![]() ![]() updates to key macOS security data files, and system updates more generally,.basic Mac security settings, such as SIP being turned on,.This article is an explanation of how you can get the best out of them. Tags APFS Apple AppleScript Apple silicon backup Big Sur Blake bug Catalina Consolation Console Corinth diagnosis Disk Utility Doré El Capitan extended attributes Finder firmware Gatekeeper Gérôme HFS+ High Sierra history of painting iCloud Impressionism iOS landscape LockRattler log logs M1 Mac Mac history macOS macOS 10.12 macOS 10.13 macOS 10.14 macOS 10.SilentKnight and LockRattler are the two most popular of my free apps, available from their Product Page. If you’re working to attain or maintain CIS benchmarks and need any other tools to help, please don’t hesitate to let me know. If you want to check properly whether a Mac’s firmware is up to date, no matter whether it has a T2 chip or not, then as far as I’m aware there’s no better way than using SilentKnight or silnite, not eficheck. I also provide a full listing in this article. The only such listing that I’m aware of is that which I maintain on GitHub, which is used by both SilentKnight and silnite to determine whether firmware is really current. Neither does Apple publish any list of current firmware versions for different Mac models. In many cases, firmware can be months out of date and still be accepted by eficheck. The other problem with eficheck is that, even on Macs without T2 chips, it only checks whether the firmware is within the loose limits that Apple prescribes, not whether it’s current at all. I’ve now encountered several Macs with T2 chips whose firmware hasn’t been up-to-date, so that is a dangerous assumption. These cover benchmarks 1.1, 1.2, 1.5, 2.5.1.1, 2.5.2 and 5.19 (SIP status).įirmware is covered in benchmark 2.11, and relies on the macOS command tool eficheck, which isn’t adequate for ascertaining whether the firmware installed is current.įirst, eficheck can’t check whether the firmware of Macs with T2 chips is up-to-date at all, so the benchmark assumes that this isn’t necessary. Version numbers of XProtect, Gatekeeper, MRT, TCC and KEXT blocker data installed.Firmware, for all Mac models including those with T2 chips. ![]() SilentKnight and silnite report the following key security indicators: These three are available from their Product Page. You can also check versions installed and other security settings using LockRattler. ![]() If you want a command tool version of it, silnite should be ideal. My free app SilentKnight accesses the last of those and checks whether that Mac’s versions are current, and more. I also store an XML Property List containing this information on GitHub, which you are welcome to access for non-commercial purposes. I maintain lists of current versions on several pages here, for: As Apple doesn’t announce those updates, or detail which versions are current, there’s no official source for information. This article explains which of the items listed in CIS Apple macOS 10.15 Benchmark v1.0.0 – 04-06-2020 can be tackled and monitored using my free apps SilentKnight, LockRattler, and the command tool silnite.Ĭhapter 1 lists a series of scored benchmarks for macOS updates, security updates, etc., which rely largely on softwareupdate settings, and don’t actually verify whether updates installed are the latest released by Apple. There have been various security benchmarks and recommendations for securing Macs, of which one of the most widely used now comes from the Center for Internet Security. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |