mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 00:49:03 +00:00
Update default policy templates (#18802)
Updated the descriptions and resolutions for the policy templates to match the updated help text in the UI (friendlier for calendar events). See #18670.
This commit is contained in:
Rachael Shaw
GitHub
parent
643a3eb34a
commit
c145a5eb54
1 changed files with 75 additions and 75 deletions
|
|
@ -32,8 +32,8 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT score FROM (SELECT case when COUNT(*) = 2 then 1 ELSE 0 END AS score FROM processes WHERE (name = 'clamd') OR (name = 'freshclam')) WHERE score == 1;",
|
||||
name: "Antivirus healthy (Linux)",
|
||||
description:
|
||||
"Checks that both ClamAV's daemon and its updater service (freshclam) are running.",
|
||||
resolution: "Ensure ClamAV and Freshclam are installed and running.",
|
||||
"If ClamAV and Freshclam are not running, the workstation lacks active virus scanning, increasing malware infection risk.",
|
||||
resolution: "ClamAV and Freshclam will be checked and restarted if necessary, restoring virus protection.",
|
||||
critical: false,
|
||||
platform: "linux",
|
||||
},
|
||||
|
|
@ -43,9 +43,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT score FROM (SELECT case when COUNT(*) = 2 then 1 ELSE 0 END AS score FROM plist WHERE (key = 'CFBundleShortVersionString' AND path = '/Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist' AND value>=2162) OR (key = 'CFBundleShortVersionString' AND path = '/Library/Apple/System/Library/CoreServices/MRT.app/Contents/Info.plist' and value>=1.93)) WHERE score == 1;",
|
||||
name: "Antivirus healthy (macOS)",
|
||||
description:
|
||||
"Checks the version of Malware Removal Tool (MRT) and the built-in macOS AV (Xprotect). Replace version numbers with the latest version regularly.",
|
||||
"If XProtect or MRT are not updated, the system risks exposure to malware not covered by older definitions.",
|
||||
resolution:
|
||||
"To enable automatic security definition updates, on the failing device, select System Preferences > Software Update > Advanced > Turn on Install system data files and security updates.",
|
||||
"Update XProtect and MRT to the latest versions, bolstering your system's defense against new threats.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
@ -55,7 +55,7 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 from windows_security_center wsc CROSS JOIN windows_security_products wsp WHERE antivirus = 'Good' AND type = 'Antivirus' AND signatures_up_to_date=1;",
|
||||
name: "Antivirus healthy (Windows)",
|
||||
description:
|
||||
"Checks the status of antivirus and signature updates from the Windows Security Center.",
|
||||
"Lack of active, updated antivirus exposes the workstation to malware and security threats.",
|
||||
resolution:
|
||||
"Ensure Windows Defender or your third-party antivirus is running, up to date, and visible in the Windows Security Center.",
|
||||
critical: false,
|
||||
|
|
@ -67,9 +67,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM managed_policies WHERE domain = 'com.apple.loginwindow' AND name = 'com.apple.login.mcx.DisableAutoLoginClient' AND value = 1 LIMIT 1;",
|
||||
name: "Automatic login disabled (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to prevent log in without a password.",
|
||||
"Auto-login being enabled increases risk of unauthorized access if the workstation is compromised.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that disables automatic login.",
|
||||
"Auto-login will be disabled to secure the workstation against unauthorized use.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
mdm_required: true,
|
||||
|
|
@ -80,7 +80,7 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM (SELECT encrypted, path FROM disk_encryption FULL OUTER JOIN mounts ON mounts.device_alias = disk_encryption.name) WHERE encrypted = 1 AND path = '/';",
|
||||
name: "Full disk encryption enabled (Linux)",
|
||||
description:
|
||||
"Checks if the device mounted at / is encrypted. There are many ways to encrypt Linux systems. You may need to adapt this query, or submit an issue in the Fleet repo.",
|
||||
"Unencrypted root filesystem means sensitive data might be easily accessible to unauthorized parties, increasing data breach risks.",
|
||||
resolution:
|
||||
"Ensure the image deployed to your Linux workstation includes full disk encryption.",
|
||||
critical: false,
|
||||
|
|
@ -92,9 +92,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM disk_encryption WHERE user_uuid IS NOT '' AND filevault_status = 'on' LIMIT 1;",
|
||||
name: "Full disk encryption enabled (macOS)",
|
||||
description:
|
||||
"Checks to make sure that full disk encryption (FileVault) is enabled on macOS devices.",
|
||||
"If FileVault is off, the user's data is vulnerable to unauthorized access and potential data breaches.",
|
||||
resolution:
|
||||
"To enable full disk encryption, on the failing device, select System Preferences > Security & Privacy > FileVault > Turn On FileVault.",
