Mac hardening guidlines

MacJunior
Contributor III

Hi all, 

 

i'm working on the CIS benchmarks for Monterey and i'm stuck at these points :

 

Ensure Security Auditing Flags For User-Attributable Events Are Configured Per Local Organizational Requirements (Automated)

 

Ensure install.log Is Retained for 365 or More Days and No Maximum Size (Automated)

 

Ensure Security Auditing Retention Is Enabled (Automated)

 

Ensure Access to Audit Records Is Controlled (Automated)

 

Ensure Sealed System Volume (SSV) Is Enabled (Automated)

 

Ensure Appropriate Permissions Are Enabled for System Wide Applications (Automated)

 

Ensure the Sudo Timeout Period Is Set to Zero (Automated)

 

Ensure a Separate Timestamp Is Enabled for Each User/tty Combo (Automated)

 

Ensure the "root" Account Is Disabled (Automated)

 

Alert when the log capacity is over 75%

 

Alert user & admin about audit logging failures

 

Dedicated user to decrypt the hard disk upon startup

 

Shut down the system if audit logging stopped

 

 

Anybody can help out and share their solution? 

8 REPLIES 8

DBrowning
Valued Contributor II

maybe worth looking into this: https://github.com/usnistgov/macos_security 

MacJunior
Contributor III

Surprisingly I couldn't find what I'm asking for in there !!

 

boberito
Valued Contributor

What are you trying to do? How to set those settings? Do you have the CIS Benchmark downloaded? It has a check and fix in the document, not to mention the way to set those are in the macOS Security Compliance Project. 

YanW
Contributor III

download the zip based on your macOS (Monterey/Ventura), extract and find the pdf in CIS macOS Benchmark folder 

Screenshot 2022-11-22 at 2.26.43 PM.png

MacJunior
Contributor III

@boberito @YanW  i'm trying to find a remediation for the points I mentioned, some of them they are not there at all ! 

- Alert when the log capacity is over 75%

- Alert user & admin about audit logging failures

- Shut down the system if audit logging stopped

And for others i'm getting error when deploying the fix mentioned in the PDF.

boberito
Valued Contributor

If you look at the GitHub project. They are there. All of those would be under rules -> audit

Those 3 things are also not part of the CIS macOS Benchmark for Monterey (1.1.0 or 2.0) or even Ventura. So that's why you won't find them in the CIS PDF. They are in the project however.  

Here's an old video on how to use the project - https://www.youtube.com/watch?v=mpEBEelSWlI&t=3s

 

 

AJPinto
Honored Contributor II

To add on to what others have suggested, JAMF is working on their own NIST project called JAMF Compliance Editor. Reach out to your JAMF Rep for more info. JAMF had a Open Hours call about this very topic on 11.7 and is planning another call on 12.7 but that is still a tentative date.

 

Establishing Compliance Baselines (jamf.com)

MacOS Compliance Open Hours - Jamf Nation Community - 276931

MacJunior
Contributor III

Thanks @YanW @boberito @AJPinto  .. truly appreciated.