usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-16 14:02:07 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,358 Commits 29 Branches 61 Tags
a2f6652817fb581981fa423a4b38971c856f10ef
Commit Graph

749 Commits

Author SHA1 Message Date
robertgendler
b266b6e0cd renamed file 2024-08-08 10:00:38 -04:00
robertgendler
e510dd1fa3 Removed os_gatekeeper_rearm, Added so_sudo_log_enforce 2024-08-08 09:57:55 -04:00
Dan Brodjieski
d986f549ff refactor[ddm]: add ddm info to sudo rule 2024-07-30 15:01:24 -04:00
Dan Brodjieski
5e782d3fdd refactor[ddm]: add ddm info to remaining sshd rules 2024-07-30 15:01:01 -04:00
Bob Gendler
539cdfd83d refactor[rules] Added Disk Management DDM 
Added com.apple.configuration.diskmanagement.settings to mscp-data
Added os_external_storage_restriction
Added os_network_storage_restriction
 2024-07-26 14:50:43 -04:00
Bob Gendler
06da97bc2a refactor[rules] Updated DDM info for pwpolicy 
Added DDM info for pwpolicy rules
 2024-07-25 09:52:53 -04:00
Bob Gendler
96ade12e2f feat[ddm] Added DDM to sequoia 
Updated scripts and rule files
 2024-07-24 14:00:10 -04:00
Bob Gendler
d75a7b1245 Fixed the fix statement 2024-07-16 11:51:49 -04:00
Bob Gendler
dec9527722 fixed checked 2024-07-16 10:23:36 -04:00
Bob Gendler
ea3b1f0bc4 refactor[rules] Added AI rules 
Added
* os_genmoji_disable
* os_image_generation_disable
* os_iphone_mirroring_disable
* os_writing_tools_disable
 2024-07-15 21:37:49 -04:00
Bob Gendler
97cde24135 updated check to use jxa 2024-07-15 21:07:00 -04:00
Bob Gendler
182a4d8d1e refactor[rules] Gatekeeper rules 
Gatekeeper is fully enforced by configuration profile now.
 2024-07-15 21:00:28 -04:00
Bob Gendler
514d451ff6 refactor[rules] firewall rules 
Firewall is now fully enforced by a configuration profile.
 2024-07-15 21:00:28 -04:00
Allen Golbig
d7db6e4c3d updated system_settings_media_sharing_disabled 2024-07-15 20:55:27 -04:00
Allen Golbig
866f60c723 updated os_implement_cryptography 2024-07-15 20:33:51 -04:00
Allen Golbig
d1de3c0665 removed cces and stigs 2024-07-15 19:52:43 -04:00
Allen Golbig
701e4d6b6a dev_sequoia 2024-07-15 18:01:42 -04:00
Bob Gendler
52798b62ca refactor[rules]Update discussion os_camera_disable 
Updated discussion for os_camera_disable to match Ventura DISA STIG.
 2024-04-11 11:20:04 -04:00
Bob Gendler
46174abd21 removed double stig tag 2024-04-08 10:38:41 -04:00
Bob Gendler
86eab839ad Added CCEs 2024-04-04 11:45:48 -04:00
Bob Gendler
b6fdcda9a8 refactor[rule] system_wide_preferences_configure 
Updated check and fix for additional keys and values in authorizationdb
 2024-04-02 11:33:29 -04:00
Bob Gendler
042b54310d refactor[rules] Updated typos 
Fixed grammar and spacing issues
 2024-04-02 11:25:03 -04:00
Bob Gendler
1518ac919d Merge branch 'dev_sonoma_issue345' into sonoma 2024-04-02 09:53:39 -04:00
Bob Gendler
bd5afc10c9 Added NOTE: 2024-04-02 09:44:58 -04:00
Bob Gendler
4ca9d995da refactor[rules] os_anti_virus_installed and timed 
Removed auto remediation since it cannot occur if SIP is enabled.
Added a note about SIP.
 2024-03-25 12:01:57 -04:00
Bob Gendler
703a421fd9 refactor[rules] touchid and unlock with watch 
Changed 800-53 reference to IA-5
Added note about 800-63
 2024-03-25 11:39:24 -04:00
Bob Gendler
168231c297 Merge branch 'dev_sonoma_issue343' into sonoma 2024-03-25 11:18:01 -04:00
Dan Brodjieski
3d0f9fcb8b Merge branch 'sonoma' into dev_sonoma_issue343 2024-03-25 09:19:52 -04:00
Dan Brodjieski
ee31be4f89 Merge branch 'sonoma' into dev_sonoma_issue292 2024-03-25 09:17:42 -04:00
Bob Gendler
6b43301205 Added missing Recommendations header 2024-03-11 10:17:31 -04:00
Allen Golbig
32c3c22447 fixes issue #355 2024-03-07 15:09:30 -05:00
Bob Gendler
71353fe690 changed enabled to true 2024-03-07 11:19:21 -05:00
Dan Brodjieski
0811ce6ac3 fix[check]: adjusted awk to not include gz files 2024-03-07 10:42:55 -05:00
Bob Gendler
f0ab5dc8ae fix[rules] updated location services rules 
Changed kickstart to find the PID and do a kill -9 to the PID

