usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-18 14:42:12 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

check changed to be less than or equal to

Browse Source
This commit is contained in:
Bob Gendler
2022-04-20 21:15:45 -04:00
parent c23c0c5aa0
commit 89e6b244db
2 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
rules/sysprefs/sysprefs_screensaver_ask_for_password_delay_enforce.yaml
View File

@@ -6,11 +6,18 @@ discussion: |
An unattended system with an excessive grace period is vulnerable to a malicious user.
check: |
/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.screensaver')\
.objectForKey('askForPasswordDelay').js
function run() {
let delay = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.screensaver')\
.objectForKey('askForPasswordDelay'))
if ( delay <= 5 ) {
return("true")
} else {
return("false")
}
}
EOS
result:
integer: 5
string: "true"
fix: |
This is implemented by a Configuration Profile.
references:

13
rules/sysprefs/sysprefs_screensaver_timeout_enforce.yaml
View File

@@ -6,11 +6,18 @@ discussion: |
This rule ensures that a full session lock is triggered within no more than 20 minutes of inactivity.
check: |
/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.screensaver')\
.objectForKey('idleTime').js
function run() {
let timeout = ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('com.apple.screensaver')\
.objectForKey('idleTime'))
if ( timeout <= 1200 ) {
return("true")
} else {
return("false")
}
}
EOS
result:
integer: 1200
string: "true"
fix: |
This is implemented by a Configuration Profile.
references: