macos_security

mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-09 00:09:55 +00:00

Author	SHA1	Message	Date
Dan Brodjieski	56f95c77a2	update rules location and symlink	2025-09-11 17:00:14 -04:00
Dan Brodjieski	6727cd770e	updated rules for 26 releases	2025-09-11 16:57:39 -04:00
Dan Brodjieski	eb69eb9fa7	update 2.0 rules after last release	2025-07-15 13:11:40 -04:00
Dan Brodjieski	7fffa815aa	proposed 2.0 schema and rules	2025-04-17 12:43:36 -04:00
Bob Gendler	93a1efcf38	updated 2.0 rules	2025-04-03 13:34:32 -04:00
Bob Gendler	35484aec01	refactor[rules] Updated 2.0 format rules Rebuilt rules with updated platform name	2025-04-03 10:05:07 -04:00
Bob Gendler	d012ee1203	Redo 2.0 rules	2025-03-12 12:55:52 -04:00
Bob Gendler	8292bd72e7	Initial 2.0 dev rules	2025-03-12 10:28:05 -04:00
Bob Gendler	30d4a1af04	Sequoia Release 1.1 (#457 ) * refactor[rules] STIG IDs Initial STIG-IDs added to rule files. * refactor[rules]ccis added New CCIs added to rules * refactor[rules] SRGs added New SRGs added to stig rules * refactor[rule] pwpolicy_custom_regex_enforce Remove unneeded SRG * refactor[rules] Added, Removed, Updated rules - os_authenticated_root_enable, updated check - os_directory_services_configured, removed from stig - os_ess_installed, removed from stig - os_firewall_log_enable, removed from 15.x - os_genmoji_disable, added 800-53 and stig - os_image_generation_disable, added 800-53 and sti.yaml - os_iphone_mirroring_disable - os_password_autofill_disable, added 800-53 and sti - os_ssh_fips_compliant, fixed check/fix - os_ssh_server_alive_count_max_configure, fixed fix - os_ssh_server_alive_interval_configure, fixed fix - os_sshd_fips_compliant, fixed fix/check - os_sudo_log_enforce, added 800-53 and stig - os_writing_tools_disable, added 800-53 and sti - pwpolicy_custom_regex_enforce, updated regex - system_settings_ssh_enable, removed from stig * refactor[rules] Removed from STIG Removed CCI, SRG, STIG ID, and STIG tag * refactor[rules]Added new STIG IDs Added STIG ID to - os_genmoji_disable - os_image_generation_disable - os_sudo_log_enforce - os_writing_tools_disable * Added new rule file * Add APPL-15-002023 * added APPL-15-002024 * fix[rules] removed tags for rules removed removed tags from rules removed from cis * added os_time_server_enable back to cis * Update Gitignore * Updating CIS benchmark and tags in missed rules. * refactor[rules]ssh fips and sshd fips Updated check and fix for ssh and sshd for FIPS * refactor[rules]ssh and sshd fips added check into sshd to not fix if proper * Fixed ODV regression for CIS * added missing path to grep * removed [ ] * Fix to not print, and fix multiple entries in .ssh/config * added dev null redirection, prevention of double entries * Fixed bin to dev and case insensitive sed * 800-171 Rev 2 to Rev 3 * Updated media sharing key * Updated STIG ID * merge from sequoia * refactor[rules] ssh fixes Updated ssh fixes to match os_ssh_fips_compliant * slightly simplier fix. removed unneeded loop * slightly simplier fix. removed unneeded loop * Adjusting CIS numbering. * fix[rule] fixed path Fixed path in system_settings_system_wide_preferences_configure * fix[rule] fixed path on line 63 fixed path in system_settings_system_wide_preferences_configure * fix[rule] added reference Added reference to os_sudo_log_enforce * refactor[rules] Added, Modified and deleted rules Added os_mail_summary_disable