Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 52

Update macos-device-health.policies.yml to add check macOS version (#18218)

Browse source 
Adding new policy to the macos-device-health.policies.yml that checks if
the device meets minimum macOS (currently set to 14.4.1) and enables it
for calendar events.
Reference https://github.com/fleetdm/confidential/issues/6015

---------

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
This commit is contained in:
Joanne Stableford 2024-04-11 15:36:09 -04:00 committed by GitHub
parent 598dfa3061
commit 9eaaaf8af3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 20 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
it-and-security/lib/macos-device-health.policies.yml
View file

@ -44,7 +44,7 @@
username = ''
)
AND NOT EXISTS (
SELECT 1 FROM managed_policies WHERE
SELECT 1 FROM managed_policies WHERE
domain='com.apple.screensaver' AND
name='idleTime' AND
CAST(value AS INT) > 1200
@ -54,8 +54,24 @@
resolution: An an IT admin, deploy a macOS, screen saver profile with the maxInactivity option set to 20 minutes.
platform: darwin
- name: macOS - No 1Password emergency kit stored in desktop, documents, or downloads folders
query: SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM file WHERE filename LIKE '%Emergency Kit%.pdf' AND (path LIKE '/Users/%/Desktop/%' OR path LIKE '/Users/%/Documents/%' OR path LIKE '/Users/%/Downloads/%' OR path LIKE '/Users/Shared/%'));
query: SELECT 1 WHERE
NOT EXISTS (
SELECT 1 FROM file WHERE
filename LIKE '%Emergency Kit%.pdf' AND
(path LIKE '/Users/%/Desktop/%' OR path LIKE '/Users/%/Documents/%' OR path LIKE '/Users/%/Downloads/%' OR path LIKE '/Users/Shared/%')
);
critical: false
description: "Looks for PDF files with file names typically used by 1Password for emergency recovery kits. To protect the performance of your devices, the search is one level deep and limited to the Desktop, Documents, Downloads, and Shared folders."
resolution: "Delete 1Password emergency kits from your computer, and empty the trash. 1Password emergency kits should only be printed and stored in a physically secure location."
description: Looks for PDF files with file names typically used by 1Password for emergency recovery kits. To protect the performance of your devices, the search is one level deep and limited to the Desktop, Documents, Downloads, and Shared folders.
resolution: Delete 1Password emergency kits from your computer, and empty the trash. 1Password emergency kits should only be printed and stored in a physically secure location.
platform: darwin
- name: macOS - Check if latest version
query: SELECT 1 WHERE
EXISTS (
SELECT major, concat_ws(".", major, minor, patch) AS "macOS Version" FROM os_version --Sonoma WHERE
(major = "14" AND "macOS Version" < "14.4.1")
);
critical: false
description: This policy check if macOS version is most recent version available.
resolution: From the Apple menu, select System Settings. Navigate to General > Software Update.
platform: darwin
calendar_events_enabled: true