fixed links and fixed script

baselines/800-53_moderate.yaml

@@ -31,7 +31,6 @@ profile:
       - auth_smartcard_enforce
       - auth_smartcard_certificate_trust_enforce_moderate
       - auth_ssh_smartcard_enforce
-      - auth_smartcard_trusted_authorities_configure
   - section: "SystemPreferences"
     rules:
       - sysprefs_ad_tracking_disable
@@ -147,7 +146,6 @@ profile:
     rules:
       - os_implement_memory_protection
       - os_implement_cryptography
-      - os_implement_random_address_space
       - os_limit_auditable_events
       - os_logical_access
       - os_map_pki_identity
@@ -172,8 +170,6 @@ profile:
     rules:
       - audit_alert_processing_fail
       - audit_enforce_dual_auth
-      - os_enforce_login_attempt_delay
-      - os_limit_invalid_logons
       - os_notify_account_created
       - os_notify_account_disabled
       - os_notify_account_enable

rules/os/os_allow_info_passed.yaml

@@ -5,7 +5,7 @@ discussion: |
 
   The macOS is a UNIX 03-compliant operating system, which allows owners of object to have discretion over who should be authorized to access information.
 
-  link:https://developer.apple.com/library/archive/documentation/Security/Conceptual/AuthenticationAndAuthorizationGuide/Permissions/Permissions.html
+  link:https://developer.apple.com/library/archive/documentation/Security/Conceptual/AuthenticationAndAuthorizationGuide/Permissions/Permissions.html[]
 check: |
   The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
 fix: |

rules/os/os_change_security_attributes.yaml

@@ -5,7 +5,7 @@ discussion: |
   
   The macOS is a UNIX 03-compliant operating system, which allows administrators of the system to change security settings and system attributes, including those which are kept within preference panes that are locked for standard users. . 
 
-  link:https://support.apple.com/guide/mac-help/change-permissions-for-files-folders-or-disks-mchlp1203/mac
+  link:https://support.apple.com/guide/mac-help/change-permissions-for-files-folders-or-disks-mchlp1203/mac[]
 check: |
   The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
 fix: |

rules/os/os_crypto_audit.yaml

@@ -5,7 +5,7 @@ discussion: |
   
   The Apple T2 Security Chip includes a dedicated Advanced Encryption Standard (AES) crypto engine built into the direct memory access (DMA) path between the flash storage and main system memory, which powers line-speed encrypted storage with FileVault and makes internal volume highly efficient. 
   
-  link:https://www.apple.com/euro/mac/shared/docs/Apple_T2_Security_Chip_Overview.pdf
+  link:https://www.apple.com/euro/mac/shared/docs/Apple_T2_Security_Chip_Overview.pdf[]
   
   NOTE: This will only apply to a Mac that includes a T2 security chip. 
 check: |

rules/os/os_enforce_access_restrictions.yaml

@@ -5,7 +5,7 @@ discussion: |
   
   The inherent configuration of a macOS provides users with the ability to set their own permission settings to control who can view and alter files on the computer. 
 
-  link:https://support.apple.com/guide/mac-help/change-permissions-for-files-folders-or-disks-mchlp1203/mac
+  link:https://support.apple.com/guide/mac-help/change-permissions-for-files-folders-or-disks-mchlp1203/mac[]
 check: |
   The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
 fix: |

rules/os/os_fail_secure_state.yaml

@@ -7,7 +7,7 @@ discussion: |
 
   Apple File System (APFS) is the default file system for Mac computers using macOS 10.13 and all later versions. APFS includes native encryption, safe document saves, stable snapshots, and crash protection; these features ensure that the macOS fails to safe state. 
 
-  link:https://developer.apple.com/videos/play/wwdc2017/715/
+  link:https://developer.apple.com/videos/play/wwdc2017/715/[]
 check: |
   The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
 fix: |

rules/os/os_grant_privs.yaml

@@ -5,7 +5,7 @@ discussion: |
   
   The macOS is a UNIX 03-compliant operating system which allows administrators of the system to grant privileges to other users.
 
