├── 1.2 Enable Auto Update ├── Config │ └── AutoCheckEnabled.sh └── EA │ └── AutoCheckEnabledCheck.py ├── 1.3 Enable App Update Installs ├── Config │ └── AutoUpdate.sh └── EA │ └── AutoUpdateCheck.py ├── 1.4 Enable system and security installs ├── Config │ ├── ConfigDataInstall.sh │ └── CriticalUpdateInstall.sh └── EA │ ├── ConfigDataInstallCheck.py │ └── CriticalUpdateInstallCheck.py ├── 1.5 Enable OS X Update Installs ├── Config │ └── AutoUpdateRestartRequired.sh └── EA │ └── AutoUpdateRestartRequiredCheck.py ├── 2.1.1 Bluetooth off ├── Config │ └── BluetoothOff.sh └── EA │ └── BluetoothStatus.py ├── 2.1.3 Bluetooth Menu Bar ├── Config │ └── BluetoothIconMenuBar.sh └── EA │ └── BluetoothIconMenuBarCheck.sh ├── 2.10 Secure Keyboard Entry in Terminal ├── Config │ └── SecureKB.sh └── EA │ └── SecureKBEA.py ├── 2.2.1 Enable Set time and date automatically └── Config │ └── timeanddate.sh ├── 2.2.2 Time set within appropriate limits └── Config │ └── timedrift.sh ├── 2.2.3 Restrict NTP service to loopback ├── Config │ └── NTPLoopback.sh └── EA │ └── NTPLoopbackEA.sh ├── 2.3.1 Screen saver inactivity timer └── EA │ └── ScreenSaverInactivityTimerCheck.py ├── 2.3.2 Screen saver corners ├── Config │ └── ScreensaverHotCorners.sh └── EA │ └── ScreensaverHotCornersCheck.sh ├── 2.4.1 Disable Apple Remote Events ├── Config │ └── DisableRemoteAppleEvents.sh └── EA │ └── DisableRemoteAppleEventsCheck.sh ├── 2.4.2 Disable Internet Sharing ├── Config │ └── DisableInternetSharing.sh └── EA │ └── DisableInternetSharingCheck.sh ├── 2.4.3 Disable Screen Sharing ├── Config │ └── DisableScreenSharing.sh └── EA │ └── DisableScreenSharingCheck.sh ├── 2.4.4 Disable Printer Sharing ├── Config │ └── DisablePrinterSharing.sh └── EA │ └── DisablePrinterSharingCheck.sh ├── 2.4.5 Remote Login ├── Config │ └── RemoteLoginConfig.sh └── EA │ └── RemoteLoginConfigCheck.sh ├── 2.4.7 Disable Bluetooth Sharing ├── Config │ └── DisableBluetoothSharing.sh └── EA │ └── DisableBluetoothSharingCheck.sh ├── 2.4.8 Disable File Sharing ├── Config │ └── DisableFileSharing.sh └── EA │ └── DisableFileSharingCheck.sh ├── 2.4.9 Disable Remote Management ├── Config │ └── DisableRemoteManagement.sh └── EA │ └── DisableRemoteManagementCheck.sh ├── 2.5.1 Disable wake on network access ├── Config │ └── DisableWOMP.sh └── EA │ └── WOMPcheck.sh ├── 2.6.2 Enable Gatekeeper ├── Config │ └── EnableGatekeeper.sh └── EA │ └── EnableGatekeeperCheck.sh ├── 2.6.3 Enable Firewall ├── Config │ └── EnableFirewall.sh └── EA │ └── EnableFirewallCheck.sh ├── 2.6.4 Enable Firewall Stealth Mode ├── Config │ └── EnableFirewallStealthMode.sh └── EA │ └── EnableFirewallStealthModeCheck.sh ├── 2.6.5 How many apps in the AF └── EA │ └── NoOfAppsinAF.sh ├── 2.7.x iCloud configuration ├── Config │ └── iCloudLogoutAllUsers.sh └── EA │ └── FindMyMacCheck.py ├── 3.1.1 Retain system.log for 90 days ├── Config │ └── SystemLogConfig.sh └── EA │ └── SystemLogConfig.sh ├── 3.1.3 Retain authd.log for 90 days ├── Config │ └── AuthLogConfig.sh └── EA │ └── AuthLogEA.sh ├── 3.2 Enable security auditing ├── Config │ └── EnableAuditing.sh └── EA │ └── AuditServiceCheck.sh ├── 3.3 Configure security auditing flags ├── Config │ └── SecurityAuditFlagsSetting.sh └── EA │ └── SecurityAuditFlagsEA.sh ├── 3.5 Retain install.log for 365 days ├── Config │ └── InstallLogConfig.sh └── EA │ └── InstallLogEA.sh ├── 4.1 Disable Bonjour advertising service ├── Config │ └── BonjourAdvertisingDisable.sh └── EA │ └── BonjourAdvertisingCheck.py ├── 4.2 WiFi Menu Bar ├── Config │ └── WiFiMenuBar.sh └── EA │ └── WiFiMenuBarCheck.sh ├── 4.4 Disable HTTP service ├── Config │ └── DisableHTTP.sh └── EA │ └── DisableHTTPCheck.sh ├── 4.5 Disable FTP service ├── Config │ └── DisableFTP.sh └── EA │ └── DisableFTPCheck.sh ├── 4.6 Disable NFS service ├── Config │ └── DisableNFS.sh └── EA │ └── DisableNFSCheck.sh ├── 5.1.2 Secure System Wide Applications Folder ├── Config │ └── SecureSystemApplicationsFolder.sh └── EA │ └── SecureSystemApplicationsFolderCheck.sh ├── 5.1.4 Secure Open Library Folders ├── Config │ └── secure_open_library_directories.sh └── EA │ └── ea_open_library_directories.sh ├── 5.11 Disable Login to Other Active User Sessions ├── Config │ └── AccessActiveUserSession.sh └── EA │ └── AccessActiveUserSessionsCheck.sh ├── 5.15 Disable Fast User Switching ├── Config │ └── DisableFastUserSwitching.sh └── EA │ └── DisableFastUserSwitchingCheck.py ├── 5.18 Enable SIP ├── Config │ └── EnableSIP.sh └── EA │ └── SIPstatusCheck.sh ├── 5.3 Reduce sudo timeout ├── Config │ └── SetSudoTimeout.sh └── EA │ └── SudoTimeoutEA.sh ├── 5.4 Login keychain inactivity timeout ├── Config │ └── LoginKeychainTimeoutConfig.sh └── EA │ └── LoginKeychainTimeoutEA.sh ├── 5.5 Login keychain lock on sleep ├── Config │ └── LoginKeychainSleepLockConfig.sh └── EA │ └── LoginKeychainSleepLockEA.sh ├── 5.6 Enable OCSP and CRL certificate checking ├── Config │ ├── SetCRLcertSufficent.sh │ ├── SetCRLchecking.sh │ ├── SetOCSPcertSufficent.sh │ ├── SetOCSPchecking.sh │ └── SetRevocationFirst.sh └── EA │ ├── CheckCRLcertSufficent.py │ ├── CheckCRLchecking.py │ ├── CheckOCSPcertSufficent.py │ ├── CheckOCSPchecking.py │ └── CheckRevocationFirst.py ├── 5.7 Disable root user ├── Config │ └── DisableRootUser.sh └── EA │ └── DisableRootUserCheck.sh ├── 5.8 Disable automatic login ├── Config │ └── DisableAutoLogin.sh └── EA │ └── DisableAutoLoginCheck.py ├── 5.9 Require password on wake └── EA │ └── ScreensaverPWCheck.py ├── 6.1.3 Disable Guest Account ├── Config │ └── DisableGuestAccounts.sh └── EA │ └── DisableGuestAccountsCheck.py ├── 6.1.4 Disable shared folder access via guest ├── Config │ └── DisableGuestSharedAccess.sh └── EA │ └── GuestSharedAccessCheck.py ├── 6.1.5 Remove Guest home folder ├── Config │ └── RemoveGuestFolder.sh └── EA │ └── README.md ├── 6.2 Turn on filename extensions ├── Config │ └── EnableShowFileExtensions.sh └── EA │ └── CheckShowFileExtensions.py ├── 6.3 Disable safari safe file opening ├── Config │ └── DisableSafariSafeDownloads.sh └── EA │ └── DisableSafariSafeDownloadsCheck.py ├── 7.8 EFI Password Status └── EA │ └── EFIpwStatus.sh └── README.md /1.2 Enable Auto Update/Config/AutoCheckEnabled.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/1.2 Enable Auto Update/Config/AutoCheckEnabled.sh -------------------------------------------------------------------------------- /1.2 Enable Auto Update/EA/AutoCheckEnabledCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/1.2 Enable Auto Update/EA/AutoCheckEnabledCheck.py -------------------------------------------------------------------------------- /1.3 Enable App Update Installs/Config/AutoUpdate.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/1.3 Enable App Update Installs/Config/AutoUpdate.sh -------------------------------------------------------------------------------- /1.3 Enable App Update Installs/EA/AutoUpdateCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/1.3 Enable App Update Installs/EA/AutoUpdateCheck.py -------------------------------------------------------------------------------- /1.4 Enable system and security installs/Config/ConfigDataInstall.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/1.4 Enable system and security installs/Config/ConfigDataInstall.sh -------------------------------------------------------------------------------- /1.4 Enable system and security installs/Config/CriticalUpdateInstall.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/1.4 Enable system and security installs/Config/CriticalUpdateInstall.sh -------------------------------------------------------------------------------- /1.4 Enable system and security installs/EA/ConfigDataInstallCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/1.4 Enable system and security installs/EA/ConfigDataInstallCheck.py -------------------------------------------------------------------------------- /1.4 Enable system and security installs/EA/CriticalUpdateInstallCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/1.4 Enable system and security installs/EA/CriticalUpdateInstallCheck.py -------------------------------------------------------------------------------- /1.5 Enable OS X Update Installs/Config/AutoUpdateRestartRequired.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/1.5 Enable OS X Update Installs/Config/AutoUpdateRestartRequired.sh -------------------------------------------------------------------------------- /1.5 Enable OS X Update Installs/EA/AutoUpdateRestartRequiredCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/1.5 Enable OS X Update Installs/EA/AutoUpdateRestartRequiredCheck.py -------------------------------------------------------------------------------- /2.1.1 Bluetooth off/Config/BluetoothOff.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.1.1 Bluetooth off/Config/BluetoothOff.sh -------------------------------------------------------------------------------- /2.1.1 Bluetooth off/EA/BluetoothStatus.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.1.1 Bluetooth off/EA/BluetoothStatus.py -------------------------------------------------------------------------------- /2.1.3 Bluetooth Menu Bar/Config/BluetoothIconMenuBar.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.1.3 Bluetooth Menu Bar/Config/BluetoothIconMenuBar.sh -------------------------------------------------------------------------------- /2.1.3 Bluetooth Menu Bar/EA/BluetoothIconMenuBarCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.1.3 Bluetooth Menu Bar/EA/BluetoothIconMenuBarCheck.sh -------------------------------------------------------------------------------- /2.10 Secure Keyboard Entry in Terminal/Config/SecureKB.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.10 Secure Keyboard Entry in Terminal/Config/SecureKB.sh -------------------------------------------------------------------------------- /2.10 Secure Keyboard Entry in Terminal/EA/SecureKBEA.