refactor[rules] Updates to check/fix/ddm

Updated check fix for os_root_disable - in checking and disabling this way, sudo will function how some are expecting

Updated rules for ddm info for 26.4

Author: robertgendler

rules/os/os_dictation_disable.yaml

@@ -65,3 +65,7 @@ mobileconfig: true
 mobileconfig_info:
   com.apple.applicationaccess:
     allowDictation: false
+ddm_info:
+  declarationtype: com.apple.configuration.keyboard.settings
+  ddm_key: AllowDictation
+  ddm_value: false

rules/os/os_genmoji_disable.yaml

@@ -46,3 +46,7 @@ mobileconfig: true
 mobileconfig_info:
   com.apple.applicationaccess:
     allowGenmoji: false
+ddm_info:
+  declarationtype: com.apple.configuration.intelligence.settings
+  ddm_key: AllowGenmoji
+  ddm_value: false

rules/os/os_image_playground_disable.yaml

@@ -45,4 +45,8 @@ tags:
 mobileconfig: true
 mobileconfig_info:
   com.apple.applicationaccess:
-    allowImagePlayground: false
+    allowImagePlayground: false
+ddm_info:
+  declarationtype: com.apple.configuration.intelligence.settings
+  ddm_key: AllowImagePlayground
+  ddm_value: false    

rules/os/os_on_device_dictation_enforce.yaml

@@ -74,3 +74,7 @@ mobileconfig: true
 mobileconfig_info:
   com.apple.applicationaccess:
     forceOnDeviceOnlyDictation: true
+ddm_info:
+  declarationtype: com.apple.configuration.intelligence.settings
+  ddm_key: ForceOnDeviceOnlyTranslation
+  ddm_value: true

rules/os/os_root_disable.yaml

@@ -5,13 +5,14 @@ discussion: |
 
   The macOS system _MUST_ require individuals to be authenticated with an individual authenticator prior to using a group authenticator, and administrator users _MUST_ never log in directly as root.
 check: |
-  /usr/bin/dscl . -read /Users/root UserShell 2>&1 | /usr/bin/grep -c "/usr/bin/false"
+  /usr/bin/dscl '/Local/Default' read '/Users/root' AuthenticationAuthority 2>/dev/null | /usr/bin/grep -c 'No such key: AuthenticationAuthority'
 result:
-  integer: 1
+  integer: 0
 fix: |
   [source,bash]
   ----
-  /usr/bin/dscl . -create /Users/root UserShell /usr/bin/false
+  /usr/bin/fdesetup remove -user root
+  /usr/bin/dscl '/Local/Default' delete '/Users/root' AuthenticationAuthority
   ----
 references:
   cce:

rules/os/os_writing_tools_disable.yaml

@@ -58,3 +58,7 @@ mobileconfig: true
 mobileconfig_info:
   com.apple.applicationaccess:
     allowWritingTools: false
+ddm_info:
+  declarationtype: com.apple.configuration.intelligence.settings
+  ddm_key: AllowWritingTools
+  ddm_value: false

rules/system_settings/system_settings_external_intelligence_disable.yaml

@@ -66,4 +66,8 @@ severity: medium
 mobileconfig: true
 mobileconfig_info:
   com.apple.applicationaccess:
-    allowExternalIntelligenceIntegrations: false
+    allowExternalIntelligenceIntegrations: false
+ddm_info:
+  declarationtype: com.apple.configuration.external-intelligence.settings
+  ddm_key: Enabled
+  ddm_value: false    

rules/system_settings/system_settings_external_intelligence_sign_in_disable.yaml

@@ -69,4 +69,8 @@ severity: medium
 mobileconfig: true
 mobileconfig_info:
   com.apple.applicationaccess:
-    allowExternalIntelligenceIntegrationsSignIn: false
+    allowExternalIntelligenceIntegrationsSignIn: false
+ddm_info:
+  declarationtype: com.apple.configuration.external-intelligence.settings
+  ddm_key: AllowSignIn
+  ddm_value: false

rules/system_settings/system_settings_siri_disable.yaml

@@ -70,3 +70,7 @@ mobileconfig: true
 mobileconfig_info:
   com.apple.applicationaccess:
     allowAssistant: false
+ddm_info:
+  declarationtype: com.apple.configuration.siri.settings
+  ddm_key: Enabled
+  ddm_value: false