CIS: 3.6 Ensure Firewall Logging Is Enabled and Configured

obi-k
Valued Contributor III

Hi,

Trying to figure out if I did this correctly. The EAs said it's okay, but the CIS Report says the script failed even though the configuration profile is there.

Is this how you would do the configuration profile? Maybe I got the "string" detail wrong.

 

@jmahlman 

Screenshot 2023-01-25 at 3.33.43 PM.png

Screenshot_2023-01-25_at_3_57_52_PM.png

7 REPLIES 7

jmahlman
Valued Contributor

Looks right to me, what is your EA/check? Are you using the macOS Security Compliance project

As a note, you may want to look into Jamf's Compliance Editor for making a baseline and configs.

obi-k
Valued Contributor III

Thanks, I'll give this a read and play with it.

I've been trying Mischa van der Bent's CIS Script for audit, report, and remediation.

boberito
Valued Contributor

Firewall is a fun one where you can't use Jamf's Custom profile section because that writes it to the com.apple.ManagedClient.preferences domain which the application layer firewall can't read. 

You can use Jamf's GUI to build the config profile or make your own, sign it, upload it, deploy it.

obi-k
Valued Contributor III

Forgive me, @boberito, Jamf's GUI? Which method did you choose to use?

obi-k
Valued Contributor III

Tried using ProfileCreator. Set the Firewall settings, signed, and uploaded to Jamf. 

Jamf says, "This profile is read-only because it is signed."

When I remove the signature, Jamf cannot read the keys. "Unknown KeysJamf Pro cannot recognize one or more settings in this payload and display them in the interface."

boberito
Valued Contributor

Don't worry if Jamf can't display it. It can decrypt the profile. Just deploy it. You know what was set in it. 

obi-k
Valued Contributor III

When we ran the CIS Scan the Firewall was set correctly. Thank you.