usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 05:53:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,709 Commits 26 Branches 61 Tags
main
Commit Graph

1709 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Bob Gendler
f0b2e8bb60 Added CCEs 2025-03-31 15:03:40 -04:00
Bob Gendler
409f151a88 refactor[rule] Updated discussion 2025-03-31 13:58:22 -04:00
Bob Gendler
96f8f2d38d removed stig tag 2025-03-31 11:27:31 -04:00
Bob Gendler
ec39b92d70 refactor[baselines] Updated baseline files 
Updated to include Apple Intelligence rules
 2025-03-31 11:23:31 -04:00
Bob Gendler
9f53b445fa refactor[rules] Added Apple Intelligence Rules 
Added os_mail_smart_reply_disable
Added os_notes_transcription_disable
Added os_notes_transcription_summary_disable
Added os_safari_reader_summary_disable
 2025-03-31 11:22:46 -04:00
Dan Brodjieski
ef6f6dc55d fix[rule]: corrected regex for !log_allowed in sed 
command now comments the line instead of deleting
 2025-03-19 13:55:38 -04:00
Allen Golbig
e3429c6abb removed cis references from os_iphone_mirroring_disable 2025-03-07 13:43:00 -05:00
Bob Gendler
4864969084 refactor[rules] Added STIG ID 
Added STIG ID os_iphone_mirroring_disable
 2025-02-27 11:14:44 -05:00
Bob Gendler
2760f4af8f refactor[rules]STIG ID Removed 
Removed STIG ID for pwpolicy_history_enforce
 2025-02-27 11:12:07 -05:00
Bob Gendler
4dcd801a2c fixed check result true->false 2025-01-31 15:03:28 -05:00
Bob Gendler
f1c9bb290c fixed check result true->false 2025-01-31 15:03:17 -05:00
Bob Gendler
48ed4ab878 fixed check result true->false 2025-01-31 15:00:07 -05:00
Bob Gendler
7e238adb56 added com.apple.photos.shareddefaults 2025-01-28 10:13:31 -05:00
Bob Gendler
30d4a1af04 Sequoia Release 1.1 (#457) 
* refactor[rules] STIG IDs

Initial STIG-IDs added to rule files.

* refactor[rules]ccis added

New CCIs added to rules

* refactor[rules] SRGs added

New SRGs added to stig rules

* refactor[rule] pwpolicy_custom_regex_enforce

Remove unneeded SRG

* refactor[rules] Added, Removed, Updated rules

- os_authenticated_root_enable, updated check
- os_directory_services_configured, removed from stig
- os_ess_installed, removed from stig
- os_firewall_log_enable, removed from 15.x
- os_genmoji_disable, added 800-53 and stig
- os_image_generation_disable, added 800-53 and sti.yaml
- os_iphone_mirroring_disable
- os_password_autofill_disable, added 800-53 and sti
- os_ssh_fips_compliant, fixed check/fix
- os_ssh_server_alive_count_max_configure, fixed fix
- os_ssh_server_alive_interval_configure, fixed fix
- os_sshd_fips_compliant, fixed fix/check
- os_sudo_log_enforce, added 800-53 and stig
- os_writing_tools_disable, added 800-53 and sti
- pwpolicy_custom_regex_enforce, updated regex
- system_settings_ssh_enable, removed from stig

* refactor[rules] Removed from STIG

Removed CCI, SRG, STIG ID, and STIG tag

* refactor[rules]Added new STIG IDs

Added STIG ID to
- os_genmoji_disable
- os_image_generation_disable
- os_sudo_log_enforce
- os_writing_tools_disable

* Added new rule file

* Add APPL-15-002023

* added APPL-15-002024

* fix[rules] removed tags for rules removed

removed tags from rules removed from cis

* added os_time_server_enable back to cis

* Update Gitignore

* Updating CIS benchmark and tags in missed rules.

* refactor[rules]ssh fips and sshd fips

Updated check and fix for ssh and sshd for FIPS

* refactor[rules]ssh and sshd fips

added check into sshd to not fix if proper

* Fixed ODV regression for CIS

* added missing path to grep

* removed [ ]

* Fix to not print, and fix multiple entries in .ssh/config

* added dev null redirection, prevention of double entries

* Fixed bin to dev and case insensitive sed

* 800-171 Rev 2 to Rev 3

* Updated media sharing key

* Updated STIG ID

* merge from sequoia

* refactor[rules] ssh fixes

Updated ssh fixes to match os_ssh_fips_compliant

* slightly simplier fix. removed unneeded loop

* slightly simplier fix. removed unneeded loop

* Adjusting CIS numbering.

