diff --git a/articles/roadmap-preview-january-2025.md b/articles/roadmap-preview-january-2025.md
index 11a0f3075008..2bd166e95c73 100644
--- a/articles/roadmap-preview-january-2025.md
+++ b/articles/roadmap-preview-january-2025.md
@@ -22,7 +22,7 @@ Big opportunities that Fleet is building towards in the near future (next 180 da
- 🗓️ Native patching for apps and OS during maintenance windows
- 🤖 AI-generated osquery queries
-Any feedback or a questions? You can find us where we hang out in the [osquery // #fleet Slack channel](https://chat.osquery.io/c/fleet).
+Any feedback or a questions? Contributions welcome! You can find us [where we hang out](https://fleetdm.com/support).
diff --git a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
index c44f17f4d21e..0ff23289f2de 100644
--- a/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
+++ b/docs/01-Using-Fleet/standard-query-library/standard-query-library.yml
@@ -45,7 +45,43 @@ spec:
);
purpose: Informational
tags: compliance, CIS, CIS_Level1, premium,
- contributors: sharon-fdm
+ contributors: sharon-fdm,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ PayloadDisplayName
+ Screensaver
+ PayloadIdentifier
+ com.apple.screensaver.AB633B1B-EAEF-4AB6-B5F6-DE67193267E9
+ PayloadType
+ com.apple.screensaver
+ PayloadUUID
+ AB633B1B-EAEF-4AB6-B5F6-DE67193267E9
+ PayloadVersion
+ 1
+ askForPassword
+
+ askForPasswordDelay
+ 0
+
+
+ PayloadDisplayName
+ Require password after screensaver or sleep
+ PayloadIdentifier
+ com.fleetdm.password_policy
+ PayloadType
+ Configuration
+ PayloadUUID
+ 5A2DC0F2-C5FE-4808-9083-D9879684D7FA
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -72,7 +108,41 @@ spec:
);
purpose: Informational
tags: compliance, CIS, CIS_Level1, premium
- contributors: sharon-fdm
+ contributors: sharon-fdm,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ AutomaticCheckEnabled
+
+ PayloadDisplayName
+ Software Update
+ PayloadIdentifier
+ com.apple.SoftwareUpdate.8567CAE0-4F08-49B7-9DEE-EE7A1FB232E4
+ PayloadType
+ com.apple.SoftwareUpdate
+ PayloadUUID
+ 8567CAE0-4F08-49B7-9DEE-EE7A1FB232E4
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Automatically install updates
+ PayloadIdentifier
+ com.fleetdm.automatically_install_updates
+ PayloadType
+ Configuration
+ PayloadUUID
+ C9797096-D3DD-4BB4-85B0-6679209BA78F
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -575,7 +645,46 @@ spec:
resolution: "To enable Gatekeeper, on the failing device, run the following command in the Terminal app: /usr/sbin/spctl --master-enable."
tags: compliance, hardening, built-in, CIS, CIS2.5.2.1, critical
platform: darwin
- contributors: groob
+ contributors: groob,ddribeiro
+ script: |
+ #!/bin/sh
+
+ ## command to enable gatekeeper
+ /usr/sbin/spctl --master-enable
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ EnableAssessment
+
+ PayloadDisplayName
+ System Policy Control
+ PayloadIdentifier
+ com.apple.systempolicy.control.6CA698CD-1DBB-445C-BDA3-60E35FBBF0E9
+ PayloadType
+ com.apple.systempolicy.control
+ PayloadUUID
+ 6CA698CD-1DBB-445C-BDA3-60E35FBBF0E9
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Enable Gatekeeper
+ PayloadIdentifier
+ com.fleetdm.enablegatekeeper.DF30A9A2-C9F9-421D-A26A-6FAA7216E72F
+ PayloadType
+ Configuration
+ PayloadUUID
+ DF30A9A2-C9F9-421D-A26A-6FAA7216E72F
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -634,7 +743,41 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that disables automatic login."
tags: MDM required, compliance, hardening, built-in, critical
platform: darwin
- contributors: groob
+ contributors: groob,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ PayloadDisplayName
+ Login Window #1
+ PayloadIdentifier
+ com.apple.loginwindow.CE506065-7C0E-434E-8B8C-12E164116C94
+ PayloadType
+ com.apple.loginwindow
+ PayloadUUID
+ CE506065-7C0E-434E-8B8C-12E164116C94
+ PayloadVersion
+ 1
+ com.apple.login.mcx.DisableAutoLoginClient
+
+
+
+ PayloadDisplayName
+ Disable Automatic Login
+ PayloadIdentifier
+ com.fleetdm.disableautomaticlogin.F07E2CB5-56CC-4699-B061-EAA253220BA8
+ PayloadType
+ Configuration
+ PayloadUUID
+ F07E2CB5-56CC-4699-B061-EAA253220BA8
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -645,7 +788,41 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that enables secure keyboard entry for the Terminal application."
