usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-16 14:02:07 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,043 Commits 29 Branches 61 Tags
103fa1ef293e7f34b9977352cb251b787fa975ce
Commit Graph

1043 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Bob Gendler
103fa1ef29 refactor[rules] Updated os_anti_virus_installed 
Updated check for os_anti_virus_installed
Issue #241
 2023-04-05 11:00:02 -04:00
Erik Winter
83f1c21b68 use absolute path when referencing scutil and awk in compliance script (#239) 2023-04-05 10:22:57 -04:00
Bob Gendler
3c8162a1fc Merge branch 'dev_ventura_pr216' into ventura 2023-02-10 10:39:48 -05:00
Bob Gendler
7f636f2da9 refactor[rules] Updated full path for awk 2023-02-10 10:38:42 -05:00
Bob Gendler
0500311550 refactor[rules] Added missing ODV 
Added missing ODV section to pwpolicy_upper_case_character_enforce
 2023-02-10 10:02:39 -05:00
Allen Golbig
9d7c90dee5 fix[rule] fixed case in file name 
Fixed case to lowercase for usb
 2023-02-09 10:26:22 -05:00
Allen Golbig
206c83f956 fix[rule] updated check for USB restricted mode 
Updated system_settings_usb_restricted_mode

issue #222
 2023-01-25 15:26:35 -05:00
n4l5u0r
7abf37bba1 FIX: Adding LESS PERMISSIVE control option (#216) 
* Update 800-171.yaml

* Fixed generate_mapping.py for authors

* v8 to controls v8 fix for excel generation

* Date for Monterey Revision 2 Updated

* Update README.adoc

* Adding LESS PERMISSIVE control

On ventura the default permissions on `/etc/security/audit_control` are `-r--------` resulting in failed audit.

Co-authored-by: Bob Gendler <robert.gendler@nist.gov>
Co-authored-by: Dan Brodjieski <brodjieski@gmail.com>
 2023-01-25 14:46:50 -05:00
Allen Golbig
d123ade1d0 fix[rules] updated check for guest_account_disable 
updated check for guest_account_disable

issue #213
 2023-01-25 14:27:57 -05:00
Allen Golbig
3a3b8b7d98 Merge branch 'dev_ventura_issue210' into ventura 2023-01-25 14:14:42 -05:00
Allen Golbig
5e89d04d13 Merge branch 'dev_ventura_issue223' into ventura 2023-01-25 14:09:05 -05:00
Bob Gendler
27c2317ec2 refactor[rules] check/fix update 
auth_ssh_password_authentication_disable check and fix updated.
ChallengeResponseAuthentication was replaced with KbdInteractiveAuthentication.

Updated fix to write to sshd_config.d/01-mscp-sshd.sshd_config
Updated check to read from sshd -T

Issue #223
 2023-01-18 15:28:38 -05:00
Allen Golbig
c0762ed62c fix[baseline] added time machine encryption 
Added system_settings_time_machine_encrypted_configure to cis_lvl1
 2023-01-03 10:52:12 -05:00
Allen Golbig
a9c26c6f67 fix[rules] time_machine_encrypted_configure 
Fixed system_settings_time_machine_encrypted_configure

Issue #214
 2023-01-03 10:46:07 -05:00
Allen Golbig
1fce65b186 Merge branch 'dev_ventura_cfc' into ventura 2023-01-03 10:30:32 -05:00
Allen Golbig
b58e9edbcf fix[script] added timestamp to remediations 
Added timestamp to compliance script when remediating
 2023-01-03 10:20:34 -05:00
Dan Brodjieski
9c62d64141 fix[script]: generate_baseline error with tags 
Corrected issue when running generate_baseline.py with
a keyword/tag that wasn't included in mscp_data

generate_baseline.py crash with custom baselines #210
 2022-12-19 13:17:52 -05:00
Allen Golbig
ccb2cc398b feat[script] added check/fix/check logic 
Added check/fix/check logic to compliance script
 2022-12-13 12:59:53 -05:00
Bob Gendler
8e80136e2c Updated 1.1 date ventura_rev1.1 2022-12-08 10:18:34 -05:00
Allen Golbig
b82534d89e fix[helperfiles] updated adoc_additional_docs 
Fixed CIS docs in adoc_additional_docs
 2022-12-08 10:14:51 -05:00
Allen Golbig
48a6330b12 fix[helperfile] Set version for Rogue 
Set version 3.30.0 for Rogue Highlighter

