tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

macOS Refactoring (#311) 

* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.

* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.

Tested on my own machine, unable to find any errors outside of normal parameters.
This commit is contained in:
Justin P 2016-11-05 05:53:22 -05:00 committed by Michael Boelen
parent 0f318a4b7c
commit 50b06efd30
10 changed files with 29 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/binaries
View File

@ -220,7 +220,7 @@
;;
sestatus) SESTATUSFOUND=1; SESTATUSBINARY="${BINARY}"; LogText " Found known binary: sestatus (SELinux client) - ${BINARY}" ;;
slocate) LOCATEFOUND=1; LOCATEBINARY="${BINARY}"; LogText " Found known binary: slocate (file database) - ${BINARY}" ;;
smbd) SMBDFOUND=1; SMBDBINARY="${BINARY}"; if [ "${OS}" = "MacOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=`${BINARY} -V | grep "^Version" | awk '{ print $2 }'`; fi; LogText "Found ${BINARY} (version ${SMBDVERSION})" ;;
smbd) SMBDFOUND=1; SMBDBINARY="${BINARY}"; if [ "${OS}" = "macOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=`${BINARY} -V | grep "^Version" | awk '{ print $2 }'`; fi; LogText "Found ${BINARY} (version ${SMBDVERSION})" ;;
smtpctl) SMTPCTLBINARY="${BINARY}"; LogText " Found known binary: smtpctl (OpenSMTPD client) - ${BINARY}" ;;
showmount) SHOWMOUNTFOUND=1; SHOWMOUNTBINARY="${BINARY}"; LogText " Found known binary: showmount (NFS mounts) - ${BINARY}" ;;
sockstat) SOCKSTATFOUND=1; SOCKSTATBINARY="${BINARY}"; LogText " Found known binary: sockstat (open network sockets) - ${BINARY}" ;;

8
include/functions
View File

@ -881,12 +881,12 @@
fi
;;
"MacOS")
"macOS")
FIND=$(${IFCONFIGBINARY} en0 | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]')
if [ ! "${FIND}" = "" ]; then
HOSTID=$(echo ${FIND} | shasum | awk '{ print $1 }')
else
ReportException "GetHostID" "No MAC address returned on Mac OS"
ReportException "GetHostID" "No MAC address returned on macOS"
fi
LYNIS_HOSTID2_PART1=$(hostname -s)
if [ ! -z "${LYNIS_HOSTID2_PART1}" ]; then
@ -2543,8 +2543,8 @@
# Check for symlink
if [ -L ${sFILE} ]; then
# Mac OS does not know -f option, nor do some others
if [ "${OS}" = "MacOS" ]; then
# macOS does not know -f option, nor do some others
if [ "${OS}" = "macOS" ]; then
# If a Python binary is found, use the one in path
if [ ${BINARY_SCAN_FINISHED} -eq 0 -a "${PYTHONBINARY}" = "" ]; then
FIND=`which python 2> /dev/null`

10
include/osdetection
View File

@ -39,23 +39,25 @@
# Mac OS X and macOS
Darwin)
OS="MacOS"
OS="macOS"
if [ -x /usr/bin/sw_vers ]; then
OS_NAME=$(/usr/bin/sw_vers -productName)
OS_VERSION=$(/usr/bin/sw_vers -productVersion)
OS_VERSION_NAME="unknown"
OS_FULLNAME="macOS (unknown version)"
case ${OS_VERSION} in
10.9 | 10.9.[0-9]*) OS_FULLNAME="Mac OS X 10.9 (Mavericks)" ;;
10.9 | 10.9.[0-9]*) OS_FULLNAME="Mac OS X 10.9 (Mavericks)" ;;
10.10 | 10.10.[0-9]*) OS_FULLNAME="Mac OS X 10.10 (Yosemite)" ;;
10.11 | 10.11.[0-9]*) OS_FULLNAME="Mac OS X 10.11 (El Capitan)" ;;
10.12 | 10.12.[0-9]*) OS_NAME="macOS"; OS_FULLNAME="macOS Sierra (${OS_VERSION})" ;;
10.12 | 10.12.[0-9]*) OS_FULLNAME="macOS Sierra (${OS_VERSION})" ;;
*) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;;
esac
else
# Fall back to a fairly safe name
OS_NAME="macOS"
# uname -s -r shows Darwin 16.1.0
OS_FULLNAME=$(uname -s -r)
# shows 16.1.0 for Darwin's version, not macOS's
OS_VERSION=$(uname -r)
fi
HARDWARE=$(uname -m)
@ -432,7 +434,7 @@
case ${OS} in
"AIX") ECHOCMD="echo" ;;
"DragonFly"|"FreeBSD"|"NetBSD") ECHOCMD="echo -e"; ECHONB="echo -n" ;;
"MacOS") ECHOCMD="echo"; ECHONB="/bin/echo -n" ;;
"macOS" | "Mac OS X") ECHOCMD="echo"; ECHONB="/bin/echo -n" ;;
"Solaris") ECHOCMD="echo" ;;
"Linux")
# Check if dash is used (Debian/Ubuntu)

2
include/tests_authentication
View File

@ -304,7 +304,7 @@
FIND=$(${AWKBINARY} -v UID_MIN="${UID_MIN}" -F: '($3 >= UID_MIN && $3 != 65534) || ($3 == 0) { print $1","$3 }' /etc/passwd)
;;
"MacOS")
"macOS")
LogText "macOS real users output (ID = 0, or 500-599) using dscacheutil"
FIND_USERS=$(dscacheutil -q user | ${GREPBINARY} -A 3 -B 2 -e "^uid: 5[0-9][0-9]" | ${GREPBINARY} "^name: " | ${AWKBINARY} '{print $2}')
if [ ! -z "${FIND_USERS}" ]; then