tags: MDM required, compliance, hardening, built-in
platform: darwin
- contributors: groob
+ contributors: groob,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ SecureKeyboardEntry
+
+ PayloadDisplayName
+ Terminal
+ PayloadIdentifier
+ com.apple.Terminal.89C5FA0F-CA32-4CC7-99D9-931B13CB923B
+ PayloadType
+ com.apple.Terminal
+ PayloadUUID
+ 89C5FA0F-CA32-4CC7-99D9-931B13CB923B
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Enable Terminal Secure Keyboard Entry
+ PayloadIdentifier
+ com.fleetdm.enableterminalsecurekeyboardentry.6E73E3DF-0D0A-4B17-BBCB-3E0906C78743
+ PayloadType
+ Configuration
+ PayloadUUID
+ 6E73E3DF-0D0A-4B17-BBCB-3E0906C78743
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: query
@@ -692,7 +869,43 @@ spec:
updates.
tags: compliance, malware, hardening, built-in, template
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ ConfigDataInstall
+
+ CriticalUpdateInstall
+
+ PayloadDisplayName
+ Software Update
+ PayloadIdentifier
+ com.apple.SoftwareUpdate.C0292C9C-7506-4A51-9C19-52FF2DB632EC
+ PayloadType
+ com.apple.SoftwareUpdate
+ PayloadUUID
+ C0292C9C-7506-4A51-9C19-52FF2DB632EC
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Enable automatic system data files and security updates
+ PayloadIdentifier
+ com.fleetdm.enableSystemDataFilesAndSecurityUpdates.1C24BCAF-E18D-434B-B5D2-70F886F19912
+ PayloadType
+ Configuration
+ PayloadUUID
+ 1C24BCAF-E18D-434B-B5D2-70F886F19912
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -769,7 +982,41 @@ spec:
resolution: "In System Preferences, open Security & Privacy, navigate to the Firewall tab and click Turn On Firewall."
tags: hardening, compliance, built-in, CIS, CIS2.5.2.2
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ EnableFirewall
+
+ PayloadDisplayName
+ Firewall
+ PayloadIdentifier
+ com.apple.security.firewall.84151DEA-D0E5-4334-91D4-4BBDFA38CD17
+ PayloadType
+ com.apple.security.firewall
+ PayloadUUID
+ 84151DEA-D0E5-4334-91D4-4BBDFA38CD17
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Enable Firewall
+ PayloadIdentifier
+ com.fleetdm.enablefirewall.D93BF783-383E-41CD-97AA-1D3FD71045BE
+ PayloadType
+ Configuration
+ PayloadUUID
+ D93BF783-383E-41CD-97AA-1D3FD71045BE
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -780,7 +1027,43 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that enables screen lock."
tags: MDM required, compliance, hardening, built-in
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ PayloadDisplayName
+ Screensaver
+ PayloadIdentifier
+ com.apple.screensaver.C3B911F5-A787-4B64-86D9-3DFE19B5F72F
+ PayloadType
+ com.apple.screensaver
+ PayloadUUID
+ C3B911F5-A787-4B64-86D9-3DFE19B5F72F
+ PayloadVersion
+ 1
+ askForPassword
+
+ askForPasswordDelay
+ 0
+
+
+ PayloadDisplayName
+ Enable screen lock
+ PayloadIdentifier
+ com.fleetdm.enableScreenLock.5BFC3E0C-50E1-4D61-82D8-3A784D4DD200
+ PayloadType
+ Configuration
+ PayloadUUID
+ 5BFC3E0C-50E1-4D61-82D8-3A784D4DD200
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -802,7 +1085,41 @@ spec:
resolution: "Contact your IT administrator to make sure your Mac is receiving configuration profiles for password length."
