usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-17 14:22:11 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,078 Commits 29 Branches 61 Tags
de2c4da630c36e901d1ea445b3705eff0ccabbb5
Commit Graph

1078 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Bob Gendler
de2c4da630 added missing double quote 2023-05-26 12:14:44 -04:00
Bob Gendler
c68bc61272 issue #245 brought upstream from ventura 2023-05-26 12:04:16 -04:00
Bob Gendler
59f6113560 refactor[rules] Added missing required rule files 
Added required payload to
system_settings_firewall_stealth_mode_enable and auth_smartcard_enforce

Added missing DISA STIG references to auth_smartcard_allow and
system_settings_firewall_enable
 2023-05-25 09:45:31 -04:00
Bob Gendler
cdfe0ecd34 refactor[supplemental] Updated supplemental_stig 
Finished
 2023-05-23 12:24:20 -04:00
Bob Gendler
92cc148d26 refactor[rules]sshd rule updates 
Changed discussion to describe what the setting
properly is doing
 2023-05-23 12:23:37 -04:00
Bob Gendler
dd40ffa6f2 refactor[baseline] DISA-STIG Baseline adjusted 
Added supplemental_stig
Removed supplemental_controls and pf_firewall
 2023-05-23 12:22:49 -04:00
Bob Gendler
8d6c8d5e06 Updated discussion blurb 2023-05-17 10:14:00 -04:00
Bob Gendler
0af6a23618 DISA STIG supplemental created 2023-05-17 10:05:06 -04:00
Bob Gendler
f0bc8666c9 refactor[rules/baselines] DISA STIG 
Re-add DISA STIG branch
* New rules added
* STIG references and tags added
* Whitespace clean up
* DISA-STIG baseline added
 2023-05-04 13:43:18 -04:00
Allen Golbig
d706e151ed Merge branch 'dev_ventura_pr251' into ventura 2023-04-25 12:20:57 -04:00
Allen Golbig
63634bada4 Merge pull request #251 from pkkemp/main 
Updated link for Apple Platform Certifications site
 2023-04-25 12:17:28 -04:00
Dan Brodjieski
0f5f5b697e update[baselines]: removed cnssi tags 
removing until cnssi updates are finalized
 2023-04-25 11:56:23 -04:00
Dan Brodjieski
feec3b41b8 fix[baselines]: removed deprecated rules 
Removed deprecated rules from the baseline files
 2023-04-25 11:52:03 -04:00
Allen Golbig
f37760f5b8 Merge branch 'dev_ventura_issue232' into ventura 2023-04-25 11:12:15 -04:00
Bob Gendler
180ebacadb Merge branch 'dev_ventura_issue241' into ventura 2023-04-18 11:21:57 -04:00
Bob Gendler
3dc00ce855 Merge branch 'dev_ventura_issue236' into ventura 2023-04-18 11:17:35 -04:00
Bob Gendler
52edf30163 Merge branch 'dev_ventura_issue226' into ventura 2023-04-18 11:07:11 -04:00
Bob Gendler
e068c8956e Merge branch 'dev_ventura_issue220' into ventura 2023-04-18 10:57:48 -04:00
Bob Gendler
e0971d2c42 Merge branch 'dev_ventura_issue244' into ventura 2023-04-18 10:52:18 -04:00
Preston Kemp
8e7336ae2a Updated link for Apple Platform Certifications site 
Update link to point to Apple Platform Certifications website, SCCC no longer exists.
 2023-04-15 09:19:26 -04:00
Allen Golbig
a853726e23 [fix] Gemfile - hardcode asciidoctor-pdf 
Hardcoding asciidoctor-pdf to 2.3.5 until issue resolved.

Issue #250
 2023-04-12 15:06:53 -04:00
Bob Gendler
103fa1ef29 refactor[rules] Updated os_anti_virus_installed 
Updated check for os_anti_virus_installed
Issue #241
 2023-04-05 11:00:02 -04:00
Erik Winter
83f1c21b68 use absolute path when referencing scutil and awk in compliance script (#239) 2023-04-05 10:22:57 -04:00
Bob Gendler
2f90a2402a [feat] Remove uchg flag from audit_control 
This is to resolve issue #236

Added /usr/bin/chflags nouchg to audit_control
 2023-04-05 10:19:57 -04:00
Bob Gendler
d444f07834 refactor[rules] Warning added to rule 
Warning added to os_authenticated_root_enable

Issue #226
 2023-04-05 10:01:52 -04:00
Bob Gendler
786c0a667d refactor[rules] Added check dontAllowFDEDisable 
issue #220

* Config profile information added
* Check rewrote to check for filevault enable & dontAllowFDEDisable profile
 2023-04-05 09:52:37 -04:00
Bob Gendler
82ff896adb [fix] generate_scap fix from change in sshd check 
Fix added to generate_scap.py due to change in
auth_ssh_password_authentication_disable check using sshd -T.

