usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-17 06:12:10 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,043 Commits 29 Branches 61 Tags
103fa1ef293e7f34b9977352cb251b787fa975ce
Commit Graph

570 Commits

Author SHA1 Message Date
Bob Gendler
103fa1ef29 refactor[rules] Updated os_anti_virus_installed 
Updated check for os_anti_virus_installed
Issue #241
 2023-04-05 11:00:02 -04:00
Bob Gendler
3c8162a1fc Merge branch 'dev_ventura_pr216' into ventura 2023-02-10 10:39:48 -05:00
Bob Gendler
7f636f2da9 refactor[rules] Updated full path for awk 2023-02-10 10:38:42 -05:00
Bob Gendler
0500311550 refactor[rules] Added missing ODV 
Added missing ODV section to pwpolicy_upper_case_character_enforce
 2023-02-10 10:02:39 -05:00
Allen Golbig
9d7c90dee5 fix[rule] fixed case in file name 
Fixed case to lowercase for usb
 2023-02-09 10:26:22 -05:00
Allen Golbig
206c83f956 fix[rule] updated check for USB restricted mode 
Updated system_settings_usb_restricted_mode

issue #222
 2023-01-25 15:26:35 -05:00
n4l5u0r
7abf37bba1 FIX: Adding LESS PERMISSIVE control option (#216) 
* Update 800-171.yaml

* Fixed generate_mapping.py for authors

* v8 to controls v8 fix for excel generation

* Date for Monterey Revision 2 Updated

* Update README.adoc

* Adding LESS PERMISSIVE control

On ventura the default permissions on `/etc/security/audit_control` are `-r--------` resulting in failed audit.

Co-authored-by: Bob Gendler <robert.gendler@nist.gov>
Co-authored-by: Dan Brodjieski <brodjieski@gmail.com>
 2023-01-25 14:46:50 -05:00
Allen Golbig
d123ade1d0 fix[rules] updated check for guest_account_disable 
updated check for guest_account_disable

issue #213
 2023-01-25 14:27:57 -05:00
Bob Gendler
27c2317ec2 refactor[rules] check/fix update 
auth_ssh_password_authentication_disable check and fix updated.
ChallengeResponseAuthentication was replaced with KbdInteractiveAuthentication.

Updated fix to write to sshd_config.d/01-mscp-sshd.sshd_config
Updated check to read from sshd -T

Issue #223
 2023-01-18 15:28:38 -05:00
Allen Golbig
a9c26c6f67 fix[rules] time_machine_encrypted_configure 
Fixed system_settings_time_machine_encrypted_configure

Issue #214
 2023-01-03 10:46:07 -05:00
Bob Gendler
d29cd02c2a refactor[rules] CCEs added 
Added CCEs to new rules
 2022-12-06 12:17:16 -05:00
Allen Golbig
23e54b24d8 fix[rule] fixed os_tftpd_disable 
Fixed misspelling
 2022-12-05 22:03:37 -05:00
Bob Gendler
fdf7011189 Added quotes around key in check 2022-12-01 10:41:01 -05:00
Bob Gendler
56bd3e11f8 refactor[supplemental] removed a cis manual entry 
Removed Fast User Switching audit
 2022-11-30 09:37:04 -05:00
Bob Gendler
9929fe2f2d Removed i386 tag 2022-11-29 11:08:32 -05:00
Bob Gendler
1e90bd444e Merge branch 'dev_ventura_issue203' into ventura 2022-11-29 09:56:49 -05:00
Bob Gendler
345f02ee50 Merge branch 'dev_ventura_issue197' into ventura 2022-11-29 09:50:05 -05:00
Bob Gendler
0551943a3d refactor[rules] Minor changes 
Added missing | and fixed os_dvdram_disable discussion and title.
 2022-11-29 09:24:31 -05:00
Gendler
0d62a614be fix[rules] updated hibernatemode 
Updated hiberatemode 25 check and fix
Updated discussion
removed -i386 tag

Issue #203
 2022-11-28 10:49:41 -05:00
Dan Brodjieski
8b379a03d4 fix[rule]: corrected syntax 
Updated the loop for the authDBS array to correctly
loop over rules

#197
 2022-11-18 09:52:03 -05:00
Bob Gendler
d0ac9889a7 Merge branch 'dev_ventura_pr195' into ventura 2022-11-18 09:22:18 -05:00
Bob Gendler
8d7c720f72 [refactor] New rule added/modified 
Updated generated config profile generated
 2022-11-18 09:20:44 -05:00
Bob Gendler
24e4efd554 Merge branch 'dev_ventura_issue191' into ventura 2022-11-15 11:24:57 -05:00
Gendler
f55b6331c3 Updated cis benchmark 2022-11-10 10:39:02 -05:00
Gendler
efbb3a3a27 refactor[rules]: Updated 2 rules 
Fixed - os_safari_prevent_cross-site_tracking_enable
 - id
 - title
 - description
 - check
 - mobileconfig