platform: darwin
tags: compliance, hardening, built-in, CIS, CIS5.2.2
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ PayloadDisplayName
+ Passcode
+ PayloadIdentifier
+ com.apple.mobiledevice.passwordpolicy.0668AAD7-0A80-476C-AAF7-C5F63B5E8E3D
+ PayloadType
+ com.apple.mobiledevice.passwordpolicy
+ PayloadUUID
+ 0668AAD7-0A80-476C-AAF7-C5F63B5E8E3D
+ PayloadVersion
+ 1
+ minLength
+ 10
+
+
+ PayloadDisplayName
+ Require password of 10 or more characters
+ PayloadIdentifier
+ com.fleetdm.passwordPolicy10Characters.D3CDEDA2-DC77-484F-92F8-68A4902800AD
+ PayloadType
+ Configuration
+ PayloadUUID
+ D3CDEDA2-DC77-484F-92F8-68A4902800AD
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -835,7 +1152,41 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic update downloads."
tags: MDM required, compliance, CIS, CIS1.3
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ AutomaticDownload
+
+ PayloadDisplayName
+ Software Update
+ PayloadIdentifier
+ com.apple.SoftwareUpdate.79490A7F-FBE2-4E28-9E98-CE8232A87C6A
+ PayloadType
+ com.apple.SoftwareUpdate
+ PayloadUUID
+ 79490A7F-FBE2-4E28-9E98-CE8232A87C6A
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Enable automatic update downloads
+ PayloadIdentifier
+ com.fleetdm.enableAutomaticUpdateDownloads.16F48F16-F1DC-44D6-9126-B9D1E1274C93
+ PayloadType
+ Configuration
+ PayloadUUID
+ 16F48F16-F1DC-44D6-9126-B9D1E1274C93
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -846,7 +1197,41 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic installation of application updates."
tags: MDM required, compliance, CIS, CIS1.4
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ AutomaticallyInstallAppUpdates
+
+ PayloadDisplayName
+ Software Update
+ PayloadIdentifier
+ com.apple.SoftwareUpdate.4E11DA65-B6D8-4C65-AB72-DAC3177FC487
+ PayloadType
+ com.apple.SoftwareUpdate
+ PayloadUUID
+ 4E11DA65-B6D8-4C65-AB72-DAC3177FC487
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Enable automatic installation of application updates
+ PayloadIdentifier
+ com.fleetdm.enableAutomaticInstallationOfAppUpdates.66A51CA4-49DE-49B1-A8EE-DFB0D44D5C62
+ PayloadType
+ Configuration
+ PayloadUUID
+ 66A51CA4-49DE-49B1-A8EE-DFB0D44D5C62
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -857,7 +1242,41 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic security and data update installation."
tags: MDM required, compliance, CIS, CIS1.5
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ CriticalUpdateInstall
+
+ PayloadDisplayName
+ Software Update
+ PayloadIdentifier
+ com.apple.SoftwareUpdate.E53C14AB-3694-4D90-87A0-79E6496EC0E1
+ PayloadType
+ com.apple.SoftwareUpdate
+ PayloadUUID
+ E53C14AB-3694-4D90-87A0-79E6496EC0E1
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Enable automatic security and data file updates
+ PayloadIdentifier
+ com.fleetdm.enableAutomaticSecurityAndDataFileUpdates.Dales-MacBook-Pro.50CE2929-89F7-4283-922A-F30C15D6B1FD
+ PayloadType
+ Configuration
+ PayloadUUID
+ 50CE2929-89F7-4283-922A-F30C15D6B1FD
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -868,7 +1287,41 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic installation of operating system updates."
tags: MDM required, compliance, CIS, CIS1.6
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ AutomaticallyInstallMacOSUpdates
+
+ PayloadDisplayName
+ Software Update
+ PayloadIdentifier
+ com.apple.SoftwareUpdate.B5EF9664-07BB-4775-B597-59F21F413878
+ PayloadType
+ com.apple.SoftwareUpdate
+ PayloadUUID
+ B5EF9664-07BB-4775-B597-59F21F413878
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Enable automatic installation of OS updates
+ PayloadIdentifier
+ com.fleetdm.enableAutomaticOSUpddates.A5CA0F6B-02F8-42D0-805E-D13FDB9B093B
+ PayloadType
+ Configuration
+ PayloadUUID
+ A5CA0F6B-02F8-42D0-805E-D13FDB9B093B
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -879,7 +1332,41 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that enables automatic time and date configuration."
