:"abc.exe" /C:"Azureus.exe" /C:"Vuze" /C:"BitComet" /C:"BITTORNADO.exe" /C:"b
itlord.exe" /C:"burst.exe" /C:"utorrent.exe" /C:"qtorrent.exe" /C:"tribler.exe" /C:"DCPlusPlus.exe" /C:"ApexDC++.exe" /C
:"STRONGDC.EXE" /C:"hydranode.exe" /C:"Jubster.exe" /C:"Pruna" /C:"grokster.exe" /C:"entropy.exe" /C:"Acquisition" /C:"b
earshare.exe" /C:"Cabos.exe" /C:"gnucleus.exe" /C:"Grokster.exe" /C:"FrostWire.exe" /C:"xolox.exe" /C:"swapper.exe" /C:"
Phex.exe" /C:"Piolet.exe" /C:"Blubster.exe" /C:"Napigator.exe" /C:"Overnet.exe" /C:"TVUPlayer.exe" /C:"tvprunner.exe" /C
:"coolstreaming.exe" /C:"ctv.exe" /C:"Tvants.exe" /C:"PPlive" /C:"Peercast" /C:"IceShare"' in directory 'C:\Users\Admini
strator'
[ERROR   ] Command 'reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s|findstr /i /C:"LimeWire" /C:
"p2p" /C:"eMule" /C:"KaZaA" /C:"Zultrax" /C:"Shareaza" /C:"Morpheus" /C:"MLNET" /C:"KiwiAlpha" /C:"Spyware" /C:"KCeasy"
/C:"iMesh" /C:"GNUCLEUS" /C:"gift.exe" /C:"aMule.exe" /C:"eDonkey" /C:"Malware/p2p" /C:"dc++.exe" /C:"Bittorrent" /C:"BC
DC++" /C:"Ares" /C:"warez.exe" /C:"abc.exe" /C:"Azureus.exe" /C:"Vuze" /C:"BitComet" /C:"BITTORNADO.exe" /C:"bitlord.exe
" /C:"burst.exe" /C:"utorrent.exe" /C:"qtorrent.exe" /C:"tribler.exe" /C:"DCPlusPlus.exe" /C:"ApexDC++.exe" /C:"STRONGDC
.EXE" /C:"hydranode.exe" /C:"Jubster.exe" /C:"Pruna" /C:"grokster.exe" /C:"entropy.exe" /C:"Acquisition" /C:"bearshare.e
xe" /C:"Cabos.exe" /C:"gnucleus.exe" /C:"Grokster.exe" /C:"FrostWire.exe" /C:"xolox.exe" /C:"swapper.exe" /C:"Phex.exe"
/C:"Piolet.exe" /C:"Blubster.exe" /C:"Napigator.exe" /C:"Overnet.exe" /C:"TVUPlayer.exe" /C:"tvprunner.exe" /C:"coolstre
aming.exe" /C:"ctv.exe" /C:"Tvants.exe" /C:"PPlive" /C:"Peercast" /C:"IceShare"' failed with return code: 1
[ERROR   ] output:
[INFO    ] Executing command 'wmic product where name="VMware Tools" get version' in directory 'C:\Users\Administrator'
[DEBUG   ] output: Version
9.4.12.2627939
[INFO    ] Executing command 'wmic partition get Name, bootpartition|find /i /C "disk #0"' in directory 'C:\Users\Admini
strator'
[DEBUG   ] output: 2
[INFO    ] Executing command 'sc query "EMSS Agent" | findstr /C:"STATE"' in directory 'C:\Users\Administrator'
[ERROR   ] Command 'sc query "EMSS Agent" | findstr /C:"STATE"' failed with return code: 1
[ERROR   ] output:
[INFO    ] Executing command 'powershell "Get-HotFix | Where { $_.Installedon -gt (Get-date).adddays(-30) }"' in directo
ry 'C:\Users\Administrator'
[DEBUG   ] output:
[INFO    ] Executing command 'wmic pagefile list /format:list|find "AllocatedBaseSize="' in directory 'C:\Users\Administ
rator'
[DEBUG   ] output: AllocatedBaseSize=8191
[INFO    ] Executing command 'wmic /node:localhost product get name,version,vendor,InstallLocation|find /i /v "C:"|finds
tr /i "[a-z]:"|find /c ""' in directory 'C:\Users\Administrator'
[ERROR   ] Command 'wmic /node:localhost product get name,version,vendor,InstallLocation|find /i /v "C:"|findstr /i "[a-
z]:"|find /c ""' failed with return code: 1
[ERROR   ] output: 0
[INFO    ] Executing command 'cscript %windir%\system32\slmgr.vbs  /dli|find "License Status:"' in directory 'C:\Users\A
dministrator'
[DEBUG   ] output: License Status: Licensed
[INFO    ] Executing command 'tzutil /g' in directory 'C:\Users\Administrator'
[DEBUG   ] output: Eastern Standard Time
[INFO    ] Executing command 'wmic /node:localhost /namespace:\\root\SecurtyCenter2 path AntiVirusProduct Get DisplayNam
e | findstr /V /B /C:displayName && echo Antivirus Installed' in directory 'C:\Users\Administrator'
[ERROR   ] Command 'wmic /node:localhost /namespace:\\root\SecurtyCenter2 path AntiVirusProduct Get DisplayName | findst
r /V /B /C:displayName && echo Antivirus Installed' failed with return code: 1
[ERROR   ] output: ERROR:
Description = Invalid namespace
[DEBUG   ] LazyLoaded system.get_domain_workgroup
[INFO    ] Executing command 'auditpol /get /category:* /r' in directory 'C:\Users\Administrator'
[DEBUG   ] output: Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
TI-QA-WS2008R2,System,Security System Extension,{0CCE9211-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,System Integrity,{0CCE9212-69AE-11D9-BED3-505054503030},Success and Failure,
TI-QA-WS2008R2,System,IPsec Driver,{0CCE9213-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Other System Events,{0CCE9214-69AE-11D9-BED3-505054503030},Success and Failure,
TI-QA-WS2008R2,System,Security State Change,{0CCE9210-69AE-11D9-BED3-505054503030},Success,
TI-QA-WS2008R2,System,Logon,{0CCE9215-69AE-11D9-BED3-505054503030},Success and Failure,
TI-QA-WS2008R2,System,Logoff,{0CCE9216-69AE-11D9-BED3-505054503030},Success,
TI-QA-WS2008R2,System,Account Lockout,{0CCE9217-69AE-11D9-BED3-505054503030},Success,
TI-QA-WS2008R2,System,IPsec Main Mode,{0CCE9218-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,IPsec Quick Mode,{0CCE9219-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,IPsec Extended Mode,{0CCE921A-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Special Logon,{0CCE921B-69AE-11D9-BED3-505054503030},Success,
TI-QA-WS2008R2,System,Other Logon/Logoff Events,{0CCE921C-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Network Policy Server,{0CCE9243-69AE-11D9-BED3-505054503030},Success and Failure,
