forked from Netflix-Skunkworks/stethoscope-app
-
Notifications
You must be signed in to change notification settings - Fork 0
/
instructions.en.yaml
221 lines (200 loc) · 9.58 KB
/
instructions.en.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
organization: Stethoscope
version: "1.0"
policyFormat: "1.0"
strings:
ok: This device is properly configured
warning: >
The security settings on this device could be improved.
Click the arrow next to each recommendation for instructions.
critical: >
The security settings on this device should be improved.
Click the arrow next to each recommendation for instructions.
policyDescription: baseline policy
rescanButton: rescan
lastScan: Last scanned by
practices:
firewall:
title: >
{{#if passing}}
Your Firewall is enabled
{{else}}
Your Firewall should be enabled
{{/if}}
description: >
Firewalls control network traffic into and out of a system. Enabling the firewall on your device can prevent network-based attacks on your system, and is especially important if you make use of insecure wireless networks (such as at coffee shops and airports).
directions:
darwin: |
1. Choose System Preferences from the Apple menu.
1. Click [Security or Security & Privacy](x-apple.systempreferences:com.apple.preference.security).
1. Click the [Firewall](x-apple.systempreferences:com.apple.preference.security?Firewall) tab.
1. Unlock the pane by clicking the lock in the lower-left corner and enter the administrator username and password.
1. Click "Turn On Firewall" or "Start" to enable the firewall.
1. Click Advanced to customize the firewall configuration.
win32: |
1. Open [Windows Firewall Settings](ps://wf.msc)
1. Click "Windows Defender Firewall Properties" in the center pane
1. Ensure "Firewall state" is set to "On (recommended)" on the Domain, Public, and Private Profile tabs
1. Click OK
- {{{statusIcon privateFirewall 'Enable Private Firewall'}}}
- {{{statusIcon publicFirewall 'Enable Public Firewall'}}}
- {{{statusIcon domainFirewall 'Enable Domain Firewall'}}}
linux: |
1. Open a terminal.
1. Enter the command: "sudo ufw enable".
stethoscopeVersion:
title: >
{{#if passing}}
Stethoscope is up-to-date
{{else}}
Stethoscope needs to be updated
{{/if}}
description: >
Keeping the Stethoscope app up-to-date gives you access to the latest features, security patches, and performance improvements.
directions:
darwin: |
<a href='stethoscope://update' class="btn">Update Stethoscope</a>
win32: |
<a href='stethoscope://update' class="btn">Update Stethoscope</a>.
linux: |
<a href='stethoscope://update' class="btn">Update Stethoscope</a>.
remoteLogin:
title: >
{{#if passing}}
Remote Login is disabled
{{else}}
Remote Login should be disabled
{{/if}}
description: >
The 'Remote Login' setting on your device controls whether users can login remotely to the system. If you don't know what this is or why you would want it, you should disable 'Remote Login'.
directions:
darwin: |
1. Choose System Preferences from the Apple menu.
1. Click [Sharing](x-apple.systempreferences:com.apple.preferences.sharing?Services_RemoteLogin).
1. Uncheck "Remote Login" on the left.
win32: |
1. Open [Advanced System Preferences](ps://SystemPropertiesRemote).
1. Under "Remote Desktop" heading, select "Don't allow remote connections to this computer".
1. Click Apply.
1. Click OK.
diskEncryption:
title: >
{{#if passing}}
Disk Encryption is enabled
{{else}}
Disk Encryption should be enabled
{{/if}}
description: >
Full-disk encryption protects data at rest from being accessed by a party who does not know the password or decryption key. Systems containing internal data should be encrypted. It is every employee's responsibility to keep internal data safe.
directions:
