From d5f666bfa36a6f0d2b6be3acb2162d39563b17c7 Mon Sep 17 00:00:00 2001 From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Date: Mon, 20 May 2024 12:48:28 -0400 Subject: [PATCH] Update "macOS - Check if latest version" policy (#19138) - Simplify policy - Move policy out of team files. Why? They use the same policy - Sometimes values that look like integers are treated as strings in osquery. This might be happening here w/ the major, minor, patch in the policy. Another example here: https://github.com/fleetdm/fleet/issues/15962#issuecomment-1881783764 --------- Co-authored-by: Luke Heath --- it-and-security/teams/workstations-canary.yml | 9 --------- it-and-security/teams/workstations.yml | 9 ++++----- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/it-and-security/teams/workstations-canary.yml b/it-and-security/teams/workstations-canary.yml index 214bceb79f..1f9b694a6b 100644 --- a/it-and-security/teams/workstations-canary.yml +++ b/it-and-security/teams/workstations-canary.yml @@ -109,15 +109,6 @@ policies: - path: ../lib/macos-device-health.policies.yml - path: ../lib/windows-device-health.policies.yml - path: ../lib/linux-device-health.policies.yml - - name: macOS - Check if latest version - query: | - SELECT 1 FROM os_version - WHERE (major > 14 OR (major = 14 AND minor > 5) OR (major = 14 AND minor = 5 AND patch >= 0)); --Sonoma - critical: false - description: Using an outdated macOS version risks exposure to security vulnerabilities and potential system instability. - resolution: We will update your macOS to version 14.4.1 to enhance security and stability. - platform: darwin - calendar_events_enabled: true queries: - path: ../lib/collect-failed-login-attempts.queries.yml - path: ../lib/collect-fleetd-information.yml diff --git a/it-and-security/teams/workstations.yml b/it-and-security/teams/workstations.yml index f51f4c1e81..3cd7b854f0 100644 --- a/it-and-security/teams/workstations.yml +++ b/it-and-security/teams/workstations.yml @@ -44,8 +44,8 @@ controls: enable_end_user_authentication: true macos_setup_assistant: null macos_updates: - deadline: "2024-05-31" - minimum_version: "14.5" + deadline: "" + minimum_version: "" windows_settings: custom_settings: null windows_updates: @@ -62,9 +62,8 @@ policies: - path: ../lib/windows-device-health.policies.yml - path: ../lib/linux-device-health.policies.yml - name: macOS - Check if latest version - query: | - SELECT 1 FROM os_version - WHERE (major > 14 OR (major = 14 AND minor > 5) OR (major = 14 AND minor = 5 AND patch >= 0)); --Sonoma + query: SELECT 1 FROM os_version WHERE major = '14' AND minor = '5'; + # patch query: SELECT 1 FROM os_version WHERE major = "14" AND minor = "5" AND patch >= "1"; critical: false description: This policy check if macOS version is most recent version available. resolution: From the Apple menu, select System Settings. Navigate to General > Software Update.