From 63a0ac8a3dc0628f2bd28d8c3de7149da9837cdc Mon Sep 17 00:00:00 2001
From: Allen Golbig <allen.golbig@jamf.com>
Date: Tue, 28 Dec 2021 08:50:09 -0500
Subject: [PATCH] additional cis controls

---
 includes/supported_payloads.yaml              |  1 +
 rules/cis_lvl1.txt                            |  2 -
 rules/cis_lvl2.txt                            |  1 -
 .../os_terminal_secure_keyboard_enable.yaml   | 40 ++++++++++++++++++
 .../sysprefs_computer_name_audit.yaml         | 42 +++++++++++++++++++
 .../sysprefs_wake_network_access_disable.yaml | 41 ++++++++++++++++++
 6 files changed, 124 insertions(+), 3 deletions(-)
 create mode 100644 rules/os/os_terminal_secure_keyboard_enable.yaml
 create mode 100644 rules/sysprefs/sysprefs_computer_name_audit.yaml
 create mode 100644 rules/sysprefs/sysprefs_wake_network_access_disable.yaml

diff --git a/includes/supported_payloads.yaml b/includes/supported_payloads.yaml
index bb265e50..b951471b 100644
--- a/includes/supported_payloads.yaml
+++ b/includes/supported_payloads.yaml
@@ -22,6 +22,7 @@ payloads_types:
   - com.apple.SubmitDiagInfo
   - com.apple.SystemConfiguration
   - com.apple.TCC.configuration-profile-policy
+  - com.apple.Terminal
   - com.apple.TextEdit
   - com.apple.TimeMachine
   - com.apple.airplay
diff --git a/rules/cis_lvl1.txt b/rules/cis_lvl1.txt
index 0f1b5e8f..1630ee0a 100644
--- a/rules/cis_lvl1.txt
+++ b/rules/cis_lvl1.txt
@@ -16,8 +16,6 @@ Recommendation #	Title
 2.5.1.3	Ensure all user storage CoreStorage volumes are encrypted
 	Time Machine
 2.7.2	Ensure Time Machine Volumes Are Encrypted
-2.8	Ensure Wake for Network Access Is Disabled
-2.10	Ensure Secure Keyboard Entry terminal.app is Enabled
 2.11	Ensure EFI Version Is Valid and Checked Regularly
 2.12	Audit Automatic Actions for Optical Media
 2.13	Audit Siri Settings
diff --git a/rules/cis_lvl2.txt b/rules/cis_lvl2.txt
index 5d2ebd3f..894d7ae2 100644
--- a/rules/cis_lvl2.txt
+++ b/rules/cis_lvl2.txt
@@ -1,5 +1,4 @@
 Recommendation #	Title
-1.7	Audit Computer Name
 2.3.2	Ensure Screen Saver Corners Are Secure
 	Security & Privacy
 2.5.4	Audit Location Services Access
diff --git a/rules/os/os_terminal_secure_keyboard_enable.yaml b/rules/os/os_terminal_secure_keyboard_enable.yaml
new file mode 100644
index 00000000..d7b8d21a
--- /dev/null
+++ b/rules/os/os_terminal_secure_keyboard_enable.yaml
@@ -0,0 +1,40 @@
+id: os_terminal_secure_keyboard_enable
+title: "Ensure Secure Keyboard Entry Terminal.app is Enabled"
+discussion: |
+  Secure keyboard entry _MUST_ be enabled in Terminal.app. 
+check: |
+  /usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'SecureKeyboardEntry = 1'
+result:
+  integer: 1
+fix: |
+  This is implemented by a Configuration Profile.
+references:
+  cce:
+    - N/A
+  800-53r5:
+    - N/A
+  800-53r4:
+    - N/A
+  disa_stig:
+    - N/A
+  srg:
+    - N/A
+  cci: 
+    - N/A    
+  800-171r2:
+    - N/A
+  cis_lvl1:
+    - 2.10
+  cis_lvl2:
+    - N/A
+  cisv8:
+    - 4.8
+macOS:
+  - "12.0"
+tags:
+  - cis_lvl1
+  - cisv8
+mobileconfig: true
+mobileconfig_info:
+  com.apple.Terminal:
+    SecureKeyboardEntry: false
diff --git a/rules/sysprefs/sysprefs_computer_name_audit.yaml b/rules/sysprefs/sysprefs_computer_name_audit.yaml
new file mode 100644
index 00000000..9f0431fb
--- /dev/null
+++ b/rules/sysprefs/sysprefs_computer_name_audit.yaml
@@ -0,0 +1,42 @@
+id: sysprefs_computer_name_audit
+title: "Audit Computer Name"
+discussion: |
+  The organization _MUST_ audit a systems computer name.
+check: |
+  /usr/sbin/scutil --get ComputerName
+result: 
+  string: "an organizations approved computer name."
+fix: |
+  Set the computer name back to an approved naming convention.
+
+  [source,bash]
+  ----
+  /usr/sbin/scutil --set ComputerName <approved_scheme>
+  ----
+references:
+  cce:
+    - N/A
+  cci: 
+    - N/A
+  800-53r5:
+    - N/A
+  800-53r4: 
+    - N/A
+  disa_stig: 
+    - N/A
+  srg:
+    - N/A
+  cis_lvl1:
+    - N/A
+  cis lvl2:
+    - 1.7
+  cisv8: 
+    - 1.1
+macOS:
+  - "12.0"
+tags:
+  - cis_lvl2
+  - cisv8
+  - manual
+mobileconfig: false
+mobileconfig_info:
\ No newline at end of file
diff --git a/rules/sysprefs/sysprefs_wake_network_access_disable.yaml b/rules/sysprefs/sysprefs_wake_network_access_disable.yaml
new file mode 100644
index 00000000..dea09e37
--- /dev/null
+++ b/rules/sysprefs/sysprefs_wake_network_access_disable.yaml
@@ -0,0 +1,41 @@
+id: sysprefs_wake_network_access_disable
+title: "Ensure Wake for Network Access Is Disabled"
+discussion: |
+  Wake for network access _MUST_ be disabled.
+check: |
+  /usr/bin/pmset -g custom | /usr/bin/awk '/womp/{print $2}'
+result:
+  integer: 0
+fix: |
+  [source,bash]
+  ----
+  /usr/bin/pmset -a womp 0
+  ----
+references:
+  cce:
+    - N/A
+  800-53r5:
+    - N/A
+  800-53r4:
+    - N/A
+  disa_stig:
+    - N/A
+  srg:
+    - N/A
+  cci:
+    - N/A    
+  800-171r2:
+    - N/A
+  cis_lvl1:
+    - 2.8
+  cis_lvl2:
+    - N/A
+  cisv8:
+    - 4.8
+macOS:
+  - "12.0"
+tags:
+  - cis_lvl1
+  - cisv8
+mobileconfig: false
+mobileconfig_info:
\ No newline at end of file