Merge branch 'dev_cis_monterey' of https://github.com/usnistgov/macos_security into dev_cis_monterey

2026-03-04 17:23:16 +00:00 · 2021-12-29 15:37:44 -05:00
parent 5124874f9c 6450e89ad0
commit 68da1d2d23
3 changed files with 104 additions and 2 deletions
--- a/rules/cis_lvl1.txt
+++ b/rules/cis_lvl1.txt
@@ -6,8 +6,6 @@ Recommendation #	Title
 	Desktop & Screen Saver
 2.3.3	Audit Lock Screen and Start Screen Saver Tools
 	Sharing
-2.4.4	Ensure Printer Sharing Is Disabled
-2.4.6	Ensure DVD or CD Sharing Is Disabled
 2.4.9	Ensure Remote Management Is Disabled
 	Security & Privacy
 	Encryption
--- a/rules/sysprefs/sysprefs_cd_dvd_sharing_disable.yaml
+++ b/rules/sysprefs/sysprefs_cd_dvd_sharing_disable.yaml
@@ -0,0 +1,52 @@
+id: sysprefs_cd_dvd_sharing_disable
+title: "Disable CD/DVD Sharing"
+discussion: |
+  CD/DVD Sharing _MUST_ be disabled. 
+check: |
+  /usr/bin/pgrep -q ODSAgent; /bin/echo $?
+result:
+  integer: 1
+fix: |
+  [source,bash]
+  ----
+  /bin/launchctl unload /System/Library/LaunchDaemons/com.apple.ODSAgent.plist
+  ----
+references:
+  cce:
+    - N/A
+  cci: 
+    - N/A
+  800-53r5:
+    - CM-7
+    - CM-7(1)
+  800-53r4: 
+    - CM-7
+    - CM-7(1)
+  srg:
+    - N/A
+  disa_stig: 
+    - N/A
+  800-171r2:
+    - N/A
+  cis:
+    benchmark: 
+      - 2.4.6 (level 1)
+    v8:
+      - 4.1
+      - 4.8
+macOS:
+  - "12.0"
+tags:
+  - 800-53r5_low
+  - 800-53r5_moderate
+  - 800-53r5_high
+  - 800-53r4_low
+  - 800-53r4_moderate
+  - 800-53r4_high
+  - cnssi-1253
+  - cis_lvl1
+  - cis_lvl2
+  - cisv8
+mobileconfig: false
+mobileconfig_info:
+
--- a/rules/sysprefs/sysprefs_printer_sharing_disable.yaml
+++ b/rules/sysprefs/sysprefs_printer_sharing_disable.yaml
@@ -0,0 +1,52 @@
+id: sysprefs_printer_sharing_disable
+title: "Disable Printer Sharing"
+discussion: |
+  Printer Sharing _MUST_ be disabled. 
+check: |
+  /usr/sbin/cupsctl | /usr/bin/grep -c "_share_printers=0"
+result:
+  boolean: 1
+fix: |
+  [source,bash]
+  ----
+  /usr/sbin/cupsctl --no-share-printers
+  /usr/bin/lpstat -p | awk '{print $2}'| /usr/bin/xargs -I{} lpadmin -p {} -o printer-is-shared=false
+  ----
+references:
+  cce:
+    - N/A
+  cci: 
+    - N/A
+  800-53r5:
+    - CM-7
+    - CM-7(1)
+  800-53r4: 
+    - CM-7
+    - CM-7(1)
+  srg:
+    - N/A
+  disa_stig: 
+    - N/A
+  800-171r2:
+    - N/A
+  cis:
+    benchmark: 
+      - 2.4.4 (level 1)
+    v8:
+      - 4.1
+      - 4.8
+macOS:
+  - "12.0"
+tags:
+  - 800-53r5_low
+  - 800-53r5_moderate
+  - 800-53r5_high
+  - 800-53r4_low
+  - 800-53r4_moderate
+  - 800-53r4_high
+  - cis_lvl1
+  - cis_lvl2
+  - cisv8
+mobileconfig: false
+mobileconfig_info:
+