|
||||
"FileVault will be turned on to enable full disk encryption.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
@ -104,9 +104,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM bitlocker_info WHERE drive_letter='C:' AND protection_status=1;",
|
||||
name: "Full disk encryption enabled (Windows)",
|
||||
description:
|
||||
"Checks to make sure that full disk encryption is enabled on Windows devices.",
|
||||
"If BitLocker is disabled, the workstation's data is at risk of unauthorized access and theft.",
|
||||
resolution:
|
||||
"To get additional information, run the following osquery query on the failing device: SELECT * FROM bitlocker_info. In the query results, if protection_status is 2, then the status cannot be determined. If it is 0, it is considered unprotected. Use the additional results (percent_encrypted, conversion_status, etc.) to help narrow down the specific reason why Windows considers the volume unprotected.",
|
||||
"Full disk encryption will be enabled to secure data.",
|
||||
critical: false,
|
||||
platform: "windows",
|
||||
},
|
||||
|
|
@ -115,9 +115,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
query: "SELECT 1 FROM gatekeeper WHERE assessments_enabled = 1;",
|
||||
name: "Gatekeeper enabled (macOS)",
|
||||
description:
|
||||
"Checks to make sure that the Gatekeeper feature is enabled on macOS devices. Gatekeeper tries to ensure only trusted software is run on a mac machine.",
|
||||
"Disabled Gatekeeper increases risk of installing potentially malicious apps.",
|
||||
resolution:
|
||||
"To enable Gatekeeper, on the failing device, run the following command in the Terminal app: /usr/sbin/spctl --master-enable.",
|
||||
"Gatekeeper will be enabled to ensure only trusted software is run on the device.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
@ -126,8 +126,8 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
query: "SELECT 1 FROM mdm WHERE enrolled='true';",
|
||||
name: "MDM enrolled (macOS)",
|
||||
description:
|
||||
"Checks that a Mac is enrolled to MDM. Add a AND on identity_certificate_uuid to check for a specific MDM.",
|
||||
resolution: "Enroll device to MDM",
|
||||
"Workstations not enrolled to MDM miss critical security updates and remote management capabilities.",
|
||||
resolution: "Enroll device to MDM.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
@ -137,9 +137,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM managed_policies WHERE domain = 'com.apple.Terminal' AND name = 'SecureKeyboardEntry' AND value = 1 LIMIT 1;",
|
||||
name: "Secure keyboard entry for Terminal application enabled (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to enabled secure keyboard entry for the Terminal application.",
|
||||
"If secure keyboard entry is disabled, it increases vulnerability to keyloggers and other snooping software.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that enables secure keyboard entry for the Terminal application.",
|
||||
"Secure keyboard entry will be enabled to enhance protection against keystroke logging.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
mdm_required: true,
|
||||
|
|
@ -150,9 +150,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM sip_config WHERE config_flag = 'sip' AND enabled = 1;",
|
||||
name: "System Integrity Protection enabled (macOS)",
|
||||
description:
|
||||
"Checks to make sure that the System Integrity Protection feature is enabled.",
|
||||
"Disabled System Integrity Protection increases risk of unauthorized system modifications and malware.",
|
||||
resolution:
|
||||
"To enable System Integrity Protection, on the failing device, run the following command in the Terminal app: /usr/sbin/spctl --master-enable.",
|
||||
"System Integrity Protection will be enabled by running the following command: /usr/sbin/spctl --master-enable.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
@ -160,9 +160,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
key: 12,
|
||||
query: "SELECT 1 FROM alf WHERE global_state >= 1;",
|
||||
name: "Firewall enabled (macOS)",
|
||||
description: "Checks if the firewall is enabled.",
|
||||
description: "If the firewall is disabled, the workstation is vulnerable to unauthorized network access and attacks.",
|
||||
resolution:
|
||||
"In System Preferences, open Security & Privacy, navigate to the Firewall tab and click Turn On Firewall.",
|
||||
"The firewall will be enabled to protect against external threats.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
@ -172,9 +172,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM managed_policies WHERE name='askForPassword' AND value='1';",
|
||||
name: "Screen lock enabled (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to enable screen lock.",
|
||||
"Disabling password prompts increases the risk of unauthorized system access.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that enables screen lock.",
|
||||
"Configuration changes will enforce immediate password prompts to mitigate unauthorized access risks.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