14
include/tests_boot_services
View File

@ -136,13 +136,13 @@
#################################################################################
#
# Test : BOOT-5106
# Description : Check if boot.efi is found on Mac OS X
Register --test-no BOOT-5106 --os "MacOS" --weight L --network NO --root-only YES --category security --description "Check EFI boot file on Mac OS X"
# Description : Check if boot.efi is found on macOS/macOS
Register --test-no BOOT-5106 --os "macOS" --weight L --network NO --root-only YES --category security --description "Check EFI boot file on Mac OS X/macOS"
if [ ${SKIPTEST} -eq 0 ]; then
FileExists ${ROOTDIR}System/Library/CoreServices/boot.efi
if [ ${FILE_FOUND} -eq 1 ]; then
LogText "Result: found Mac OS X boot.efi file"
BOOT_LOADER="MacOS-boot-EFI"
LogText "Result: found macOS/Mac OS X boot.efi file"
BOOT_LOADER="macOS-boot-EFI"
BOOT_LOADER_FOUND=1
fi
fi
@ -201,8 +201,8 @@
LogText "Result: system not booted with Secure Boot (no SecureBoot file found)"
fi
;;
#MacOS)
# TODO: Mac OS ioreg -l -p IODeviceTree | ${GREPBINARY} firmware-abi
#macOS)
# TODO: macOS ioreg -l -p IODeviceTree | ${GREPBINARY} firmware-abi
#;;
*)
LogText "Result: no test implemented yet to test for UEFI on this platform"
@ -702,7 +702,7 @@
fi
;;
DragonFly | FreeBSD | MacOS)
DragonFly | FreeBSD | macOS)
if [ ! -z "${SYSCTLBINARY}" ]; then
TIME_BOOT=$(${SYSCTLBINARY} kern.boottime | ${AWKBINARY} '{ print $5 }' | ${SEDBINARY} -e 's/,//' | ${GREPBINARY} "[0-9]")
TIME_NOW=$(date "+%s")

6
include/tests_firewalls
View File

@ -356,9 +356,9 @@
#################################################################################
#
# Test : FIRE-4532
# Description : Check Application Firewall in Mac OS X
# Description : Check Application Firewall in macOS
if [ -x /usr/libexec/ApplicationFirewall/socketfilterfw ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check macOS application firewall"
Register --test-no FIRE-4532 --weight L --os "macOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check macOS application firewall"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null | ${GREPBINARY} "Firewall is enabled")
if [ ! -z "${FIND}" ]; then
@ -380,7 +380,7 @@
#
# Test : FIRE-4534
# Description : Check Little Snitch Daemon on macOS
Register --test-no FIRE-4534 --weight L --os "MacOS" --network NO --category security --description "Check for presence of Little Snitch on macOS"
Register --test-no FIRE-4534 --weight L --os "macOS" --network NO --category security --description "Check for presence of Little Snitch on macOS"
if [ ${SKIPTEST} -eq 0 ]; then
if IsRunning "Little Snitch Daemon"; then
Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_ENABLED}" --color GREEN

2
include/tests_insecure_services
View File

@ -110,7 +110,7 @@
#################################################################################
#
if [ ! -z "${LAUNCHCTL_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="No launchctl binary on this system"; fi
Register --test-no INSE-8050 --os "MacOS" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight M --network NO --category security --description "Check for insecure services on macOS"
Register --test-no INSE-8050 --os "macOS" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight M --network NO --category security --description "Check for insecure services on macOS"
if [ ${SKIPTEST} -eq 0 ]; then
TEST_SERVICES="com.apple.fingerd"
for ITEM in ${TEST_SERVICES}; do

2
include/tests_malware
View File

@ -242,7 +242,7 @@
#################################################################################
#
# Test : MALW-3288
# Description : Check for ClamXav (Mac OS X)
# Description : Check for ClamXav (macOS)
if [ -d /Applications/ClamXav.app/Contents/Resources/ScanningEngine/bin/ ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no MALW-3288 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for ClamXav"
if [ ${SKIPTEST} -eq 0 ]; then

8
include/tests_networking
View File

@ -228,7 +228,7 @@
FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ( $2 == "Link" ) { print $1 }}'`
fi
;;
DragonFly|FreeBSD|MacOS|NetBSD)
DragonFly|FreeBSD|macOS|NetBSD)
FIND=`${IFCONFIGBINARY} -l`
;;
OpenBSD|Solaris)
@ -277,7 +277,7 @@
fi
fi
;;
MacOS)
macOS)
FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="lladdr" || $1=="ether") print $2 }' | ${SORTBINARY} -u`
;;
NetBSD)
@ -333,7 +333,7 @@
fi
fi
;;
MacOS)
macOS)
FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet") print $2 }'`
FIND2=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet6") print $2 }'`
;;
@ -402,7 +402,7 @@
fi
;;
MacOS)
macOS)
if [ ! "${LSOFBINARY}" = "" ]; then
# UDP and TCP combined
FIND=`${LSOFBINARY} -i -P | ${AWKBINARY} '{ print $9"|"$8"|"$1"|" }' | ${SEDBINARY} 's/\(.*\)\-\>.*\(\|.*\)/\1\2/' | ${SEDBINARY} 's/\*/'$IP'/' | ${SORTBINARY} -u | ${GREPBINARY} -v "NAME"`

2
lynis
View File

@ -317,7 +317,7 @@ ${NORMAL}
${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}
------------------------------------------------------------------------------
If you are unsure another Lynis process is running currently, you are advised
If you are unsure another Lynis process is running currently, you are advised
to stop current process and check the process list first. If you cancelled
(by using CTRL+C) a previous instance, you can ignore this message.