refactor[rules]: Updated 2 rules

Fixed - os_safari_prevent_cross-site_tracking_enable - id - title - description - check - mobileconfig Fixed - os_safari_advertising_privacy_protection_enable - Fixed spacing
2026-03-16 14:02:07 +00:00 · 2022-11-10 10:26:58 -05:00
parent 398dd17352
commit efbb3a3a27
2 changed files with 13 additions and 12 deletions
--- a/rules/os/os_safari_advertising_privacy_protection_enable.yaml
+++ b/rules/os/os_safari_advertising_privacy_protection_enable.yaml
@@ -3,14 +3,11 @@ title: "Ensure Advertising Privacy Protection in Safari Is Enabled"
 discussion: |
  Allow privacy-preserving measurement of ad effectiveness _MUST_ be enabled in Safari. 
 check: |
-
+  /usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'WebKitPreferences.privateClickMeasurementEnabled = 1' | /usr/bin/awk '{ if ($1 >= 1) {print "1"} else {print "0"}}'
 result:
  integer: 1
 fix: |
-  [source,bash]
-  ----
-
-  ----
+  This is implemented by a Configuration Profile.
 references:
  cce:
    - N/A
@@ -35,5 +32,7 @@ tags:
  - cis_lvl1
  - cis_lvl2
  - cisv8
-mobileconfig: false
-mobileconfig_info:
+mobileconfig: true
+mobileconfig_info:
+  com.apple.Safari:
+    WebKitPreferences.privateClickMeasurementEnabled: true
--- a/rules/os/os_safari_prevent_cross-site_tracking_enable.yaml
+++ b/rules/os/os_safari_prevent_cross-site_tracking_enable.yaml
@@ -1,9 +1,9 @@
-id: os_safari_warn_fraudulent_website_enable
-title: "Ensure Warn When Visiting A Fradulent Website in Safari Is Enabled"
+id: os_safari_prevent_cross-site_tracking_enable
+title: "Ensure Prevent Cross-site Tracking in Safari Is Enabled"
 discussion: |
-  Warn when visiting a fraudulent website _MUST_ be enabled in Safari. 
+  Prevent cross-site tracking _MUST_ be enabled in Safari.
 check: |
-  /usr/bin/profiles -P -o stdout | /usr/bin/grep -c 'WarnAboutFraudulentWebsites = 1' | /usr/bin/awk '{ if ($1 >= 1) {print "1"} else {print "0"}}'
+  /usr/bin/profiles -P -o stdout | /usr/bin/grep -cE '"WebKitPreferences.storageBlockingPolicy" = 1|"WebKitStorageBlockingPolicy" = 1|"BlockStoragePolicy" =2' | /usr/bin/awk '{ if ($1 >= 1) {print "1"} else {print "0"}}'
 result:
  integer: 1
 fix: |
@@ -36,4 +36,6 @@ tags:
 mobileconfig: true
 mobileconfig_info:
  com.apple.Safari:
-    WarnAboutFraudulentWebsites: true
+    WebKitPreferences.storageBlockingPolicy: 1
+    WebKitStorageBlockingPolicy: 1
+    BlockStoragePolicy: 2