* fix[rule] fixed path

Fixed path in system_settings_system_wide_preferences_configure

* fix[rule] fixed path on line 63

fixed path in system_settings_system_wide_preferences_configure

* fix[rule] added reference

Added reference to os_sudo_log_enforce

* refactor[rules] Added, Modified and deleted rules

Added os_mail_summary_disable
Added os_photos_enhanced_search_disable
Removed system_settings_cd_dvd_sharing_disable
Modified system_settings_improve_search_disable - updated title
Modified system_settings_improve_siri_dictation_disable - updated title

* renamed .yml to .yaml

* changes for upcoming cis release

* refactor - DISA STIG

references updated to sequoia for DISA STIG
baseline file created for disa stig

* added os_sleep_and_display_sleep_apple_silicon_enable to all_rules

* refactor[rules] CNSSI tags added

Added CNSSI1253 low, moderate, high tags

* refactor[baselines] Updated baseline files

Updated cnssi1253 baseline files
Updated all_rules baseline file
Updated CIS baseline files

* udpdated baseline files

* [fix]system_settings_sleep_enforce sleep/displaysleep swap

* updated title

* fix[rule] remove cis tags and reference

remove cis ref & tag from system_settings_improve_search_disable

issue #443

* Adding arm64 tag to os_sleep_and_display_sleep_apple_silicon_enable

* Fixing Sleep/displaysleep numbers based on CIS changes.

* Fixing os_sleep_and_display_sleep_apple_silicon_enable

* Removing DRAFT status from CIS

* [fix]rule world writable library folder

os_world_writable_library_folder_configure

issue# 445

* refactor[rules] Added missing CCEs

Replaced N/A CCEs for os_mail_summary_disable and os_photos_enhanced_search_disable

* fix[rule] updated odv hint

pwpolicy_custom_regex_enforce odv hint updated

* Update system_settings_improve_assistive_voice_disable

Issue #450

* refactor[rules]pwpolicy updates

Removed 800-53 and 800-171 tags

Updated discussion to reflect NIST SP 800-63 and Executive Order M-22-09

* refactor[rules] Added external intelligence rules

Added rules to disable external intelligence features for 15.2

* Issue #450

* updated pwpolicy

* Added CCEs

* Removed double stig tag

* updated baseline files

* updated changelog

* removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml

* updated changelog

* update[supplemental]: added 800-63 guidance
fix[supplemental]: update note about filevault unlock

* refactor[rule] pwpolicy_special_character_enforce

Updated check to allow greater than ODV.

Issue #451

* refactor[rules] ssh rules discussion update

Added mention of /usr/libexec/reset-ssh-configuration.

* updated release date and version

* Added uniq to prevent false negatives

* updated authors

* updated release date

---------

Co-authored-by: Allen Golbig <golbiga@gmail.com>
Co-authored-by: mahlmanj <john.mahlman@leidos.com>
Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
sequoia_rev1.1 		2024-12-16 10:24:59 -05:00
Bob Gendler
9c5fa02fad updated release date 2024-12-16 09:26:31 -05:00
Bob Gendler
1e894b97a2 updated authors 2024-12-12 15:25:40 -05:00
Bob Gendler
cda05fb773 Added uniq to prevent false negatives 2024-12-12 12:03:52 -05:00
Bob Gendler
d963cedace updated release date and version 2024-12-12 09:40:52 -05:00
Bob Gendler
e78635fe41 refactor[rules] ssh rules discussion update 
Added mention of /usr/libexec/reset-ssh-configuration.
 2024-12-11 15:25:29 -05:00
Bob Gendler
a4ccbdc6f1 refactor[rule] pwpolicy_special_character_enforce 
Updated check to allow greater than ODV.

