usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-09 08:12:18 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,460 Commits 26 Branches 61 Tags
505-create-python-scp-library
Commit Graph

1460 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dan Brodjieski
7fffa815aa proposed 2.0 schema and rules 2025-04-17 12:43:36 -04:00
Dan Brodjieski
309b47dd52 update schema and merge for 2.0 2025-04-17 12:32:10 -04:00
Dan Brodjieski
478558540d updates to merge for severity and fix objects 2025-04-15 15:23:53 -04:00
Dan Brodjieski
3d02a59345 update assessment to 'enforcement_info' 2025-04-14 10:17:54 -04:00
Dan Brodjieski
45e16a9fd3 removed workflow, updated schema 2025-04-11 16:55:29 -04:00
Dan Brodjieski
cce3996219 Update branch_merge.yml 2025-04-11 16:34:03 -04:00
Dan Brodjieski
8ad7d6f097 add workflow to merge from actions 2025-04-11 16:29:58 -04:00
Dan Brodjieski
4f4f9d8c22 corrected logic for move 2025-04-11 13:17:23 -04:00
Dan Brodjieski
f765afda08 updated merge and schema for compliance object 2025-04-11 12:14:16 -04:00
Dan Brodjieski
1df0ee5eb6 schema tweaking 2025-04-10 22:35:07 -04:00
Dan Brodjieski
4b85f3e7a4 rule cleanup in merge 2025-04-10 17:28:03 -04:00
Dan Brodjieski
0b1608555a schema update and rule cleanup 2025-04-10 17:16:30 -04:00
Dan Brodjieski
828e25f700 updates to merge process 2025-04-09 11:35:49 -04:00
Allen Golbig
a43c9db55a Update discussions.yaml 2025-04-08 20:19:09 -04:00
Bob Gendler
c9bc70f3cb Updated discussions.yaml 2025-04-08 15:44:44 -04:00
Dan Brodjieski
991c5aaffe add function to read discussions.yaml 2025-04-08 15:35:00 -04:00
Dan Brodjieski
31f4902e58 updated schema 2025-04-08 09:28:42 -04:00
Dan Brodjieski
9f1619617a tweaking the schema 2025-04-07 16:17:09 -04:00
Dan Brodjieski
3f1c1f8873 updated schema and merge script 2025-04-07 15:21:08 -04:00
Dan Brodjieski
97e9bb4ceb updated schema and added validator 2025-04-07 12:08:16 -04:00
Dan Brodjieski
45e7d0b02a corrected list generation for keys 2025-04-07 11:08:29 -04:00
Dan Brodjieski
505df7081e mobileconfig payload content as keys 
added initial schema file
 2025-04-07 10:52:03 -04:00
Dan Brodjieski
e020fb7f5f ODV restructure 2025-04-05 15:26:02 -04:00
Dan Brodjieski
78c4e43f08 update merge script 
add 'introduced:' key
restructure mobileconfig_info object
remove "fix" for mobileconfigs
report items to manually review
 2025-04-05 00:38:57 -04:00
Bob Gendler
cf1a41d070 revert changes 2025-04-04 11:52:54 -04:00
Bob Gendler
2b0623bed4 removing OS_VALUE 2025-04-04 11:49:49 -04:00
Bob Gendler
d3abaf0bd6 commented out legacy unsupported OSes 2025-04-03 13:34:51 -04:00
Bob Gendler
93a1efcf38 updated 2.0 rules 2025-04-03 13:34:32 -04:00
Bob Gendler
35484aec01 refactor[rules] Updated 2.0 format rules 
Rebuilt rules with updated platform name
 2025-04-03 10:05:07 -04:00
Bob Gendler
9062676344 refactor[scripts] updated 2.0-merge.py 
Added a function at the end to switch product names to product versions
 2025-04-03 10:01:17 -04:00
Dan Brodjieski
fe8ad5f6a1 Tweaks for collection script 2025-04-02 16:46:40 -04:00
Dan Brodjieski
47557d8dac Tweaks for collection script 2025-04-02 16:43:38 -04:00
Dan Brodjieski
576c6406c7 Tweaks for collection script 2025-04-02 16:42:13 -04:00
Dan Brodjieski
841f28d6fa add apple repo to _work for merge 2025-04-02 10:32:43 -04:00
Bob Gendler
567804bb35 Removed 14.0 button 2025-03-12 12:57:05 -04:00
Bob Gendler
d012ee1203 Redo 2.0 rules 2025-03-12 12:55:52 -04:00
Bob Gendler
da950ab1b5 refactor[scripts] Move scripts to legacy 
Moved mSCP 1.0 legacy scripts to legacy/
 2025-03-12 12:53:26 -04:00
Bob Gendler
8292bd72e7 Initial 2.0 dev rules 2025-03-12 10:28:05 -04:00
Bob Gendler
3a5c505fcd Updated dev_2.0 readme 2025-03-12 10:27:45 -04:00
Bob Gendler
eb27a7b7cf feat[scripts] Added scripts 
Added utility_collect_branch_rules.sh and 2.0-merge.py
 2025-03-12 10:12:01 -04:00
Bob Gendler
8882bea3bd Added _work to gitignore 2025-03-12 10:09:31 -04:00
Bob Gendler
30d4a1af04 Sequoia Release 1.1 (#457) 
* refactor[rules] STIG IDs