Now works if using double or single quote around when you're searching for
 2023-04-03 11:39:57 -04:00
Allen Golbig
87b1160326 refactor[rules] added deprecation statement 
Added deprecation statement for pathBlackList

Issue #232
 2023-03-08 07:55:30 -05:00
Bob Gendler
3c8162a1fc Merge branch 'dev_ventura_pr216' into ventura 2023-02-10 10:39:48 -05:00
Bob Gendler
7f636f2da9 refactor[rules] Updated full path for awk 2023-02-10 10:38:42 -05:00
Bob Gendler
0500311550 refactor[rules] Added missing ODV 
Added missing ODV section to pwpolicy_upper_case_character_enforce
 2023-02-10 10:02:39 -05:00
Allen Golbig
9d7c90dee5 fix[rule] fixed case in file name 
Fixed case to lowercase for usb
 2023-02-09 10:26:22 -05:00
Allen Golbig
206c83f956 fix[rule] updated check for USB restricted mode 
Updated system_settings_usb_restricted_mode

issue #222
 2023-01-25 15:26:35 -05:00
n4l5u0r
7abf37bba1 FIX: Adding LESS PERMISSIVE control option (#216) 
* Update 800-171.yaml

* Fixed generate_mapping.py for authors

* v8 to controls v8 fix for excel generation

* Date for Monterey Revision 2 Updated

* Update README.adoc

* Adding LESS PERMISSIVE control

On ventura the default permissions on `/etc/security/audit_control` are `-r--------` resulting in failed audit.

Co-authored-by: Bob Gendler <robert.gendler@nist.gov>
Co-authored-by: Dan Brodjieski <brodjieski@gmail.com>
 2023-01-25 14:46:50 -05:00
Allen Golbig
d123ade1d0 fix[rules] updated check for guest_account_disable 
updated check for guest_account_disable

issue #213
 2023-01-25 14:27:57 -05:00
Allen Golbig
3a3b8b7d98 Merge branch 'dev_ventura_issue210' into ventura 2023-01-25 14:14:42 -05:00
Allen Golbig
5e89d04d13 Merge branch 'dev_ventura_issue223' into ventura 2023-01-25 14:09:05 -05:00
Bob Gendler
27c2317ec2 refactor[rules] check/fix update 
auth_ssh_password_authentication_disable check and fix updated.
ChallengeResponseAuthentication was replaced with KbdInteractiveAuthentication.

Updated fix to write to sshd_config.d/01-mscp-sshd.sshd_config
Updated check to read from sshd -T

Issue #223
 2023-01-18 15:28:38 -05:00
Allen Golbig
c0762ed62c fix[baseline] added time machine encryption 
Added system_settings_time_machine_encrypted_configure to cis_lvl1
 2023-01-03 10:52:12 -05:00
Allen Golbig
a9c26c6f67 fix[rules] time_machine_encrypted_configure 
Fixed system_settings_time_machine_encrypted_configure

Issue #214
 2023-01-03 10:46:07 -05:00
Allen Golbig
1fce65b186 Merge branch 'dev_ventura_cfc' into ventura 2023-01-03 10:30:32 -05:00
Allen Golbig
b58e9edbcf fix[script] added timestamp to remediations 
Added timestamp to compliance script when remediating
 2023-01-03 10:20:34 -05:00
Dan Brodjieski
9c62d64141 fix[script]: generate_baseline error with tags 
Corrected issue when running generate_baseline.py with
a keyword/tag that wasn't included in mscp_data

generate_baseline.py crash with custom baselines #210
 2022-12-19 13:17:52 -05:00
Allen Golbig
ccb2cc398b feat[script] added check/fix/check logic 
Added check/fix/check logic to compliance script
 2022-12-13 12:59:53 -05:00
Bob Gendler
10705d9597 Merge branch 'ventura' 2022-12-08 10:38:44 -05:00
Bob Gendler
8e80136e2c Updated 1.1 date ventura_rev1.1 2022-12-08 10:18:34 -05:00
Allen Golbig
b82534d89e fix[helperfiles] updated adoc_additional_docs 
Fixed CIS docs in adoc_additional_docs
 2022-12-08 10:14:51 -05:00
Allen Golbig
48a6330b12 fix[helperfile] Set version for Rogue 
Set version 3.30.0 for Rogue Highlighter

Issue #208
 2022-12-07 13:31:02 -05:00
Dan Brodjieski
a87660d5ef refactor[rules,docs]: final updates for release 2022-12-07 13:23:26 -05:00
Allen Golbig
9fd3d11c80 docs[all] Updated for release 2022-12-06 14:39:26 -05:00