Sequoia NLMAPGOV baselines to Tahoe #5
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* refactor[rules] STIG IDs Initial STIG-IDs added to rule files. * refactor[rules]ccis added New CCIs added to rules * refactor[rules] SRGs added New SRGs added to stig rules * refactor[rule] pwpolicy_custom_regex_enforce Remove unneeded SRG * refactor[rules] Added, Removed, Updated rules - os_authenticated_root_enable, updated check - os_directory_services_configured, removed from stig - os_ess_installed, removed from stig - os_firewall_log_enable, removed from 15.x - os_genmoji_disable, added 800-53 and stig - os_image_generation_disable, added 800-53 and sti.yaml - os_iphone_mirroring_disable - os_password_autofill_disable, added 800-53 and sti - os_ssh_fips_compliant, fixed check/fix - os_ssh_server_alive_count_max_configure, fixed fix - os_ssh_server_alive_interval_configure, fixed fix - os_sshd_fips_compliant, fixed fix/check - os_sudo_log_enforce, added 800-53 and stig - os_writing_tools_disable, added 800-53 and sti - pwpolicy_custom_regex_enforce, updated regex - system_settings_ssh_enable, removed from stig * refactor[rules] Removed from STIG Removed CCI, SRG, STIG ID, and STIG tag * refactor[rules]Added new STIG IDs Added STIG ID to - os_genmoji_disable - os_image_generation_disable - os_sudo_log_enforce - os_writing_tools_disable * Added new rule file * Add APPL-15-002023 * added APPL-15-002024 * fix[rules] removed tags for rules removed removed tags from rules removed from cis * added os_time_server_enable back to cis * Update Gitignore * Updating CIS benchmark and tags in missed rules. * refactor[rules]ssh fips and sshd fips Updated check and fix for ssh and sshd for FIPS * refactor[rules]ssh and sshd fips added check into sshd to not fix if proper * Fixed ODV regression for CIS * added missing path to grep * removed [ ] * Fix to not print, and fix multiple entries in .ssh/config * added dev null redirection, prevention of double entries * Fixed bin to dev and case insensitive sed * 800-171 Rev 2 to Rev 3 * Updated media sharing key * Updated STIG ID * merge from sequoia * refactor[rules] ssh fixes Updated ssh fixes to match os_ssh_fips_compliant * slightly simplier fix. removed unneeded loop * slightly simplier fix. removed unneeded loop * Adjusting CIS numbering. * fix[rule] fixed path Fixed path in system_settings_system_wide_preferences_configure * fix[rule] fixed path on line 63 fixed path in system_settings_system_wide_preferences_configure * fix[rule] added reference Added reference to os_sudo_log_enforce * refactor[rules] Added, Modified and deleted rules Added os_mail_summary_disable Added os_photos_enhanced_search_disable Removed system_settings_cd_dvd_sharing_disable Modified system_settings_improve_search_disable - updated title Modified system_settings_improve_siri_dictation_disable - updated title * renamed .yml to .yaml * changes for upcoming cis release * refactor - DISA STIG references updated to sequoia for DISA STIG baseline file created for disa stig * added os_sleep_and_display_sleep_apple_silicon_enable to all_rules * refactor[rules] CNSSI tags added Added CNSSI1253 low, moderate, high tags * refactor[baselines] Updated baseline files Updated cnssi1253 baseline files Updated all_rules baseline file Updated CIS baseline files * udpdated baseline files * [fix]system_settings_sleep_enforce sleep/displaysleep swap * updated title * fix[rule] remove cis tags and reference remove cis ref & tag from system_settings_improve_search_disable issue usnistgov#443 * Adding arm64 tag to os_sleep_and_display_sleep_apple_silicon_enable * Fixing Sleep/displaysleep numbers based on CIS changes. * Fixing os_sleep_and_display_sleep_apple_silicon_enable * Removing DRAFT status from CIS * [fix]rule world writable library folder os_world_writable_library_folder_configure issue# 445 * refactor[rules] Added missing CCEs Replaced N/A CCEs for os_mail_summary_disable and os_photos_enhanced_search_disable * fix[rule] updated odv hint pwpolicy_custom_regex_enforce odv hint updated * Update system_settings_improve_assistive_voice_disable Issue usnistgov#450 * refactor[rules]pwpolicy updates Removed 800-53 and 800-171 tags Updated discussion to reflect NIST SP 800-63 and Executive Order M-22-09 * refactor[rules] Added external intelligence rules Added rules to disable external intelligence features for 15.2 * Issue usnistgov#450 * updated pwpolicy * Added CCEs * Removed double stig tag * updated baseline files * updated changelog * removed rules/system_settings/system_settings_cd_dvd_sharing_disable.yaml * updated changelog * update[supplemental]: added 800-63 guidance fix[supplemental]: update note about filevault unlock * refactor[rule] pwpolicy_special_character_enforce Updated check to allow greater than ODV. Issue usnistgov#451 * refactor[rules] ssh rules discussion update Added mention of /usr/libexec/reset-ssh-configuration. * updated release date and version * Added uniq to prevent false negatives * updated authors * updated release date --------- Co-authored-by: Allen Golbig <golbiga@gmail.com> Co-authored-by: mahlmanj <john.mahlman@leidos.com> Co-authored-by: Dan Brodjieski <daniel.brodjieski@nasa.gov>
Eerste experiment baseline aanmaken met mSCP. Inhoudelijke regels zijn enkel om mechanisme te testen.
New rules added
Changed generate_guidance to check lastUserName from com.apple.loginwindow Checks will not fail when at the login window. Issue usnistgov#364
Updated discussion to use lastUserName from com.apple.loginwindow Issue usnistgov#364
- pwpolicy_minimum_length_enforce - pwpolicy_prevent_dictionary_words - system_settings_guest_account_disable
…into usnistgov-sequoia
Minor name change
Added BIO guidance mapping
* Add initial new docs based on astro starlight * Add consolidated changes Add Dan's tweaks for the NIST pages * Direct to NIST pages
- Added additional audit rules to `nlmapgov_base` - Added first draft of `nlmapgov_plus`, designed as a complete package with rules from best practices from the field and other baselines. Still requires evaluation and altering by organizations.
* customization * Fixing case sensitive error * ignoring website temp files * Prettied the home page, changed words, added links * Upgraded Astro & Starlight * Updated social for Astro/Starlight upgrade * Fixed content to support NIST header/footer * building new menu and pages * adding a quick guide, needs correcting * add supported for .sl-banner if present * adding a css fix for the anchor links * fixed accent colors in light/dark mode, added fun to the logo * Redid menu, reworked all pages, added pages/content * Fixed URLs to support NIST Pages Upload * hiding last updated for 404 page * rewrote home page to reflect changes * Star Button Support for Light/Dark Mode * Github Live Data Scripts * Added Latest Release To Home Screen * removed homebrew, as advised by the team * Removed shake, titled logo more
- Updates to some rules - Mapping added for `nlmapgov_plus` to the BIO rules
remove ssh host key generation from compliance script
refactor: sync with tahoe
… consolidated profile
Consolidated profile
Minor timeserver update & upstream changes
update the check to better detect hardware for applicability
Signed-off-by: Bob Gendler <robert.gendler@nist.gov>
Signed-off-by: Bob Gendler <robert.gendler@nist.gov>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sequoia NLMAPGOV baselines to Tahoe