From 6d82515b029f5df1fa41e10df465946f1476fb47 Mon Sep 17 00:00:00 2001 From: Artemis Tosini Date: Thu, 9 Feb 2023 11:15:40 -0500 Subject: [PATCH] Add macOS CIS 2.3.3.8 (Internet Sharing) (#9663) --- ee/cis/macos-13/cis-policy-queries.yml | 28 +++++++++++++++++++++ ee/cis/macos-13/test/scripts/CIS_2.3.3.8.sh | 3 +++ 2 files changed, 31 insertions(+) create mode 100755 ee/cis/macos-13/test/scripts/CIS_2.3.3.8.sh diff --git a/ee/cis/macos-13/cis-policy-queries.yml b/ee/cis/macos-13/cis-policy-queries.yml index a4d730f2c4..2e290c21b2 100644 --- a/ee/cis/macos-13/cis-policy-queries.yml +++ b/ee/cis/macos-13/cis-policy-queries.yml @@ -447,6 +447,34 @@ spec: --- apiVersion: v1 kind: policy +spec: + name: CIS - Ensure Internet Sharing Is Disabled + platforms: macOS + platform: darwin + description: | + Internet Sharing uses the open source natd process to share an internet connection with other + computers and devices on a local network. This allows the Mac to function as a router and share + the connection to other, possibly unauthorized, devices. + resolution: | + Graphical Method: + 1. Open System Settings + 2. Select General + 3. Select Sharing + 4. Set Internet Sharing to disabled + query: | + SELECT 1 WHERE NOT EXISTS ( + SELECT 1 FROM plist WHERE + path = '/Library/Preferences/SystemConfiguration/com.apple.nat.plist' AND + key = 'NAT' AND + subkey = 'Enabled' AND + value = '1' + ); + purpose: Informational + tags: compliance, CIS, CIS_Level1, CIS2.3.3.8 + contributors: artemist-work +--- +apiVersion: v1 +kind: policy spec: name: CIS - Ensure Content Caching Is Disabled (MDM Required) platforms: macOS diff --git a/ee/cis/macos-13/test/scripts/CIS_2.3.3.8.sh b/ee/cis/macos-13/test/scripts/CIS_2.3.3.8.sh new file mode 100755 index 0000000000..4d241732a7 --- /dev/null +++ b/ee/cis/macos-13/test/scripts/CIS_2.3.3.8.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +/usr/bin/sudo /usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict Enabled -int 0