-  link:https://support.apple.com/guide/mac-help/set-up-other-users-on-your-mac-mtusr001/mac
+  link:https://support.apple.com/guide/mac-help/set-up-other-users-on-your-mac-mtusr001/mac[]
 check: |
   The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
 fix: |

rules/os/os_implement_cryptography.yaml

@@ -7,8 +7,8 @@ discussion: |
 
   macOS Catalina is in process of receiving FIPS validation from the National Institute of Standards and Technology (NIST).
 
-  link:https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Modules-In-Process/Modules-In-Process-List
-  link:https://support.apple.com/en-us/HT201159
+  link:https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Modules-In-Process/Modules-In-Process-List[]
+  link:https://support.apple.com/en-us/HT201159[]
 check: |
   The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement using FIPS Validated Cryptographic Modules.
 fix: |

rules/os/os_implement_memory_protection.yaml

@@ -7,9 +7,9 @@ discussion: |
 
   macOS supports address space layout randomization (ASLR), position-independent executable (PIE), Stack Canaries, and NX stack and heap protection.
 
-  link:https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/64bitPorting/transition/transition.html
-  link:https://developer.apple.com/library/archive/qa/qa1788/_index.html
-  link:https://www.apple.com/macos/security/
+  link:https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/64bitPorting/transition/transition.html[]
+  link:https://developer.apple.com/library/archive/qa/qa1788/_index.html[]
+  link:https://www.apple.com/macos/security/[]
   
 check: |
   The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.

rules/os/os_isolate_security_functions.yaml

@@ -3,7 +3,7 @@ title: "Isolate security functions from non-security functions"
 discussion: |
   The information system _MUST_ be configured to isolate security functions from non-security functions. 
   
-  link:https://support.apple.com/guide/security/welcome/web
+  link:https://support.apple.com/guide/security/welcome/web[]
 check: |
   The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
 fix: |

rules/os/os_required_crypto_module.yaml

@@ -5,8 +5,8 @@ discussion: |
 
   macOS Catalina is in process of receiving FIPS validation from the National Institute of Standards and Technology (NIST).
 
-  link:https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Modules-In-Process/Modules-In-Process-List
-  link:https://support.apple.com/en-us/HT201159
+  link:https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Modules-In-Process/Modules-In-Process-List[]
+  link:https://support.apple.com/en-us/HT201159[]
 check: |
   The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
 fix: |

scripts/generate_guidance.py

@@ -768,7 +768,7 @@ def generate_xls(baseline_name, build_path, baseline_yaml):
         sheet1.col(3).width = 700 * 35
         mechanism = "Manual"
         if "[source,bash]" in rule.rule_fix:
-            mechanism = "Scipt"
+            mechanism = "Script"
         if "This is implemented by a Configuration Profile." in rule.rule_fix:
             mechanism = "Configuration Profile"
         if "inherent" in rule.rule_tags:
@@ -1131,17 +1131,17 @@ def main():
                     rule_id=rule_yaml['id'].replace('|', '\|'),
                     rule_discussion=rule_yaml['discussion'],
                 )
-            # elif ('permanent' in tags) or ('inherent' in tags) or ('n_a' in tags):
-            #     rule_adoc = adoc_rule_no_setting_template.substitute(
-            #         rule_title=rule_yaml['title'].replace('|', '\|'),
-            #         rule_id=rule_yaml['id'].replace('|', '\|'),
-            #         rule_discussion=rule_yaml['discussion'].replace('|', '\|'),
-            #         rule_check=rule_yaml['check'],  # .replace('|', '\|'),
-            #         rule_fix=rulefix,
-            #         rule_80053r4=nist_controls,
-            #         rule_disa_stig=disa_stig,
-            #         rule_srg=srg
-            #     )
+            elif ('permanent' in tags) or ('inherent' in tags) or ('n_a' in tags):
+                rule_adoc = adoc_rule_no_setting_template.substitute(
+                    rule_title=rule_yaml['title'].replace('|', '\|'),
+                    rule_id=rule_yaml['id'].replace('|', '\|'),
+                    rule_discussion=rule_yaml['discussion'].replace('|', '\|'),
+                    rule_check=rule_yaml['check'],  # .replace('|', '\|'),
+                    rule_fix=rulefix,
+                    rule_80053r4=nist_controls,
+                    rule_disa_stig=disa_stig,
+                    rule_srg=srg
+                )
             else:
                 rule_adoc = adoc_rule_template.substitute(
                     rule_title=rule_yaml['title'].replace('|', '\|'),