When importing CIS benchmark content for multiple OS versions into a
single
Fleet team via GitOps, users encounter several hard validation failures
because
Fleet enforces uniqueness on script basenames, mobileconfig
PayloadDisplayName /
PayloadIdentifier, and policy name fields.
Changes (all confined to docs/solutions/cis/):
- Fix #!/usr/bin/env bash shebang in CIS_2.6.7.sh (macOS 13/14/15) ->
#!/bin/bash
- Prefix script filenames with OS slug (macos13-, macos14-, macos15-,
win10-,
win11-, win11-intune-) to prevent basename collisions
- Prefix mobileconfig PayloadDisplayName with OS tag ([macOS 13] etc.),
which
is the field Fleet uses for identity
- Prefix mobileconfig PayloadIdentifier with an OS slug so identifiers
stay
unique across versions
- Prefix every policy name: field with the OS tag; preserve original
YAML
formatting (plain, single-quoted with '' escapes, and folded block
scalars)
- Rename Windows XML profiles with win10-, win11-, and win11-intune-
prefixes
None of these changes affect the security logic or coverage of the
benchmarks.
They only make the content importable without manual intervention.
Co-authored-by: Claude <noreply@anthropic.com>
2026-04-16 15:37:31 -04:00
Renamed from docs/solutions/cis/macos-14/configuration-profiles/2.2.2.mobileconfig (Browse further)
