CIS-for-macOS-Catalina-CP
super
CIS-for-macOS-Catalina-CP | super | |
---|---|---|
1 | 21 | |
120 | 570 | |
0.0% | - | |
0.0 | 7.0 | |
almost 3 years ago | 17 days ago | |
Shell | Shell | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
CIS-for-macOS-Catalina-CP
-
Hardening macOS
You can get most of the way to hardening to CIS level 1 picking more up-to-date fork of these https://github.com/jamf/CIS-for-macOS-Catalina-CP.
FWIW, CIS level 1 will mean people get locked out of their machines very frequently. Complex 15 character passwords with 3 retries from memory. So you need a half-decent MDM to unlock quickly. There is no half-decent MDM out there. Only shit ones but workable like Jamf.
Also you the username does't get auto-populated on login so the typo can be in username and user assumes it is with password. Very fast way to get lock outs.
To pass a full security review you might want to play with Google Santa. But that is intense.
super
- Best way to roll out Ventura 13.4?
- Scheduled shutdown with user-friendly warning via shell script - Need some guidance
- Frustrations with macOS Updates
-
macOS Content Caching "Server" (Mac mini M1) - Schedule Software Updates
I believe would have you use remote commands nowadays, but super can be used without an MDM.
- Methods to allow standard users permission to update macOS?
-
Anyone got much experience with the Nudge app?
This doesn't exactly help you, but I tried Nudge and just wasn't a huge fan of it. Imo, SUPER is a better option and is capable of silently installing updates itself. Worth a look - https://github.com/Macjutsu/super
- Update macOS (Monterey > Ventura) with "standard" user account (no admins)
-
MacSysAdmins, with your support and feedback, I’ve updated SudoAI to better support us
May want to reconsider the name "Super" since there's already a Mac utility using that name.
-
Attempting to automate macOS software updates. Ansible is hanging
Superman is here: https://github.com/Macjutsu/super
- macOS update schedule
What are some alternatives?
macos_security - macOS Security Compliance Project
nudge - A tool for encouraging the installation of macOS security updates.
santa - A binary authorization and monitoring system for macOS
erase-install - A script that automates downloading macOS installers, and optionally erasing or upgrading macOS in a single process. Watch the video!
debian-cis - PCI-DSS compliant Debian 10/11/12 hardening
SplashBuddy - Onboarding splash screen for MDM and Automated Device Enrollment.
jss-filevault-reissue - A framework for re-escrowing missing or invalid FileVault keys with Jamf Pro.
codeigniter4-patches - Automated project updates for CodeIgniter 4
prowler - Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 240 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks. [Moved to: https://github.com/prowler-cloud/prowler]
ProfileManifestsMirror - Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)
KeepingYouAwake - Prevents your Mac from going to sleep.
quickpkg - wrapper for pkgbuild to quickly build simple packages from an installed app, a dmg or zip archive.