mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
| .. | ||
| 1.2.mobileconfig | ||
| 1.3.mobileconfig | ||
| 1.4.mobileconfig | ||
| 1.5.mobileconfig | ||
| 1.6.mobileconfig | ||
| 1.7.mobileconfig | ||
| 2.1.1.1-enable.mobileconfig | ||
| 2.1.1.2-disable.mobileconfig | ||
| 2.1.1.2-enable.mobileconfig | ||
| 2.1.1.3.mobileconfig | ||
| 2.2.1.mobileconfig | ||
| 2.2.2.mobileconfig | ||
| 2.3.1.1.mobileconfig | ||
| 2.3.1.2.mobileconfig | ||
| 2.3.2.1.mobileconfig | ||
| 2.3.3.9.mobileconfig | ||
| 2.3.3.10.mobileconfig | ||
| 2.4.1.mobileconfig | ||
| 2.4.2.mobileconfig | ||
| 2.5.1-disable.mobileconfig | ||
| 2.5.1-enable.mobileconfig | ||
| 2.6.1.1.mobileconfig | ||
| 2.6.2-part1.mobileconfig | ||
| 2.6.2-part2.mobileconfig | ||
| 2.6.2-part3.mobileconfig | ||
| 2.6.3.mobileconfig | ||
| 2.6.4.mobileconfig | ||
| 2.6.5.mobileconfig | ||
| 2.8.1.disable.mobileconfig | ||
| 2.8.1.enable.mobileconfig | ||
| 2.10.3.mobileconfig | ||
| 2.12.3.mobileconfig | ||
| 3.6.mobileconfig | ||
| 4.1.mobileconfig | ||
| 5.2.1.mobileconfig | ||
| 5.2.2.mobileconfig | ||
| 5.2.3-and-5.2.4.mobileconfig | ||
| 5.2.5.mobileconfig | ||
| 5.2.7.mobileconfig | ||
| 5.2.8.mobileconfig | ||
| 6.3.1.mobileconfig | ||
| 6.3.2.mobileconfig | ||
| 6.3.3.mobileconfig | ||
| 6.3.4.mobileconfig | ||
| 6.3.7.mobileconfig | ||
| 6.4.1.mobileconfig | ||
| not_always_working_2.6.1.2.mobileconfig | ||
| not_always_working_2.10.1.mobileconfig | ||
| not_always_working_2.10.2.mobileconfig | ||
| not_always_working_2.10.4.mobileconfig | ||
| not_always_working_2.10.5.mobileconfig | ||
| not_working_2.3.4.1.mobileconfig | ||
| README.md | ||
CIS Profiles
On this directory we store the profiles for each CIS benchmark check that will allow us to apply them automatically on macOS VMs.
How to create one
Let's assume you are creating a profile for CIS 1.6, "Ensure Install Security Responses and System Files Is Enabled".
- Copy an existing profile:
cp compliance/profiles/2.1.1.3.mobileconfig compliance/profiles/1.6.mobileconfig
- Generate two unique UUIDs:
$ uuidgen
380B8EF9-B5E8-4967-A102-52F78EA03AB9
$ uuidgen
3C4F942C-C716-48F3-A2E9-52AD7DBE55E0
- Open the created copy with a text editor and modify the following fields:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>test</string>
<key>PayloadType</key>
<string><!--- Domain of the setting, e.g. com.apple.SoftwareUpdate --></string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.6.check <!--- This must be unique and a sub domain of the main profile, thus we add the cis number at the end + ".check" --></string>
<key>PayloadUUID</key>
<string><!--- Paste one of the generated UUID here, in this case 380B8EF9-B5E8-4967-A102-52F78EA03AB9 --></string>
<key><!--- Setting, e.g. CriticalUpdateInstall --></key>
<false/>
</dict>
</array>
<key>PayloadDescription</key>
<string>test</string>
<key>PayloadDisplayName</key>
<string><!-- Title of the CIS here, e.g. Ensure Install Security Responses and System Files Is Enabled --></string>
<key>PayloadIdentifier</key>
<string>com.fleetdm.cis-1.6</string> <!--- This must be unique, thus we add the cis number at the end -->
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string><!--- Paste the other generated UUID here, in this case 3C4F942C-C716-48F3-A2E9-52AD7DBE55E0 --></string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
- Place the
.mobileconfigon the VM and double click the profile. - Go to
System Settings > Profilesand then install the profile.