mdm_required: true,
|
||||
|
|
@ -185,9 +185,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\InactivityTimeoutSecs' AND CAST(data as INTEGER) <= 1800;",
|
||||
name: "Screen lock enabled (Windows)",
|
||||
description:
|
||||
"Checks if the screen lock is enabled and configured to lock the system within 30 minutes or less.",
|
||||
"Devices with inactive timeout settings over 30 minutes risk prolonged unauthorized access if left unattended, exposing sensitive data.",
|
||||
resolution:
|
||||
"Contact your IT administrator to enable the Interactive Logon: Machine inactivity limit setting with a value of 1800 seconds or lower.",
|
||||
"Enable the Interactive Logon: Machine inactivity limit setting with a value of 1800 seconds or lower.",
|
||||
critical: false,
|
||||
platform: "windows",
|
||||
},
|
||||
|
|
@ -197,9 +197,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM (SELECT cast(lengthtxt as integer(2)) minlength FROM (SELECT SUBSTRING(length, 1, 2) AS lengthtxt FROM (SELECT policy_description, policy_identifier, split(policy_content, '{', 1) AS length FROM password_policy WHERE policy_identifier LIKE '%minLength')) WHERE minlength >= 10);",
|
||||
name: "Password requires 10 or more characters (macOS)",
|
||||
description:
|
||||
"Checks that the password policy requires at least 10 characters. Requires osquery 5.4.0 or newer.",
|
||||
"Password policies requiring less than 10 characters increase vulnerability to brute-force attacks",
|
||||
resolution:
|
||||
"Contact your IT administrator to confirm that your Mac is receiving configuration profiles for password length.",
|
||||
"Password requirements will be strengthened to a minimum of 10 characters.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
@ -207,9 +207,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
key: 16,
|
||||
query: "SELECT 1 FROM os_version WHERE version >= '12.5.1';",
|
||||
name: "Operating system up to date (macOS)",
|
||||
description: "Checks that the operating system is up to date.",
|
||||
description: "Using an outdated macOS version risks exposure to security vulnerabilities and potential system instability.",
|
||||
resolution:
|
||||
"From the Apple menu () in the corner of your screen choose System Preferences. Then select Software Update and select Upgrade Now. You might be asked to restart or enter your password.",
|
||||
"We will update your macOS to the latest version to enhance security and stability.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
@ -244,9 +244,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='AutomaticallyInstallAppUpdates' AND value=1 LIMIT 1;",
|
||||
name: "Installation of application updates is enabled (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to automatically install updates to Apple applications.",
|
||||
"When the Mac is not configureed to automatically install updates to Apple applications, this risks security vulnerabilities and potential exploitation.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that enables installation of application updates.",
|
||||
"The automatic software update feature will be enabled to ensure that the workstation receives timely updates.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
@ -256,9 +256,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM managed_policies WHERE domain='com.apple.SoftwareUpdate' AND name='CriticalUpdateInstall' AND value=1 LIMIT 1;",
|
||||
name: "Automatic security and data file updates is enabled (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to automatically download updates to built-in macOS security tools such as malware removal tools.",
|
||||
"If the Mac is not automatically downloading updates to built-in macOS security tools, critical updates may not be installed, leaving the device vulnerable to potential exploitation.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic security and data update installation.",
|
||||
"Enable automatic security and data update installation.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
mdm_required: true,
|
||||
|
|
@ -270,9 +270,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
name:
|
||||
"Automatic installation of operating system updates is enabled (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to automatically install operating system updates.",
|
||||
"If automatic macOS updates are not enabled, critical updates may not be installed, leaving the device vulnerable to potential exploitation.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic installation of operating system updates.",
|
||||
"Enable automatic installation of operating system updates.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
mdm_required: true,
|
||||
|
|
@ -283,9 +283,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM managed_policies WHERE domain='com.apple.applicationaccess' AND name='forceAutomaticDateAndTime' AND value=1 LIMIT 1;",
|
||||