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.10 Secure Keyboard Entry in Terminal/EA/SecureKBEA.py -------------------------------------------------------------------------------- /2.2.1 Enable Set time and date automatically/Config/timeanddate.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.2.1 Enable Set time and date automatically/Config/timeanddate.sh -------------------------------------------------------------------------------- /2.2.2 Time set within appropriate limits/Config/timedrift.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.2.2 Time set within appropriate limits/Config/timedrift.sh -------------------------------------------------------------------------------- /2.2.3 Restrict NTP service to loopback/Config/NTPLoopback.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.2.3 Restrict NTP service to loopback/Config/NTPLoopback.sh -------------------------------------------------------------------------------- /2.2.3 Restrict NTP service to loopback/EA/NTPLoopbackEA.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.2.3 Restrict NTP service to loopback/EA/NTPLoopbackEA.sh -------------------------------------------------------------------------------- /2.3.1 Screen saver inactivity timer/EA/ScreenSaverInactivityTimerCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.3.1 Screen saver inactivity timer/EA/ScreenSaverInactivityTimerCheck.py -------------------------------------------------------------------------------- /2.3.2 Screen saver corners/Config/ScreensaverHotCorners.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.3.2 Screen saver corners/Config/ScreensaverHotCorners.sh -------------------------------------------------------------------------------- /2.3.2 Screen saver corners/EA/ScreensaverHotCornersCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.3.2 Screen saver corners/EA/ScreensaverHotCornersCheck.sh -------------------------------------------------------------------------------- /2.4.1 Disable Apple Remote Events/Config/DisableRemoteAppleEvents.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.1 Disable Apple Remote Events/Config/DisableRemoteAppleEvents.sh -------------------------------------------------------------------------------- /2.4.1 Disable Apple Remote Events/EA/DisableRemoteAppleEventsCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.1 Disable Apple Remote Events/EA/DisableRemoteAppleEventsCheck.sh -------------------------------------------------------------------------------- /2.4.2 Disable Internet Sharing/Config/DisableInternetSharing.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.2 Disable Internet Sharing/Config/DisableInternetSharing.sh -------------------------------------------------------------------------------- /2.4.2 Disable Internet Sharing/EA/DisableInternetSharingCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.2 Disable Internet Sharing/EA/DisableInternetSharingCheck.sh -------------------------------------------------------------------------------- /2.4.3 Disable Screen Sharing/Config/DisableScreenSharing.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.3 Disable Screen Sharing/Config/DisableScreenSharing.sh -------------------------------------------------------------------------------- /2.4.3 Disable Screen Sharing/EA/DisableScreenSharingCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.3 Disable Screen Sharing/EA/DisableScreenSharingCheck.sh -------------------------------------------------------------------------------- /2.4.4 Disable Printer Sharing/Config/DisablePrinterSharing.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.4 Disable Printer Sharing/Config/DisablePrinterSharing.sh -------------------------------------------------------------------------------- /2.4.4 Disable Printer Sharing/EA/DisablePrinterSharingCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.4 Disable Printer Sharing/EA/DisablePrinterSharingCheck.sh -------------------------------------------------------------------------------- /2.4.5 Remote Login/Config/RemoteLoginConfig.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.5 Remote Login/Config/RemoteLoginConfig.sh -------------------------------------------------------------------------------- /2.4.5 Remote Login/EA/RemoteLoginConfigCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.5 Remote Login/EA/RemoteLoginConfigCheck.sh -------------------------------------------------------------------------------- /2.4.7 Disable Bluetooth Sharing/Config/DisableBluetoothSharing.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.7 Disable Bluetooth Sharing/Config/DisableBluetoothSharing.sh -------------------------------------------------------------------------------- /2.4.7 Disable Bluetooth Sharing/EA/DisableBluetoothSharingCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.7 Disable Bluetooth Sharing/EA/DisableBluetoothSharingCheck.sh -------------------------------------------------------------------------------- /2.4.8 Disable File Sharing/Config/DisableFileSharing.