CIS 6.4.1 (#9773)

2026-05-23 00:49:03 +00:00 · 2023-02-09 13:22:36 -05:00 · 2023-02-09 13:22:36 -05:00 · 1fc799577d
commit 1fc799577d
parent c7827cf5b1
2 changed files with 62 additions and 1 deletions
--- a/ee/cis/macos-13/cis-policy-queries.yml
+++ b/ee/cis/macos-13/cis-policy-queries.yml
@ -2075,4 +2075,28 @@ spec:
      AND value = 1;
  purpose: Informational
  tags: compliance, CIS, CIS_Level1, CIS6.3.7
-  contributors: sharon-fdm
+  contributors: sharon-fdm
+---
+  apiVersion: v1
+  kind: policy
+  spec:
+    name: CIS - Ensure Secure Keyboard Entry Terminal.app Is Enabled (MDM Required)
+    platforms: macOS
+    platform: darwin
+    description: |
+      Secure Keyboard Entry prevents other applications on the system and/or network from detecting and recording what is typed into Terminal. Unauthorized applications and malicious code could intercept keystrokes entered in the Terminal.
+      Enabling Secure Keyboard Entry minimizes the risk of a key logger from detecting what is entered in Terminal.
+    resolution: |
+      Profile Method:
+      Create or edit a configuration profile with the following information:
+        1. The PayloadType string is com.apple.Terminal 
+        2. The key to include is SecureKeyboardEntry
+        3. The key must be set to
+        <true/>
+    query: |
+      SELECT 1 from managed_policies WHERE domain = 'com.apple.Terminal'
+        AND name = 'SecureKeyboardEntry' 
+        AND value == 1;
+    purpose: Informational
+    tags: compliance, CIS, CIS_Level1, CIS6.4.1
+    contributors: sharon-fdm
--- a/ee/cis/macos-13/test/profiles/6.4.1.mobileconfig
+++ b/ee/cis/macos-13/test/profiles/6.4.1.mobileconfig
@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+	<dict>
+		<key>PayloadContent</key>
+		<array>
+			<dict>
+				<key>PayloadDisplayName</key>
+				<string>test</string>
+				<key>PayloadType</key>
+				<string>com.apple.Terminal</string>
+				<key>PayloadIdentifier</key>
+				<string>com.fleetdm.cis-6.4.1.check</string>
+				<key>PayloadUUID</key>
+				<string>E8D36749-D7F8-4280-9B17-D6224B67B63B</string>
+				<key>SecureKeyboardEntry</key>
+				<true/>
+			</dict>
+		</array>
+		<key>PayloadDescription</key>
+		<string>test</string>
+		<key>PayloadDisplayName</key>
+		<string>Ensure Secure Keyboard Entry Terminal.app Is Enabled</string>
+		<key>PayloadIdentifier</key>
+		<string>com.fleetdm.cis-6.4.1</string>
+		<key>PayloadRemovalDisallowed</key>
+		<false/>
+		<key>PayloadScope</key>
+		<string>System</string>
+		<key>PayloadType</key>
+		<string>Configuration</string>
+		<key>PayloadUUID</key>
+		<string>D4C0B4CC-D39A-4F0F-AF8A-AB5A73D02B3F</string>
+		<key>PayloadVersion</key>
+		<integer>1</integer>
+	</dict>
+</plist>