Hi,
in fact my feature request goes much deeper - so it’s not only for the GUI, but for the whole product.
I’d like to request another way the configurations are managed.
At the moment, it’s only possible to import/export the whole configuration. This is right if you want to format your hard drive and therefore make a backup of all your settings to reimport them, after setting up your system. And even in this case you’ll have to install all applications into the same place in order to get it working as you want.
If you backup your configuration, update CIS and restore your configuration, all new default preferences will be overwritten by your old configuration. This may be wanted in some cases - but in others this can lower the security - for example if there were new entries in protected files or keys list…
So I’d like to change the configuration management completely:
-
differ between default rules and custom rules, so for example, if I add an entry to the protected files list in a default category, let CIS remember, that it’s a personal setting and has nothing to do with the default set. So, if there is an update, only the default rules will be updated and the personal rules stay. This will be tricky if I modify or delete default rules - I’d like that CIS would remember that there was a default rule which did “xyz” and I changed it - so it should stay with my changed rule.
=> This would improve the updates of CIS a lot, since a user won’t have to check for any changes in the default rules anymore. You simply export your configuration, do the update and reimport your configuration and benefit of the new default policies but don’t loose your customizations. -
allow users to export/import the rules for one application or a set of applications only
-
make the rules independet from the files path
=> This would enable the users to share their policies for applications / products
(since CIS knows about the difference of custom rules and default rules by my previous request, this shouldn’t be so hard anymore. Just add all modified global custom rules (protected files/keys) to the application policy)
I know, this isn’t possible with the way, CIS stores its rules for now. But since there are heavy performance issues with storing of rules at the moment (if there are lot’s of them), the system should be changed soon.
Regards, Mike