From 38aaaffd6542c3bdca3bc98f2f593f69b587166b Mon Sep 17 00:00:00 2001 From: Guillaume Ross Date: Thu, 9 Jun 2022 15:20:30 -0400 Subject: [PATCH] Add policies (#6158) * Adding policy query to check firewall on Mac This commit closes https://github.com/fleetdm/confidential/issues/1410 once merged. * Adding policies This commit closes https://github.com/fleetdm/confidential/issues/1412. Right now there is no way to check the screenlock so instead we check if a profile for screenlock is there. https://github.com/fleetdm/confidential/issues/1410 also closed by this. * Update constants.ts Fixed space * Resolution text fix for new policies Fixed copy based on @zhumo's comments! --- .../standard-query-library.yml | 26 +++++++++++++++++-- frontend/utilities/constants.ts | 19 ++++++++++++++ 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml index 363bd4a275..4233b62a8c 100644 --- a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml +++ b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml @@ -677,8 +677,6 @@ spec: tags: compliance, ssh, built-in contributors: GuillaumeRoss platform: darwin,linux,windows - contributors: GuillaumeRoss - --- apiVersion: v1 kind: policy @@ -690,3 +688,27 @@ spec: platforms: Windows tags: malware, hunting contributors: kswagler-rh +--- +apiVersion: v1 +kind: policy +spec: + name: Firewall enabled (macOS) + query: SELECT 1 FROM alf WHERE global_state >= 1; + description: "Checks if the firewall is enabled." + resolution: "In System Preferences, open Security & Privacy, navigate to the Firewall tab and click Turn On Firewall." + platforms: macOS + tags: hardening, compliance, built-in + platform: darwin + contributors: GuillaumeRoss +--- +apiVersion: v1 +kind: policy +spec: + name: Screen lock enabled via MDM profile (macOS) + query: SELECT 1 FROM managed_policies WHERE name='askForPassword' AND value='1'; + description: "Checks that a MDM profile configures the screen lock." + resolution: "Contact your IT administrator to help you enroll your computer in your organization's MDM. If already enrolled, ask your IT administrator to enable the screen lock feature in the profile configuration." + platforms: macOS + tags: compliance, hardening, built-in + platform: darwin + contributors: GuillaumeRoss diff --git a/frontend/utilities/constants.ts b/frontend/utilities/constants.ts index 7faf7db1fd..adb1a9c3b1 100644 --- a/frontend/utilities/constants.ts +++ b/frontend/utilities/constants.ts @@ -140,6 +140,25 @@ export const DEFAULT_POLICIES = [ "To enable System Integrity Protection, on the failing device, run the following command in the Terminal app: /usr/sbin/spctl --master-enable.", platform: "darwin", }, + { + key: 13, + query: "SELECT 1 FROM alf WHERE global_state >= 1;", + name: "Firewall enabled (macOS)", + description: "Checks if the firewall is enabled.", + resolution: + "In System Preferences, open Security & Privacy, navigate to the Firewall tab and click Turn On Firewall.", + platform: "darwin", + }, + { + key: 14, + query: + "SELECT 1 FROM managed_policies WHERE name='askForPassword' AND value='1';", + name: "Screen lock enabled via MDM profile (macOS)", + description: "Checks that a MDM profile configures the screen lock", + resolution: + "Contact your IT administrator to help you enroll your computer in your organization's MDM. If already enrolled, ask your IT administrator to enable the screen lock feature in the profile configuration.", + platform: "darwin", + }, ] as IPolicyNew[]; export const FREQUENCY_DROPDOWN_OPTIONS = [