Issue #451
 2024-12-11 15:24:41 -05:00
Dan Brodjieski
43ea6d0cb8 update[supplemental]: added 800-63 guidance 
fix[supplemental]: update note about filevault unlock
 2024-12-10 12:02:10 -05:00
Allen Golbig
6cf5853909 updated changelog 2024-12-10 11:38:43 -05:00
Bob Gendler
a908b9a7be removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml 2024-12-10 11:38:16 -05:00
Allen Golbig
6869bfa9b0 updated changelog 2024-12-10 11:29:00 -05:00
Bob Gendler
a186415346 updated baseline files 2024-12-10 11:04:32 -05:00
Bob Gendler
4028a73532 Removed double stig tag 2024-12-10 10:58:59 -05:00
Bob Gendler
24bc6964f3 Added CCEs 2024-12-10 10:50:46 -05:00
Bob Gendler
be15f9d3e0 Merge branch 'dev_sequoia' into sequoia 2024-12-10 10:40:02 -05:00
Bob Gendler
45a41e2bb6 updated pwpolicy 2024-12-04 09:55:31 -05:00
Bob Gendler
52ffec3089 Issue #450 2024-11-25 10:56:26 -05:00
Bob Gendler
2c50e63a9a refactor[rules] Added external intelligence rules 
Added rules to disable external intelligence features for 15.2
 2024-11-25 10:55:26 -05:00
Bob Gendler
e99c62b4a3 refactor[rules]pwpolicy updates 
Removed 800-53 and 800-171 tags

Updated discussion to reflect NIST SP 800-63 and Executive Order M-22-09
 2024-11-25 10:54:10 -05:00
Bob Gendler
e0812125c2 Update system_settings_improve_assistive_voice_disable 
Issue #450
 2024-11-25 10:14:40 -05:00
Allen Golbig
2020e6bd2c fix[rule] updated odv hint 
pwpolicy_custom_regex_enforce odv hint updated
 2024-11-18 10:55:52 -05:00
Bob Gendler
dbd648003e refactor[rules] Added missing CCEs 
Replaced N/A CCEs for os_mail_summary_disable and os_photos_enhanced_search_disable
 2024-11-13 09:39:54 -05:00
Bob Gendler
aa061a1331 Merge branch 'dev_sequoia' into sequoia 2024-11-13 09:37:19 -05:00
Allen Golbig
bcd2a63dfa [fix]rule world writable library folder 
os_world_writable_library_folder_configure

issue# 445
 2024-11-11 07:06:33 -05:00
mahlmanj
457f030eba Removing DRAFT status from CIS 2024-11-07 10:51:16 -05:00
mahlmanj
5866cf81f8 Fixing os_sleep_and_display_sleep_apple_silicon_enable 2024-11-05 11:42:56 -05:00
mahlmanj
cc53fbed76 Fixing Sleep/displaysleep numbers based on CIS changes. 2024-11-05 11:40:24 -05:00
mahlmanj
f837a8f4cf Adding arm64 tag to os_sleep_and_display_sleep_apple_silicon_enable 2024-11-01 09:45:13 -04:00
Allen Golbig
ac50ebedee fix[rule] remove cis tags and reference 
remove cis ref & tag from system_settings_improve_search_disable

issue #443
 2024-10-30 14:21:29 -04:00
Allen Golbig
8f8e27fdd8 updated title 2024-10-30 10:07:35 -04:00
mahlmanj
cdd64fb983 [fix]system_settings_sleep_enforce sleep/displaysleep swap 2024-10-30 09:46:01 -04:00
Bob Gendler
2170874f28 udpdated baseline files 2024-10-24 10:21:38 -04:00
Bob Gendler
307c3b00af refactor[baselines] Updated baseline files 
Updated cnssi1253 baseline files
Updated all_rules baseline file
Updated CIS baseline files
 2024-10-24 10:19:43 -04:00
Bob Gendler
64520d0fa8 Merge branch 'sequoia' into dev_sequoia 2024-10-24 10:18:55 -04:00
Bob Gendler
2b552f99ca refactor[rules] CNSSI tags added 
Added CNSSI1253 low, moderate, high tags
 2024-10-24 10:14:48 -04:00
Allen Golbig
a630005317 added os_sleep_and_display_sleep_apple_silicon_enable to all_rules 2024-10-24 10:00:45 -04:00
Bob Gendler
4e89c26fe8 refactor - DISA STIG 
references updated to sequoia for DISA STIG
baseline file created for disa stig
 2024-10-24 09:25:19 -04:00