usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-16 22:12:08 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,290 Commits 29 Branches 61 Tags
f0ab5dc8aebbd3d4e768c0760259d25e8e025bec
Commit Graph

714 Commits

Author SHA1 Message Date
Bob Gendler
f0ab5dc8ae fix[rules] updated location services rules 
Changed kickstart to find the PID and do a kill -9 to the PID

Issue #372
 2024-03-06 11:46:39 -05:00
Crim
2f7560bdeb Update pwpolicy_custom_regex_enforce.yaml (#368) 
The new regex from my previous PR (#363) actually still required the lowercase letter to follow the capital letter even if they were no longer required to be right next to each other. This new regex does not require the capital or lowercase letter to be in any particular order but will require that at least one capital and one lowercase is in the password. This is accomplished using a positive lookahead.
 2024-02-28 11:37:04 -05:00
Bob Gendler
2ab099bfcd Dev sonoma issue356 (#367) 
* chore[rules]: updated STIG tags

Removed the stig tag from rules that weren't in the stig.
Added 'srg' tag to rules that had SRG references, but not in stig

Issue #356

* chore[baseline]: updated STIG baseline

* chore[references]: updated CCI and SRG refs

Updated severity where needed too

* fix[rule]: yaml syntax for CCI

* fix[rules]: added missing STIG ODVs

---------

Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
Co-authored-by: Dan Brodjieski <dbrodjieski@icloud.com>
 2024-02-26 15:50:02 -05:00
Crim
a949715dcc Update pwpolicy_custom_regex_enforce.yaml (#363) 
Changed the recommended custom regex to require 1 capitol and 1 lowercase letter anywhere in the password. The previous regex required a capital letter immediately followed by a lowercase letter or it would not match.
 2024-02-23 14:38:51 -05:00
Conor D
23e35485d0 Update supplemental_filevault.yaml (#352) 
Fixed space from <true /> to <true/> at line 36.
 2024-02-23 13:58:22 -05:00
Dan Brodjieski
acf9665d80 Dev sonoma issue344 (#365) 
* fix[rule]: updated to support ODV

Added ODV values to retain legacy values until CIS updates.

Issue #344

* chore[rule]: added note about restoring UX

* chore[rule]: added full paths to commands

---------

Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
 2024-02-23 13:52:15 -05:00
Allen Golbig
f102dc9a6e fix[rule] os_setup_assistant_filevault_enforce 
Removed .js in check

Issue #362
 2024-02-23 08:18:23 -05:00
Allen Golbig
d2cd70220a fixed typo 2024-02-23 08:08:22 -05:00
Dan Brodjieski
066f9437f2 chore[rules]: added -stig to supplemental rules 2024-01-31 12:45:14 -05:00
Dan Brodjieski
6d7484d46f Merge branch 'sonoma' into dev_sonoma_issue324 2024-01-31 12:40:57 -05:00
Dan Brodjieski
88edda81b3 chore[rules]: updated mapping from STIG 2024-01-29 13:54:13 -05:00
Dan Brodjieski
701ed9bec0 chore[rules]: updates from published STIG 
added STIG references and updated baselines to support latest release from DISA
 2024-01-24 08:16:00 -05:00
Dan Brodjieski
f06782a180 Merge branch 'sonoma' into dev_sonoma_disa 2024-01-23 15:45:21 -05:00
Allen Golbig
afd27f86fd Merge pull request #328 from nihil-admirari/sonoma_typos 
Fix typos
 2024-01-22 09:21:33 -05:00
nihil-admirari
cc53ee52b9 Fix more typos 2023-12-22 16:11:50 +03:00
Allen Golbig
1b41baf0b4 Merge pull request #336 from headmin/231215-timeserver-recommendation 
Update timeServer recommendation
 2023-12-18 13:47:55 -05:00
Henry S
b45473468a Remove space on ODV 2023-12-18 19:46:01 +01:00
Henry S
e37a44d575 Update ODVs for timeServer 
set NIST and stig ODVs to time.nist.gov
 2023-12-18 19:43:31 +01:00
Henry S
f595a5393a Update timeServer recommendation 
As of macOS 10.13 only one time server is supported.