Issue #372
 2024-03-06 11:46:39 -05:00
Crim
2f7560bdeb Update pwpolicy_custom_regex_enforce.yaml (#368) 
The new regex from my previous PR (#363) actually still required the lowercase letter to follow the capital letter even if they were no longer required to be right next to each other. This new regex does not require the capital or lowercase letter to be in any particular order but will require that at least one capital and one lowercase is in the password. This is accomplished using a positive lookahead.
 2024-02-28 11:37:04 -05:00
Dan Brodjieski
72c1f08792 refactor[rule]: updated check to clarify findings 
Added some verbiage to describe why it fails.

Issue os_install_log_retention_configure - remediation does not match check #292
 2024-02-27 15:28:37 -05:00
Bob Gendler
2ab099bfcd Dev sonoma issue356 (#367) 
* chore[rules]: updated STIG tags

Removed the stig tag from rules that weren't in the stig.
Added 'srg' tag to rules that had SRG references, but not in stig

Issue #356

* chore[baseline]: updated STIG baseline

* chore[references]: updated CCI and SRG refs

Updated severity where needed too

* fix[rule]: yaml syntax for CCI

* fix[rules]: added missing STIG ODVs

---------

Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
Co-authored-by: Dan Brodjieski <dbrodjieski@icloud.com>
 2024-02-26 15:50:02 -05:00
Crim
a949715dcc Update pwpolicy_custom_regex_enforce.yaml (#363) 
Changed the recommended custom regex to require 1 capitol and 1 lowercase letter anywhere in the password. The previous regex required a capital letter immediately followed by a lowercase letter or it would not match.
 2024-02-23 14:38:51 -05:00
Conor D
23e35485d0 Update supplemental_filevault.yaml (#352) 
Fixed space from <true /> to <true/> at line 36.
 2024-02-23 13:58:22 -05:00
Dan Brodjieski
acf9665d80 Dev sonoma issue344 (#365) 
* fix[rule]: updated to support ODV

Added ODV values to retain legacy values until CIS updates.

Issue #344

* chore[rule]: added note about restoring UX

* chore[rule]: added full paths to commands

---------

Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
 2024-02-23 13:52:15 -05:00
Allen Golbig
f102dc9a6e fix[rule] os_setup_assistant_filevault_enforce 
Removed .js in check

Issue #362
 2024-02-23 08:18:23 -05:00
Allen Golbig
d2cd70220a fixed typo 2024-02-23 08:08:22 -05:00
Dan Brodjieski
066f9437f2 chore[rules]: added -stig to supplemental rules 2024-01-31 12:45:14 -05:00
Dan Brodjieski
6d7484d46f Merge branch 'sonoma' into dev_sonoma_issue324 2024-01-31 12:40:57 -05:00
Dan Brodjieski
88edda81b3 chore[rules]: updated mapping from STIG 2024-01-29 13:54:13 -05:00
Dan Brodjieski
701ed9bec0 chore[rules]: updates from published STIG 
added STIG references and updated baselines to support latest release from DISA
 2024-01-24 08:16:00 -05:00
Dan Brodjieski
f06782a180 Merge branch 'sonoma' into dev_sonoma_disa 2024-01-23 15:45:21 -05:00
Allen Golbig
afd27f86fd Merge pull request #328 from nihil-admirari/sonoma_typos 
Fix typos
 2024-01-22 09:21:33 -05:00
Dan Brodjieski
515de70e43 fix[rule]: more accurate check 
updated check to better report if user records contain password hints

Issue #343
 2024-01-04 11:29:41 -05:00
nihil-admirari
cc53ee52b9 Fix more typos 2023-12-22 16:11:50 +03:00