Added os_photos_enhanced_search_disable Removed system_settings_cd_dvd_sharing_disable Modified system_settings_improve_search_disable - updated title Modified system_settings_improve_siri_dictation_disable - updated title * renamed .yml to .yaml * changes for upcoming cis release * refactor - DISA STIG references updated to sequoia for DISA STIG baseline file created for disa stig * added os_sleep_and_display_sleep_apple_silicon_enable to all_rules * refactor[rules] CNSSI tags added Added CNSSI1253 low, moderate, high tags * refactor[baselines] Updated baseline files Updated cnssi1253 baseline files Updated all_rules baseline file Updated CIS baseline files * udpdated baseline files * [fix]system_settings_sleep_enforce sleep/displaysleep swap * updated title * fix[rule] remove cis tags and reference remove cis ref & tag from system_settings_improve_search_disable issue #443 * Adding arm64 tag to os_sleep_and_display_sleep_apple_silicon_enable * Fixing Sleep/displaysleep numbers based on CIS changes. * Fixing os_sleep_and_display_sleep_apple_silicon_enable * Removing DRAFT status from CIS * [fix]rule world writable library folder os_world_writable_library_folder_configure issue# 445 * refactor[rules] Added missing CCEs Replaced N/A CCEs for os_mail_summary_disable and os_photos_enhanced_search_disable * fix[rule] updated odv hint pwpolicy_custom_regex_enforce odv hint updated * Update system_settings_improve_assistive_voice_disable Issue #450 * refactor[rules]pwpolicy updates Removed 800-53 and 800-171 tags Updated discussion to reflect NIST SP 800-63 and Executive Order M-22-09 * refactor[rules] Added external intelligence rules Added rules to disable external intelligence features for 15.2 * Issue #450 * updated pwpolicy * Added CCEs * Removed double stig tag * updated baseline files * updated changelog * removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml * updated changelog * update[supplemental]: added 800-63 guidance fix[supplemental]: update note about filevault unlock * refactor[rule] pwpolicy_special_character_enforce Updated check to allow greater than ODV. Issue #451 * refactor[rules] ssh rules discussion update Added mention of /usr/libexec/reset-ssh-configuration. * updated release date and version * Added uniq to prevent false negatives * updated authors * updated release date --------- Co-authored-by: Allen Golbig <golbiga@gmail.com> Co-authored-by: mahlmanj <john.mahlman@leidos.com> Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>	2024-12-16 10:24:59 -05:00
Bob Gendler	23344cc625	updated path in check	2024-09-12 14:32:26 -04:00
Bob Gendler	7ae4f257a4	updated ssh and sshd fix	2024-09-12 14:11:25 -04:00
Bob Gendler	7284274094	Fix to not stomp on /etc/crypto.conf	2024-09-12 12:42:13 -04:00
Allen Golbig	d2013319b7	fix[rule] fixed code block fixed code block to [source,bash]	2024-09-12 10:19:51 -04:00
Bob Gendler	de9b6a5b5e	refactor[rules] pwpolicy rule discussion Updated to make mention of OMG M-22-09 and EO 14028	2024-09-11 21:00:19 -04:00
Bob Gendler	3a327020a3	refactor[rules] CCEs added Added NIST issued CCEs	2024-09-09 20:50:49 -04:00
Bob Gendler	c1220c79ac	Added CIS benchmark number	2024-09-06 11:15:56 -04:00
Bob Gendler	2b1f869d57	Added system_settings_improve_search_disable	2024-09-06 11:02:48 -04:00
mahlmanj	4d4d71ca16	[deleted] os_safari_popups_disabled	2024-09-05 12:41:22 -04:00