See Apple Update from 13/12/2023 here: https://github.com/apple/device-management/blob/release/mdm/profiles/com.apple.MCX(TimeServer).yaml#L21-L25
 2023-12-18 12:55:39 +01:00
nihil-admirari
4223d114a7 Fix typos 2023-12-10 13:58:17 +03:00
Dan Brodjieski
5aa10fe8a7 fix[rule]: change to correct value 
added note explaining that TouchID is disabled with this setting
 2023-12-01 15:29:44 -05:00
Dan Brodjieski
c52b7ff0e4 fix[rule]: change to correct value 
added note explaining that TouchID is disabled for screensaver
 2023-12-01 15:27:38 -05:00
Dan Brodjieski
6963c5b705 refactor[rules]: add tags to supplementals 
Generated baselines should now have the correct supplemental rules

Issue #324
 2023-11-28 12:47:58 -05:00
Allen Golbig
5c2d7a75a9 refactor[rule] added base64 to loginwindowtext ck 
added base64 check to system_settings_loginwindow_loginwindowtext_enable
 2023-11-28 12:29:31 -05:00
Allen Golbig
812d3b93ca fix[rules] updates for cis release 
Moved os_safari_javascript_enabled to manual
 2023-10-13 10:35:00 -04:00
Bob Gendler
8d59fd9dce fixed closeing xml tag 2023-10-12 13:30:55 -04:00
Allen Golbig
70398b7b20 fix[rule] os_recovery_lock_enable 
removed manual tag from os_recovery_lock_enable

issue #314
 2023-10-10 11:38:05 -04:00
Bob Gendler
2a41fdb23d changed newstig to stig tag 2023-10-05 13:45:19 -04:00
Bob Gendler
a61c4b8ac7 fixed bad character in xml 2023-10-05 13:43:14 -04:00
Allen Golbig
325ecf02c3 Merge pull request #308 from patgmac/WebKitPreferences.javaScriptEnabled-patch-1 
Update os_safari_javascript_enabled.yaml
 2023-10-05 10:47:31 -04:00
Allen Golbig
4ed1204e88 fix[rules] fixed cis label 
Fixed label in os_safari_popups_disabled
 2023-10-03 08:49:49 -04:00
Allen Golbig
108548c9f8 fixed conflicts 2023-10-02 11:58:50 -04:00
Bob Gendler
f66dcd57d2 Added missing field 2023-10-02 11:54:31 -04:00
Bob Gendler
28ef4c7393 Merge branch 'sonoma' into dev_sonoma_disa 2023-09-29 11:20:42 -04:00
Dan Brodjieski
eae0fb76c1 bug[rule]: fixed xmllint syntax 2023-09-29 11:12:30 -04:00
Bob Gendler
1e8cd1cf3c refactor[rules] Modified and Added 
Added - os_dictation_disable
Modified - os_on_device_dictation_enforce
 2023-09-28 13:34:07 -04:00
Patrick Gallagher
96b4e53cb9 Update os_safari_javascript_enabled.yaml 
Adds quotes around WebKitPreferences.javaScriptEnabled to fix https://github.com/usnistgov/macos_security/issues/307
 2023-09-26 22:00:03 -04:00
Bob Gendler
9599b42974 added CCEs 2023-09-21 15:22:31 -04:00
Bob Gendler
da12659012 last minute CIS additions 2023-09-21 15:08:31 -04:00
Bob Gendler
1600b973bb changed in macOS 11 to in macOS 2023-09-21 14:50:45 -04:00
Bob Gendler
5d099871d0 new rules added 2023-09-21 13:53:57 -04:00
Bob Gendler
937fd9aae8 Updated title 2023-09-21 11:13:23 -04:00
Bob Gendler
6f27ac219c removed touch to blank audit_control 2023-09-20 20:35:28 -04:00
Bob Gendler
c4d28b1350 refactor[rules] auditd check/fix update 2023-09-20 16:09:20 -04:00
Bob Gendler
894f99dc83 refactor[rules] audit_auditd_enabled fix 
Updated auditd fix to no longer require a restart to start the
auditd service.
 2023-09-20 16:02:28 -04:00
Bob Gendler
06e9c53a07 cnssi-1253 tags added 2023-09-20 14:37:32 -04:00
Bob Gendler
7bec67dd1f resync with dev_sonoma 2023-09-20 13:52:06 -04:00
Bob Gendler
8ba1987b9f refactor[rules] CIS re-numbering 
Updated CIS benchmark numbers
 2023-09-20 13:45:39 -04:00
mahlmanj
cbf3cfe65c Updateing baselines with new rule 2023-09-19 15:51:11 -04:00
mahlmanj
3d6b52d193 Adding os_account_modification_disable 2023-09-19 15:51:00 -04:00