Jamf Nation Community

BBB_UMB · ‎01-12-2022

Hello All,

I have been attempting to implement a level one CIS Benchmark and I haven't figured it out just yet. Any advice would be great. Also, I have stumbled across a script that was made for BigSur has anyone adjusted this script to work for Monterey?

https://github.com/gocardless/CIS-for-macOS-BigSur-CP

Thank you in advance !!

jmahlman · ‎01-12-2022

Hey there! First, I would look at the macOS Security Compliance project. It's updated regularly, open source, and suggested by Apple (and Jamf). There is even a CIS variant available from Mischa van der Bent. I have not used this one but it's a great starting point.

However, if you're looking for a "simpler" approach, check out this CIS Script that Mischa also wrote. It's inspired by the Jamf professional services script and it provides nice reports.

R_C · ‎06-06-2022

Looks like the macOS Security Compliance Project finally added CIS although I haven't tried implementing it yet.

sharif_khan · ‎10-05-2022

@jmahlman did you applied CIS Bench mark Mischa one? I am trying to test that one. Can you or anyone please share me the workflow. I already follow the steps from his github but i think i need help.

jmahlman · ‎10-06-2022

I applied using the MSCP CIS guidance. I'm not using Mischa's approach right now.

I made some EAs to collect data from the audit files to know when to remediate.

This one will give a number:

#!/bin/zsh
# cis v2 - Audit List

auditList=$(/usr/libexec/PlistBuddy -c "Print" "/Library/Preferences/org.cislvl2.plist" | sed -nE '{N; s/[[:space:]]*(.*) = Dict.*finding = true.*/\1/p ; D;}')

echo "<result>${auditList}</result>"

This will give a list of findings:

#!/bin/zsh
# cis v2 - Audit Count

auditCount=$(/usr/libexec/PlistBuddy -c "Print" /Library/Preferences/org.cis_leidos.audit.plist | grep -c "finding = true")

echo "<result>${auditCount}</result>"

Jamf Nation Community

CIS Benchmark: Monterey