usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,709 Commits 26 Branches 61 Tags
main
Commit Graph

150 Commits

Author SHA1 Message Date
Bob Gendler
5654d69905 refactor[rules]Added rule, updated rules 
Created rule for the STIG
Updated rules to match CIS
 2025-12-05 16:16:02 -05:00
Bob Gendler
af08f7ce5a Fixed sequoia to tahoe 2025-09-11 15:18:15 -04:00
Bob Gendler
6ae7611e8d refactor[rules] Updated check/fix 
Updated check and fix for services.
Updated using launchctl print system instead of launchctl list
 2025-08-28 11:43:02 -04:00
Bob Gendler
8305331b37 refactor[rules] CCEs added 2025-08-18 14:28:42 -04:00
Bob Gendler
09be45dfdd refactor[rules] Added STIG refs 
Added stig refs
 2025-08-18 14:12:26 -04:00
Bob Gendler
5d21314e8b refactor - Public Beta build macOS 26.0 Tahoe 
Updated rule files
Updated baseline files
Updated mscp-data file
Updated VERSION
 2025-07-24 16:00:00 -04:00
Bob Gendler
2b552f99ca refactor[rules] CNSSI tags added 
Added CNSSI1253 low, moderate, high tags
 2024-10-24 10:14:48 -04:00
Bob Gendler
ea925dc054 sync sequoia to dev_sequoia_stig 2024-09-23 12:04:46 -04:00
Bob Gendler
3a327020a3 refactor[rules] CCEs added 
Added NIST issued CCEs
 2024-09-09 20:50:49 -04:00
Bob Gendler
9271106cd6 refactor[rules] Converted 171r2 to 171r3 
Added 171r3 to some rules
Converted 171r2 to r3 in most rules
 2024-09-01 21:28:47 -04:00
Bob Gendler
8f10babfbf refactor[rules] SRGs added 
New SRGs added to stig rules
 2024-08-07 12:28:49 -04:00
Bob Gendler
2de903bbcb refactor[rules]ccis added 
New CCIs added to rules
 2024-08-07 12:25:14 -04:00
Bob Gendler
970d9c39a3 refactor[rules] STIG IDs 
Initial STIG-IDs added to rule files.
 2024-07-25 11:20:22 -04:00
Allen Golbig
d1de3c0665 removed cces and stigs 2024-07-15 19:52:43 -04:00
Allen Golbig
701e4d6b6a dev_sequoia 2024-07-15 18:01:42 -04:00
Bob Gendler
2ab099bfcd Dev sonoma issue356 (#367) 
* chore[rules]: updated STIG tags

Removed the stig tag from rules that weren't in the stig.
Added 'srg' tag to rules that had SRG references, but not in stig

