CIS-for-macOS-Catalina-CP
prowler
CIS-for-macOS-Catalina-CP | prowler | |
---|---|---|
1 | 1 | |
120 | 7,019 | |
0.0% | - | |
0.0 | 10.0 | |
almost 3 years ago | over 1 year ago | |
Shell | Shell | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
CIS-for-macOS-Catalina-CP
-
Hardening macOS
You can get most of the way to hardening to CIS level 1 picking more up-to-date fork of these https://github.com/jamf/CIS-for-macOS-Catalina-CP.
FWIW, CIS level 1 will mean people get locked out of their machines very frequently. Complex 15 character passwords with 3 retries from memory. So you need a half-decent MDM to unlock quickly. There is no half-decent MDM out there. Only shit ones but workable like Jamf.
Also you the username does't get auto-populated on login so the typo can be in username and user assumes it is with password. Very fast way to get lock outs.
To pass a full security review you might want to play with Google Santa. But that is intense.
prowler
-
How to do AWS security assesment?
https://github.com/toniblyx/prowle (it's look like huge checklist)
What are some alternatives?
macos_security - macOS Security Compliance Project
bucketeer - Bucketeer is a small script that builds off the useful Sublist3r tool. The Tool tries to identify S3 Buckets and other useful subdomain information, that is used to perform subdomain takeover attacks.
santa - A binary authorization and monitoring system for macOS
git-landmine - create local malicious git repo
debian-cis - PCI-DSS compliant Debian 10/11/12 hardening
yatas - :owl::mag_right: A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
jss-filevault-reissue - A framework for re-escrowing missing or invalid FileVault keys with Jamf Pro.
s3audit-ts - CLI tool for auditing S3 buckets
super - S.U.P.E.R.M.A.N. optimizes the macOS software update experience.
cloudtrail-event-fuzzy-viewer - cli tool for searching cloudtrail events using fuzzy search
og-aws - 📙 Amazon Web Services — a practical guide
Datovy - Heathcare Communicable Disease Data Repository