Audit status of application firewall and added test for Mac OS X (FIRE-4532)

2015-12-02 17:37:58 +01:00 · 2015-12-02 17:37:58 +01:00 · 2b101e75e8
parent 4ab96e4f39
commit 2b101e75e8
2 changed files with 22 additions and 0 deletions
--- a/include/consts
+++ b/include/consts
@ -49,6 +49,7 @@ unset LANG
    AIDEBINARY=""
    AASTATUSBINARY=""
    AUDITD_RUNNING=0
+    APPLICATION_FIREWALL_ACTIVE=0
    BINARY_SCAN_FINISHED=0
    CHECK_BINARIES=1
    CHKROOTKITBINARY=""
--- a/include/tests_firewalls
+++ b/include/tests_firewalls
@ -299,6 +299,27 @@
    fi
 #
 #################################################################################
+#
+    # Test        : FIRE-4532
+    # Description : Check Application Firewall in Mac OS X
+    if [ -x /usr/libexec/ApplicationFirewall/socketfilterfw ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --description "Check Mac OS X application firewall"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FIND=`/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null | grep "Enabled"`
+        if [ ! "${FIND}" = "" ]; then
+            Display --indent 2 --text "- Checking Mac OS X: Application Firewall" --result ENABLED --color GREEN
+            AddHP 3 3
+            logtext "Result: application firewall of Mac OS X is enabled"
+            APPLICATION_FIREWALL_ACTIVE=1
+            report "app_fw[]=macosx-app-fw"
+          else
+            Display --indent 2 --text "- Checking IPFW" --result DISABLED --color YELLOW
+            AddHP 1 3
+            logtext "Result: application firewall of Mac OS X is disabled"
+        fi
+    fi
+#
+#################################################################################
 #
    # Test        : FIRE-4590
    # Description : Check if at least one firewall if active