From 0eea7ff1e4e656ba7888ba202a295c19b68bb3fb Mon Sep 17 00:00:00 2001 From: mahlmanj Date: Thu, 5 Sep 2024 12:24:46 -0400 Subject: [PATCH] Spelling fixes, added note in system_settings_siri_settings_disable --- rules/os/os_application_sandboxing.yaml | 2 +- rules/os/os_mobile_file_integrity_enable.yaml | 2 +- rules/system_settings/system_settings_rae_disable.yaml | 2 +- .../system_settings_siri_settings_disable.yaml | 2 ++ rules/system_settings/system_settings_ssh_disable.yaml | 2 +- scripts/generate_guidance.py | 4 ++-- scripts/generate_scap.py | 2 +- 7 files changed, 9 insertions(+), 7 deletions(-) diff --git a/rules/os/os_application_sandboxing.yaml b/rules/os/os_application_sandboxing.yaml index 614c3045..c233722b 100644 --- a/rules/os/os_application_sandboxing.yaml +++ b/rules/os/os_application_sandboxing.yaml @@ -1,5 +1,5 @@ id: os_application_sandboxing -title: Ensure Seperate Execution Domain for Processes +title: Ensure Separate Execution Domain for Processes discussion: | The inherent configuration of the macOS _IS_ in compliance as Apple has implemented multiple features Mandatory access controls (MAC), System Integrity Protection (SIP), and application sandboxing. diff --git a/rules/os/os_mobile_file_integrity_enable.yaml b/rules/os/os_mobile_file_integrity_enable.yaml index 80a2b9ff..94a22eb2 100644 --- a/rules/os/os_mobile_file_integrity_enable.yaml +++ b/rules/os/os_mobile_file_integrity_enable.yaml @@ -1,6 +1,6 @@ id: os_mobile_file_integrity_enable title: Enable Apple Mobile File Integrity -discussion: Mobile file integrity _MUST_ be ebabled. +discussion: Mobile file integrity _MUST_ be enabled. check: | /usr/sbin/nvram -p | /usr/bin/grep -c "amfi_get_out_of_my_way=1" result: diff --git a/rules/system_settings/system_settings_rae_disable.yaml b/rules/system_settings/system_settings_rae_disable.yaml index a2ce68c7..58b4a286 100644 --- a/rules/system_settings/system_settings_rae_disable.yaml +++ b/rules/system_settings/system_settings_rae_disable.yaml @@ -14,7 +14,7 @@ fix: | /usr/sbin/systemsetup -setremoteappleevents off /bin/launchctl disable system/com.apple.AEServer ---- - NOTE: Systemsetup with -setremoteappleevents flag will fail unless you grant Full Disk Access to systemsetup or it's parent process. Requires supervision. + NOTE: Systemsetup with -setremoteappleevents flag will fail unless you grant Full Disk Access to systemsetup or its parent process. Requires supervision. references: cce: - N/A diff --git a/rules/system_settings/system_settings_siri_settings_disable.yaml b/rules/system_settings/system_settings_siri_settings_disable.yaml index 7cc3408a..f6e0d3b7 100644 --- a/rules/system_settings/system_settings_siri_settings_disable.yaml +++ b/rules/system_settings/system_settings_siri_settings_disable.yaml @@ -4,6 +4,8 @@ discussion: | The System Settings pane for Siri _MUST_ be hidden. Hiding the System Settings pane prevents the users from configuring Siri. + + NOTE: Disabling the Siri System Settings pane blocks the user from opting into Apple Intelligence. check: | /usr/bin/profiles show -output stdout-xml | /usr/bin/xmllint --xpath '//key[text()="DisabledSystemSettings"]/following-sibling::*[1]' - | /usr/bin/grep -c com.apple.Siri-Settings.extension result: diff --git a/rules/system_settings/system_settings_ssh_disable.yaml b/rules/system_settings/system_settings_ssh_disable.yaml index db7f2716..d3203c8c 100644 --- a/rules/system_settings/system_settings_ssh_disable.yaml +++ b/rules/system_settings/system_settings_ssh_disable.yaml @@ -12,7 +12,7 @@ fix: | /usr/sbin/systemsetup -f -setremotelogin off >/dev/null /bin/launchctl disable system/com.openssh.sshd ---- - NOTE: Systemsetup with -setremotelogin flag will fail unless you grant Full Disk Access to systemsetup or it's parent process. Requires supervision. + NOTE: Systemsetup with -setremotelogin flag will fail unless you grant Full Disk Access to systemsetup or its parent process. Requires supervision. references: cce: - N/A diff --git a/scripts/generate_guidance.py b/scripts/generate_guidance.py index bb81f6dc..928cdeaf 100755 --- a/scripts/generate_guidance.py +++ b/scripts/generate_guidance.py @@ -1710,7 +1710,7 @@ def generate_xls(baseline_name, build_path, baseline_yaml): sheet1.write(0, 14, "CIS v8", headers) sheet1.write(0, 15, "CMMC", headers) sheet1.write(0, 16, "CCI", headers) - sheet1.write(0, 17, "Modifed Rule", headers) + sheet1.write(0, 17, "Modified Rule", headers) sheet1.write(0, 18, "Severity", headers) sheet1.set_panes_frozen(True) sheet1.set_horz_split_pos(1) @@ -2199,7 +2199,7 @@ def main(): themes = glob.glob("../custom/templates/*theme*.yml") if len(themes) > 1: print( - "Found muliple custom themes in directory, only one can exist, using default" + "Found multiple custom themes in directory, only one can exist, using default" ) elif len(themes) == 1: print(f"Found custom PDF theme: {themes[0]}") diff --git a/scripts/generate_scap.py b/scripts/generate_scap.py index e86d0c75..8035febb 100755 --- a/scripts/generate_scap.py +++ b/scripts/generate_scap.py @@ -368,7 +368,7 @@ def generate_scap(all_rules, all_baselines, args): severity = "unknown" check_rule = str() - if "inherent" in rule_yaml['tags'] or "n_a" in rule_yaml['tags'] or "permenant" in rule_yaml['tags']: + if "inherent" in rule_yaml['tags'] or "n_a" in rule_yaml['tags'] or "permanent" in rule_yaml['tags']: check_rule = ''' '''