Initial STIG-IDs added to rule files.

* refactor[rules]ccis added

New CCIs added to rules

* refactor[rules] SRGs added

New SRGs added to stig rules

* refactor[rule] pwpolicy_custom_regex_enforce

Remove unneeded SRG

* refactor[rules] Added, Removed, Updated rules

- os_authenticated_root_enable, updated check
- os_directory_services_configured, removed from stig
- os_ess_installed, removed from stig
- os_firewall_log_enable, removed from 15.x
- os_genmoji_disable, added 800-53 and stig
- os_image_generation_disable, added 800-53 and sti.yaml
- os_iphone_mirroring_disable
- os_password_autofill_disable, added 800-53 and sti
- os_ssh_fips_compliant, fixed check/fix
- os_ssh_server_alive_count_max_configure, fixed fix
- os_ssh_server_alive_interval_configure, fixed fix
- os_sshd_fips_compliant, fixed fix/check
- os_sudo_log_enforce, added 800-53 and stig
- os_writing_tools_disable, added 800-53 and sti
- pwpolicy_custom_regex_enforce, updated regex
- system_settings_ssh_enable, removed from stig

* refactor[rules] Removed from STIG

Removed CCI, SRG, STIG ID, and STIG tag

* refactor[rules]Added new STIG IDs

Added STIG ID to
- os_genmoji_disable
- os_image_generation_disable
- os_sudo_log_enforce
- os_writing_tools_disable

* Added new rule file

* Add APPL-15-002023

* added APPL-15-002024

* fix[rules] removed tags for rules removed

removed tags from rules removed from cis

* added os_time_server_enable back to cis

* Update Gitignore

* Updating CIS benchmark and tags in missed rules.

* refactor[rules]ssh fips and sshd fips

Updated check and fix for ssh and sshd for FIPS

* refactor[rules]ssh and sshd fips

added check into sshd to not fix if proper

* Fixed ODV regression for CIS

* added missing path to grep

* removed [ ]

* Fix to not print, and fix multiple entries in .ssh/config

* added dev null redirection, prevention of double entries

* Fixed bin to dev and case insensitive sed

* 800-171 Rev 2 to Rev 3

* Updated media sharing key

* Updated STIG ID

* merge from sequoia

* refactor[rules] ssh fixes

Updated ssh fixes to match os_ssh_fips_compliant

* slightly simplier fix. removed unneeded loop

* slightly simplier fix. removed unneeded loop

* Adjusting CIS numbering.