name: "Time and date are configured to be updated automatically (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to automatically update the time and date.",
|
||||
"If the automatic setting of date and time is disabled, there could be synchronization issues with other systems, services, or applications.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic time and date configuration.",
|
||||
"Enable automatic time and date configuration.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
mdm_required: true,
|
||||
|
|
@ -296,9 +296,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 WHERE EXISTS (SELECT CAST(value as integer(4)) valueint from managed_policies WHERE domain = 'com.apple.screensaver' AND name = 'askForPasswordDelay' AND valueint <= 60 LIMIT 1) AND EXISTS (SELECT CAST(value as integer(4)) valueint from managed_policies WHERE domain = 'com.apple.screensaver' AND name = 'idleTime' AND valueint <= 1140 LIMIT 1) AND EXISTS (SELECT 1 from managed_policies WHERE domain='com.apple.screensaver' AND name='askForPassword' AND value=1 LIMIT 1);",
|
||||
name: "Lock screen after inactivity of 20 minutes or less (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to lock the screen after 20 minutes or less.",
|
||||
"Inadequate screen saver security settings could potentially allow unauthorized access to the workstation if left unattended for extended periods.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that enables the screen saver after inactivity of 20 minutes or less.",
|
||||
"Ensure screen saver is enabled after inactivity of 20 minutes or less.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
mdm_required: true,
|
||||
|
|
@ -309,9 +309,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM managed_policies WHERE domain='com.apple.MCX' AND name='forceInternetSharingOff' AND value='1' LIMIT 1;",
|
||||
name: "Internet sharing blocked (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to prevent Internet sharing.",
|
||||
"Unauthorized Internet sharing could potentially expose sensitive network resources to external threats.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that prevents Internet sharing.",
|
||||
"The Internet sharing setting will be disabled",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
mdm_required: true,
|
||||
|
|
@ -322,9 +322,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM managed_policies WHERE domain='com.apple.applicationaccess' AND name='allowContentCaching' AND value='0' LIMIT 1;",
|
||||
name: "Content caching is disabled (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to disable content caching.",
|
||||
"Enabling content caching could lead to unauthorized caching of sensitive data, potentially exposing it to unauthorized access.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that disables content caching.",
|
||||
"Content caching will be disabled.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
mdm_required: true,
|
||||
|
|
@ -335,9 +335,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM managed_policies WHERE domain='com.apple.AdLib' AND name='forceLimitAdTracking' AND value='1' LIMIT 1;",
|
||||
name: "Ad tracking is limited (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to limit advertisement tracking.",
|
||||
"Failure to limit ad tracking could result in excessive tracking of user behavior and preferences by advertisers, compromising privacy.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that disables advertisement tracking.",
|
||||
"Advertisement tracking will be disabled.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
@ -360,9 +360,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM managed_policies WHERE domain='com.apple.security.firewall' AND name='EnableLogging' AND value='1' LIMIT 1;",
|
||||
name: "Firewall logging is enabled (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to log firewall activity.",
|
||||
"Without firewall logging enabled, it becomes difficult to monitor and track network traffic, increasing the risk of undetected malicious activities or unauthorized access.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that enables firewall logging.",
|
||||
"Firewall logging will be enabled on the workstation.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
mdm_required: true,
|
||||
|
|
@ -373,9 +373,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM managed_policies WHERE domain='com.apple.loginwindow' AND name='DisableGuestAccount' AND value='1' LIMIT 1;",
|
||||
name: "Guest account disabled (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to prevent the use of a guest account.",
|
||||
"Use of the guest account could allow unauthorized users to access the system, potentially leading to unauthorized access to sensitive data and security breaches.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that disables the guest account.",
|
||||
"The guest account will be disabled.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
mdm_required: true,
|
||||
|
|
