Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 17:08:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 83

Repurpose policies (#17560)

Browse source 
- Update CIS guest account policy
- Update guest account policy in dogfood
This commit is contained in:
Sharon Katz 2024-03-14 13:13:29 -04:00 committed by GitHub
parent 3ba6bb50c4
commit 3365fd736f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 3 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ee/cis/macos-13/cis-policy-queries.yml
View file

@ -2110,10 +2110,7 @@ spec:
3. Select the i next to the Guest User
4. Verify that Allow guests to log in to this computer is disable
query: |
SELECT 1 WHERE
EXISTS(SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0)
OR
EXISTS(select 1 FROM plist WHERE path='/Library/Preferences/com.apple.MCX.plist' AND key='DisableGuestAccount' AND value = 1);
SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0;
purpose: Informational
tags: compliance, CIS, CIS_Level1, CIS-macos-13-2.12.1
contributors: sharon-fdm

5
ee/cis/macos-14/cis-policy-queries.yml
View file

@ -2110,10 +2110,7 @@ spec:
3. Select the i next to the Guest User
4. Verify that Allow guests to log in to this computer is disable
query: |
SELECT 1 WHERE
EXISTS(SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0)
OR
EXISTS(select 1 FROM plist WHERE path='/Library/Preferences/com.apple.MCX.plist' AND key='DisableGuestAccount' AND value = 1);
SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0;
purpose: Informational
tags: compliance, CIS, CIS_Level1
contributors: sharon-fdm

14
it-and-security/lib/macos-device-health.policies.yml
View file

@ -17,19 +17,7 @@
resolution: An an IT admin, deploy a macOS, login window profile with the DisableGuestAccount option set to true.
platform: darwin
- name: macOS - Require 10 character password
query: SELECT 1 WHERE
EXISTS (
SELECT 1 FROM managed_policies WHERE
domain='com.apple.screensaver' AND
name='askForPassword' AND
CAST(value AS INT)
)
AND EXISTS (
SELECT 1 FROM managed_policies WHERE
domain='com.apple.screensaver' AND
name='minLength' AND
CAST(value AS INT) <= 10
);
query: SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0;
critical: false
description: This policy checks if the end user is required to enter a password, with at least 10 characters, to unlock the host.
resolution: An an IT admin, deploy a macOS, screensaver profile with the askForPassword option set to true and minLength option set to 10.