usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-17 06:12:10 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
1,290 Commits 29 Branches 61 Tags
f0ab5dc8aebbd3d4e768c0760259d25e8e025bec
Commit Graph

87 Commits

Author SHA1 Message Date
Bob Gendler
f0ab5dc8ae fix[rules] updated location services rules 
Changed kickstart to find the PID and do a kill -9 to the PID

Issue #372
 2024-03-06 11:46:39 -05:00
Bob Gendler
2ab099bfcd Dev sonoma issue356 (#367) 
* chore[rules]: updated STIG tags

Removed the stig tag from rules that weren't in the stig.
Added 'srg' tag to rules that had SRG references, but not in stig

Issue #356

* chore[baseline]: updated STIG baseline

* chore[references]: updated CCI and SRG refs

Updated severity where needed too

* fix[rule]: yaml syntax for CCI

* fix[rules]: added missing STIG ODVs

---------

Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
Co-authored-by: Dan Brodjieski <dbrodjieski@icloud.com>
 2024-02-26 15:50:02 -05:00
Dan Brodjieski
701ed9bec0 chore[rules]: updates from published STIG 
added STIG references and updated baselines to support latest release from DISA
 2024-01-24 08:16:00 -05:00
Dan Brodjieski
f06782a180 Merge branch 'sonoma' into dev_sonoma_disa 2024-01-23 15:45:21 -05:00
Allen Golbig
1b41baf0b4 Merge pull request #336 from headmin/231215-timeserver-recommendation 
Update timeServer recommendation
 2023-12-18 13:47:55 -05:00
Henry S
b45473468a Remove space on ODV 2023-12-18 19:46:01 +01:00
Henry S
e37a44d575 Update ODVs for timeServer 
set NIST and stig ODVs to time.nist.gov
 2023-12-18 19:43:31 +01:00
Henry S
f595a5393a Update timeServer recommendation 
As of macOS 10.13 only one time server is supported.

See Apple Update from 13/12/2023 here: https://github.com/apple/device-management/blob/release/mdm/profiles/com.apple.MCX(TimeServer).yaml#L21-L25
 2023-12-18 12:55:39 +01:00
Allen Golbig
5c2d7a75a9 refactor[rule] added base64 to loginwindowtext ck 
added base64 check to system_settings_loginwindow_loginwindowtext_enable
 2023-11-28 12:29:31 -05:00
Allen Golbig
812d3b93ca fix[rules] updates for cis release 
Moved os_safari_javascript_enabled to manual
 2023-10-13 10:35:00 -04:00
Bob Gendler
2a41fdb23d changed newstig to stig tag 2023-10-05 13:45:19 -04:00
Allen Golbig
108548c9f8 fixed conflicts 2023-10-02 11:58:50 -04:00
Bob Gendler
28ef4c7393 Merge branch 'sonoma' into dev_sonoma_disa 2023-09-29 11:20:42 -04:00
Bob Gendler
7bec67dd1f resync with dev_sonoma 2023-09-20 13:52:06 -04:00
Bob Gendler
8ba1987b9f refactor[rules] CIS re-numbering 
Updated CIS benchmark numbers
 2023-09-20 13:45:39 -04:00
Bob Gendler
ee21b093cb refactor[rules] Modified and removed 
Removed rules that are STIG only since no DISA STIG exists
for macOS Sonoma yet.