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.8 Disable File Sharing/Config/DisableFileSharing.sh -------------------------------------------------------------------------------- /2.4.8 Disable File Sharing/EA/DisableFileSharingCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.8 Disable File Sharing/EA/DisableFileSharingCheck.sh -------------------------------------------------------------------------------- /2.4.9 Disable Remote Management/Config/DisableRemoteManagement.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.9 Disable Remote Management/Config/DisableRemoteManagement.sh -------------------------------------------------------------------------------- /2.4.9 Disable Remote Management/EA/DisableRemoteManagementCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.4.9 Disable Remote Management/EA/DisableRemoteManagementCheck.sh -------------------------------------------------------------------------------- /2.5.1 Disable wake on network access/Config/DisableWOMP.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Script to disable "Wake on Network Access" 4 | 5 | pmset -a womp 0 -------------------------------------------------------------------------------- /2.5.1 Disable wake on network access/EA/WOMPcheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.5.1 Disable wake on network access/EA/WOMPcheck.sh -------------------------------------------------------------------------------- /2.6.2 Enable Gatekeeper/Config/EnableGatekeeper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | spctl --master-enable -------------------------------------------------------------------------------- /2.6.2 Enable Gatekeeper/EA/EnableGatekeeperCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.6.2 Enable Gatekeeper/EA/EnableGatekeeperCheck.sh -------------------------------------------------------------------------------- /2.6.3 Enable Firewall/Config/EnableFirewall.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.6.3 Enable Firewall/Config/EnableFirewall.sh -------------------------------------------------------------------------------- /2.6.3 Enable Firewall/EA/EnableFirewallCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.6.3 Enable Firewall/EA/EnableFirewallCheck.sh -------------------------------------------------------------------------------- /2.6.4 Enable Firewall Stealth Mode/Config/EnableFirewallStealthMode.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.6.4 Enable Firewall Stealth Mode/Config/EnableFirewallStealthMode.sh -------------------------------------------------------------------------------- /2.6.4 Enable Firewall Stealth Mode/EA/EnableFirewallStealthModeCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.6.4 Enable Firewall Stealth Mode/EA/EnableFirewallStealthModeCheck.sh -------------------------------------------------------------------------------- /2.6.5 How many apps in the AF/EA/NoOfAppsinAF.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.6.5 How many apps in the AF/EA/NoOfAppsinAF.sh -------------------------------------------------------------------------------- /2.7.x iCloud configuration/Config/iCloudLogoutAllUsers.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.7.x iCloud configuration/Config/iCloudLogoutAllUsers.sh -------------------------------------------------------------------------------- /2.7.x iCloud configuration/EA/FindMyMacCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/2.7.x iCloud configuration/EA/FindMyMacCheck.py -------------------------------------------------------------------------------- /3.1.1 Retain system.log for 90 days/Config/SystemLogConfig.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/3.1.1 Retain system.log for 90 days/Config/SystemLogConfig.sh -------------------------------------------------------------------------------- /3.1.1 Retain system.log for 90 days/EA/SystemLogConfig.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/3.1.1 Retain system.log for 90 days/EA/SystemLogConfig.sh -------------------------------------------------------------------------------- /3.1.3 Retain authd.log for 90 days/Config/AuthLogConfig.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/3.1.3 Retain authd.log for 90 days/Config/AuthLogConfig.sh -------------------------------------------------------------------------------- /3.1.3 Retain authd.log for 90 days/EA/AuthLogEA.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/3.1.3 Retain authd.log for 90 days/EA/AuthLogEA.sh -------------------------------------------------------------------------------- /3.2 Enable security auditing/Config/EnableAuditing.