usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-28 15:42:25 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

Merge branch 'dev_ventura_issue167' into dev_ventura

Browse Source
This commit is contained in:
Allen Golbig
2022-09-29 09:15:11 -04:00
parent e4ab4945ec b219680537
commit d334ce846a
9 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rules/os/os_httpd_disable.yaml
View File

@@ -5,7 +5,7 @@ discussion: |
NOTE: The built in web server service is disabled at startup by default macOS.
check: |
/bin/launchctl print-disabled system | /usr/bin/grep -c '"org.apache.httpd" => true'
/bin/launchctl print-disabled system | /usr/bin/grep -c '"org.apache.httpd" => disabled'
result:
integer: 1
fix: |

2
rules/os/os_nfsd_disable.yaml
View File

@@ -3,7 +3,7 @@ title: "Disable Network File System Service"
discussion: |
Support for Network File Systems (NFS) services is non-essential and, therefore, _MUST_ be disabled.
check: |
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.nfsd" => true'
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.nfsd" => disabled'
result:
integer: 1
fix: |

2
rules/os/os_tftpd_disable.yaml
View File

@@ -7,7 +7,7 @@ discussion: |
NOTE: TFTP service is disabled at startup by default macOS.
check: |
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.tftpd" => true'
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.tftpd" => disabled'
result:
integer: 1
fix: |

2
rules/os/os_uucp_disable.yaml
View File

@@ -7,7 +7,7 @@ discussion: |
NOTE: UUCP service is disabled at startup by default macOS.
check: |
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.uucp" => true'
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.uucp" => disabled'
result:
integer: 1
fix: |

2
rules/system_settings/system_settings_rae_disable.yaml
View File

@@ -5,7 +5,7 @@ discussion: |
The information system _MUST_ be configured to provide only essential capabilities. Disabling Remote Apple Events helps prevent the unauthorized connection of devices, the unauthorized transfer of information, and unauthorized tunneling.
check: |
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.AEServer" => true'
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.AEServer" => disabled'
result:
integer: 1
fix: |

2
rules/system_settings/system_settings_screen_sharing_disable.yaml
View File

@@ -5,7 +5,7 @@ discussion: |
The information system _MUST_ be configured to provide only essential capabilities. Disabling screen sharing and ARD helps prevent the unauthorized connection of devices, the unauthorized transfer of information, and unauthorized tunneling.
check: |
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.screensharing" => true'
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.screensharing" => disabled'
result:
integer: 1
fix: |

2
rules/system_settings/system_settings_smbd_disable.yaml
View File

@@ -5,7 +5,7 @@ discussion: |
The information system _MUST_ be configured to provide only essential capabilities.
check: |
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.smbd" => true'
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.smbd" => disabled'
result:
integer: 1
fix: |

2
rules/system_settings/system_settings_ssh_disable.yaml
View File

@@ -5,7 +5,7 @@ discussion: |
Remote access sessions _MUST_ use FIPS validated encrypted methods to protect unauthorized individuals from gaining access.
check: |
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.openssh.sshd" => true'
/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.openssh.sshd" => disabled'
result:
integer: 1
fix: |

2
scripts/generate_scap.py
View File

@@ -2750,7 +2750,7 @@ def generate_scap(all_rules, all_baselines, args):
continue
if "launchctl" in command[2] or "launchctl" in rule_yaml['fix']:
if "disable" in command[2] and "=> true" in rule_yaml['check'] or "unload -w" in rule_yaml['fix']:
if "disable" in command[2] and "=> true" in rule_yaml['check'] or "unload -w" in rule_yaml['fix'] or "disable" in command[2] and "=> disabled" in rule_yaml['check']:
oval_definition = oval_definition + '''
<definition id="oval:mscp:def:{}" version="1" class="compliance">
<metadata>