Updated system_settings_location_services_menu_enforce

Updated changelog
 2023-09-18 21:24:40 -04:00
Dan Brodjieski
37b00778fc Merge branch 'dev_sonoma' into dev_sonoma_disa 
Attempt to resync latest Sonoma changes
 2023-09-14 15:18:30 -04:00
Dan Brodjieski
5acbdbd21e chore: clean up extraneous trailing whitespace 2023-09-14 14:21:06 -04:00
mahlmanj
889de402ab CMMC Sonoma dev branch. Unaltered baselines. 2023-09-12 15:27:56 -04:00
Bob Gendler
e5fb336bdb refactor[rules] CCEs added 
Added NIST issued CCEs to all rule files
 2023-09-09 14:43:51 -04:00
Bob Gendler
24d3e6a523 refactor[rules] Removed rules, removed newstig tag 
Removed unneeded rule files
Changed tags and references
 2023-09-01 10:58:58 -04:00
Bob Gendler
8adb6d6f2e added 800-171 reference 2023-09-01 10:42:53 -04:00
Bob Gendler
9df8d5c62a refactor[rules] System Settings Pane Disabling 
Changed rules and added rules for disabling system settings panes
 2023-09-01 10:09:48 -04:00
Dan Brodjieski
5dbf9ee3c3 fix[rules]: yaml cleanup from merge 2023-08-31 14:53:11 -04:00
Dan Brodjieski
861d14815b refactor[stig]: merged SRGs from DISA 
Rewrote all the rule yaml files to have correct SRG references.
Added scripts to work with new STIG workflows.
 2023-08-31 11:37:33 -04:00
Bob Gendler
351c94cf83 refactor[rules/templates] Matched with Ventura 
Merged new commits that have been merged into Ventura since
dev_sonoma was created.
 2023-08-14 14:45:35 -04:00
Bob Gendler
2e76ebfbe4 refactor[rules] Added none tag to old stig rules 
Added none tag to STIG rules that had no other tag
 2023-08-04 09:48:26 -04:00
Bob Gendler
206884b723 removed stig tag 2023-08-01 14:21:15 -04:00
Bob Gendler
6d76bc5de6 refactor[rules] new and revised 14.0 rules 
Changed siri_disable to new key
Added freefrom rule, on device dictation rule, and filevault setup assistant
 2023-08-01 14:19:00 -04:00
Bob Gendler
a3ce45a986 refactor[rules] removed CCE and disa stig controls 2023-08-01 13:50:01 -04:00
Allen Golbig
c396f18b24 feat[baseline] dev_sonoma 
dev_sonoma
 2023-07-13 22:17:34 -04:00
Bob Gendler
d00bb1a4c3 refactor[rules/scripts] Added CCEs, removed tags 
Added try except blocks in generate_scap to prevent crashes

Added CCEs
Removed double tags
 2023-06-22 14:52:57 -04:00
Bob Gendler
7f549f7280 removed spaces 2023-06-22 13:10:14 -04:00
Bob Gendler
e02209c0e6 Removed old cnssi tag 2023-06-22 12:51:58 -04:00
Bob Gendler
9fccb44c5d Merge branch 'dev_ventura_stig' into ventura 2023-06-22 12:47:18 -04:00
Bob Gendler
fc9d45b03c Merge branch 'dev_ventura_cmmc' into ventura 2023-06-22 12:23:41 -04:00
Bob Gendler
e5cc08a9cd Merge branch 'dev_ventura_cnssi' into ventura 2023-06-22 11:21:55 -04:00
Bob Gendler
be424f5d74 refactor[rules] New firewall check/fix 
Added new check/fix for ALF due to discovery of
being able to override the config profile

Issue #268
 2023-06-20 11:33:26 -04:00
Allen Golbig
9e29b7c86c refactor[rules] removed level 3 from cmmc 
Removed lvl 3 from cmmc
 2023-05-25 16:25:41 -04:00
Bob Gendler
59f6113560 refactor[rules] Added missing required rule files 
Added required payload to
system_settings_firewall_stealth_mode_enable and auth_smartcard_enforce

Added missing DISA STIG references to auth_smartcard_allow and
system_settings_firewall_enable
 2023-05-25 09:45:31 -04:00
Bob Gendler
827a2c352d cnssi tags added 2023-05-04 13:53:17 -04:00
Bob Gendler
f0bc8666c9 refactor[rules/baselines] DISA STIG 
Re-add DISA STIG branch
* New rules added
* STIG references and tags added
* Whitespace clean up
* DISA-STIG baseline added
 2023-05-04 13:43:18 -04:00
Bob Gendler
7c44cd2daf refactor[rules] removed tags 
Removed cnssi-1253 tag
 2023-04-26 09:59:22 -04:00
Bob Gendler
fa6711513e Merge branch 'ventura' into dev_ventura_cmmc 2023-04-26 09:55:16 -04:00
Dan Brodjieski
0f5f5b697e update[baselines]: removed cnssi tags 
removing until cnssi updates are finalized
 2023-04-25 11:56:23 -04:00
Bob Gendler
786c0a667d refactor[rules] Added check dontAllowFDEDisable 
issue #220

* Config profile information added
* Check rewrote to check for filevault enable & dontAllowFDEDisable profile
 2023-04-05 09:52:37 -04:00
Allen Golbig
9d7c90dee5 fix[rule] fixed case in file name 
Fixed case to lowercase for usb
 2023-02-09 10:26:22 -05:00
Allen Golbig
206c83f956 fix[rule] updated check for USB restricted mode 
Updated system_settings_usb_restricted_mode

issue #222
 2023-01-25 15:26:35 -05:00
Allen Golbig
d123ade1d0 fix[rules] updated check for guest_account_disable 
updated check for guest_account_disable

issue #213
 2023-01-25 14:27:57 -05:00
Allen Golbig
a9c26c6f67 fix[rules] time_machine_encrypted_configure 
Fixed system_settings_time_machine_encrypted_configure

Issue #214
 2023-01-03 10:46:07 -05:00