tags: MDM required, compliance, CIS, CIS2.2.1
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ PayloadDisplayName
+ Restrictions
+ PayloadIdentifier
+ com.apple.applicationaccess.B0EBDEA9-69D3-46CA-BB19-72B86A7111F5
+ PayloadType
+ com.apple.applicationaccess
+ PayloadUUID
+ B0EBDEA9-69D3-46CA-BB19-72B86A7111F5
+ PayloadVersion
+ 1
+ forceAutomaticDateAndTime
+
+
+
+ PayloadDisplayName
+ Automatically configure time and date
+ PayloadIdentifier
+ com.fleetdm.automaticallyConfigureTimeAndDate.BA0A14E0-22A2-4D59-A803-BB04F374F6A3
+ PayloadType
+ Configuration
+ PayloadUUID
+ BA0A14E0-22A2-4D59-A803-BB04F374F6A3
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -890,7 +1377,45 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that enables the screen saver after inactivity of 20 minutes or less."
tags: MDM required, compliance, CIS, CIS2.3.1, CIS5.8
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ PayloadDisplayName
+ Screensaver
+ PayloadIdentifier
+ com.apple.screensaver.FDC5E74E-C09E-484C-B3F3-FF04BF8AF9AB
+ PayloadType
+ com.apple.screensaver
+ PayloadUUID
+ FDC5E74E-C09E-484C-B3F3-FF04BF8AF9AB
+ PayloadVersion
+ 1
+ askForPassword
+
+ askForPasswordDelay
+ 60
+ idleTime
+ 1140
+
+
+ PayloadDisplayName
+ Lock screen after inactivity of 20 minutes
+ PayloadIdentifier
+ com.fleetdm.lockScreenAfter20Minutes.34DD0263-156C-48DB-B6B8-64D3112A1128
+ PayloadType
+ Configuration
+ PayloadUUID
+ 34DD0263-156C-48DB-B6B8-64D3112A1128
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -901,7 +1426,41 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that prevents Internet sharing."
tags: MDM required, compliance, CIS, CIS2.4.2
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ PayloadDisplayName
+ Managed Preferences
+ PayloadIdentifier
+ com.apple.MCX.7BE9B7E8-14E4-49CF-AEC5-CD7806957F5A
+ PayloadType
+ com.apple.MCX
+ PayloadUUID
+ 7BE9B7E8-14E4-49CF-AEC5-CD7806957F5A
+ PayloadVersion
+ 1
+ forceInternetSharingOff
+
+
+
+ PayloadDisplayName
+ Turn off internet sharing
+ PayloadIdentifier
+ com.fleetdm.turnOffInternetSharing.22125243-721F-4A26-862E-5B16F28977C0
+ PayloadType
+ Configuration
+ PayloadUUID
+ 22125243-721F-4A26-862E-5B16F28977C0
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -912,7 +1471,41 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that disables content caching."
tags: MDM required, compliance, CIS, CIS2.4.10
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ PayloadDisplayName
+ Restrictions
+ PayloadIdentifier
+ com.apple.applicationaccess.EEFDDF9B-F4D3-45FC-A832-F20096938668
+ PayloadType
+ com.apple.applicationaccess
+ PayloadUUID
+ EEFDDF9B-F4D3-45FC-A832-F20096938668
+ PayloadVersion
+ 1
+ allowContentCaching
+
+
+
+ PayloadDisplayName
+ Disable content caching
+ PayloadIdentifier
+ com.fleetdm.disableContentCaching.6154F973-CF2C-46A5-B38C-DCF44A3FFC65
+ PayloadType
+ Configuration
+ PayloadUUID
+ 6154F973-CF2C-46A5-B38C-DCF44A3FFC65
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -923,7 +1516,41 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that disables advertisement tracking."
tags: MDM required, compliance, CIS, CIS2.5.6
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ PayloadDisplayName
+ iCloud
+ PayloadIdentifier
+ com.apple.icloud.managed.19CEE0E2-2D04-43E7-AB98-B93B179A20ED
+ PayloadType
+ com.apple.icloud.managed
+ PayloadUUID
+ 19CEE0E2-2D04-43E7-AB98-B93B179A20ED
+ PayloadVersion
+ 1
+ DisableCloudSync
+
+
+
+ PayloadDisplayName
+ Limit ad tracking
+ PayloadIdentifier
+ com.fleetdm.disableiCloudDesktopAndDocumentsSync.9CEE4A9A-3BC6-4E2C-A093-8CC3B7F26EF8
+ PayloadType
+ Configuration
+ PayloadUUID
+ 9CEE4A9A-3BC6-4E2C-A093-8CC3B7F26EF8
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -934,7 +1561,41 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile to prevent iCloud Desktop and Documents sync."
