CIS_3.2 (#9522)

2024-11-06 08:55:24 +00:00 · 2023-02-02 13:08:02 -05:00 · 2023-02-02 13:08:02 -05:00 · 16d7091600
commit 16d7091600
parent 647c15a909
2 changed files with 63 additions and 0 deletions
--- a/ee/cis/macos-13/cis-policy-queries.yml
+++ b/ee/cis/macos-13/cis-policy-queries.yml
@ -791,6 +791,61 @@ spec:
 ---
 apiVersion: v1
 kind: policy
+spec:
+  name: CIS - Ensure Security Auditing Flags For User-Attributable Events Are Configured Per Local Organizational Requirements
+  platforms: macOS
+  platform: darwin
+  description: |
+    Auditing is the capture and maintenance of information about security-related events. Auditable events often depend on differing organizational requirements.
+  resolution: |
+    Automated method:
+    Ask your system administrator to deploy an MDM profile that disables Bonjour advertising service.
+    Terminal Method: 
+      Perform the following to set the required Security Auditing Flags:
+      Edit the /etc/security/audit_control file and add -fm, ad, -ex, aa, -fr, lo, and -fw to flags. You can also substitute -all for -fm, -ex, -fr, and -fw.
+  query: |
+    SELECT 1 WHERE EXISTS (    
+      SELECT line
+      FROM file_lines WHERE path = '/etc/security/audit_control' 
+      AND 
+      (
+            (
+              line LIKE 'flags:%' 
+              AND 
+              line LIKE "%-fm%"
+              AND 
+              line LIKE "%ad%"
+              AND 
+              line LIKE "%-ex%"
+              AND 
+              line LIKE "%aa%"
+              AND 
+              line LIKE "%-fr%"
+              AND 
+              line LIKE "%lo%"
+              AND 
+              line LIKE "%-fw%" 
+            ) 
+            OR 
+            (
+              line LIKE 'flags:%' 
+              AND 
+              line LIKE "%-all%" 
+              AND 
+              line LIKE "%ad%"
+              AND 
+              line LIKE "%aa%"
+              AND 
+              line LIKE "%lo%"
+            )
+      )
+    );
+  purpose: Informational
+  tags: compliance, CIS, CIS_Level2, CIS3.2
+  contributors: sharon-fdm
+---
+apiVersion: v1
+kind: policy
 spec:
  name: CIS - Ensure Firewall Logging Is Enabled and Configured (MDM Required)
  platforms: macOS
--- a/ee/cis/macos-13/test/scripts/CIS_3.4.sh
+++ b/ee/cis/macos-13/test/scripts/CIS_3.4.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+
+cp /etc/security/audit_control ./tmp.txt;
+origFlags=$(cat ./tmp.txt  | grep flags: | grep -v naflags);
+sed "s/${origFlags}/flags:-fm,ad,-ex,aa,-fr,lo,-fw/" ./tmp.txt > /etc/security/audit_control;
+rm ./tmp.txt;
+
+