Issue #356

* chore[baseline]: updated STIG baseline

* chore[references]: updated CCI and SRG refs

Updated severity where needed too

* fix[rule]: yaml syntax for CCI

* fix[rules]: added missing STIG ODVs

---------

Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
Co-authored-by: Dan Brodjieski <dbrodjieski@icloud.com>
 2024-02-26 15:50:02 -05:00
Dan Brodjieski
701ed9bec0 chore[rules]: updates from published STIG 
added STIG references and updated baselines to support latest release from DISA
 2024-01-24 08:16:00 -05:00
Bob Gendler
2a41fdb23d changed newstig to stig tag 2023-10-05 13:45:19 -04:00
Bob Gendler
28ef4c7393 Merge branch 'sonoma' into dev_sonoma_disa 2023-09-29 11:20:42 -04:00
Bob Gendler
6f27ac219c removed touch to blank audit_control 2023-09-20 20:35:28 -04:00
Bob Gendler
c4d28b1350 refactor[rules] auditd check/fix update 2023-09-20 16:09:20 -04:00
Bob Gendler
894f99dc83 refactor[rules] audit_auditd_enabled fix 
Updated auditd fix to no longer require a restart to start the
auditd service.
 2023-09-20 16:02:28 -04:00
Bob Gendler
06e9c53a07 cnssi-1253 tags added 2023-09-20 14:37:32 -04:00
Dan Brodjieski
37b00778fc Merge branch 'dev_sonoma' into dev_sonoma_disa 
Attempt to resync latest Sonoma changes
 2023-09-14 15:18:30 -04:00
Dan Brodjieski
5acbdbd21e chore: clean up extraneous trailing whitespace 2023-09-14 14:21:06 -04:00
Bob Gendler
e5fb336bdb refactor[rules] CCEs added 
Added NIST issued CCEs to all rule files
 2023-09-09 14:43:51 -04:00
Bob Gendler
4e003fb7c1 refactor[rules] removed newstig tag 
Removed SRGs and newstig tag
 2023-09-01 10:39:17 -04:00
Dan Brodjieski
5dbf9ee3c3 fix[rules]: yaml cleanup from merge 2023-08-31 14:53:11 -04:00
Dan Brodjieski
861d14815b refactor[stig]: merged SRGs from DISA 
Rewrote all the rule yaml files to have correct SRG references.
Added scripts to work with new STIG workflows.
 2023-08-31 11:37:33 -04:00
Bob Gendler
206884b723 removed stig tag 2023-08-01 14:21:15 -04:00
Bob Gendler
a3ce45a986 refactor[rules] removed CCE and disa stig controls 2023-08-01 13:50:01 -04:00
Allen Golbig
c396f18b24 feat[baseline] dev_sonoma 
dev_sonoma
 2023-07-13 22:17:34 -04:00
Bob Gendler
6105b6e144 tag issue resolved 2023-06-22 13:07:43 -04:00
Bob Gendler
85e2d68fe4 [refactor] rules, baselines, includes 
Added cnssi and disa stig to mscp-data.yaml
Generated updated baseline files
Fixed merge issue with audit_files_owner_configure
 2023-06-22 13:01:59 -04:00
Bob Gendler
e02209c0e6 Removed old cnssi tag 2023-06-22 12:51:58 -04:00
Bob Gendler
9fccb44c5d Merge branch 'dev_ventura_stig' into ventura 2023-06-22 12:47:18 -04:00
Bob Gendler
fc9d45b03c Merge branch 'dev_ventura_cmmc' into ventura 2023-06-22 12:23:41 -04:00
Bob Gendler
e5cc08a9cd Merge branch 'dev_ventura_cnssi' into ventura 2023-06-22 11:21:55 -04:00
Dan Brodjieski
c241d42b81 fix[rules]: updated fixes for auditd rules 
Removed the dynamic check for the audit files path

Issue #269
 2023-06-15 10:13:57 -04:00
Allen Golbig
9e29b7c86c refactor[rules] removed level 3 from cmmc 
Removed lvl 3 from cmmc
 2023-05-25 16:25:41 -04:00
Bob Gendler
827a2c352d cnssi tags added 2023-05-04 13:53:17 -04:00
Bob Gendler
f0bc8666c9 refactor[rules/baselines] DISA STIG 
Re-add DISA STIG branch
* New rules added
* STIG references and tags added
* Whitespace clean up
* DISA-STIG baseline added
 2023-05-04 13:43:18 -04:00
Bob Gendler
fa6711513e Merge branch 'ventura' into dev_ventura_cmmc 2023-04-26 09:55:16 -04:00
Dan Brodjieski
0f5f5b697e update[baselines]: removed cnssi tags 
removing until cnssi updates are finalized
 2023-04-25 11:56:23 -04:00
Bob Gendler
7f636f2da9 refactor[rules] Updated full path for awk 2023-02-10 10:38:42 -05:00
n4l5u0r
7abf37bba1 FIX: Adding LESS PERMISSIVE control option (#216) 
* Update 800-171.yaml

* Fixed generate_mapping.py for authors

* v8 to controls v8 fix for excel generation

* Date for Monterey Revision 2 Updated

* Update README.adoc

* Adding LESS PERMISSIVE control

On ventura the default permissions on `/etc/security/audit_control` are `-r--------` resulting in failed audit.

Co-authored-by: Bob Gendler <robert.gendler@nist.gov>
Co-authored-by: Dan Brodjieski <brodjieski@gmail.com>
 2023-01-25 14:46:50 -05:00
mahlmanj
7efee13b82 Here we go! First rule push. 2022-12-19 11:43:52 -05:00
Allen Golbig
07b096c8a0 fix[rules] updated cis refs 
Updated refs and fixed various things

Issue #191
 2022-11-04 08:49:19 -04:00
Dan Brodjieski
fead101e4b refactor[rules]: removed STIG referencing 
Removed references to the STIG until it is released.
 2022-10-18 18:57:37 -04:00
Bob Gendler
9aa5f221ef refactor [rules] Updated CIS Benchmark Numbers 
Updated CIS Benchmark Numbers to match 4 - Network Configurations
 2022-10-18 12:15:38 -04:00