i'm working on the CIS benchmarks for Monterey and i'm stuck at these points :
Ensure Security Auditing Flags For User-Attributable Events Are Configured Per Local Organizational Requirements (Automated)
Ensure install.log Is Retained for 365 or More Days and No Maximum Size (Automated)
Ensure Security Auditing Retention Is Enabled (Automated)
Ensure Access to Audit Records Is Controlled (Automated)
Ensure Sealed System Volume (SSV) Is Enabled (Automated)
Ensure Appropriate Permissions Are Enabled for System Wide Applications (Automated)
Ensure the Sudo Timeout Period Is Set to Zero (Automated)
Ensure a Separate Timestamp Is Enabled for Each User/tty Combo (Automated)
Ensure the "root" Account Is Disabled (Automated)
Alert when the log capacity is over 75%
Alert user & admin about audit logging failures
Dedicated user to decrypt the hard disk upon startup
Shut down the system if audit logging stopped
Anybody can help out and share their solution?
- Alert when the log capacity is over 75%
- Alert user & admin about audit logging failures
- Shut down the system if audit logging stopped
And for others i'm getting error when deploying the fix mentioned in the PDF.
If you look at the GitHub project. They are there. All of those would be under rules -> audit
Those 3 things are also not part of the CIS macOS Benchmark for Monterey (1.1.0 or 2.0) or even Ventura. So that's why you won't find them in the CIS PDF. They are in the project however.
Here's an old video on how to use the project - https://www.youtube.com/watch?v=mpEBEelSWlI&t=3s
To add on to what others have suggested, JAMF is working on their own NIST project called JAMF Compliance Editor. Reach out to your JAMF Rep for more info. JAMF had a Open Hours call about this very topic on 11.7 and is planning another call on 12.7 but that is still a tentative date.