From 2b101e75e8c105be1b388af144e6cb3db5873ba7 Mon Sep 17 00:00:00 2001 From: mboelen Date: Wed, 2 Dec 2015 17:37:58 +0100 Subject: [PATCH] Audit status of application firewall and added test for Mac OS X (FIRE-4532) --- include/consts | 1 + include/tests_firewalls | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/include/consts b/include/consts index 12842c13..a653c488 100644 --- a/include/consts +++ b/include/consts @@ -49,6 +49,7 @@ unset LANG AIDEBINARY="" AASTATUSBINARY="" AUDITD_RUNNING=0 + APPLICATION_FIREWALL_ACTIVE=0 BINARY_SCAN_FINISHED=0 CHECK_BINARIES=1 CHKROOTKITBINARY="" diff --git a/include/tests_firewalls b/include/tests_firewalls index da933cb0..81a192da 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -299,6 +299,27 @@ fi # ################################################################################# +# + # Test : FIRE-4532 + # Description : Check Application Firewall in Mac OS X + if [ -x /usr/libexec/ApplicationFirewall/socketfilterfw ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --description "Check Mac OS X application firewall" + if [ ${SKIPTEST} -eq 0 ]; then + FIND=`/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null | grep "Enabled"` + if [ ! "${FIND}" = "" ]; then + Display --indent 2 --text "- Checking Mac OS X: Application Firewall" --result ENABLED --color GREEN + AddHP 3 3 + logtext "Result: application firewall of Mac OS X is enabled" + APPLICATION_FIREWALL_ACTIVE=1 + report "app_fw[]=macosx-app-fw" + else + Display --indent 2 --text "- Checking IPFW" --result DISABLED --color YELLOW + AddHP 1 3 + logtext "Result: application firewall of Mac OS X is disabled" + fi + fi +# +################################################################################# # # Test : FIRE-4590 # Description : Check if at least one firewall if active