usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-16 22:12:08 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,290 Commits 29 Branches 61 Tags
f0ab5dc8aebbd3d4e768c0760259d25e8e025bec
Commit Graph

1290 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Bob Gendler
f0ab5dc8ae fix[rules] updated location services rules 
Changed kickstart to find the PID and do a kill -9 to the PID

Issue #372
 2024-03-06 11:46:39 -05:00
Dan Brodjieski
8ab3ce3c01 Dev sonoma issue281 (#370) 
* fix[script]: added NOTE for rules marked manual

If 'manual' is in tags, it will add the note to the discussion

Issue #281

* chore[rule]: rewording of NOTE

---------

Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
 2024-02-28 11:58:19 -05:00
Crim
2f7560bdeb Update pwpolicy_custom_regex_enforce.yaml (#368) 
The new regex from my previous PR (#363) actually still required the lowercase letter to follow the capital letter even if they were no longer required to be right next to each other. This new regex does not require the capital or lowercase letter to be in any particular order but will require that at least one capital and one lowercase is in the password. This is accomplished using a positive lookahead.
 2024-02-28 11:37:04 -05:00
Bob Gendler
2ab099bfcd Dev sonoma issue356 (#367) 
* chore[rules]: updated STIG tags

Removed the stig tag from rules that weren't in the stig.
Added 'srg' tag to rules that had SRG references, but not in stig

Issue #356

* chore[baseline]: updated STIG baseline

* chore[references]: updated CCI and SRG refs

Updated severity where needed too

* fix[rule]: yaml syntax for CCI

* fix[rules]: added missing STIG ODVs

---------

Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
Co-authored-by: Dan Brodjieski <dbrodjieski@icloud.com>
 2024-02-26 15:50:02 -05:00
Crim
a949715dcc Update pwpolicy_custom_regex_enforce.yaml (#363) 
Changed the recommended custom regex to require 1 capitol and 1 lowercase letter anywhere in the password. The previous regex required a capital letter immediately followed by a lowercase letter or it would not match.
 2024-02-23 14:38:51 -05:00
Conor D
23e35485d0 Update supplemental_filevault.yaml (#352) 
Fixed space from <true /> to <true/> at line 36.
 2024-02-23 13:58:22 -05:00
Dan Brodjieski
acf9665d80 Dev sonoma issue344 (#365) 
* fix[rule]: updated to support ODV

Added ODV values to retain legacy values until CIS updates.

Issue #344

* chore[rule]: added note about restoring UX

* chore[rule]: added full paths to commands

---------

Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
 2024-02-23 13:52:15 -05:00
Allen Golbig
f102dc9a6e fix[rule] os_setup_assistant_filevault_enforce 
Removed .js in check

Issue #362
 2024-02-23 08:18:23 -05:00
Allen Golbig
d2cd70220a fixed typo 2024-02-23 08:08:22 -05:00
Dan Brodjieski
066f9437f2 chore[rules]: added -stig to supplemental rules 2024-01-31 12:45:14 -05:00
Dan Brodjieski
6d7484d46f Merge branch 'sonoma' into dev_sonoma_issue324 2024-01-31 12:40:57 -05:00
Dan Brodjieski
7ff8240bca chore[baseline]: updated STIG yaml 
removed unneeded support files
 2024-01-31 12:24:14 -05:00
Dan Brodjieski
88edda81b3 chore[rules]: updated mapping from STIG 2024-01-29 13:54:13 -05:00
Dan Brodjieski
701ed9bec0 chore[rules]: updates from published STIG 
added STIG references and updated baselines to support latest release from DISA
 2024-01-24 08:16:00 -05:00
Dan Brodjieski
f06782a180 Merge branch 'sonoma' into dev_sonoma_disa 2024-01-23 15:45:21 -05:00
Allen Golbig
aa0b525be1 Merge pull request #333 from Honestpuck/sonoma 
added --audit_name
 2024-01-22 09:37:31 -05:00
Allen Golbig
1551a3d559 Merge pull request #334 from pjbeyer/patch-1 
Update SP 800-219 reference to Rev 1
 2024-01-22 09:27:30 -05:00
Allen Golbig
afd27f86fd Merge pull request #328 from nihil-admirari/sonoma_typos 
Fix typos
 2024-01-22 09:21:33 -05:00
nihil-admirari
cc53ee52b9 Fix more typos 2023-12-22 16:11:50 +03:00
Allen Golbig
1b41baf0b4 Merge pull request #336 from headmin/231215-timeserver-recommendation 
Update timeServer recommendation
 2023-12-18 13:47:55 -05:00
Henry S
b45473468a Remove space on ODV 2023-12-18 19:46:01 +01:00
Henry S
e37a44d575 Update ODVs for timeServer 
set NIST and stig ODVs to time.nist.gov
 2023-12-18 19:43:31 +01:00
Henry S
f595a5393a Update timeServer recommendation 
As of macOS 10.13 only one time server is supported.

