empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add Windows screen lock policy (#6167)

Browse Source 
* Adding policy query to check firewall on Mac

This commit closes https://github.com/fleetdm/confidential/issues/1410 once merged.

* Adding policies

This commit closes https://github.com/fleetdm/confidential/issues/1412. Right now there is no way to check the screenlock so instead we check if a profile for screenlock is there.

https://github.com/fleetdm/confidential/issues/1410 also closed by this.

* Update constants.ts

Fixed space

* Resolution text fix for new policies

Fixed copy based on @zhumo's comments!

* Screen lock policy

Adding a policy to check if the inactivity timeout is enabled on Windows and set to 1800 seconds or less (30min)

* Update constants.ts

Fix identation

* Update Windows screen lock policy

Changed wording from "administrator" to "IT administrator" in both files.
This commit is contained in:
Guillaume Ross 2022-06-10 12:05:32 -04:00 committed by GitHub
parent a3ab5646f5
commit 04a0c355c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
View File

@ -712,3 +712,16 @@ spec:
tags: compliance, hardening, built-in
platform: darwin
contributors: GuillaumeRoss
---
apiVersion: v1
kind: policy
spec:
name: Screen lock enabled (Windows)
query: SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\InactivityTimeoutSecs' AND CAST(data as INTEGER) <= 1800;
description: "Checks if the screen lock is enabled and configured to lock the system within 30 minutes or less."
resolution: "Ask your IT administrator to enable the Interactive Logon: Machine inactivity limit setting with a value of 1800 seconds or lower."
platforms: Windows
tags: compliance, hardening, built-in
platform: windows
contributors: GuillaumeRoss

10
frontend/utilities/constants.ts
View File

@ -159,6 +159,16 @@ export const DEFAULT_POLICIES = [
"Contact your IT administrator to help you enroll your computer in your organization's MDM. If already enrolled, ask your IT administrator to enable the screen lock feature in the profile configuration.",
platform: "darwin",
},
{
key: 15,
query:
"SELECT 1 FROM registry WHERE path = 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\InactivityTimeoutSecs' AND CAST(data as INTEGER) <= 1800;",
name: "Screen lock enabled (Windows)",
description: "Checks if the screen lock is enabled and configured to lock the system within 30 minutes or less.",
resolution:
"Ask your IT administrator to enable the Interactive Logon: Machine inactivity limit setting with a value of 1800 seconds or lower.",
platform: "windows",
},
] as IPolicyNew[];
export const FREQUENCY_DROPDOWN_OPTIONS = [