Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/docs/solutions
History
Adam Baali 2e631491c2
claude/fix-cis-shebang-NTw1M (#43681) 
When importing CIS benchmark content for multiple OS versions into a
single
Fleet team via GitOps, users encounter several hard validation failures
because
Fleet enforces uniqueness on script basenames, mobileconfig
PayloadDisplayName /
PayloadIdentifier, and policy name fields.

Changes (all confined to docs/solutions/cis/):
- Fix #!/usr/bin/env bash shebang in CIS_2.6.7.sh (macOS 13/14/15) ->
#!/bin/bash
- Prefix script filenames with OS slug (macos13-, macos14-, macos15-,
win10-,
  win11-, win11-intune-) to prevent basename collisions
- Prefix mobileconfig PayloadDisplayName with OS tag ([macOS 13] etc.),
which
  is the field Fleet uses for identity
- Prefix mobileconfig PayloadIdentifier with an OS slug so identifiers
stay
  unique across versions
- Prefix every policy name: field with the OS tag; preserve original
YAML
formatting (plain, single-quoted with '' escapes, and folded block
scalars)
- Rename Windows XML profiles with win10-, win11-, and win11-intune-
prefixes

None of these changes affect the security logic or coverage of the
benchmarks.
They only make the content importable without manual intervention.

Co-authored-by: Claude <noreply@anthropic.com>
2026-04-16 15:37:31 -04:00
..
all Create openclaw-detection.queries.yml (#40250) 2026-02-22 18:11:39 -05:00
android Update Android password policy and clarify how it works with BYOD (#43374) 2026-04-09 17:29:14 -05:00
api-scripts Fix Jamf sync script to update IDP username field instead of other emails (#42335) 2026-03-26 11:15:36 -04:00
cis claude/fix-cis-shebang-NTw1M (#43681) 2026-04-16 15:37:31 -04:00
docker-compose Bind docker ports to 127.0.0.1 (#42232) 2026-03-23 12:30:23 -05:00
ios-ipados Add GlobalProtect profile (#42096) 2026-03-19 14:54:30 -05:00
linux added .keep file to add empty folders (#35109) 2025-11-03 11:45:48 -05:00
macos Add missing $FLEET_VAR_SCEP_RENEWAL_ID to Okta Platform SSO guide (#42847) 2026-04-09 16:16:19 -04:00
tines Update Jamf API endpoints (#39146) 2026-02-06 13:58:40 -06:00
windows Add and document fallback script for wiping Windows devices (#42230) 2026-04-16 11:49:53 -04:00
README.md Solutions symlinks (#37732) 2025-12-29 12:42:56 -06:00

README.md

Solutions

Best Practices

General

  • Name the file what the profile does.
    • For example, instead of googlePlayProtectVerifyApps.json (the name of the Android policy for this control), describe what it does: enforce-google-play-protect.json.
  • Use kebab case in file names, with all letters in lowercase.
    • Instead of passwordPolicy.json, use password-policy.json.
  • Be sure to end files with an empty newline.

symlinks

If a solution is applicable to multiple platforms, keep the original in the main platform directory and symlink it to the other platforms. For example, if an Apple configuration profile can be used on both macOS and iOS, use macOS as the source, and create a symlink in the iOS directory.

  • cd docs/solutions/ios-ipados/configuration-profiles/
    • Note that this is the destination that we want the symlink to be in.
  • ln -s ../../macos/configuration-profiles/my-profile.mobileconfig .
    • The . here at the end means the current directory, and will use the same file name as the original (which is what we want).
  • git add profile.mobileconfig
  • git commit