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/3.2 Enable security auditing/Config/EnableAuditing.sh -------------------------------------------------------------------------------- /3.2 Enable security auditing/EA/AuditServiceCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/3.2 Enable security auditing/EA/AuditServiceCheck.sh -------------------------------------------------------------------------------- /3.3 Configure security auditing flags/Config/SecurityAuditFlagsSetting.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/3.3 Configure security auditing flags/Config/SecurityAuditFlagsSetting.sh -------------------------------------------------------------------------------- /3.3 Configure security auditing flags/EA/SecurityAuditFlagsEA.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/3.3 Configure security auditing flags/EA/SecurityAuditFlagsEA.sh -------------------------------------------------------------------------------- /3.5 Retain install.log for 365 days/Config/InstallLogConfig.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/3.5 Retain install.log for 365 days/Config/InstallLogConfig.sh -------------------------------------------------------------------------------- /3.5 Retain install.log for 365 days/EA/InstallLogEA.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/3.5 Retain install.log for 365 days/EA/InstallLogEA.sh -------------------------------------------------------------------------------- /4.1 Disable Bonjour advertising service/Config/BonjourAdvertisingDisable.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/4.1 Disable Bonjour advertising service/Config/BonjourAdvertisingDisable.sh -------------------------------------------------------------------------------- /4.1 Disable Bonjour advertising service/EA/BonjourAdvertisingCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/4.1 Disable Bonjour advertising service/EA/BonjourAdvertisingCheck.py -------------------------------------------------------------------------------- /4.2 WiFi Menu Bar/Config/WiFiMenuBar.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/4.2 WiFi Menu Bar/Config/WiFiMenuBar.sh -------------------------------------------------------------------------------- /4.2 WiFi Menu Bar/EA/WiFiMenuBarCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/4.2 WiFi Menu Bar/EA/WiFiMenuBarCheck.sh -------------------------------------------------------------------------------- /4.4 Disable HTTP service/Config/DisableHTTP.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/4.4 Disable HTTP service/Config/DisableHTTP.sh -------------------------------------------------------------------------------- /4.4 Disable HTTP service/EA/DisableHTTPCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/4.4 Disable HTTP service/EA/DisableHTTPCheck.sh -------------------------------------------------------------------------------- /4.5 Disable FTP service/Config/DisableFTP.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/4.5 Disable FTP service/Config/DisableFTP.sh -------------------------------------------------------------------------------- /4.5 Disable FTP service/EA/DisableFTPCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/4.5 Disable FTP service/EA/DisableFTPCheck.sh -------------------------------------------------------------------------------- /4.6 Disable NFS service/Config/DisableNFS.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | nfsd disable 4 | rm /etc/export -------------------------------------------------------------------------------- /4.6 Disable NFS service/EA/DisableNFSCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/4.6 Disable NFS service/EA/DisableNFSCheck.sh -------------------------------------------------------------------------------- /5.1.2 Secure System Wide Applications Folder/Config/SecureSystemApplicationsFolder.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.1.2 Secure System Wide Applications Folder/Config/SecureSystemApplicationsFolder.sh -------------------------------------------------------------------------------- /5.1.2 Secure System Wide Applications Folder/EA/SecureSystemApplicationsFolderCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.1.2 Secure System Wide Applications Folder/EA/SecureSystemApplicationsFolderCheck.sh -------------------------------------------------------------------------------- /5.1.4 Secure Open Library Folders/Config/secure_open_library_directories.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.1.4 Secure Open Library Folders/Config/secure_open_library_directories.sh -------------------------------------------------------------------------------- /5.1.4 Secure Open Library Folders/EA/ea_open_library_directories.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.1.4 Secure Open Library Folders/EA/ea_open_library_directories.sh -------------------------------------------------------------------------------- /5.11 Disable Login to Other Active User Sessions/Config/AccessActiveUserSession.