forked from usnistgov/applesec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sam10_12_pwpolicy.plist
127 lines (127 loc) · 3.96 KB
/
sam10_12_pwpolicy.plist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>policyCategoryAuthentication</key>
<array>
<dict>
<key>policyContent</key>
<string>(policyAttributeFailedAuthentications < policyAttributeMaximumFailedAuthentications) OR (policyAttributeCurrentTime > policyAttributeLastFailedAuthenticationTime + lockoutDuration * 60)</string>
<key>policyIdentifier</key>
<string>3 failed login attempts lock user accounts for 15 minutes</string>
<key>policyParameters</key>
<dict>
<key>lockoutDuration</key>
<integer>15</integer>
<key>policyAttributeMaximumFailedAuthentications</key>
<integer>3</integer>
</dict>
</dict>
</array>
<key>policyCategoryPasswordChange</key>
<array>
<dict>
<key>policyContent</key>
<string>policyAttributeCurrentTime > policyAttributeLastPasswordChangeTime + (policyAttributeExpiresEveryNDays * 24 * 60 * 60)</string>
<key>policyIdentifier</key>
<string>Password expires every 60 days</string>
<key>policyParameters</key>
<dict>
<key>policyAttributeExpiresEveryNDays</key>
<integer>60</integer>
</dict>
</dict>
</array>
<key>policyCategoryPasswordContent</key>
<array>
<dict>
<key>policyContent</key>
<string>policyAttributePassword matches '(.*[A-Za-z].*){1}'</string>
<key>policyIdentifier</key>
<string>Contains at least 1 alphabetic char(s)</string>
<key>policyParameters</key>
<dict>
<key>minimumAlphaCharacters</key>
<integer>1</integer>
</dict>
</dict>
<dict>
<key>policyContent</key>
<string>policyAttributePassword matches '(.*[0-9].*){1}'</string>
<key>policyIdentifier</key>
<string>Contains at least 1 numeric char(s)</string>
<key>policyParameters</key>
<dict>
<key>minimumNumericCharacters</key>
<integer>1</integer>
</dict>
</dict>
<dict>
<key>policyContent</key>
<string>policyAttributePassword matches '(.*[^0-9a-zA-Z].*){1}'</string>
<key>policyIdentifier</key>
<string>Contains at least 1 symbolic char(s)</string>
<key>policyParameters</key>
<dict>
<key>minimumSymbolicCharacters</key>
<integer>1</integer>
</dict>
</dict>
<dict>
<key>policyContent</key>
<string>none policyAttributePasswordHashes in policyAttributePasswordHistory</string>
<key>policyIdentifier</key>
<string>Last 15 passwords cannot be reused</string>
<key>policyParameters</key>
<dict>
<key>policyAttributePasswordHistoryDepth</key>
<integer>15</integer>
</dict>
</dict>
<dict>
<key>policyContent</key>
<string>policyAttributeSequentialCharacters < policyAttributeMaximumSequentialCharacters</string>
<key>policyIdentifier</key>
<string>Contains less than 3 sequential chars</string>
<key>policyParameters</key>
<dict>
<key>policyAttributeMaximumSequentialCharacters</key>
<integer>3</integer>
</dict>
</dict>
<dict>
<key>policyContent</key>
<string>policyAttributeConsecutiveCharacters < policyAttributeMaximumConsecutiveCharacters</string>
<key>policyIdentifier</key>
<string>Contains less than 3 consecutive chars</string>
<key>policyParameters</key>
<dict>
<key>policyAttributeMaximumConsecutiveCharacters</key>
<integer>3</integer>
</dict>
</dict>
<dict>
<key>policyContent</key>
<string>policyAttributePassword matches '(.){12,}'</string>
<key>policyIdentifier</key>
<string>Contains at least 12 characters</string>
<key>policyParameters</key>
<dict>
<key>minimumChars</key>
<integer>12</integer>
</dict>
</dict>
<dict>
<key>policyContent</key>
<string>policyAttributePassword matches '(.*[a-z].*[A-Z].*)|(.*[A-Z].*[a-z].*)'</string>
<key>policyIdentifier</key>
<string>Contains at least 1 upper and 1 lower case char</string>
<key>policyParameters</key>
<dict>
<key>minimumMixedCaseInstances</key>
<integer>1</integer>
</dict>
</dict>
</array>
</dict>
</plist>