Assess macOS Security with cnspec
cnspec assesses your macOS assets for misconfigurations that put your organization at risk. You can evaluate a macOS asset for compliance with security policies created by Mondoo or the community, or create your own policies. You also can write individual tests to run on the fly or include in automated tasks.
For a list of macOS resources you can test, read Mondoo Operating Systems (OS) Resource Pack Reference and Mondoo Core Resource Pack Reference.
Requirements
To test a macOS asset with cnspec, you must have:
- cnspec installed on your workstation
- Access to the asset
Assess macOS security with policy-based scanning
The macOS Security by Mondoo policy is available to all in Mondoo's cnspec-policies GitHub repo. This collection of tests evaluates how well your environment follows fundamental macOS security best practices.
To scan a local machine using the macOS Security by Mondoo policy, run:
cnspec scan
To scan a remote machine using the macOS Security by Mondoo policy, run:
cnspec scan ssh user@IP_ADDRESS
For IP_ADDRESS, substitute the IP address of the remote macOS asset.
cnspec finds the default policy for macOS and runs a scan based on that policy. It returns a report summarizing the scan results.
To learn more about the command, read cnspec scan.
You can also create your own policies to meet your specific needs. To learn more about policies, read Policies.
Learn more
cnspec also provides an interactive shell in which you can explore. It helps you understand the checks that cnspec policies use, and write your own as well. It’s also a great way to interact with both local and remote targets on the fly. To learn more, read Create Checks in cnspec Shell.
-
To learn more about how the MQL query language works, read Write Effective MQL.
-
For a list of all the operating system resources and fields you can query, read the Mondoo Operating Systems (OS) Resource Pack Reference.
-
To learn about cnspec commands, read: