Endpoint Security Scanning
Scan the local machine for security posture issues -- no MDM required.
Quick Start
cyscan endpoint # scan this machine
cyscan endpoint --format json # JSON output
cyscan endpoint --fail-below 80 # CI gate (fail if score < 80)
macOS Checks (23)
| Category | Check | Severity |
|---|---|---|
| Encryption | FileVault disk encryption | Critical |
| Malware | Gatekeeper (signed apps only) | Critical |
| System | System Integrity Protection (SIP) | Critical |
| Network | macOS Firewall | High |
| Updates | Automatic update check | High |
| Updates | Automatic update download | Medium |
| Access | Screen lock password required | High |
| Access | Screen lock delay (< 5 seconds) | Medium |
| Network | Remote Login (SSH) disabled | High |
| Network | Remote Management (ARD) | Medium |
| Network | File Sharing (SMB) | Medium |
| Network | Screen Sharing | Medium |
| Network | AirDrop | Low |
| Updates | OS version currency | High |
| Malware | XProtect definitions | High |
| Theft | Find My Mac | Medium |
| Access | Guest account disabled | Medium |
| Access | Login password hints disabled | Low |
| Browser | Safari password autofill | Low |
| Network | Bluetooth sharing | Medium |
| Network | Internet sharing | High |
| Network | Content caching | Low |
| System | Unsigned kernel extensions | High |
Linux Checks (12)
| Category | Check | Severity |
|---|---|---|
| Encryption | LUKS disk encryption | Critical |
| Network | UFW/iptables firewall | High |
| System | SELinux/AppArmor | High |
| Updates | Unattended security upgrades | High |
| Access | SSH root login disabled | Critical |
| Access | SSH password auth disabled | High |
| Network | SSH non-default port | Low |
| System | SUID binaries audit | Medium |
| Access | Failed login attempts | Medium |
| System | Kernel ASLR enabled | High |
| System | Core dumps disabled | Medium |
| Logging | auditd running | High |
Scoring
Score is 0-100, weighted by severity:
- Critical checks: 15 points each
- High checks: 10 points each
- Medium checks: 5 points each
- Low checks: 2 points each
Fleet-Wide Scanning
For fleet-wide endpoint compliance, use the platform integrations:
| Provider | What it covers |
|---|---|
| Microsoft Intune | Windows, macOS, iOS, Android -- compliance state, encryption, jailbreak, OS version, MAM policies |
| Jamf Pro | macOS and iOS -- FileVault, Gatekeeper, SIP, firewall, patch compliance, config profiles |
Configure in Settings > Integrations > Connect Cloud Provider.