Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 111

Update "macOS - Check if latest version" policy (#19138)

Browse source 
- Simplify policy
- Move policy out of team files. Why? They use the same policy
- Sometimes values that look like integers are treated as strings in
osquery.
This might be happening here w/ the major, minor, patch
in the policy. Another example here:
https://github.com/fleetdm/fleet/issues/15962#issuecomment-1881783764

---------

Co-authored-by: Luke Heath <luke@fleetdm.com>
This commit is contained in:
Noah Talerman 2024-05-20 12:48:28 -04:00 committed by GitHub
parent 5b423d70c2
commit d5f666bfa3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
it-and-security/teams/workstations-canary.yml
View file

@ -109,15 +109,6 @@ policies:
- path: ../lib/macos-device-health.policies.yml
- path: ../lib/windows-device-health.policies.yml
- path: ../lib/linux-device-health.policies.yml
- name: macOS - Check if latest version
query: |
SELECT 1 FROM os_version
WHERE (major > 14 OR (major = 14 AND minor > 5) OR (major = 14 AND minor = 5 AND patch >= 0)); --Sonoma
critical: false
description: Using an outdated macOS version risks exposure to security vulnerabilities and potential system instability.
resolution: We will update your macOS to version 14.4.1 to enhance security and stability.
platform: darwin
calendar_events_enabled: true
queries:
- path: ../lib/collect-failed-login-attempts.queries.yml
- path: ../lib/collect-fleetd-information.yml

9
it-and-security/teams/workstations.yml
View file

@ -44,8 +44,8 @@ controls:
enable_end_user_authentication: true
macos_setup_assistant: null
macos_updates:
deadline: "2024-05-31"
minimum_version: "14.5"
deadline: ""
minimum_version: ""
windows_settings:
custom_settings: null
windows_updates:
@ -62,9 +62,8 @@ policies:
- path: ../lib/windows-device-health.policies.yml
- path: ../lib/linux-device-health.policies.yml
- name: macOS - Check if latest version
query: |
SELECT 1 FROM os_version
WHERE (major > 14 OR (major = 14 AND minor > 5) OR (major = 14 AND minor = 5 AND patch >= 0)); --Sonoma
query: SELECT 1 FROM os_version WHERE major = '14' AND minor = '5';
# patch query: SELECT 1 FROM os_version WHERE major = "14" AND minor = "5" AND patch >= "1";
critical: false
description: This policy check if macOS version is most recent version available.
resolution: From the Apple menu, select System Settings. Navigate to General > Software Update.