darwin: |
1. Choose System Preferences from the Apple menu.
1. Click [Security or Security & Privacy](x-apple.systempreferences:com.apple.preference.security).
1. Click the [FileVault](x-apple.systempreferences:com.apple.preference.security?FDE) tab.
1. Unlock the pane by clicking the lock in the lower-left corner and enter the administrator username and password.
1. Click "Turn On FileVault" to start the process.
{{#each disks}}
<li>
{{#if this.encrypted}}
{{{okIcon this.label}}}
{{else}}
{{{warnIcon this.label}}}
{{/if}}
</li>
{{/each}}
win32: |
1. Open [BitLocker Drive Encryption](prefs://BitLocker).
1. Click "Turn on BitLocker".
linux: |
1. See the [CryptoRoot section of this guide](https://help.ubuntu.com/community/FullDiskEncryptionHowto).
automaticUpdates:
title: >
{{#if passing}}
Automatic Updates are enabled
{{else}}
Automatic Updates should be enabled
{{/if}}
description: >
One of the most important things you can do to secure your device(s) is to keep your operating system and software up to date. New vulnerabilities and weaknesses are found every day, so frequent updates are essential to ensuring your device(s) include the latest fixes and preventative measures. Enabling automatic updating helps ensure your machine is up-to-date without having to manually install updates.
directions:
darwin: |
1. Choose System Preferences from the Apple menu.
{{#if mohave}}
1. Click [Software Update](x-apple.systempreferences:com.apple.preferences.softwareupdate)
{{else}}
1. Click [App Store](prefs://com.apple.preferences.appstore).
{{/if}}
1. Click "Automatically check for updates"
{{#unless passing}}
1. Make sure the following are checked:
- {{{statusIcon automaticUpdates 'Automatically check for updates'}}}
- {{{statusIcon automaticDownloadUpdates 'Download newly available updates in the background'}}}
- {{{statusIcon automaticAppUpdates 'Install app updates'}}}
- {{{statusIcon automaticOsUpdates 'Install macOS updates'}}}
- {{{statusIcon automaticSecurityUpdates 'Install system data files and \*security updates\*'}}}
{{/unless}}
win32: |
1. Open [Services](ps://services.msc) (Start > Run > services.msc).
1. Scroll down to find "Windows Update" and double-click the name.
1. Change "Startup Type" from "DISABLED" to "MANUAL" or "AUTOMATIC".
1. Click "Apply".
1. Click "OK".
screenLock:
title: >
{{#if passing}}
Screen Lock is enabled
{{else}}
Screen Lock should be enabled
{{/if}}
description: >
Screen locks, or screen saver locks, prevent unauthorized third-parties from accessing your laptop when unattended by requiring a password to dismiss the screen saver or wake from "sleep" mode. Setting the timeout, i.e., the length of idle time before the screen saver takes effect, to 10 minutes or less is also recommended.
directions:
darwin: |
1. Choose System Preferences from the Apple menu.
1. Click [Security or Security & Privacy](x-apple.systempreferences:com.apple.preference.security).
1. Select the [General](x-apple.systempreferences:com.apple.preference.security?General) tab.
1. Unlock the pane by clicking the lock in the lower-left corner and enter the administrator username and password.
1. Check the "Require password" box and set the pull down menu to to "immediately" after sleep or screen saver begins.
win32: |
Standard settings:
1. Open [Lock screen settings](ms-settings:lockscreen).
1. Scroll down and click on "Screen timeout settings".
1. Ensure that Screen settings for "On battery power" and "When plugged in" are less than or equal to 10 minutes.
If fixing the standard settings doesn't resolve the issue:
1. Open [User Account Settings](ps://netplwiz).
1. Ensure that "Users must enter a user name and password to use this computer" is checked.
1. Click "Apply".
1. Click "OK".
osVersion:
title: >
{{#if passing}}
System is up-to-date
{{else}}
System needs to be updated
{{/if}}
description: >
One of the most important things you can do to secure your device(s) is to keep your operating system and software up to date. New vulnerabilities and weaknesses are found every day, so frequent updates are essential to ensuring your device(s) include the latest fixes and preventative measures.
directions:
darwin: |
1. Open the [App Store](app://App%20Store) app.
1. Click [Updates](macappstore://showUpdatesPage) on the top of the app window.
1. Install any outstanding updates.
If you don't see any available updates, you may need the next major version of MacOS. New releases are featured on the [App Store](app://App%20Store) home screen.
{{requirement "osVersion" "darwin"}}
win32: |
1. Open [Windows Update](ms-settings:windowsupdate) in the Settings.
1. Click "Restart now"
{{requirement "osVersion" "win32"}}
requiredApplications:
title: >
{{#if passing}}
Required applications are installed
{{else}}
Missing required applications
{{/if}}
description: >
Certain applications have been designated as necessary by your organization.
directions:
darwin: |
1. Please install the following applications:
win32: |
1. Please install the following applications