@ -386,9 +386,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM managed_policies WHERE domain='com.apple.AppleFileServer' AND name='guestAccess' AND value='0' LIMIT 1;",
|
||||
name: "Guest access to shared folders is disabled (macOS)",
|
||||
description:
|
||||
"Checks that a mobile device management (MDM) solution configures the Mac to prevent guest access to shared folders.",
|
||||
"Guest access to shared folders could allow unauthorized users to access sensitive files and data, potentially leading to data breaches or unauthorized modifications.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your Mac is receiving a profile that prevents guest access to shared folders.",
|
||||
"Guest access to shared folders will be disabled.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
mdm_required: true,
|
||||
|
|
@ -397,11 +397,11 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
key: 31,
|
||||
query:
|
||||
"SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsFirewallDomainProfileEnableFirewall' AND CAST(data as integer) = 1;",
|
||||
name: "Windows Firewall, Domain Profile enabled (Windows)",
|
||||
name: "Windows Firewall, domain profile enabled (Windows)",
|
||||
description:
|
||||
"Checks if a Group Policy configures the computer to enable the domain profile for Windows Firewall. The domain profile applies to networks where the host system can authenticate to a domain controller. Some auditors require that this setting is configured by a Group Policy.",
|
||||
"If the Windows Firewall is not enabled for the domain profile, the workstation may be more vulnerable to unauthorized network access and potential security breaches.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your computer is receiving a Group Policy that enables the domain profile for Windows Firewall.",
|
||||
"The Windows Firewall will be enabled for the domain profile.",
|
||||
critical: false,
|
||||
platform: "windows",
|
||||
},
|
||||
|
|
@ -409,11 +409,11 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
key: 32,
|
||||
query:
|
||||
"SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsFirewallPrivateProfileEnableFirewall' AND CAST(data as integer) = 1;",
|
||||
name: "Windows Firewall, Private Profile enabled (Windows)",
|
||||
name: "Windows Firewall, private profile enabled (Windows)",
|
||||
description:
|
||||
"Checks if a Group Policy configures the computer to enable the private profile for Windows Firewall. The private profile applies to networks where the host system is connected to a private or home network. Some auditors require that this setting is configured by a Group Policy.",
|
||||
"If the Windows Firewall is not enabled for the private profile, the workstation may be more susceptible to unauthorized access and potential security breaches, particularly when connected to private networks.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your computer is receiving a Group Policy that enables the private profile for Windows Firewall.",
|
||||
"The Windows Firewall will be enabled for the private profile",
|
||||
critical: false,
|
||||
platform: "windows",
|
||||
},
|
||||
|
|
@ -421,11 +421,11 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
key: 33,
|
||||
query:
|
||||
"SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsFirewallPublicProfileEnableFirewall' AND CAST(data as integer) = 1;",
|
||||
name: "Windows Firewall, Public Profile enabled (Windows)",
|
||||
name: "Windows Firewall, public profile enabled (Windows)",
|
||||
description:
|
||||
"Checks if a Group Policy configures the computer to enable the public profile for Windows Firewall. The public profile applies to networks where the host system is connected to public networks such as Wi-Fi hotspots at coffee shops and airports. Some auditors require that this setting is configured by a Group Policy.",
|
||||
"If the Windows Firewall is not enabled for the public profile, the workstation may be more vulnerable to unauthorized access and potential security threats, especially when connected to public networks.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your computer is receiving a Group Policy that enables the public profile for Windows Firewall.",
|
||||
"The Windows Firewall will be enabled for the public profile.",
|
||||
critical: false,
|
||||
platform: "windows",
|
||||
},
|
||||
|
|
@ -434,9 +434,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
query:
|
||||
"SELECT 1 FROM windows_optional_features WHERE name = 'SMB1Protocol-Client' AND state != 1;",
|
||||
name: "SMBv1 client driver disabled (Windows)",
|
||||
description: "Checks that the SMBv1 client is disabled.",
|
||||
description: "Leaving the SMBv1 client enabled increases vulnerability to security threats and potential exploitation by malicious actors.",
|
||||
resolution:
|
||||
"Contact your IT administrator to discuss disabling SMBv1 on your system.",
|
||||
"The SMBv1 client will be disabled.",
|
||||
critical: false,
|
||||
platform: "windows",
|
||||
},
|
||||
|
|
@ -445,9 +445,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
