usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-18 06:32:12 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,085 Commits 29 Branches 61 Tags
b7ecd573f2dee97ea9af63d3bb0caaf1b49427c5
Commit Graph

1085 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Bob Gendler
b7ecd573f2 Merge branch 'dev_ventura_issue268' into ventura 2023-06-20 11:44:14 -04:00
Bob Gendler
1c0cb40cff Merge branch 'dev_ventura_issue269' into ventura 2023-06-20 11:37:14 -04:00
Bob Gendler
be424f5d74 refactor[rules] New firewall check/fix 
Added new check/fix for ALF due to discovery of
being able to override the config profile

Issue #268
 2023-06-20 11:33:26 -04:00
Dan Brodjieski
c241d42b81 fix[rules]: updated fixes for auditd rules 
Removed the dynamic check for the audit files path

Issue #269
 2023-06-15 10:13:57 -04:00
Allen Golbig
84c83b9bc1 fix[rule] closed the fix section 
Added ---- to close the fix section of the rule
 2023-05-30 09:37:49 -04:00
Bob Gendler
fdcc5b5bb9 output redirection fix 2023-05-26 12:20:18 -04:00
Bob Gendler
5e1485e109 added missing double quote 2023-05-26 12:14:17 -04:00
Bob Gendler
abdf3f3cf3 Merge branch 'dev_ventura_issue263' into ventura 2023-05-26 11:59:00 -04:00
Bob Gendler
3b8406a119 Merge branch 'dev_ventura_issue245' into ventura 2023-05-26 11:51:39 -04:00
Bob Gendler
11194dc799 Merge branch 'dev_ventura_issue257' into ventura 2023-05-26 11:48:16 -04:00
Bob Gendler
9b22c671f1 refactor[rules] check update 
Updated check in os_policy_banner_ssh_configure
Issue #263
 2023-05-25 14:14:18 -04:00
Bob Gendler
ac1be946c0 Fixed &2> with 2&> 2023-05-25 13:31:53 -04:00
Allen Golbig
0143cb6805 Merge branch 'dev_ventura_issue259' into ventura 2023-05-23 11:18:52 -04:00
Dan Brodjieski
fa9d289ff6 refactor[rule]: Update discussion for SSHD 
Updated the discussions for ClientAliveCountMax
and ClientAliveInterval to better clarify the intent of the rule.

Issue #259
 2023-05-17 12:28:40 -04:00
Bob Gendler
cbaf9d3c28 refactor[rule] Check/Fix update 
Updated check/fix to match other sshd related rules
 2023-05-08 11:17:40 -04:00
Bob Gendler
8ec13ebf92 feat[scripts]ssh-keygen added to compliance script 
Issue #245
Check if sshd -T succeeds, if not, create required keys. Delete keys
after compliance check is complete
 2023-05-04 13:39:10 -04:00
Allen Golbig
d706e151ed Merge branch 'dev_ventura_pr251' into ventura 2023-04-25 12:20:57 -04:00
Allen Golbig
63634bada4 Merge pull request #251 from pkkemp/main 
Updated link for Apple Platform Certifications site
 2023-04-25 12:17:28 -04:00
Dan Brodjieski
0f5f5b697e update[baselines]: removed cnssi tags 
removing until cnssi updates are finalized
 2023-04-25 11:56:23 -04:00
Dan Brodjieski
feec3b41b8 fix[baselines]: removed deprecated rules 
Removed deprecated rules from the baseline files
 2023-04-25 11:52:03 -04:00
Allen Golbig
f37760f5b8 Merge branch 'dev_ventura_issue232' into ventura 2023-04-25 11:12:15 -04:00
Bob Gendler
180ebacadb Merge branch 'dev_ventura_issue241' into ventura 2023-04-18 11:21:57 -04:00
Bob Gendler
3dc00ce855 Merge branch 'dev_ventura_issue236' into ventura 2023-04-18 11:17:35 -04:00
Bob Gendler
52edf30163 Merge branch 'dev_ventura_issue226' into ventura 2023-04-18 11:07:11 -04:00
Bob Gendler
e068c8956e Merge branch 'dev_ventura_issue220' into ventura 2023-04-18 10:57:48 -04:00
Bob Gendler
e0971d2c42 Merge branch 'dev_ventura_issue244' into ventura 2023-04-18 10:52:18 -04:00
Preston Kemp
8e7336ae2a Updated link for Apple Platform Certifications site 
Update link to point to Apple Platform Certifications website, SCCC no longer exists.
 2023-04-15 09:19:26 -04:00
Allen Golbig
a853726e23 [fix] Gemfile - hardcode asciidoctor-pdf 
Hardcoding asciidoctor-pdf to 2.3.5 until issue resolved.

