hey guys,
I was trying to make computers compliant with cis level 1 hardening standards. Although i have solved some of the standards with configuration profiles, but many remained and i thought automating the process with a script would be easier.
i found this great project https://github.com/usnistgov/macos_security.git and i have tried it on my computer, though it did not fix everything, but it improved my compliance.
I created the below bash script and tested it. but when i created the script in jamf and went on and made it a policy on one computer, it failed.
any one please have an idea to solve this? or maybe i could change my approach.
the script is :
#!/bin/bash
cd /Users/$USER/Applications
mkdir cis_compliance
cd cis_compliance/macos_security
git clone https://github.com/usnistgov/macos_security.git
cd macos_security
git checkout monterey
pip3 install -r requirements.txt --user
bundle install --binstubs --path mscp_gems
./scripts/generate_baseline.py -k cis_lvl1
./scripts/generate_guidance.py -s baselines/cis_lvl1.yaml
sudo ./build/cis_lvl1/cis_lvl1_compliance.sh --cfc
