From da89a8740bb9fab77208df65d46a94f4026718f2 Mon Sep 17 00:00:00 2001 From: Allen Golbig Date: Wed, 29 Dec 2021 16:09:05 -0500 Subject: [PATCH] sysprefs_remote_management_disable --- rules/cis_lvl1.txt | 2 - .../sysprefs_remote_management_disable.yaml | 51 +++++++++++++++++++ 2 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 rules/sysprefs/sysprefs_remote_management_disable.yaml diff --git a/rules/cis_lvl1.txt b/rules/cis_lvl1.txt index 2affd56a..c3e8cb2b 100644 --- a/rules/cis_lvl1.txt +++ b/rules/cis_lvl1.txt @@ -5,8 +5,6 @@ Recommendation # Title 2.2.2 Ensure time set is within appropriate limits Desktop & Screen Saver 2.3.3 Audit Lock Screen and Start Screen Saver Tools - Sharing -2.4.9 Ensure Remote Management Is Disabled Security & Privacy Encryption 2.5.1.2 Ensure all user storage APFS volumes are encrypted diff --git a/rules/sysprefs/sysprefs_remote_management_disable.yaml b/rules/sysprefs/sysprefs_remote_management_disable.yaml new file mode 100644 index 00000000..a33e8eac --- /dev/null +++ b/rules/sysprefs/sysprefs_remote_management_disable.yaml @@ -0,0 +1,51 @@ +id: sysprefs_remote_management_disable +title: "Disable Remote Management" +discussion: | + Remote Management _MUST_ be disabled. +check: | + /usr/libexec/mdmclient QuerySecurityInfo | /usr/bin/grep -c "RemoteDesktopEnabled = 0" +result: + integer: 1 +fix: | + [source,bash] + ---- + /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop + ---- +references: + cce: + - N/A + cci: + - N/A + 800-53r5: + - CM-7 + - CM-7(1) + 800-53r4: + - CM-7 + - CM-7(1) + srg: + - N/A + disa_stig: + - N/A + 800-171r2: + - N/A + cis: + benchmark: + - 2.4.3 (level 1) + v8: + - 4.1 + - 4.8 +macOS: + - "12.0" +tags: + - 800-53r5_low + - 800-53r5_moderate + - 800-53r5_high + - 800-53r4_low + - 800-53r4_moderate + - 800-53r4_high + - cnssi-1253 + - cis_lvl1 + - cis_lvl2 + - cisv8 +mobileconfig: false +mobileconfig_info: \ No newline at end of file