macos_security
Installomator
macos_security | Installomator | |
---|---|---|
18 | 51 | |
1,565 | 963 | |
2.5% | 2.7% | |
9.1 | 9.7 | |
1 day ago | 4 days ago | |
YAML | Shell | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
macos_security
- Windows Security Compliance project
-
FIPS 140 and MacOS
For starters there's an entire NIST project for macOS Security Compliance - https://github.com/usnistgov/macos_security this will make your life a million times easier to meet a lot of the technical controls required for compliance. Nothing like this really exists for Windows or Linux(closest is Compliance As Code https://github.com/ComplianceAsCode/content)
-
Nist controls and acceptable artifacts and evidence. Does anyone have a controls spreadsheet that lists all 800-53 controls and evidence required to satisfy that control?
https://github.com/usnistgov/macos_security - for macOS this would help.
-
Need reporting about device CIS compliance
I’d highly recommend checking out the usnistgov/macos_security on GitHub. You can generate a benchmark and then feed the output into extension attributes to trigger policies on.
- CIS Benchmark deployment approach
-
Could use some advice on my career change
Study about cybersecurity, or how to harden a macOS fleet against published security frameworks.
-
Enrolling devices in ABM/Mosyle
Weigh the pros and cons about having your end-users be standard users or admins on their Macs. If they are already admins (probably), consider the political blowback if you take away their admin rights and flexibility and autonomy they've become used to. Conversely, consider the security posture of your organization. If it has to adhere to some well-known guides (like 800-171 o 800-53r5), then you may not be able to allow end-users to be admins. Take a look at the macOS Security Compliance Project.
-
Here's a recap of the top-voted webinar: How to Harden Macs!
NIST Compliance Benchmarks: github.com/usnistgov/macos_security
- Hardening macOS
-
Disabling Bonjour on monterey
Like OP, I'm trying to disable both bonjour and netbios. I'm using this script: https://github.com/usnistgov/macos_security/blob/main/includes/enablePF-mscp.sh
Installomator
- Starting role as MAC admin
- Qualys patch management?
-
Looking up for some projects ideas in BASH
If you have access to a Mac, Installomator is a good encapsulation of shell scripting.
-
Jamf School & Google Chrome
I used to use something like the above script but switched to using Installomator for all apps we use that it supports. It can do the initial install as a push or from Self Service, and then you can set it up to patch software as well. https://github.com/Installomator/Installomator
-
Which policies, profiles, scripts, apps and packages do you consider must-have?
If you want to make things easy for your users and yourself, take a look at Installomator. It'll unlock a lot of nice workflows for your users, since you could put a specific title's install action available in Self Service and thats always gonna be easier than trying to track down the vendor's URL and finding the right download. It also means you don't have to repackage anything.
- Most efficient way to update apps with Jamf Pro?
- Cannot Upload Chrome Enterprise PKG
-
Boss refuses all MDMs. Any way to automate or script deployment?
Munki is not an MDM and I recently learned there's this project called Installomator that might help.
-
MuseScore deployment in JAMF on MacOS
Looks like you’re trying to update/work with version 4 but the installomator version is still on version 3. I’d suggest using build a label for musescore4
-
Best process to deploy latest app version with JAMF Self Service? Maybe Home Brew?
Installomator https://github.com/Installomator/Installomator
What are some alternatives?
macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
shell-intune-samples - Sample shell scripts for Intune admins.
CIS-macOS-Security
autopkg - Automating packaging and software distribution on macOS.
heimdall2 - Heimdall Enterprise Server 2 lets you view, store, and compare automated security control scan results.
HomeBrew - 🍺 The missing package manager for macOS (or Linux)
windows_hardening - HardeningKitty and Windows Hardening settings and configurations
munki - Managed software installation for macOS —
CIS-for-macOS-BigSur-Intel-M1 - CIS Benchmarks for macOS Big Sur
kinobi - An external patch definition server for Jamf Pro
TheMacHardeningScripts - Scripts to secure and harden Mac OS X
PSAppDeployToolkit - Project Homepage & Forums