tags: MDM required, compliance, CIS, CIS2.6.1.4
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ PayloadDisplayName
+ iCloud
+ PayloadIdentifier
+ com.apple.icloud.managed.19CEE0E2-2D04-43E7-AB98-B93B179A20ED
+ PayloadType
+ com.apple.icloud.managed
+ PayloadUUID
+ 19CEE0E2-2D04-43E7-AB98-B93B179A20ED
+ PayloadVersion
+ 1
+ DisableCloudSync
+
+
+
+ PayloadDisplayName
+ Disable iCloud Desktop and Documents Sync
+ PayloadIdentifier
+ com.fleetdm.disableiCloudDesktopAndDocumentsSync.9CEE4A9A-3BC6-4E2C-A093-8CC3B7F26EF8
+ PayloadType
+ Configuration
+ PayloadUUID
+ 9CEE4A9A-3BC6-4E2C-A093-8CC3B7F26EF8
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -945,18 +1606,88 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that enables firewall logging."
tags: MDM required, compliance, CIS, CIS3.6
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ EnableFirewall
+
+ EnableLogging
+
+ PayloadDisplayName
+ Firewall
+ PayloadIdentifier
+ com.apple.security.firewall.E91C28D7-A35F-44DF-8656-07C738F8946E
+ PayloadType
+ com.apple.security.firewall
+ PayloadUUID
+ E91C28D7-A35F-44DF-8656-07C738F8946E
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Enable firewall logging
+ PayloadIdentifier
+ com.fleetdm.enableFirewallLogging.A97BF2B6-968B-4C9B-B02C-331595377934
+ PayloadType
+ Configuration
+ PayloadUUID
+ A97BF2B6-968B-4C9B-B02C-331595377934
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
spec:
name: Guest account disabled (macOS)
- query: SELECT 1 FROM managed_policies WHERE domain='com.apple.loginwindow' AND name='DisableGuestAccount' AND value='1' LIMIT 1;
+ query: SELECT 1 FROM managed_policies WHERE domain='com.apple.MCX' AND name='DisableGuestAccount' AND value='1' LIMIT 1;
description: "Checks that a mobile device management (MDM) solution configures the Mac to prevent the use of a guest account."
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that disables the guest account."
tags: MDM required, compliance, CIS, CIS6.1.3
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ DisableGuestAccount
+
+ PayloadDisplayName
+ Energy Saver, FileVault, Time Server, Mobile Accounts and Guest Account
+ PayloadIdentifier
+ com.apple.MCX.87E0D7FE-FDEF-4B61-8505-C009C975AFD4
+ PayloadType
+ com.apple.MCX
+ PayloadUUID
+ 87E0D7FE-FDEF-4B61-8505-C009C975AFD4
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Disable guest account
+ PayloadIdentifier
+ com.fleetdm.disableGuestAccount.E29C0490-83B0-4AD1-AD50-AC9B63D1DD96
+ PayloadType
+ Configuration
+ PayloadUUID
+ E29C0490-83B0-4AD1-AD50-AC9B63D1DD96
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
@@ -967,7 +1698,41 @@ spec:
resolution: "Contact your IT administrator to ensure your Mac is receiving a profile that prevents guest access to shared folders."
tags: MDM required, compliance, CIS, CIS6.1.4
platform: darwin
- contributors: GuillaumeRoss
+ contributors: GuillaumeRoss,ddribeiro
+ configuration_profile: |
+
+
+
+
+ PayloadContent
+
+
+ guestAccess
+
+ PayloadDisplayName
+ File Server
+ PayloadIdentifier
+ com.apple.AppleFileServer.0C0C0FED-098F-4BAA-8917-3313A8A1F3A1
+ PayloadType
+ com.apple.AppleFileServer
+ PayloadUUID
+ 0C0C0FED-098F-4BAA-8917-3313A8A1F3A1
+ PayloadVersion
+ 1
+
+
+ PayloadDisplayName
+ Disable guest access to shared folders
+ PayloadIdentifier
+ com.fleetdm.disableGuestAccessToSharedFolders.819D93D8-E078-43A5-9661-F5E96F84F384
+ PayloadType
+ Configuration
+ PayloadUUID
+ 819D93D8-E078-43A5-9661-F5E96F84F384
+ PayloadVersion
+ 1
+
+
---
apiVersion: v1
kind: policy
diff --git a/docs/REST API/rest-api.md b/docs/REST API/rest-api.md
index 21f554de89fd..757798a38c8f 100644
--- a/docs/REST API/rest-api.md
+++ b/docs/REST API/rest-api.md
@@ -2643,31 +2643,31 @@ Returns the information of the specified host.
