[SCAP-On-Apple-Dev] Configuration Profiles vs Plist file diddling

Prabhu S Angadi sprabhu at secpod.com
Fri May 31 00:37:43 PDT 2013


Hi All,

Yes! I completely agree with Josh, on the usage configuration profiles.

Being the XMLformatted content of these files can be easily 
parsedtofetch the composed policies values, to develop the
SCAP OVALl definitions, using available '< xmlfilecontent_test >' or '< 
plist510_test >' probesfor better assessment.

And also, as these files can be easily deployed with customized values 
as per user's choice. Either by

* By physically connecting the device
* In an email message
* On a webpage
* Using over-the air configuration as described in this document

so I thinkitwill be of great use in remediation part as well.

_______________________________________________________________________________________

In supportive to Josh, I have attached few Profile files, that were 
developed to address the Apple iOS Hardening Checklists
by The University Of Texas at Austin.

FMI :

https://wikis.utexas.edu/display/ISO/Apple+iOS+Hardening+Checklist

https://wikis.utexas.edu/display/ISO/iOS+Configuration+Profiles


-- 
Thanks !!
Prabhu S A

http://www.scaprepo.com


On 05/31/2013 02:50 AM, Josh Wisenbaker wrote:
> Hi all,
>
> I think that from an audit and remediation standpoint things can be 
> greatly simplified by using Configuration Profiles.
>
> You can easily get a XML formatted list of the composited policies 
> that are on the Mac and you can easily apply settings by installing a 
> profile. Using the policy mechanisms in OS X is highly recommended 
> over messing with files.
>
> As an example here is a profile I made that implements all of the 
> settings for the initial loginwindow tickets that are in the tracker.
>
>
>
>
> This profile allows for removal without authentication so it's easy to 
> test with.
>
> Thoughts?
> Josh
>
> -- 
> Josh Wisenbaker
> Consulting Engineer - Apple U.S. Commercial and Governmental Sales
> dubs at apple.com <mailto:dubs at apple.com>
>
>
>
> _______________________________________________
> SCAP-On-Apple-Dev mailing list
> SCAP-On-Apple-Dev at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/scap-on-apple-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/scap-on-apple-dev/attachments/20130531/457af8e7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ISOMinSecStandards.mobileconfig
Type: text/xml
Size: 3313 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/scap-on-apple-dev/attachments/20130531/457af8e7/attachment-0002.xml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ISOHighSecurity.mobileconfig
Type: text/xml
Size: 3294 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/scap-on-apple-dev/attachments/20130531/457af8e7/attachment-0003.xml>


More information about the SCAP-On-Apple-Dev mailing list