Fixed - os_safari_advertising_privacy_protection_enable
 - Fixed spacing
 2022-11-10 10:26:58 -05:00
Allen Golbig
398dd17352 refactor[rules]: Added additional Safari Rules 
Added CIS Level 1 Safari rules which were missing
 2022-11-10 08:15:02 -05:00
Bob Gendler
346dec84c3 refactor[rules] system-system_settings_ssh_enable 
Check updated to look for enabled.
 2022-11-09 13:34:36 -05:00
Henry S
c61042badc add rule to disable iCloud based sign-in for Game Center (#195) 
* Update 800-171.yaml

* Fixed generate_mapping.py for authors

* v8 to controls v8 fix for excel generation

* Date for Monterey Revision 2 Updated

* Update README.adoc

* add rule to disable iCloud based sign-in for Game Center

* set CCE to N/A

TODO: NIST might need  to assign a CCE

Co-authored-by: Bob Gendler <robert.gendler@nist.gov>
Co-authored-by: Dan Brodjieski <brodjieski@gmail.com>
 2022-11-08 10:47:10 -05:00
Allen Golbig
07b096c8a0 fix[rules] updated cis refs 
Updated refs and fixed various things

Issue #191
 2022-11-04 08:49:19 -04:00
Allen Golbig
e52a97f2b1 fix[rules] fixed cis tags 
Fixed tags where cis_lvl2 had cis_lvl2 tags

Issue #198
 2022-11-03 11:24:01 -04:00
Bob Gendler
3fdbd2a5ac refactor[rules]: Fixed xpath 
Updated xpath to output all keys equaling DisabledPreferencePanes.

This fixes if there are multiple profiles setting the same key.

Issue #193
 2022-11-02 09:25:11 -04:00
Bob Gendler
039a8118b1 refactor[rules]: Fixed xpath 
Updated xpath to output all keys equaling DisabledPreferencePanes.

This fixes if there are multiple profiles setting the same key.

Issue #193
 2022-11-02 09:23:13 -04:00
Bob Gendler
470fbc209f refactor[rules]: Removed and edited 
* Removed system_settings_bluetooth_unpaired_disable
* Edited title and discussion for
    - os_rapid_security_response_removal_disable
    - system_settings_time_server_enforce
 2022-10-28 09:55:10 -04:00
Allen Golbig
2bfc0c63ff fix[rule] spaces are hard 
removed space in front of references

Issue#192
 2022-10-26 13:21:50 -04:00
Allen Golbig
78aca0423a fix[rule] fixed references 
Added refs removed when clearing cce

issue#192
 2022-10-26 13:18:49 -04:00
Allen Golbig
bdb9629651 fix[rule] cisv8 references 
Updated references and tags for cisv8

issue#191
 2022-10-25 20:40:19 -04:00
Bob Gendler
3515ca5f56 refactor[rules] Removed STIG references 
Removed and fixed STIG and SRG references.
 2022-10-19 21:47:16 -04:00
Bob Gendler
1a4aa58597 refactor[rules] Updated FIPS information 
Updated information on FIPS for macOS Ventura.
 2022-10-19 21:46:25 -04:00
Bob Gendler
e3853a8202 removed STIG reference 2022-10-19 21:08:03 -04:00
Bob Gendler
84405d8db9 refactor[rules] Updates to supplemental_cis_manual 
Updated CIS manual controls to match CIS Ventura benchmark
 2022-10-19 10:41:18 -04:00
Bob Gendler
3d6f7c6f1f refactor[rules] More CIS Ventura Benchmark updates 
* Updates to benchmark numbers in rules
* Removed system_settings_location_services_audit
 2022-10-19 10:21:15 -04:00
Bob Gendler
e807a191c6 refactor [rules] Updated library validation rule 
Removed CIS Benchmark numbers from library validation and removed from
baseline files
 2022-10-18 22:12:39 -04:00
Bob Gendler
64fd989a59 refactor [rules] Updated check to use xmllint 
Updated to use xmllint and read xpath instead of grep | grep
 2022-10-18 21:50:16 -04:00
Bob Gendler
86ad1f3fb2 refactor [rules] Updated check/fix 
New check and fix wrote for system_settings_system_wide_preferences_configure.
This is required for Ventura for System Settings to work properly.
 2022-10-18 21:19:55 -04:00
Dan Brodjieski
fead101e4b refactor[rules]: removed STIG referencing 
Removed references to the STIG until it is released.
 2022-10-18 18:57:37 -04:00
Bob Gendler
1e2d1d0ba1 refactor [rules] Updates to match CIS Ventura Benchmark 
Updated rule files
Updated baseline files
 2022-10-18 16:37:30 -04:00
Allen Golbig
0ab1cdcd69 refactor[rule] updated supplemental_cis_manual 
Updated supplemental_cis_manual
 2022-10-18 16:27:38 -04:00
Bob Gendler
6524c4ff54 refactor [rules] Updates to CIS Ventura Benchmark 
* Changed numbering to match CIS Ventura Benchmark numbers.
* Added system_settings_location_services_menu_enforce
 2022-10-18 16:13:12 -04:00
Bob Gendler
9aa5f221ef refactor [rules] Updated CIS Benchmark Numbers 
Updated CIS Benchmark Numbers to match 4 - Network Configurations
 2022-10-18 12:15:38 -04:00
Bob Gendler
f27a508565 refactor [rules] Updated CIS Benchmark numbering 
Updated benchmark numbers to match CIS Ventura baseline draft
 2022-10-18 12:10:21 -04:00