diff --git a/rules/os/os_httpd_disable.yaml b/rules/os/os_httpd_disable.yaml index 72f0bd73..34a5b900 100644 --- a/rules/os/os_httpd_disable.yaml +++ b/rules/os/os_httpd_disable.yaml @@ -5,7 +5,7 @@ discussion: | NOTE: The built in web server service is disabled at startup by default macOS. check: | - /bin/launchctl print-disabled system | /usr/bin/grep -c '"org.apache.httpd" => true' + /bin/launchctl print-disabled system | /usr/bin/grep -c '"org.apache.httpd" => disabled' result: integer: 1 fix: | diff --git a/rules/os/os_nfsd_disable.yaml b/rules/os/os_nfsd_disable.yaml index ebc21796..2a079d7e 100644 --- a/rules/os/os_nfsd_disable.yaml +++ b/rules/os/os_nfsd_disable.yaml @@ -3,7 +3,7 @@ title: "Disable Network File System Service" discussion: | Support for Network File Systems (NFS) services is non-essential and, therefore, _MUST_ be disabled. check: | - /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.nfsd" => true' + /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.nfsd" => disabled' result: integer: 1 fix: | diff --git a/rules/os/os_tftpd_disable.yaml b/rules/os/os_tftpd_disable.yaml index 5bfac844..bfff38b8 100644 --- a/rules/os/os_tftpd_disable.yaml +++ b/rules/os/os_tftpd_disable.yaml @@ -7,7 +7,7 @@ discussion: | NOTE: TFTP service is disabled at startup by default macOS. check: | - /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.tftpd" => true' + /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.tftpd" => disabled' result: integer: 1 fix: | diff --git a/rules/os/os_uucp_disable.yaml b/rules/os/os_uucp_disable.yaml index 420c626d..38214197 100644 --- a/rules/os/os_uucp_disable.yaml +++ b/rules/os/os_uucp_disable.yaml @@ -7,7 +7,7 @@ discussion: | NOTE: UUCP service is disabled at startup by default macOS. check: | - /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.uucp" => true' + /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.uucp" => disabled' result: integer: 1 fix: | diff --git a/rules/system_settings/system_settings_rae_disable.yaml b/rules/system_settings/system_settings_rae_disable.yaml index fa7fbf10..47c6696c 100644 --- a/rules/system_settings/system_settings_rae_disable.yaml +++ b/rules/system_settings/system_settings_rae_disable.yaml @@ -5,7 +5,7 @@ discussion: | The information system _MUST_ be configured to provide only essential capabilities. Disabling Remote Apple Events helps prevent the unauthorized connection of devices, the unauthorized transfer of information, and unauthorized tunneling. check: | - /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.AEServer" => true' + /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.AEServer" => disabled' result: integer: 1 fix: | diff --git a/rules/system_settings/system_settings_screen_sharing_disable.yaml b/rules/system_settings/system_settings_screen_sharing_disable.yaml index 1a7d8cad..20830271 100644 --- a/rules/system_settings/system_settings_screen_sharing_disable.yaml +++ b/rules/system_settings/system_settings_screen_sharing_disable.yaml @@ -5,7 +5,7 @@ discussion: | The information system _MUST_ be configured to provide only essential capabilities. Disabling screen sharing and ARD helps prevent the unauthorized connection of devices, the unauthorized transfer of information, and unauthorized tunneling. check: | - /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.screensharing" => true' + /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.screensharing" => disabled' result: integer: 1 fix: | diff --git a/rules/system_settings/system_settings_smbd_disable.yaml b/rules/system_settings/system_settings_smbd_disable.yaml index b22f2d69..1eb39809 100644 --- a/rules/system_settings/system_settings_smbd_disable.yaml +++ b/rules/system_settings/system_settings_smbd_disable.yaml @@ -5,7 +5,7 @@ discussion: | The information system _MUST_ be configured to provide only essential capabilities. check: | - /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.smbd" => true' + /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.apple.smbd" => disabled' result: integer: 1 fix: | diff --git a/rules/system_settings/system_settings_ssh_disable.yaml b/rules/system_settings/system_settings_ssh_disable.yaml index 0f66bf32..884c353f 100644 --- a/rules/system_settings/system_settings_ssh_disable.yaml +++ b/rules/system_settings/system_settings_ssh_disable.yaml @@ -5,7 +5,7 @@ discussion: | Remote access sessions _MUST_ use FIPS validated encrypted methods to protect unauthorized individuals from gaining access. check: | - /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.openssh.sshd" => true' + /bin/launchctl print-disabled system | /usr/bin/grep -c '"com.openssh.sshd" => disabled' result: integer: 1 fix: | diff --git a/scripts/generate_scap.py b/scripts/generate_scap.py index 4a51cd36..887d5bb3 100755 --- a/scripts/generate_scap.py +++ b/scripts/generate_scap.py @@ -2750,7 +2750,7 @@ def generate_scap(all_rules, all_baselines, args): continue if "launchctl" in command[2] or "launchctl" in rule_yaml['fix']: - if "disable" in command[2] and "=> true" in rule_yaml['check'] or "unload -w" in rule_yaml['fix']: + if "disable" in command[2] and "=> true" in rule_yaml['check'] or "unload -w" in rule_yaml['fix'] or "disable" in command[2] and "=> disabled" in rule_yaml['check']: oval_definition = oval_definition + '''