mirror of
https://github.com/usnistgov/macos_security.git
synced 2026-02-13 18:02:52 +00:00
58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
id: system_settings_softwareupdate_current
|
|
title: Ensure Software Update is Updated and Current
|
|
discussion: |
|
|
Make sure Software Update is updated and current.
|
|
|
|
NOTE: Automatic fix can cause unplanned restarts and may lose work.
|
|
references:
|
|
nist:
|
|
cce:
|
|
macos_15:
|
|
- CCE-94398-5
|
|
macos_14:
|
|
- CCE-92993-5
|
|
macos_13:
|
|
- CCE-91983-7
|
|
cis:
|
|
benchmark:
|
|
macos_15:
|
|
- 1.1 (level 1)
|
|
macos_14:
|
|
- 1.1 (level 1)
|
|
macos_13:
|
|
- 1.1 (level 1)
|
|
controls_v8:
|
|
- 7.3
|
|
- 7.4
|
|
platforms:
|
|
macOS:
|
|
'15.0':
|
|
benchmarks:
|
|
- name: cis_lvl1
|
|
- name: cis_lvl2
|
|
'14.0':
|
|
benchmarks:
|
|
- name: cis_lvl1
|
|
- name: cis_lvl2
|
|
'13.0':
|
|
benchmarks:
|
|
- name: cis_lvl1
|
|
- name: cis_lvl2
|
|
enforcement_info:
|
|
check:
|
|
shell: |-
|
|
softwareupdate_date_epoch=$(/bin/date -j -f "%Y-%m-%d" "$(/usr/bin/defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist LastFullSuccessfulDate | /usr/bin/awk '{print $1}')" "+%s")
|
|
thirty_days_epoch=$(/bin/date -v -30d "+%s")
|
|
if [[ $softwareupdate_date_epoch -lt $thirty_days_epoch ]]; then
|
|
/bin/echo "0"
|
|
else
|
|
/bin/echo "1"
|
|
fi
|
|
result:
|
|
integer: 1
|
|
fix:
|
|
shell: /usr/sbin/softwareupdate -i -a
|
|
additional_info: NOTE - This will apply to the whole system
|
|
tags:
|
|
- cisv8
|