Issue #250
 2023-04-12 15:06:53 -04:00
Bob Gendler
103fa1ef29 refactor[rules] Updated os_anti_virus_installed 
Updated check for os_anti_virus_installed
Issue #241
 2023-04-05 11:00:02 -04:00
Erik Winter
83f1c21b68 use absolute path when referencing scutil and awk in compliance script (#239) 2023-04-05 10:22:57 -04:00
Bob Gendler
2f90a2402a [feat] Remove uchg flag from audit_control 
This is to resolve issue #236

Added /usr/bin/chflags nouchg to audit_control
 2023-04-05 10:19:57 -04:00
Bob Gendler
d444f07834 refactor[rules] Warning added to rule 
Warning added to os_authenticated_root_enable

Issue #226
 2023-04-05 10:01:52 -04:00
Bob Gendler
786c0a667d refactor[rules] Added check dontAllowFDEDisable 
issue #220

* Config profile information added
* Check rewrote to check for filevault enable & dontAllowFDEDisable profile
 2023-04-05 09:52:37 -04:00
Bob Gendler
82ff896adb [fix] generate_scap fix from change in sshd check 
Fix added to generate_scap.py due to change in
auth_ssh_password_authentication_disable check using sshd -T.

Now works if using double or single quote around when you're searching for
 2023-04-03 11:39:57 -04:00
Allen Golbig
87b1160326 refactor[rules] added deprecation statement 
Added deprecation statement for pathBlackList

Issue #232
 2023-03-08 07:55:30 -05:00
Bob Gendler
3c8162a1fc Merge branch 'dev_ventura_pr216' into ventura 2023-02-10 10:39:48 -05:00
Bob Gendler
7f636f2da9 refactor[rules] Updated full path for awk 2023-02-10 10:38:42 -05:00
Bob Gendler
0500311550 refactor[rules] Added missing ODV 
Added missing ODV section to pwpolicy_upper_case_character_enforce
 2023-02-10 10:02:39 -05:00
Allen Golbig
9d7c90dee5 fix[rule] fixed case in file name 
Fixed case to lowercase for usb
 2023-02-09 10:26:22 -05:00
Allen Golbig
206c83f956 fix[rule] updated check for USB restricted mode 
Updated system_settings_usb_restricted_mode

issue #222
 2023-01-25 15:26:35 -05:00
n4l5u0r
7abf37bba1 FIX: Adding LESS PERMISSIVE control option (#216) 
* Update 800-171.yaml

* Fixed generate_mapping.py for authors

* v8 to controls v8 fix for excel generation

* Date for Monterey Revision 2 Updated

* Update README.adoc

* Adding LESS PERMISSIVE control

On ventura the default permissions on `/etc/security/audit_control` are `-r--------` resulting in failed audit.

Co-authored-by: Bob Gendler <robert.gendler@nist.gov>
Co-authored-by: Dan Brodjieski <brodjieski@gmail.com>
 2023-01-25 14:46:50 -05:00
Allen Golbig
d123ade1d0 fix[rules] updated check for guest_account_disable 
updated check for guest_account_disable

issue #213
 2023-01-25 14:27:57 -05:00
Allen Golbig
3a3b8b7d98 Merge branch 'dev_ventura_issue210' into ventura 2023-01-25 14:14:42 -05:00
Allen Golbig
5e89d04d13 Merge branch 'dev_ventura_issue223' into ventura 2023-01-25 14:09:05 -05:00
Bob Gendler
27c2317ec2 refactor[rules] check/fix update 
auth_ssh_password_authentication_disable check and fix updated.
ChallengeResponseAuthentication was replaced with KbdInteractiveAuthentication.

Updated fix to write to sshd_config.d/01-mscp-sshd.sshd_config
Updated check to read from sshd -T

Issue #223
 2023-01-18 15:28:38 -05:00
Allen Golbig
c0762ed62c fix[baseline] added time machine encryption 
Added system_settings_time_machine_encrypted_configure to cis_lvl1
 2023-01-03 10:52:12 -05:00
Allen Golbig
a9c26c6f67 fix[rules] time_machine_encrypted_configure 
Fixed system_settings_time_machine_encrypted_configure

Issue #214
 2023-01-03 10:46:07 -05:00
Allen Golbig
1fce65b186 Merge branch 'dev_ventura_cfc' into ventura 2023-01-03 10:30:32 -05:00
Allen Golbig
b58e9edbcf fix[script] added timestamp to remediations 
Added timestamp to compliance script when remediating
 2023-01-03 10:20:34 -05:00
Dan Brodjieski
9c62d64141 fix[script]: generate_baseline error with tags 
Corrected issue when running generate_baseline.py with
a keyword/tag that wasn't included in mscp_data

generate_baseline.py crash with custom baselines #210
 2022-12-19 13:17:52 -05:00