Giter Club home page Giter Club logo

2016_jnuc_security_reporting_compliance's Introduction

Repo for code used in all presentation slides from the 2016 JNUC Presentation "Digging into Security, Compliance, and Reporting"

USAGE:

1_Set_Organization_Priorities

Policy: Generally "Once per computer" unless organizational values change.

Admins set organizational compliance for each listed item, which gets written to plist. The values default to "true," meaning if an organization wishes to disregard a given item they must set the value to false by changing the associated comment:

OrgScore1_1="true" or OrgScore1_1="false"

The script writes to /Library/Application Support/SecurityScoring/org_security_score.plist by default.

NOTE: Item "1.1 Verify all Apple provided software is current" is disabled by default.

2_Security_Audit_Compliance

Policy: Some recurring trigger to track compliance over time.

Reads the plist at /Library/Application Support/SecurityScoring/org_security_score.plist. For items prioritized (listed as "true,") the script queries against the current computer/user environment to determine compliance against each item.

Non-compliant items are recorded at /Library/Application Support/SecurityScoring/org_audit

2.5_Audit_List Extension Attribute

Set as Data Type "String."

Reads contents of /Library/Application Support/SecurityScoring/org_audit file and records to Jamf Pro inventory record.

2.6_Audit_Count Extension Attribute

Set as Data Type "Integer."

Reads contents of /Library/Application Support/SecurityScoring/org_audit file and records count of items to Jamf Pro inventory record. Usable with smart group logic (2.6_Audit_Count greater than 0) to immediately determine computers not in compliance.

3_Security_Remediation

Policy: Some recurring trigger to enforce compliance over time.

Reads the plist at /Library/Application Support/SecurityScoring/org_security_score.plist. For items prioritized (listed as "true,") the script applies recommended remediation actions for the client/user.

Recommended: Package modified log files (Section 3) and distribute by policy/imaging.

2016_jnuc_security_reporting_compliance's People

Contributors

baddmann avatar dzogrim avatar kenglish6 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

peterlbk uraqt novaksam baddmann matthewsphillips mageaka37 joeyn414 smithjw dzogrim pepeanguita gsullivan2 meshyamsundar vailster karthik5003 martintheweirdo cgraysonjr

2016_jnuc_security_reporting_compliance's Issues

Sierra 10.12.5 hangs

HI ,
I running all scripts via jss on 10.12.5 machine with now problems beside the latest script "3_Security_Remediation.sh" , when it runs it just hangs on : "Running script 3_Security_Remediation.sh..." for few hours .

Missing Values cause unexpected results

I've just finished watching your JNUC video and trying out the code.
I'm not running the remediation script until I've done a bunch of testing, but I'm finding that the Audit Compliance test is simply failing on a few of the tests as the plist doesn't exist or the key within the plist doesn't exist.

I was going to fork this and make the changes needed to account for missing files and keypairs, but then thought I'd better ask you first if this would be the right action or is this an intentional "thing".

Example log:
Script result: rm: /Library/Application Support/SecurityScoring/org_audit: No such file or directory 2016-11-15 09:12:19.117 defaults[59100:2438721] The domain/default pair of (/Library/Preferences/com.apple.commerce, AutoUpdate) does not exist /Library/Application Support/JAMF/tmp/SEC_2_Security_Audit_Compliance: line 88: [: =: unary operator expected 2016-11-15 09:12:19.179 defaults[59102:2438730] The domain/default pair of (/Library/Preferences/com.apple.SoftwareUpdate, ConfigDataInstall) does not exist /Library/Application Support/JAMF/tmp/SEC_2_Security_Audit_Compliance: line 101: [: =: unary operator expected 2016-11-15 09:12:19.199 defaults[59104:2438738] The domain/default pair of (/Library/Preferences/com.apple.commerce, AutoUpdateRestartRequired) does not exist /Library/Application Support/JAMF/tmp/SEC_2_Security_Audit_Compliance: line 114: [: =: unary operator expected 2.1.1 passed 2.3.1 passed 2.3.2 passed 2.3.4 passed 2.4.1 passed Print: Entry, ":NAT:AirPort:Enabled", Does Not Exist Print: Entry, ":NAT:Enabled", Does Not Exist Print: Entry, ":NAT:PrimaryInterface:Enabled", Does Not Exist 2.4.3 passed Print: Entry, ":PrefKeyServicesEnabled", Does Not Exist 2.4.8 passed 2.6.3 passed /Library/Application Support/JAMF/tmp/SEC_2_Security_Audit_Compliance: line 362: [: : integer expression expected 2.8 passed 2.10 passed 4.1 passed 2016-11-15 09:12:20.499 defaults[59200:2439016] The domain/default pair of (com.apple.systemuiserver, menuExtras) does not exist 4.4 passed 4.5 passed 4.6 passed 5.1.2 passed 5.1.3 passed 5.7 passed 5.8 passed 5.9 passed 5.10 passed 5.18 passed 2016-11-15 09:15:19.366 defaults[59434:2440443] The domain/default pair of (/Library/Preferences/SystemConfiguration/com.apple.smb.server, AllowGuestAccess) does not exist 6.1.4 passed 2016-11-15 09:15:19.425 defaults[59436:2440454] The domain/default pair of (/Users/alpha/Library/Preferences/com.apple.finder, AppleShowAllExtensions) does not exist 2016-11-15 09:15:19.453 defaults[59438:2440463] The domain/default pair of (/Users/alpha/Library/Preferences/com.apple.Safari, AutoOpenSafeDownloads) does not exist 6.3 passed

This is running on an El Capitan 10.11.6

Thanks for the help

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.