From 8b9ec676cfe8b3ca17b968b2a9c214ebb427b0cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Falconnier?= Date: Tue, 9 Jul 2024 14:39:17 -0400 Subject: [PATCH] Add Firewall config profile --- mdm_artifacts.tf | 16 ++++++ mdm_default_blueprint.tf | 8 +++ .../com.apple.security.firewall.mobileconfig | 49 +++++++++++++++++++ 3 files changed, 73 insertions(+) create mode 100644 mobileconfigs/com.apple.security.firewall.mobileconfig diff --git a/mdm_artifacts.tf b/mdm_artifacts.tf index 78da6a3..1ea03d0 100644 --- a/mdm_artifacts.tf +++ b/mdm_artifacts.tf @@ -153,3 +153,19 @@ resource "zentral_mdm_profile" "system-logging-1" { macos = true version = 1 } + +# Firewall + +resource "zentral_mdm_artifact" "mscp-firewall" { + name = "mSCP - firewall" + type = "Profile" + channel = "Device" + platforms = ["macOS"] +} + +resource "zentral_mdm_profile" "mscp-firewall-1" { + artifact_id = zentral_mdm_artifact.mscp-firewall.id + source = filebase64("${path.module}/mobileconfigs/com.apple.security.firewall.mobileconfig") + macos = true + version = 1 +} diff --git a/mdm_default_blueprint.tf b/mdm_default_blueprint.tf index 194e17d..5b07890 100644 --- a/mdm_default_blueprint.tf +++ b/mdm_default_blueprint.tf @@ -68,3 +68,11 @@ resource "zentral_mdm_blueprint_artifact" "system-logging" { artifact_id = zentral_mdm_artifact.system-logging.id macos = true } + +# Firewall + +resource "zentral_mdm_blueprint_artifact" "mscp-firewall" { + blueprint_id = zentral_mdm_blueprint.default.id + artifact_id = zentral_mdm_artifact.mscp-firewall.id + macos = true +} diff --git a/mobileconfigs/com.apple.security.firewall.mobileconfig b/mobileconfigs/com.apple.security.firewall.mobileconfig new file mode 100644 index 0000000..bef3f76 --- /dev/null +++ b/mobileconfigs/com.apple.security.firewall.mobileconfig @@ -0,0 +1,49 @@ + + + + + ConsentText + + default + THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE. IN NO EVENT SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM, OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY, CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER. + + PayloadContent + + + EnableFirewall + + EnableLogging + + EnableStealthMode + + LoggingOption + detail + PayloadIdentifier + alacarte.macOS.Yolo.981696bf-aede-488b-9613-49e2f5b4b981 + PayloadType + com.apple.security.firewall + PayloadUUID + 981696bf-aede-488b-9613-49e2f5b4b981 + PayloadVersion + 1 + + + PayloadDescription + Created: 2024-07-09 +Configuration settings for the com.apple.security.firewall preference domain. + PayloadDisplayName + [Yolo] com.apple.security.firewall settings + PayloadIdentifier + com.apple.security.firewall.Yolo + PayloadOrganization + macOS Security Compliance Project + PayloadScope + System + PayloadType + Configuration + PayloadUUID + 71c2e9bb-41c1-49dc-85e0-ff4dfbc7d2ae + PayloadVersion + 1 + +