See Apple Update from 13/12/2023 here: https://github.com/apple/device-management/blob/release/mdm/profiles/com.apple.MCX(TimeServer).yaml#L21-L25
 2023-12-18 12:55:39 +01:00
Phil Beyer
c5fe52bcdd Update SP 800-219 reference to Rev 1 2023-12-15 07:13:29 -05:00
Tony Williams
892422f210 added --audit_name 2023-12-14 14:46:47 +11:00
Dan Brodjieski
1088dbd6dd fix[pdf]: added tailored by subtitle 
Issue #332
 2023-12-13 10:18:03 -05:00
nihil-admirari
4223d114a7 Fix typos 2023-12-10 13:58:17 +03:00
Dan Brodjieski
5aa10fe8a7 fix[rule]: change to correct value 
added note explaining that TouchID is disabled with this setting
 2023-12-01 15:29:44 -05:00
Dan Brodjieski
c52b7ff0e4 fix[rule]: change to correct value 
added note explaining that TouchID is disabled for screensaver
 2023-12-01 15:27:38 -05:00
Dan Brodjieski
6963c5b705 refactor[rules]: add tags to supplementals 
Generated baselines should now have the correct supplemental rules

Issue #324
 2023-11-28 12:47:58 -05:00
Dan Brodjieski
debd0a12d9 fix: typo in script 2023-11-28 12:32:54 -05:00
Allen Golbig
5c2d7a75a9 refactor[rule] added base64 to loginwindowtext ck 
added base64 check to system_settings_loginwindow_loginwindowtext_enable
 2023-11-28 12:29:31 -05:00
Dan Brodjieski
4486c11db0 Sync base64 change 2023-11-28 12:12:25 -05:00
Dan Brodjieski
56d653b0ae fix for issue #319 2023-11-28 12:02:13 -05:00
Bob Gendler
27ce546fdb refactor[scripts] updated generate_guidance 
-r option will now also write references to the audit plist file
 2023-11-28 10:49:18 -05:00
Bob Gendler
49a8b1663d refactor[includes] Updated enablePF-mscp.sh 
Updated script based on slack discussion
 2023-11-28 10:39:21 -05:00
Dan Brodjieski
1795a7e0c5 fix[script]: issue #315 2023-10-27 12:37:12 -04:00
Dan Brodjieski
e3a24f4a23 fix[script]: issue #301 2023-10-26 15:38:27 -04:00
Dan Brodjieski
b0bead5330 fix[script]: updated stig tag reference 2023-10-26 13:19:25 -04:00
Allen Golbig
812d3b93ca fix[rules] updates for cis release 
Moved os_safari_javascript_enabled to manual
 2023-10-13 10:35:00 -04:00
Bob Gendler
8d59fd9dce fixed closeing xml tag 2023-10-12 13:30:55 -04:00
Allen Golbig
70398b7b20 fix[rule] os_recovery_lock_enable 
removed manual tag from os_recovery_lock_enable

issue #314
 2023-10-10 11:38:05 -04:00
Bob Gendler
50c33a90e0 Renamed baseline file 2023-10-05 13:50:26 -04:00
Bob Gendler
ccc9675769 Renamed baseline file 2023-10-05 13:49:54 -04:00
Bob Gendler
2a41fdb23d changed newstig to stig tag 2023-10-05 13:45:19 -04:00
Bob Gendler
a1505a4ff8 new stig draft baseline created 2023-10-05 13:43:31 -04:00
Bob Gendler
a61c4b8ac7 fixed bad character in xml 2023-10-05 13:43:14 -04:00
Allen Golbig
325ecf02c3 Merge pull request #308 from patgmac/WebKitPreferences.javaScriptEnabled-patch-1 
Update os_safari_javascript_enabled.yaml
 2023-10-05 10:47:31 -04:00
Allen Golbig
4ed1204e88 fix[rules] fixed cis label 
Fixed label in os_safari_popups_disabled
 2023-10-03 08:49:49 -04:00
Allen Golbig
108548c9f8 fixed conflicts 2023-10-02 11:58:50 -04:00