* fix[rule] fixed path

Fixed path in system_settings_system_wide_preferences_configure

* fix[rule] fixed path on line 63

fixed path in system_settings_system_wide_preferences_configure

* fix[rule] added reference

Added reference to os_sudo_log_enforce

* refactor[rules] Added, Modified and deleted rules

Added os_mail_summary_disable
Added os_photos_enhanced_search_disable
Removed system_settings_cd_dvd_sharing_disable
Modified system_settings_improve_search_disable - updated title
Modified system_settings_improve_siri_dictation_disable - updated title

* renamed .yml to .yaml

* changes for upcoming cis release

* refactor - DISA STIG

references updated to sequoia for DISA STIG
baseline file created for disa stig

* added os_sleep_and_display_sleep_apple_silicon_enable to all_rules

* refactor[rules] CNSSI tags added

Added CNSSI1253 low, moderate, high tags

* refactor[baselines] Updated baseline files

Updated cnssi1253 baseline files
Updated all_rules baseline file
Updated CIS baseline files

* udpdated baseline files

* [fix]system_settings_sleep_enforce sleep/displaysleep swap

* updated title

* fix[rule] remove cis tags and reference

remove cis ref & tag from system_settings_improve_search_disable

issue #443

* Adding arm64 tag to os_sleep_and_display_sleep_apple_silicon_enable

* Fixing Sleep/displaysleep numbers based on CIS changes.

* Fixing os_sleep_and_display_sleep_apple_silicon_enable

* Removing DRAFT status from CIS

* [fix]rule world writable library folder

os_world_writable_library_folder_configure

issue# 445

* refactor[rules] Added missing CCEs

Replaced N/A CCEs for os_mail_summary_disable and os_photos_enhanced_search_disable

* fix[rule] updated odv hint

pwpolicy_custom_regex_enforce odv hint updated

* Update system_settings_improve_assistive_voice_disable

Issue #450

* refactor[rules]pwpolicy updates

Removed 800-53 and 800-171 tags

Updated discussion to reflect NIST SP 800-63 and Executive Order M-22-09

* refactor[rules] Added external intelligence rules

Added rules to disable external intelligence features for 15.2

* Issue #450

* updated pwpolicy

* Added CCEs

* Removed double stig tag

* updated baseline files

* updated changelog

* removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml

* updated changelog

* update[supplemental]: added 800-63 guidance
fix[supplemental]: update note about filevault unlock

* refactor[rule] pwpolicy_special_character_enforce

Updated check to allow greater than ODV.

Issue #451

* refactor[rules] ssh rules discussion update

Added mention of /usr/libexec/reset-ssh-configuration.

* updated release date and version

* Added uniq to prevent false negatives

* updated authors

* updated release date

---------

Co-authored-by: Allen Golbig <golbiga@gmail.com>
Co-authored-by: mahlmanj <john.mahlman@leidos.com>
Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
sequoia_rev1.1 		2024-12-16 10:24:59 -05:00
Bob Gendler
e22bb0bc02 Merge branch 'sequoia' 2024-09-12 15:16:23 -04:00
Bob Gendler
23344cc625 updated path in check sequoia_rev1 2024-09-12 14:32:26 -04:00
Bob Gendler
7ae4f257a4 updated ssh and sshd fix 2024-09-12 14:11:25 -04:00
Dan Brodjieski
03ea283f90 fix[script] adjusted severity in xls 2024-09-12 13:15:19 -04:00
Bob Gendler
9dfeaf8ed6 update generate_scap 2024-09-12 12:51:16 -04:00
Bob Gendler
7284274094 Fix to not stomp on /etc/crypto.conf 2024-09-12 12:42:13 -04:00
Bob Gendler
62a5b5839d sync branches 2024-09-12 12:10:10 -04:00
Bob Gendler
15c47e7fc9 updated baseline files 2024-09-12 11:50:37 -04:00