mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
3c8bf05fa3
Add multiple endpoint security policies and telemetry reports and wire them into the workstations fleet manifest. New macOS policies: firewall, Gatekeeper, SIP (critical), Remote Login disabled, screen-lock inactivity, and local-admin count; new Windows policies: Secure Boot, Remote Desktop disabled, interactive screen-lock timeout; new Linux policy: sshd PermitRootLogin restriction. Added cross-platform reports for disk encryption (includes BitLocker), local user/admin inventory, USB devices, listening ports, and Chromium-family browser extensions. These changes improve compliance and detection coverage (SOC2/ISO mappings included) and enable more comprehensive fleet monitoring. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added device compliance checks: macOS firewall, Gatekeeper, SIP, local admin count, Windows Secure Boot, and Linux SSH root-login restriction * Disabled high-risk remote access: macOS Remote Login and Windows Remote Desktop checks * Added screen-lock inactivity checks for macOS and Windows * New inventory reports: local user accounts, connected USB devices, open listening ports, and browser extensions (Safari, Firefox, Chromium-family) <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| check-fleet-desktop-extension-enabled.yml | ||
| disk-encryption-check.yml | ||
| disk-space-check.yml | ||
| sshd-permitrootlogin-restricted.yml | ||