"last_enrolled_at": "2021-08-19T02:02:22Z",
"seen_time": "2021-08-19T21:14:58Z",
"refetch_requested": false,
- "hostname": "23cfc9caacf0",
+ "hostname": "Annas-MacBook-Pro.local",
"uuid": "309a4b7d-0000-0000-8e7f-26ae0815ede8",
- "platform": "rhel",
- "osquery_version": "5.12.0",
+ "platform": "darwin",
+ "osquery_version": "5.15.0",
"orbit_version": "1.22.0",
"fleet_desktop_version": "1.22.0",
"scripts_enabled": true,
- "os_version": "CentOS Linux 8.3.2011",
- "build": "",
- "platform_like": "rhel",
+ "os_version": "macOS 15.2",
+ "build": "24C101",
+ "platform_like": "darwin",
"code_name": "",
"uptime": 210671000000000,
"memory": 16788398080,
- "cpu_type": "x86_64",
- "cpu_subtype": "158",
- "cpu_brand": "Intel(R) Core(TM) i9-9980HK CPU @ 2.40GHz",
- "cpu_physical_cores": 12,
- "cpu_logical_cores": 12,
- "hardware_vendor": "",
- "hardware_model": "",
+ "cpu_type": "arm64e",
+ "cpu_subtype": "ARM64E",
+ "cpu_brand": "Apple M1",
+ "cpu_physical_cores": 8,
+ "cpu_logical_cores": 8,
+ "hardware_vendor": "Apple Inc.",
+ "hardware_model": "MacBookPro17,1",
"hardware_version": "",
- "hardware_serial": "",
- "computer_name": "23cfc9caacf0",
- "display_name": "23cfc9caacf0",
- "public_ip": "",
+ "hardware_serial": "C0124FXASD6G",
+ "computer_name": "Anna's MacBook Pro",
+ "display_name": "Anna's MacBook Pro",
+ "public_ip": "123.45.678.910",
"primary_ip": "172.27.0.6",
"primary_mac": "02:42:ac:1b:00:06",
"distributed_interval": 10,
@@ -2676,13 +2676,13 @@ Returns the information of the specified host.
"team_id": null,
"pack_stats": null,
"team_name": null,
- "additional": {},
- "gigs_disk_space_available": 46.1,
- "percent_disk_space_available": 74,
- "gigs_total_disk_space": 160,
+ "gigs_disk_space_available": 174.98,
+ "percent_disk_space_available": 71,
+ "gigs_total_disk_space": 246,
"disk_encryption_enabled": true,
"status": "online",
- "display_text": "23cfc9caacf0",
+ "display_text": "Annas-MacBook-Pro.local",
+ "additional": {},
"issues": {
"failing_policies_count": 1,
"critical_vulnerabilities_count": 2, // Available in Fleet Premium
@@ -2712,14 +2712,14 @@ Returns the information of the specified host.
"username": "root",
"type": "",
"groupname": "root",
- "shell": "/bin/bash"
+ "shell": "/bin/sh"
},
{
"uid": 1,
- "username": "bin",
+ "username": "annachao",
"type": "",
- "groupname": "bin",
- "shell": "/sbin/nologin"
+ "groupname": "staff",
+ "shell": "/bin/zsh"
}
],
"labels": [
@@ -2738,9 +2738,9 @@ Returns the information of the specified host.
"created_at": "2021-08-19T02:02:17Z",
"updated_at": "2021-08-19T02:02:17Z",
"id": 9,
- "name": "CentOS Linux",
- "description": "All CentOS hosts",
- "query": "SELECT 1 FROM os_version WHERE platform = 'centos' OR name LIKE '%centos%'",
+ "name": "macOS",
+ "description": "All macOS hosts",
+ "query": "select 1 from os_version where platform = 'darwin';",
"platform": "",
"label_type": "builtin",
"label_membership_type": "dynamic"
@@ -2749,11 +2749,11 @@ Returns the information of the specified host.