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.11 Disable Login to Other Active User Sessions/Config/AccessActiveUserSession.sh -------------------------------------------------------------------------------- /5.11 Disable Login to Other Active User Sessions/EA/AccessActiveUserSessionsCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.11 Disable Login to Other Active User Sessions/EA/AccessActiveUserSessionsCheck.sh -------------------------------------------------------------------------------- /5.15 Disable Fast User Switching/Config/DisableFastUserSwitching.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.15 Disable Fast User Switching/Config/DisableFastUserSwitching.sh -------------------------------------------------------------------------------- /5.15 Disable Fast User Switching/EA/DisableFastUserSwitchingCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.15 Disable Fast User Switching/EA/DisableFastUserSwitchingCheck.py -------------------------------------------------------------------------------- /5.18 Enable SIP/Config/EnableSIP.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.18 Enable SIP/Config/EnableSIP.sh -------------------------------------------------------------------------------- /5.18 Enable SIP/EA/SIPstatusCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.18 Enable SIP/EA/SIPstatusCheck.sh -------------------------------------------------------------------------------- /5.3 Reduce sudo timeout/Config/SetSudoTimeout.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.3 Reduce sudo timeout/Config/SetSudoTimeout.sh -------------------------------------------------------------------------------- /5.3 Reduce sudo timeout/EA/SudoTimeoutEA.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.3 Reduce sudo timeout/EA/SudoTimeoutEA.sh -------------------------------------------------------------------------------- /5.4 Login keychain inactivity timeout/Config/LoginKeychainTimeoutConfig.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.4 Login keychain inactivity timeout/Config/LoginKeychainTimeoutConfig.sh -------------------------------------------------------------------------------- /5.4 Login keychain inactivity timeout/EA/LoginKeychainTimeoutEA.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.4 Login keychain inactivity timeout/EA/LoginKeychainTimeoutEA.sh -------------------------------------------------------------------------------- /5.5 Login keychain lock on sleep/Config/LoginKeychainSleepLockConfig.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.5 Login keychain lock on sleep/Config/LoginKeychainSleepLockConfig.sh -------------------------------------------------------------------------------- /5.5 Login keychain lock on sleep/EA/LoginKeychainSleepLockEA.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.5 Login keychain lock on sleep/EA/LoginKeychainSleepLockEA.sh -------------------------------------------------------------------------------- /5.6 Enable OCSP and CRL certificate checking/Config/SetCRLcertSufficent.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.6 Enable OCSP and CRL certificate checking/Config/SetCRLcertSufficent.sh -------------------------------------------------------------------------------- /5.6 Enable OCSP and CRL certificate checking/Config/SetCRLchecking.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.6 Enable OCSP and CRL certificate checking/Config/SetCRLchecking.sh -------------------------------------------------------------------------------- /5.6 Enable OCSP and CRL certificate checking/Config/SetOCSPcertSufficent.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.6 Enable OCSP and CRL certificate checking/Config/SetOCSPcertSufficent.sh -------------------------------------------------------------------------------- /5.6 Enable OCSP and CRL certificate checking/Config/SetOCSPchecking.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.6 Enable OCSP and CRL certificate checking/Config/SetOCSPchecking.sh -------------------------------------------------------------------------------- /5.6 Enable OCSP and CRL certificate checking/Config/SetRevocationFirst.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.6 Enable OCSP and CRL certificate checking/Config/SetRevocationFirst.sh -------------------------------------------------------------------------------- /5.6 Enable OCSP and CRL certificate checking/EA/CheckCRLcertSufficent.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.6 Enable OCSP and CRL certificate checking/EA/CheckCRLcertSufficent.py -------------------------------------------------------------------------------- /5.6 Enable OCSP and CRL certificate checking/EA/CheckCRLchecking.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.6 Enable OCSP and CRL certificate checking/EA/CheckCRLchecking.py -------------------------------------------------------------------------------- /5.6 Enable OCSP and CRL certificate checking/EA/CheckOCSPcertSufficent.