• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

jamf/CIS-for-macOS-Sierra

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

jamf/CIS-for-macOS-Sierra

开源软件地址(OpenSource Url):

https://github.com/jamf/CIS-for-macOS-Sierra

开源编程语言(OpenSource Language):

Shell 100.0%

开源软件介绍(OpenSource Introduction):

INFO:

Refers to document CIS_Apple_OSX_10.12_Benchmark_v1.0.0.pdf, available at https://benchmarks.cisecurity.org

USAGE:

1_Set_Organization_Priorities

Policy: Generally "Once per computer" unless organizational values change.

Admins set organizational compliance for each listed item, which gets written to plist. The values default to "true," meaning if an organization wishes to disregard a given item they must set the value to false by changing the associated comment:

OrgScore1_1="true" or OrgScore1_1="false"

The script writes to /Library/Application Support/SecurityScoring/org_security_score.plist by default.

NOTES:

Item "1.1 Verify all Apple provided software is current" is disabled by default. Item "5.6 Enable OCSP and CRL certificate checking" is disabled by default.

2_Security_Audit_Compliance

Policy: Some recurring trigger to track compliance over time.

Reads the plist at /Library/Application Support/SecurityScoring/org_security_score.plist. For items prioritized (listed as "true,") the script queries against the current computer/user environment to determine compliance against each item.

Non-compliant items are recorded at /Library/Application Support/SecurityScoring/org_audit

2.5_Audit_List Extension Attribute

Set as Data Type "String."

Reads contents of /Library/Application Support/SecurityScoring/org_audit file and records to Jamf Pro inventory record.

2.6_Audit_Count Extension Attribute

Set as Data Type "Integer."

Reads contents of /Library/Application Support/SecurityScoring/org_audit file and records count of items to Jamf Pro inventory record. Usable with smart group logic (2.6_Audit_Count greater than 0) to immediately determine computers not in compliance.

3_Security_Remediation

Policy: Some recurring trigger to enforce compliance over time.

Reads the plist at /Library/Application Support/SecurityScoring/org_security_score.plist. For items prioritized (listed as "true,") the script applies recommended remediation actions for the client/user.

SCORED CIS EXCEPTIONS:

  • Does not implement pwpolicy commands (5.2.1 - 5.2.8)
  • Audits but does not actively remediate (due to alternate profile/policy functionality within Jamf Pro):
  • 2.4.4 Disable Printer Sharing
  • 2.6.1 Enable FileVault
  • 2.7.4 iCloud Drive Document sync
  • 2.7.5 iCloud Drive Desktop sync
  • 2.11 Java 6 is not the default Java runtime
  • 5.12 Create a custom message for the Login Screen
  • 5.13 Create a Login window banner



鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap