Skip to main content

hey guys, 

 

I was trying to make computers compliant with cis level 1 hardening standards. Although i have solved some of the standards with configuration profiles, but many remained and i thought automating the process with a script would be easier.

i found this great project https://github.com/usnistgov/macos_security.git  and i have tried it on my computer, though it did not fix everything, but it improved my compliance. 

I created the below bash script and tested it. but when i created the script in jamf and went on and made it a policy on one computer, it failed.

any one please have an idea to solve this? or maybe i could change my approach.

 

the script is :

#!/bin/bash

cd /Users/$USER/Applications

mkdir cis_compliance
cd cis_compliance/macos_security

git clone https://github.com/usnistgov/macos_security.git

cd macos_security

git checkout monterey

pip3 install -r requirements.txt --user

bundle install --binstubs --path mscp_gems

./scripts/generate_baseline.py -k cis_lvl1

./scripts/generate_guidance.py -s baselines/cis_lvl1.yaml

sudo ./build/cis_lvl1/cis_lvl1_compliance.sh --cfc

 

You don't want to do it that way. You want to clone the github to your machine (or any machine) and use it to build your compliance script and profiles. You would then load the generated script and profiles to Jamf and deploy them. 

Take a look at this JNUC presentation from last year:
https://www.youtube.com/watch?v=hCq4PbLX0Tc&list=PLlxHm_Px-Ie2uIFiar6_3JejiOnObiujM&index=129

Also, take a look at Jamf Compliance Editor:

https://trusted.jamf.com/docs/establishing-compliance-baselines

JCE is a very nice GUI interface for mSCP and can generate the profiles, script, and even an exception JSON that can all be uploaded to Jamf. 

Reply


Terms & ConditionsCookie settings