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.6 Enable OCSP and CRL certificate checking/EA/CheckOCSPcertSufficent.py -------------------------------------------------------------------------------- /5.6 Enable OCSP and CRL certificate checking/EA/CheckOCSPchecking.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.6 Enable OCSP and CRL certificate checking/EA/CheckOCSPchecking.py -------------------------------------------------------------------------------- /5.6 Enable OCSP and CRL certificate checking/EA/CheckRevocationFirst.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.6 Enable OCSP and CRL certificate checking/EA/CheckRevocationFirst.py -------------------------------------------------------------------------------- /5.7 Disable root user/Config/DisableRootUser.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.7 Disable root user/Config/DisableRootUser.sh -------------------------------------------------------------------------------- /5.7 Disable root user/EA/DisableRootUserCheck.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.7 Disable root user/EA/DisableRootUserCheck.sh -------------------------------------------------------------------------------- /5.8 Disable automatic login/Config/DisableAutoLogin.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.8 Disable automatic login/Config/DisableAutoLogin.sh -------------------------------------------------------------------------------- /5.8 Disable automatic login/EA/DisableAutoLoginCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.8 Disable automatic login/EA/DisableAutoLoginCheck.py -------------------------------------------------------------------------------- /5.9 Require password on wake/EA/ScreensaverPWCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/5.9 Require password on wake/EA/ScreensaverPWCheck.py -------------------------------------------------------------------------------- /6.1.3 Disable Guest Account/Config/DisableGuestAccounts.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/6.1.3 Disable Guest Account/Config/DisableGuestAccounts.sh -------------------------------------------------------------------------------- /6.1.3 Disable Guest Account/EA/DisableGuestAccountsCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/6.1.3 Disable Guest Account/EA/DisableGuestAccountsCheck.py -------------------------------------------------------------------------------- /6.1.4 Disable shared folder access via guest/Config/DisableGuestSharedAccess.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/6.1.4 Disable shared folder access via guest/Config/DisableGuestSharedAccess.sh -------------------------------------------------------------------------------- /6.1.4 Disable shared folder access via guest/EA/GuestSharedAccessCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/6.1.4 Disable shared folder access via guest/EA/GuestSharedAccessCheck.py -------------------------------------------------------------------------------- /6.1.5 Remove Guest home folder/Config/RemoveGuestFolder.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/6.1.5 Remove Guest home folder/Config/RemoveGuestFolder.sh -------------------------------------------------------------------------------- /6.1.5 Remove Guest home folder/EA/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/6.1.5 Remove Guest home folder/EA/README.md -------------------------------------------------------------------------------- /6.2 Turn on filename extensions/Config/EnableShowFileExtensions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | defaults write NSGlobalDomain AppleShowAllExtensions -bool true 4 | -------------------------------------------------------------------------------- /6.2 Turn on filename extensions/EA/CheckShowFileExtensions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/6.2 Turn on filename extensions/EA/CheckShowFileExtensions.py -------------------------------------------------------------------------------- /6.3 Disable safari safe file opening/Config/DisableSafariSafeDownloads.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/6.3 Disable safari safe file opening/Config/DisableSafariSafeDownloads.sh -------------------------------------------------------------------------------- /6.3 Disable safari safe file opening/EA/DisableSafariSafeDownloadsCheck.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/6.3 Disable safari safe file opening/EA/DisableSafariSafeDownloadsCheck.py -------------------------------------------------------------------------------- /7.8 EFI Password Status/EA/EFIpwStatus.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/7.8 EFI Password Status/EA/EFIpwStatus.sh -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/franton/CIS-Apple-Security-Casper/HEAD/README.md --------------------------------------------------------------------------------