Issue #208
 2022-12-07 13:31:02 -05:00
Dan Brodjieski
a87660d5ef refactor[rules,docs]: final updates for release 2022-12-07 13:23:26 -05:00
Allen Golbig
9fd3d11c80 docs[all] Updated for release 2022-12-06 14:39:26 -05:00
Bob Gendler
d29cd02c2a refactor[rules] CCEs added 
Added CCEs to new rules
 2022-12-06 12:17:16 -05:00
Allen Golbig
23e54b24d8 fix[rule] fixed os_tftpd_disable 
Fixed misspelling
 2022-12-05 22:03:37 -05:00
Allen Golbig
bf89986362 fix[helperfile] fixed mscp-data file 
Added All Rules title to mscp-data.yaml
 2022-12-05 14:41:38 -05:00
Allen Golbig
5bf1f70f45 feat[script] Additional Authors 
Sync changes from monterey to support additional authors

Issue #105
 2022-12-01 19:24:34 -05:00
Bob Gendler
fdf7011189 Added quotes around key in check 2022-12-01 10:41:01 -05:00
Bob Gendler
4061bf588d changed 12 to 13 in title 2022-11-30 11:52:38 -05:00
Bob Gendler
56bd3e11f8 refactor[supplemental] removed a cis manual entry 
Removed Fast User Switching audit
 2022-11-30 09:37:04 -05:00
Bob Gendler
9929fe2f2d Removed i386 tag 2022-11-29 11:08:32 -05:00
Bob Gendler
f9e2ae76f8 Merge branch 'dev_ventura_references' into ventura 2022-11-29 09:58:23 -05:00
Bob Gendler
1e90bd444e Merge branch 'dev_ventura_issue203' into ventura 2022-11-29 09:56:49 -05:00
Bob Gendler
55308d5d73 Merge branch 'dev_ventura_issue202' into ventura 2022-11-29 09:55:13 -05:00
Bob Gendler
345f02ee50 Merge branch 'dev_ventura_issue197' into ventura 2022-11-29 09:50:05 -05:00
Bob Gendler
0551943a3d refactor[rules] Minor changes 
Added missing | and fixed os_dvdram_disable discussion and title.
 2022-11-29 09:24:31 -05:00
Gendler
0d62a614be fix[rules] updated hibernatemode 
Updated hiberatemode 25 check and fix
Updated discussion
removed -i386 tag

Issue #203
 2022-11-28 10:49:41 -05:00
Dan Brodjieski
a9982fcd27 fix[script]: added support for CIS refs 
You can now pass cis, cis_lvl1, cis_lvl2, cisv8
to generate_guidance.py to allow for those
references to be included in the logs.
Also, replaced all instances of /bin/echo
 2022-11-23 08:51:36 -05:00
Dan Brodjieski
8b379a03d4 fix[rule]: corrected syntax 
Updated the loop for the authDBS array to correctly
loop over rules

#197
 2022-11-18 09:52:03 -05:00
Bob Gendler
d0ac9889a7 Merge branch 'dev_ventura_pr195' into ventura 2022-11-18 09:22:18 -05:00
Bob Gendler
8d7c720f72 [refactor] New rule added/modified 
Updated generated config profile generated
 2022-11-18 09:20:44 -05:00
Bob Gendler
2d89b7af80 [feat] Debug Mode Added 
Debug added to the generated compliance script. Hold down option to
invoke debug while running the script from the command line.

Issue #202
 2022-11-17 11:50:35 -05:00
Bob Gendler
461aae2f2d refactor[baselines] Added new rules 
New rules added to all_rules and cis related baselines
 2022-11-15 11:27:31 -05:00
Bob Gendler
24e4efd554 Merge branch 'dev_ventura_issue191' into ventura 2022-11-15 11:24:57 -05:00
Gendler
f55b6331c3 Updated cis benchmark 2022-11-10 10:39:02 -05:00
Gendler
efbb3a3a27 refactor[rules]: Updated 2 rules 
Fixed - os_safari_prevent_cross-site_tracking_enable
 - id
 - title
 - description
 - check
 - mobileconfig

Fixed - os_safari_advertising_privacy_protection_enable
 - Fixed spacing
 2022-11-10 10:26:58 -05:00
Allen Golbig
398dd17352 refactor[rules]: Added additional Safari Rules 
Added CIS Level 1 Safari rules which were missing
 2022-11-10 08:15:02 -05:00
Bob Gendler
82a6eae632 Merge branch 'dev_ventura_issue199' into ventura 2022-11-09 13:35:54 -05:00
Bob Gendler
346dec84c3 refactor[rules] system-system_settings_ssh_enable 
Check updated to look for enabled.
 2022-11-09 13:34:36 -05:00
Henry S
c61042badc add rule to disable iCloud based sign-in for Game Center (#195) 
* Update 800-171.yaml

* Fixed generate_mapping.py for authors

* v8 to controls v8 fix for excel generation

* Date for Monterey Revision 2 Updated

* Update README.adoc

* add rule to disable iCloud based sign-in for Game Center

* set CCE to N/A

TODO: NIST might need  to assign a CCE

Co-authored-by: Bob Gendler <robert.gendler@nist.gov>
Co-authored-by: Dan Brodjieski <brodjieski@gmail.com>
 2022-11-08 10:47:10 -05:00