checks updated to jxa checks

rules/os/os_erase_content_and_settings_disable.yaml

@@ -3,9 +3,12 @@ title: "Disable Erase Content and Settings"
 discussion:   
   Erase Content and Settings _MUST_ be disabled.
 check: |
-  /usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'allowEraseContentAndSettings = 0'
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.applicationaccess')\
+  .objectForKey('allowEraseContentAndSettings').js
+  EOS
 result:
-  integer: 1
+  string: "false"
 fix: |
   This is implemented by a Configuration Profile.
 references:

rules/os/os_skip_screen_time_prompt_enable.yaml

@@ -3,9 +3,12 @@ title: "Disable Screen Time Prompt During Setup Assistant"
 discussion:   
   The prompt for Screen Time setup during Setup Assistant _MUST_ be disabled. 
 check: |
-  /usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'SkipScreenTime = 1'
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.SetupAssistant.managed')\
+  .objectForKey('SkipScreenTime').js
+  EOS
 result:
-  integer: 1
+  string: "true"
 fix: |
   This is implemented by a Configuration Profile.
 references:

rules/pwpolicy/pwpolicy_account_lockout_enforce_five.yaml

@@ -5,9 +5,12 @@ discussion: |
 
   This rule protects against malicious users attempting to gain access to the system via brute-force hacking methods. 
 check: |
-  /usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'maxFailedAttempts = 5' 
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.mobiledevice.passwordpolicy')\
+  .objectForKey('maxFailedAttempts').js
+  EOS
 result:
-  integer: 1
+  integer: 5
 fix: |
   This is implemented by a Configuration Profile.
 references:

rules/pwpolicy/pwpolicy_history_enforce_fifteen.yaml

@@ -6,8 +6,11 @@ discussion: |
   This rule ensures that users are  not allowed to re-use a password that was used in any of the fifteen previous password generations. 
 
   Limiting password reuse protects against malicious users attempting to gain access to the system via brute-force hacking methods.
-check: | 
-  /usr/bin/profiles -P -o stdout | /usr/bin/awk '/pinHistory/{sub(/;.*/,"");print $3}'
+check: |
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.mobiledevice.passwordpolicy')\
+  .objectForKey('pinHistory').js
+  EOS
 result:
   integer: 15
 fix: |

rules/sysprefs/sysprefs_bluetooth_menu_enable.yaml

@@ -3,9 +3,12 @@ title: "Enable Bluetooth Menu"
 discussion: |
   The bluetooth menu _MUST_ be enabled.
 check: |
-  /usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'Bluetooth = 18'
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.controlcenter')\
+  .objectForKey('Bluetooth').js
+  EOS
 result:
-  integer: 1
+  integer: 18
 fix: |
   This is implemented by a Configuration Profile.
 references:

rules/sysprefs/sysprefs_install_macos_updates_enforce.yaml

@@ -3,9 +3,12 @@ title: "Enforce macOS Updates are Automatically Installed"
 discussion: |
   Software Update _MUST_ be configured to enforce automatic installation of macOS updates is enabled.
 check: |
-  /usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'AutomaticallyInstallMacOSUpdates = 1'
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.SoftwareUpdate')\
+  .objectForKey('AutomaticallyInstallMacOSUpdates').js
+  EOS
 result:
-  integer: 1
+  string: "true"
 fix: |
   This is implemented by a Configuration Profile.
 references:

rules/sysprefs/sysprefs_loginwindow_loginwindowtext_enable.yaml

@@ -3,9 +3,12 @@ title: "Configure Login Window to Show A Custom Message"
 discussion: |
   The login window _MUST_ be configured to show a custom access warning message. 
 check: |
-  /usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'LoginwindowText'
-result: 
-  integer: 1
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.loginwindow')\
+  .objectForKey('LoginwindowText').js
+  EOS
+result:
+  string: "Approved message goes here"
 fix: |
   This is implemented by a Configuration Profile.
 references:

rules/sysprefs/sysprefs_software_update_app_update_enforce.yaml

@@ -3,9 +3,12 @@ title: "Enforce Software Update App Update Updates Automatically"
 discussion: |
   Software Update _MUST_ be configured to enforce automatic updates of App Updates is enabled.
 check: |
-  /usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'AutomaticallyInstallAppUpdates = 1'
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.SoftwareUpdate')\
+  .objectForKey('AutomaticallyInstallAppUpdates').js
+  EOS
 result:
-  integer: 1
+  string: "true"
 fix: |
   This is implemented by a Configuration Profile.
 references:

rules/sysprefs/sysprefs_software_update_download_enforce.yaml

@@ -3,9 +3,12 @@ title: "Enforce Software Update Downloads Updates Automatically"
 discussion: |
   Software Update _MUST_ be configured to enforce automatic downloads of updates is enabled.
 check: |
-  /usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'AutomaticDownload = 1'
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.mobiledevice.SoftwareUpdate')\
+  .objectForKey('AutomaticDownload').js
+  EOS
 result:
-  integer: 1
+  string: "true"
 fix: |
   This is implemented by a Configuration Profile.
 references:

rules/sysprefs/sysprefs_wifi_menu_enable.yaml

@@ -3,9 +3,12 @@ title: "Enable Wifi Menu"
 discussion: |
   The WiFi menu _MUST_ be enabled.
 check: |
-  /usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'WiFi = 18'
+  /usr/bin/osascript -l JavaScript << EOS
+  $.NSUserDefaults.alloc.initWithSuiteName('com.apple.controlcenter')\
+  .objectForKey('WiFi').js
+  EOS
 result:
-  integer: 1
+  integer: 18
 fix: |
   This is implemented by a Configuration Profile.
 references: