From 9fa2be0a8638da3481432595e1ee44b7b0f7d9e4 Mon Sep 17 00:00:00 2001
From: Lucas Manuel Rodriguez <lucas@fleetdm.com>
Date: Thu, 9 Feb 2023 14:28:22 -0300
Subject: [PATCH] Add check for CIS 5.10 (#9755)

#9260

- ~[ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.~
- ~[ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)~
- ~[ ] Documented any permissions changes~
- ~[ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)~
- ~[ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.~
- ~[ ] Added/updated tests~
- [X] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [X] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- ~[ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).~
---
 ee/cis/macos-13/cis-policy-queries.yml   | 18 ++++++++++++++++++
 ee/cis/macos-13/test/scripts/CIS_5.10.sh |  3 +++
 2 files changed, 21 insertions(+)
 create mode 100755 ee/cis/macos-13/test/scripts/CIS_5.10.sh

diff --git a/ee/cis/macos-13/cis-policy-queries.yml b/ee/cis/macos-13/cis-policy-queries.yml
index b89ba56166..5cf173a25f 100644
--- a/ee/cis/macos-13/cis-policy-queries.yml
+++ b/ee/cis/macos-13/cis-policy-queries.yml
@@ -1867,6 +1867,24 @@ spec:
 ---
 apiVersion: v1
 kind: policy
+spec:
+  name: CIS - Ensure the Guest Home Folder Does Not Exist
+  platforms: macOS
+  platform: darwin
+  description: |
+    The Guest home folders are unneeded after the Guest account is disabled and could be used inappropriately.
+  resolution: |
+    Automated method:
+    Ask your system administrator to deploy the following script:
+      /usr/bin/sudo /bin/rm -R /Users/Guest
+  query: |
+    SELECT 1 WHERE NOT EXISTS (SELECT * FROM file WHERE path = '/Users/Guest');
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level1, CIS5.10
+  contributors: lucasmrod
+---
+apiVersion: v1
+kind: policy
 spec:
   name: CIS - Ensure Show All Filename Extensions Setting is Enabled
   platforms: macOS
diff --git a/ee/cis/macos-13/test/scripts/CIS_5.10.sh b/ee/cis/macos-13/test/scripts/CIS_5.10.sh
new file mode 100755
index 0000000000..044c28ee64
--- /dev/null
+++ b/ee/cis/macos-13/test/scripts/CIS_5.10.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+/usr/bin/sudo /bin/rm -R /Users/Guest