"created_at": "2021-08-19T02:02:17Z",
"updated_at": "2021-08-19T02:02:17Z",
"id": 12,
- "name": "All Linux",
- "description": "All Linux distributions",
- "query": "SELECT 1 FROM osquery_info WHERE build_platform LIKE '%ubuntu%' OR build_distro LIKE '%centos%';",
+ "name": "Hosts with Chrome installed",
+ "description": "",
+ "query": "SELECT * FROM apps WHERE name LIKE \"%Chrome%\"",
"platform": "",
- "label_type": "builtin",
+ "label_type": "regular",
"label_membership_type": "dynamic"
}
],
@@ -3090,67 +3090,36 @@ This is the API route used by the **My device** page in Fleet desktop to display
"host": {
"created_at": "2021-08-19T02:02:22Z",
"updated_at": "2021-08-19T21:14:58Z",
- "software": [
- {
- "id": 408,
- "name": "osquery",
- "version": "4.5.1",
- "source": "rpm_packages",
- "browser": "",
- "generated_cpe": "",
- "vulnerabilities": null
- },
- {
- "id": 1146,
- "name": "tar",
- "version": "1.30",
- "source": "rpm_packages",
- "browser": "",
- "generated_cpe": "",
- "vulnerabilities": null
- },
- {
- "id": 321,
- "name": "SomeApp.app",
- "version": "1.0",
- "source": "apps",
- "browser": "",
- "bundle_identifier": "com.some.app",
- "last_opened_at": "2021-08-18T21:14:00Z",
- "generated_cpe": "",
- "vulnerabilities": null
- }
- ],
"id": 1,
"detail_updated_at": "2021-08-19T21:07:53Z",
"label_updated_at": "2021-08-19T21:07:53Z",
"last_enrolled_at": "2021-08-19T02:02:22Z",
"seen_time": "2021-08-19T21:14:58Z",
"refetch_requested": false,
- "hostname": "23cfc9caacf0",
+ "hostname": "Annas-MacBook-Pro.local",
"uuid": "309a4b7d-0000-0000-8e7f-26ae0815ede8",
- "platform": "rhel",
- "osquery_version": "4.5.1",
- "os_version": "CentOS Linux 8.3.2011",
- "build": "",
- "platform_like": "rhel",
+ "platform": "darwin",
+ "osquery_version": "5.15.0",
+ "os_version": "macOS 15.2",
+ "build": "24C101",
+ "platform_like": "darwin",
"code_name": "",
"uptime": 210671000000000,
"memory": 16788398080,
- "cpu_type": "x86_64",
- "cpu_subtype": "158",
- "cpu_brand": "Intel(R) Core(TM) i9-9980HK CPU @ 2.40GHz",
- "cpu_physical_cores": 12,
- "cpu_logical_cores": 12,
- "hardware_vendor": "",
- "hardware_model": "",
+ "cpu_type": "arm64e",
+ "cpu_subtype": "ARM64E",
+ "cpu_brand": "Apple M1",
+ "cpu_physical_cores": 8,
+ "cpu_logical_cores": 8,
+ "hardware_vendor": "Apple Inc.",
+ "hardware_model": "MacBookPro17,1",
"hardware_version": "",
"hardware_serial": "",
- "computer_name": "23cfc9caacf0",
- "display_name": "23cfc9caacf0",
- "public_ip": "",
- "primary_ip": "172.27.0.6",
- "primary_mac": "02:42:ac:1b:00:06",
+ "computer_name": "Anna's MacBook Pro",
+ "display_name": "Anna's MacBook Pro",
+ "public_ip": "123.45.678.910",
+ "primary_ip": "192.12.345.678",
+ "primary_mac": "36:34:a5:6b:7b:5c",
"distributed_interval": 10,
"config_tls_refresh": 10,
"logger_tls_period": 10,
@@ -3158,25 +3127,44 @@ This is the API route used by the **My device** page in Fleet desktop to display
"pack_stats": null,
"team_name": null,
"additional": {},
- "gigs_disk_space_available": 46.1,
- "percent_disk_space_available": 74,
- "gigs_total_disk_space": 160,
+ "gigs_disk_space_available": 174.98,
+ "percent_disk_space_available": 71,
+ "gigs_total_disk_space": 246,
"disk_encryption_enabled": true,
"dep_assigned_to_fleet": false,
+ "status": "online",
+ "display_text": "Annas-MacBook-Pro.local",
+ "self_service": true,
+ "org_logo_url": "https://example.com/logo.jpg",
+ "license": {
+ "tier": "free",
+ "expiration": "2031-01-01T00:00:00Z"
+ },
+ "global_config": {
+ "mdm": {
+ "enabled_and_configured": false
+ }
+ },
+ "batteries": [
+ {
+ "cycle_count": 999,
+ "health": "Good"
+ }
+ ],
"users": [
{
"uid": 0,
"username": "root",
"type": "",
"groupname": "root",
- "shell": "/bin/bash"