TI-QA-WS2008R2,System,File System,{0CCE921D-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Registry,{0CCE921E-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Kernel Object,{0CCE921F-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,SAM,{0CCE9220-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Certification Services,{0CCE9221-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Application Generated,{0CCE9222-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Handle Manipulation,{0CCE9223-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,File Share,{0CCE9224-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Filtering Platform Packet Drop,{0CCE9225-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Filtering Platform Connection,{0CCE9226-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Other Object Access Events,{0CCE9227-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Detailed File Share,{0CCE9244-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Sensitive Privilege Use,{0CCE9228-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Non Sensitive Privilege Use,{0CCE9229-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Other Privilege Use Events,{0CCE922A-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Process Termination,{0CCE922C-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,DPAPI Activity,{0CCE922D-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,RPC Events,{0CCE922E-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Process Creation,{0CCE922B-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Audit Policy Change,{0CCE922F-69AE-11D9-BED3-505054503030},Success,
TI-QA-WS2008R2,System,Authentication Policy Change,{0CCE9230-69AE-11D9-BED3-505054503030},Success,
TI-QA-WS2008R2,System,Authorization Policy Change,{0CCE9231-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,MPSSVC Rule-Level Policy Change,{0CCE9232-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Filtering Platform Policy Change,{0CCE9233-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Other Policy Change Events,{0CCE9234-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,User Account Management,{0CCE9235-69AE-11D9-BED3-505054503030},Success,
TI-QA-WS2008R2,System,Computer Account Management,{0CCE9236-69AE-11D9-BED3-505054503030},Success,
TI-QA-WS2008R2,System,Security Group Management,{0CCE9237-69AE-11D9-BED3-505054503030},Success,
TI-QA-WS2008R2,System,Distribution Group Management,{0CCE9238-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Application Group Management,{0CCE9239-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Other Account Management Events,{0CCE923A-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Directory Service Changes,{0CCE923C-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Directory Service Replication,{0CCE923D-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Detailed Directory Service Replication,{0CCE923E-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Directory Service Access,{0CCE923B-69AE-11D9-BED3-505054503030},Success,
TI-QA-WS2008R2,System,Kerberos Service Ticket Operations,{0CCE9240-69AE-11D9-BED3-505054503030},Success,
TI-QA-WS2008R2,System,Other Account Logon Events,{0CCE9241-69AE-11D9-BED3-505054503030},No Auditing,
TI-QA-WS2008R2,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},Success,
TI-QA-WS2008R2,System,Credential Validation,{0CCE923F-69AE-11D9-BED3-505054503030},Success,
[DEBUG   ] Initializing new AsyncZeroMQReqChannel for ('c:\\salt\\conf\\pki\\minion', 'ti-qa-ws2008r2.lab04.local', 'tcp
://10.100.252.114:4506', 'aes')
[DEBUG   ] Initializing new AsyncAuth for ('c:\\salt\\conf\\pki\\minion', 'ti-qa-ws2008r2.lab04.local', 'tcp://10.100.25
2.114:4506')
[DEBUG   ] LazyLoaded nested.output
PS C:\salt>
commented

We are not using any Windows firewall related checks in OS_WIn.YAML file but salt still executing the below firewall command

**[INFO ] Executing command 'Powershell -NonInteractive -NoProfile "Get-NetFirewallProfile -PolicyStore ActiveStore"' i
n directory 'C:\Users\Administrator'
**[ERROR ] Command 'Get-NetFirewallProfile -PolicyStore ActiveStore' failed with return code: 1**
**[ERROR ] output: Get-NetFirewallProfile : The term 'Get-NetFirewallProfile' is not recognized as the name of a cmdlet,**
function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At line:1 char:1

Get-NetFirewallProfile -PolicyStore ActiveStore
  + CategoryInfo          : ObjectNotFound: (Get-NetFirewallProfile:String) [], CommandNotFoundException
  + FullyQualifiedErrorId : CommandNotFoundException**
commented

Odd. We will look into this.

commented

Is there any update on this bug ?

commented

I have @madchills on it, but I know he's been swamped with other stuff in the last week or so.

commented

Is there any update on this bug ? It is being long time there is no update.

commented

Thanks for the ping, this totally fell off my radar. @madchills is unavailable for a couple of weeks but I'm going to set myself a reminder to hit him up when he gets back so we can get this fixed.