Add check for CIS 6.3.4 (#9766)

#9261

ee/cis/macos-13/cis-policy-queries.yml

@@ -1927,6 +1927,37 @@ spec:
 ---
 apiVersion: v1
 kind: policy
+spec:
+  name: CIS - Ensure Prevent Cross-site Tracking in Safari Is Enabled (MDM Required)
+  platforms: macOS
+  platform: darwin
+  description: |
+    Cross-tracking allows data-brokers to follow you across the Internet to enable their business model of
+    selling personal data. Users should protect their data and not volunteer it to marketing companies.
+  resolution: |
+    Automated method:
+    Ask your system administrator to deploy a profile via MDM with the following information:
+      1. The PayloadType string is com.apple.Safari.
+      2. The key to include is BlockStoragePolicy.
+      3. The key must be set to: 2
+      4. The key to also include is WebKitPreferences.storageBlockingPolicy
+      5. The key must be set to: 1
+      6. The key to also include is WebKitStorageBlockingPolicy
+      7. The key must be set to: 1
+  query: |
+    SELECT 1 WHERE EXISTS (
+      SELECT 1 FROM managed_policies WHERE domain = 'com.apple.Safari' AND name = 'BlockStoragePolicy' AND value = '2'
+    ) AND EXISTS (
+      SELECT 1 FROM managed_policies WHERE domain = 'com.apple.Safari' AND name = 'WebKitPreferences.storageBlockingPolicy' AND value = '1'
+    ) AND EXISTS (
+      SELECT 1 FROM managed_policies WHERE domain = 'com.apple.Safari' AND name = 'WebKitStorageBlockingPolicy' AND value = '1'
+    );
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS6.3.4
+  contributors: lucasmrod
+---
+apiVersion: v1
+kind: policy
 spec:
   name: CIS - Ensure Advertising Privacy Protection in Safari Is Enabled (FDA Required)
   platforms: macOS

ee/cis/macos-13/test/profiles/1.2.mobileconfig

@@ -20,7 +20,7 @@
 	<key>PayloadDescription</key>
 	<string>test</string>
 	<key>PayloadDisplayName</key>
-	<string>Ensure Auto Update Is Enabled </string>
+	<string>Ensure Auto Update Is Enabled</string>
 	<key>PayloadIdentifier</key>
 	<string>com.fleetdm.cis-1.2</string>
 	<key>PayloadRemovalDisallowed</key>

ee/cis/macos-13/test/profiles/6.3.4.mobileconfig

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>PayloadContent</key>
+	<array>
+		<dict>
+			<key>PayloadDisplayName</key>
+			<string>test</string>
+			<key>PayloadType</key>
+			<string>com.apple.Safari</string>
+			<key>PayloadIdentifier</key>
+			<string>com.fleetdm.cis-6.3.4.check</string>
+			<key>PayloadUUID</key>
+			<string>E0560069-04EF-4985-815E-987A304F8EB7</string>
+			<key>BlockStoragePolicy</key>
+			<integer>2</integer>
+			<key>WebKitPreferences.storageBlockingPolicy</key>
+			<integer>1</integer>
+			<key>WebKitStorageBlockingPolicy</key>
+			<integer>1</integer>
+		</dict>
+	</array>
+	<key>PayloadDescription</key>
+	<string>test</string>
+	<key>PayloadDisplayName</key>
+	<string>Ensure Prevent Cross-site Tracking in Safari Is Enabled</string>
+	<key>PayloadIdentifier</key>
+	<string>com.fleetdm.cis-6.3.4</string>
+	<key>PayloadRemovalDisallowed</key>
+	<false/>
+	<key>PayloadScope</key>
+	<string>System</string>
+	<key>PayloadType</key>
+	<string>Configuration</string>
+	<key>PayloadUUID</key>
+	<string>E1D04566-15CE-458C-A0D1-5F6C7B9A6472</string>
+	<key>PayloadVersion</key>
+	<integer>1</integer>
+</dict>
+</plist>