+ "shell": "/bin/sh"
},
{
"uid": 1,
- "username": "bin",
+ "username": "annachao",
"type": "",
- "groupname": "bin",
- "shell": "/sbin/nologin"
+ "groupname": "staff",
+ "shell": "/bin/zsh"
}
],
"labels": [
@@ -3195,9 +3183,9 @@ This is the API route used by the **My device** page in Fleet desktop to display
"created_at": "2021-08-19T02:02:17Z",
"updated_at": "2021-08-19T02:02:17Z",
"id": 9,
- "name": "CentOS Linux",
- "description": "All CentOS hosts",
- "query": "SELECT 1 FROM os_version WHERE platform = 'centos' OR name LIKE '%centos%'",
+ "name": "macOS",
+ "description": "All macOS hosts",
+ "query": "select 1 from os_version where platform = 'darwin';",
"platform": "",
"label_type": "builtin",
"label_membership_type": "dynamic"
@@ -3206,23 +3194,28 @@ This is the API route used by the **My device** page in Fleet desktop to display
"created_at": "2021-08-19T02:02:17Z",
"updated_at": "2021-08-19T02:02:17Z",
"id": 12,
- "name": "All Linux",
- "description": "All Linux distributions",
- "query": "SELECT 1 FROM osquery_info WHERE build_platform LIKE '%ubuntu%' OR build_distro LIKE '%centos%';",
+ "name": "Hosts with Chrome installed",
+ "description": "",
+ "query": "SELECT * FROM apps WHERE name LIKE \"%Chrome%\"",
"platform": "",
- "label_type": "builtin",
+ "label_type": "regular",
"label_membership_type": "dynamic"
}
],
- "packs": [],
- "status": "online",
- "display_text": "23cfc9caacf0",
- "batteries": [
+ "software": [
{
- "cycle_count": 999,
- "health": "Good"
+ "id": 321,
+ "name": "SomeApp.app",
+ "version": "1.0",
+ "source": "apps",
+ "browser": "",
+ "bundle_identifier": "com.some.app",
+ "last_opened_at": "2021-08-18T21:14:00Z",
+ "generated_cpe": "",
+ "vulnerabilities": null
}
],
+ "packs": [],
"mdm": {
"encryption_key_available": true,
"enrollment_status": "On (manual)",
@@ -3230,7 +3223,7 @@ This is the API route used by the **My device** page in Fleet desktop to display
"connected_to_fleet": true,
"server_url": "https://acme.com/mdm/apple/mdm",
"macos_settings": {
- "disk_encryption": null,
+ "disk_encryption": "verified",
"action_required": null
},
"macos_setup": {
@@ -3240,7 +3233,7 @@ This is the API route used by the **My device** page in Fleet desktop to display
},
"os_settings": {
"disk_encryption": {
- "status": null,
+ "status": "verified",
"detail": ""
}
},
@@ -3254,17 +3247,6 @@ This is the API route used by the **My device** page in Fleet desktop to display
}
]
}
- },
- "self_service": true,
- "org_logo_url": "https://example.com/logo.jpg",
- "license": {
- "tier": "free",
- "expiration": "2031-01-01T00:00:00Z"
- },
- "global_config": {
- "mdm": {
- "enabled_and_configured": false
- }
}
}
```
diff --git a/website/assets/styles/pages/query-detail.less b/website/assets/styles/pages/query-detail.less
index 3e56e7d5add3..91ca8584fed2 100644
--- a/website/assets/styles/pages/query-detail.less
+++ b/website/assets/styles/pages/query-detail.less
@@ -309,7 +309,7 @@
code {
color: #515774;
&.has-linebreaks {
- white-space: pre;
+ white-space: break-spaces;
}
&.no-linebreaks {
white-space: normal;
@@ -370,6 +370,13 @@
[purpose='breadcrumbs-and-search'] {
margin-bottom: 32px;
}
+ pre {
+ code {
+ &.has-linebreaks {
+ white-space: pre;
+ }
+ }
+ }
}
@media (max-width: 768px) {
diff --git a/website/views/pages/query-detail.ejs b/website/views/pages/query-detail.ejs
index 86d3d053d8e0..2c058b87c989 100644
--- a/website/views/pages/query-detail.ejs
+++ b/website/views/pages/query-detail.ejs
@@ -36,15 +36,24 @@
<%= query.contributors[0].name %>
<%- query.description %>
-
+
+
+
Create or edit the following script and configure it to run when the check fails:
+
+
+
<%= query.script %>
+
+
Check
Use the policy below to verify