mahlmanj	0eea7ff1e4	Spelling fixes, added note in system_settings_siri_settings_disable	2024-09-05 12:24:46 -04:00
Bob Gendler	3898fb2af2	Converted 800-171r2 to 800-171r3	2024-09-05 10:43:21 -04:00
Bob Gendler	64424234f0	refactor[rules] Added rule system_settings_siri_listen_disable added	2024-09-04 13:53:08 -04:00
Bob Gendler	d249abe084	refactor[rules] External Storage Modified os_network_storage_restriction and os_external_storage_access_defined	2024-09-04 12:41:45 -04:00
Bob Gendler	7ea663372f	Added 800-53 tags	2024-09-04 12:24:36 -04:00
Bob Gendler	f22aeb65ec	Fixed merge conflict	2024-09-04 12:22:20 -04:00
Bob Gendler	367a818e01	resolved merge conflicts	2024-09-04 12:21:50 -04:00
Bob Gendler	5d9cc9690f	fixed merge conflicts	2024-09-04 12:19:32 -04:00
Bob Gendler	e32956ccaa	Merge branch 'dev_sequoia_171r3' into dev_sequoia	2024-09-04 12:09:49 -04:00
Bob Gendler	98c46e62ef	updated supported payloads. copied sudo_log from stig	2024-09-04 10:53:39 -04:00
Bob Gendler	90c7a405b9	refactor[rules]Update for cis 15.0 benchmark draft Created new rule system_settings_improve_assistive_voice_disable Modified rules Added to supplemental_cis_manual	2024-09-04 09:57:32 -04:00
Bob Gendler	9d0fc0ca89	Issue #418	2024-09-03 10:08:56 -04:00
Bob Gendler	36be258cd3	refactor[rules]Added 15.x specific rules 171r3 Added 171r3 references to new rule files	2024-09-01 21:35:38 -04:00
Bob Gendler	9271106cd6	refactor[rules] Converted 171r2 to 171r3 Added 171r3 to some rules Converted 171r2 to r3 in most rules	2024-09-01 21:28:47 -04:00
John Mahlman	b85739a2d3	Update os_sudo_log_enforce.	2024-08-30 10:14:15 -04:00
John Mahlman	b5deee9445	Add Sequoia CMMC branch. Apple Intelligence rules tagged.	2024-08-30 09:54:43 -04:00
Dan Brodjieski	fd05002da9	Merge branch 'dev_sequoia' into dev_sequoia_severity	2024-08-22 15:49:59 -04:00
Allen Golbig	9409afae43	updated check for os_anti_virus_installed	2024-08-15 10:02:45 -04:00
Bob Gendler	e6ca686eb9	Removed os_gatekeeper_rearm	2024-08-14 10:26:13 -04:00
robertgendler	b266b6e0cd	renamed file	2024-08-08 10:00:38 -04:00
robertgendler	e510dd1fa3	Removed os_gatekeeper_rearm, Added so_sudo_log_enforce	2024-08-08 09:57:55 -04:00
robertgendler	bcfc179096	removed firewall logging rule	2024-08-07 09:34:21 -04:00
Bob Gendler	a6868651e4	updated fips 140-2 to 140-3	2024-08-05 11:10:21 -04:00
Bob Gendler	03d8fb31f5	updated result	2024-08-05 11:08:39 -04:00
Bob Gendler	71e7fe24a8	refactor[rules] Updated FIPS SSH rules Updated check/fix for macOS 15 and ssh fips configuration.	2024-08-05 11:06:28 -04:00
Dan Brodjieski	d986f549ff	refactor[ddm]: add ddm info to sudo rule	2024-07-30 15:01:24 -04:00
Dan Brodjieski	5e782d3fdd	refactor[ddm]: add ddm info to remaining sshd rules	2024-07-30 15:01:01 -04:00
Bob Gendler	539cdfd83d	refactor[rules] Added Disk Management DDM Added com.apple.configuration.diskmanagement.settings to mscp-data Added os_external_storage_restriction Added os_network_storage_restriction	2024-07-26 14:50:43 -04:00
Bob Gendler	06da97bc2a	refactor[rules] Updated DDM info for pwpolicy Added DDM info for pwpolicy rules	2024-07-25 09:52:53 -04:00
Bob Gendler	96ade12e2f	feat[ddm] Added DDM to sequoia Updated scripts and rule files	2024-07-24 14:00:10 -04:00
Bob Gendler	d75a7b1245	Fixed the fix statement	2024-07-16 11:51:49 -04:00
Bob Gendler	dec9527722	fixed checked	2024-07-16 10:23:36 -04:00

1 2 3 4 5 ...

790 Commits