query:
|
||||
"SELECT 1 FROM windows_optional_features WHERE name = 'SMB1Protocol-Server' AND state != 1",
|
||||
name: "SMBv1 server disabled (Windows)",
|
||||
description: "Checks that the SMBv1 server is disabled.",
|
||||
description: "Leaving the SMBv1 server enabled exposes the workstation to potential security vulnerabilities and exploitation by malicious actors.",
|
||||
resolution:
|
||||
"Contact your IT administrator to discuss disabling SMBv1 on your system.",
|
||||
"The SMBv1 server will be disabled.",
|
||||
critical: false,
|
||||
platform: "windows",
|
||||
},
|
||||
|
|
@ -457,9 +457,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows NTDNSClientEnableMulticast' AND CAST(data as integer) = 0;",
|
||||
name: "LLMNR disabled (Windows)",
|
||||
description:
|
||||
"Checks if a Group Policy configures the computer to disable LLMNR. Some auditors requires that this setting is configured by a Group Policy.",
|
||||
"If the workstation does not have LLMNR disabled, it could be vulnerable to DNS spoofing attacks, potentially leading to unauthorized access or data interception.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your computer is receiving a Group Policy that disables LLMNR on your system.",
|
||||
"LLMNR will be disabled on your system.",
|
||||
critical: false,
|
||||
platform: "windows",
|
||||
},
|
||||
|
|
@ -469,9 +469,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 FROM registry WHERE path LIKE 'HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsWindowsUpdateAUNoAutoUpdate' AND CAST(data as integer) = 0;",
|
||||
name: "Automatic updates enabled (Windows)",
|
||||
description:
|
||||
"Checks if a Group Policy configures the computer to enable Automatic Updates. When enabled, the computer downloads and installs security and other important updates automatically. Some auditors requires that this setting is configured by a Group Policy.",
|
||||
"Enabling automatic updates ensures the computer downloads and installs security and other important updates automatically.",
|
||||
resolution:
|
||||
"Contact your IT administrator to ensure your computer is receiving a Group policy that enables Automatic Updates.",
|
||||
"Automatic updates will be enabled.",
|
||||
critical: false,
|
||||
platform: "windows",
|
||||
},
|
||||
|
|
@ -482,9 +482,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
name:
|
||||
"No 1Password emergency kit stored on desktop or in downloads (macOS)",
|
||||
description:
|
||||
"Looks for PDF files with file names typically used by 1Password for emergency recovery kits.",
|
||||
"Storing the 1Password emergency kit on the desktop or in the downloads folder increases the risk of unauthorized access to sensitive credentials if the workstation is compromised or accessed by unauthorized users.",
|
||||
resolution:
|
||||
"Delete 1Password emergency kits from your computer, and empty the trash. 1Password emergency kits should only be printed and stored in a physically secure location.",
|
||||
"1Password emergency kits must be printed and stored in a physically secure location.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
@ -493,9 +493,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
query:
|
||||
"SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM users CROSS JOIN user_ssh_keys USING (uid) WHERE encrypted='0');",
|
||||
name: "No unencrypted SSH keys present",
|
||||
description: "Checks if unencrypted SSH keys are present on the system.",
|
||||
description: "Having unencrypted SSH keys poses the risk of unauthorized access to sensitive systems and data if the workstation is compromised.",
|
||||
resolution:
|
||||
"Remove SSH keys that are not necessary, and encrypt those that are. On Mac and Linux, use this command to encrypt your existing SSH keys: ssh-keygen -o -p -f path/to/keyfile",
|
||||
"Any unencrypted SSH keys will be encrypted or removed from the workstation.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
@ -505,9 +505,9 @@ export const DEFAULT_POLICIES: IPolicyNew[] = [
|
|||
"SELECT 1 WHERE NOT EXISTS (SELECT 1 FROM keychain_items WHERE label LIKE '%ABCDEFG%' LIMIT 1);",
|
||||
name: "No Apple signing or notarization credentials secrets stored (macOS)",
|
||||
description:
|
||||
"Looks for certificate material linked to a company's Apple Developer account, which should only be present on build servers and not workstations. Replace *ABCDEFG* with your company's identifier.",
|
||||
"Storing Apple signing or notarization credentials poses the risk of unauthorized access to sensitive development assets and potential compromise of software integrity.",
|
||||
resolution:
|
||||
"Ensure your official Apple builds, signing and notarization happen on a centralized system, and remove these certificates from workstations.",
|
||||
"Apple signing or notarization credentials secrets will be removed from the workstation.",
|
||||
critical: false,
|
||||
platform: "darwin",
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in a new issue