Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 00:49:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 143

Update macos-device-health.policies.yml (#17783)

Browse source 
- Fix guest account and password policies
This commit is contained in:
Noah Talerman 2024-03-21 17:57:21 -04:00 committed by GitHub
parent 1d8e208c32
commit ceddd26a73
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 15 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
it-and-security/lib/macos-device-health.policies.yml
View file

@ -11,13 +11,25 @@
resolution: An an IT admin, deploy a macOS, Firewall profile with the EnableFirewall option set to true.
platform: darwin
- name: macOS - Disable guest account
query: SELECT 1 FROM managed_policies WHERE domain='com.apple.loginwindow' AND username = '' AND name='DisableGuestAccount' AND CAST(value AS INT) = 1;
query: SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0;
critical: false
description: This policy checks if the guest account is disabled.
resolution: An an IT admin, deploy a macOS, login window profile with the DisableGuestAccount option set to true.
platform: darwin
- name: macOS - Require 10 character password
query: SELECT 1 FROM plist WHERE path='/Library/Preferences/com.apple.loginwindow.plist' AND key='GuestEnabled' AND value = 0;
query: SELECT 1 WHERE
EXISTS (
SELECT 1 FROM managed_policies WHERE
domain='com.apple.screensaver' AND
name='askForPassword' AND
CAST(value AS INT)
)
AND EXISTS (
SELECT 1 FROM managed_policies WHERE
domain='com.apple.screensaver' AND
name='minLength' AND
CAST(value AS INT) <= 10
);
critical: false
description: This policy checks if the end user is required to enter a password, with at least 10 characters, to unlock the host.
resolution: An an IT admin, deploy a macOS, screensaver profile with the askForPassword option set to true and minLength option set to 10.
@ -40,4 +52,4 @@
critical: false
description: This policy checks if maximum amount of time (in minutes) the device is allowed to sit idle before the screen is locked. End users can select any value less than the specified maximum.
resolution: An an IT admin, deploy a macOS, screen saver profile with the maxInactivity option set to 20 minutes.
platform: darwin
platform: darwin