Blade Runner is a Jamf Pro based Python application that automates and implements a framework to offboard, secure erase and document deprecated Mac systems.

Stars: ✭ 24 (+60%)

Mutual labels: macosx, jamf

CIS-for-macOS-Sierra-CP

CIS for macOS 10.12 remediated with script and configuration profiles

Stars: ✭ 23 (+53.33%)

Mutual labels: cis, jamf

dumbmutate

Simple mutation-testing

Stars: ✭ 32 (+113.33%)

Mutual labels: macosx

JSS-Resource-Tools

A CLI utility that utilises the Jamf Pro (previously Casper Suite) API in order to import, export and update JSS resources en-masse.

Stars: ✭ 24 (+60%)

Mutual labels: jamf

Hackintosh-OpenCore-EFI-Dell-Inspiron-5559

Hackintosh (OpenCore) Dell Inspiron 15 5559 i7 6500u | Tested on Bigsur, Catalina

Stars: ✭ 18 (+20%)

Mutual labels: macosx

newrelic-unix-monitor

Monitoring service for Unix (AIX, Linux, HP-UX, MacOS, Solaris) systems

Stars: ✭ 26 (+73.33%)

Mutual labels: macosx

[D]ownload and [I]nstall Mac apps

Stars: ✭ 52 (+246.67%)

Mutual labels: macosx

tracker

Track your activities!

Stars: ✭ 14 (-6.67%)

Mutual labels: macosx

cmus-control

Control cmus with Media Keys ⏪ ▶️ ⏩ under OS X.

Stars: ✭ 51 (+240%)

Mutual labels: macosx

cis benchmarks audit

Simple command line tool to check for compliance against CIS Benchmarks

Stars: ✭ 182 (+1113.33%)

Mutual labels: cis

jamfpro-extension-attributes

🔍 A repository for EAs to use for reporting in the Jamf Pro Server

Stars: ✭ 30 (+100%)

Mutual labels: jamf

ble

Bluetooth Low Energy for Linux / macOS

Stars: ✭ 264 (+1660%)

Mutual labels: macosx

k8s-security-policies

This repository provides a security policies library that is used for securing Kubernetes clusters configurations. The security policies are created based on CIS Kubernetes benchmark and rules defined in Kubesec.io.

Stars: ✭ 160 (+966.67%)

Mutual labels: cis

hypseus-singe

Hypseus is a SDL2 version of Daphne and Singe. Laserdisc game emulation.

Stars: ✭ 86 (+473.33%)

Mutual labels: macosx

scl jamf tools

This repository contains a collection of tools written to perform as enhancements to the Jamf Pro management software.

Stars: ✭ 39 (+160%)

Mutual labels: jamf

PhotoMiner

Photo finder application for macOS

Stars: ✭ 102 (+580%)

Mutual labels: macosx

kubernetes-security-benchmark

A simple way to evaluate the security of your Kubernetes deployment against sets of best practices defined by various community sources

Stars: ✭ 27 (+80%)

Mutual labels: cis

View All Similar Projects ➔

INFO:

Refers to document CIS_Apple_OSX_10.13_Benchmark_v1.0.0.pdf, available at https://benchmarks.cisecurity.org Tested on 10.13.x macOS devices and Jamf Pro 10.9.x

USAGE:

1_Set_Organization_Priorities

Policy: Generally "Once per computer" unless organizational values change.

Admins set organizational compliance for each listed item, which gets written to plist. The values default to "true," meaning if an organization wishes to disregard a given item they must set the value to false by changing the associated comment:

OrgScore1_1="true" or OrgScore1_1="false"

The script writes to /Library/Application Support/SecurityScoring/org_security_score.plist by default.

NOTES:

Item "1.1 Verify all Apple provided software is current" is disabled by default. Item "5.6 Enable OCSP and CRL certificate checking" is disabled by default.

2_Security_Audit_Compliance

Policy: Some recurring trigger to track compliance over time.

Reads the plist at /Library/Application Support/SecurityScoring/org_security_score.plist. For items prioritized (listed as "true,") the script queries against the current computer/user environment to determine compliance against each item.

Non-compliant items are recorded at /Library/Application Support/SecurityScoring/org_audit

2.5_Audit_List Extension Attribute

Set as Data Type "String."

Reads contents of /Library/Application Support/SecurityScoring/org_audit file and records to Jamf Pro inventory record.

2.6_Audit_Count Extension Attribute

Set as Data Type "Integer."

Reads contents of /Library/Application Support/SecurityScoring/org_audit file and records count of items to Jamf Pro inventory record. Usable with smart group logic (2.6_Audit_Count greater than 0) to immediately determine computers not in compliance.

3_Security_Remediation

Policy: Some recurring trigger to enforce compliance over time.

Reads the plist at /Library/Application Support/SecurityScoring/org_security_score.plist. For items prioritized (listed as "true,") the script applies recommended remediation actions for the client/user.

SCORED CIS EXCEPTIONS:

Does not implement pwpolicy commands (5.2.1 - 5.2.8)
Audits but does not actively remediate (due to alternate profile/policy functionality within Jamf Pro):

2.4.4 Disable Printer Sharing
2.6.1 Enable FileVault
2.6.1.2 Ensure all user storage APFS Volumes are encrypted
2.6.1.3 Ensure all user storage CoreStorage Volumes are encyrpted
2.7.2 Disable iCloud keychain (Not Scored)
2.7.3 Disable iCloud Drive (Not Scored)
2.7.4 iCloud Drive Document sync
2.7.5 iCloud Drive Desktop sync
2.13 Ensure EFI version is valid and being regularly checked (T2 Macs do not allow for eficheck)
2.11 Java 6 is not the default Java runtime
5.12 Create a custom message for the Login Screen
5.13 Create a Login window banner

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

jamf / CIS-for-macOS-High-Sierra

Programming Languages

Labels

Projects that are alternatives of or similar to CIS-for-macOS-High-Sierra

1_Set_Organization_Priorities

2_Security_Audit_Compliance

2.5_Audit_List Extension Attribute

2.6_Audit_Count Extension Attribute

3_Security_Remediation