mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
2e631491c2
When importing CIS benchmark content for multiple OS versions into a single Fleet team via GitOps, users encounter several hard validation failures because Fleet enforces uniqueness on script basenames, mobileconfig PayloadDisplayName / PayloadIdentifier, and policy name fields. Changes (all confined to docs/solutions/cis/): - Fix #!/usr/bin/env bash shebang in CIS_2.6.7.sh (macOS 13/14/15) -> #!/bin/bash - Prefix script filenames with OS slug (macos13-, macos14-, macos15-, win10-, win11-, win11-intune-) to prevent basename collisions - Prefix mobileconfig PayloadDisplayName with OS tag ([macOS 13] etc.), which is the field Fleet uses for identity - Prefix mobileconfig PayloadIdentifier with an OS slug so identifiers stay unique across versions - Prefix every policy name: field with the OS tag; preserve original YAML formatting (plain, single-quoted with '' escapes, and folded block scalars) - Rename Windows XML profiles with win10-, win11-, and win11-intune- prefixes None of these changes affect the security logic or coverage of the benchmarks. They only make the content importable without manual intervention. Co-authored-by: Claude <noreply@anthropic.com>
37 lines
1.1 KiB
XML
37 lines
1.1 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
|
|
<plist version="1.0">
|
|
<dict>
|
|
<key>PayloadContent</key>
|
|
<array>
|
|
<dict>
|
|
<key>PayloadDisplayName</key>
|
|
<string>test</string>
|
|
<key>PayloadType</key>
|
|
<string>com.apple.applicationaccess</string>
|
|
<key>PayloadIdentifier</key>
|
|
<string>com.fleetdm.cis-2.3.1.2.check</string>
|
|
<key>PayloadUUID</key>
|
|
<string>BF58FD50-E4EC-4427-A549-1BCD7B88FCEB</string>
|
|
<key>allowAirPlayIncomingRequests</key>
|
|
<false/>
|
|
</dict>
|
|
</array>
|
|
<key>PayloadDescription</key>
|
|
<string>test</string>
|
|
<key>PayloadDisplayName</key>
|
|
<string>[macOS 13] Ensure AirPlay Receiver Is Disabled</string>
|
|
<key>PayloadIdentifier</key>
|
|
<string>com.fleetdm.macos13.cis-2.3.1.2</string>
|
|
<key>PayloadRemovalDisallowed</key>
|
|
<false/>
|
|
<key>PayloadScope</key>
|
|
<string>System</string>
|
|
<key>PayloadType</key>
|
|
<string>Configuration</string>
|
|
<key>PayloadUUID</key>
|
|
<string>633BD4E3-849E-485E-A784-AA80D86E83A3</string>
|
|
<key>PayloadVersion</key>
|
|
<integer>1</integer>
|
|
</dict>
|
|
</plist>
|