From 50b06efd303fa82284dfa1fd083ed18fa8a55ec6 Mon Sep 17 00:00:00 2001
From: Justin P <jpartain89@users.noreply.github.com>
Date: Sat, 5 Nov 2016 05:53:22 -0500
Subject: [PATCH] macOS Refactoring (#311)
* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.
* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.
Tested on my own machine, unable to find any errors outside of normal parameters.
---
include/binaries | 2 +-
include/functions | 8 ++++----
include/osdetection | 10 ++++++----
include/tests_authentication | 2 +-
include/tests_boot_services | 14 +++++++-------
include/tests_firewalls | 6 +++---
include/tests_insecure_services | 2 +-
include/tests_malware | 2 +-
include/tests_networking | 8 ++++----
lynis | 2 +-
10 files changed, 29 insertions(+), 27 deletions(-)
diff --git a/include/binaries b/include/binaries
index 17b269c1..7825ed93 100644
--- a/include/binaries
+++ b/include/binaries
@@ -220,7 +220,7 @@
;;
sestatus) SESTATUSFOUND=1; SESTATUSBINARY="${BINARY}"; LogText " Found known binary: sestatus (SELinux client) - ${BINARY}" ;;
slocate) LOCATEFOUND=1; LOCATEBINARY="${BINARY}"; LogText " Found known binary: slocate (file database) - ${BINARY}" ;;
- smbd) SMBDFOUND=1; SMBDBINARY="${BINARY}"; if [ "${OS}" = "MacOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=`${BINARY} -V | grep "^Version" | awk '{ print $2 }'`; fi; LogText "Found ${BINARY} (version ${SMBDVERSION})" ;;
+ smbd) SMBDFOUND=1; SMBDBINARY="${BINARY}"; if [ "${OS}" = "macOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=`${BINARY} -V | grep "^Version" | awk '{ print $2 }'`; fi; LogText "Found ${BINARY} (version ${SMBDVERSION})" ;;
smtpctl) SMTPCTLBINARY="${BINARY}"; LogText " Found known binary: smtpctl (OpenSMTPD client) - ${BINARY}" ;;
showmount) SHOWMOUNTFOUND=1; SHOWMOUNTBINARY="${BINARY}"; LogText " Found known binary: showmount (NFS mounts) - ${BINARY}" ;;
sockstat) SOCKSTATFOUND=1; SOCKSTATBINARY="${BINARY}"; LogText " Found known binary: sockstat (open network sockets) - ${BINARY}" ;;
diff --git a/include/functions b/include/functions
index 29d2a6a9..544fb52c 100644
--- a/include/functions
+++ b/include/functions
@@ -881,12 +881,12 @@
fi
;;
- "MacOS")
+ "macOS")
FIND=$(${IFCONFIGBINARY} en0 | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]')
if [ ! "${FIND}" = "" ]; then
HOSTID=$(echo ${FIND} | shasum | awk '{ print $1 }')
else
- ReportException "GetHostID" "No MAC address returned on Mac OS"
+ ReportException "GetHostID" "No MAC address returned on macOS"
fi
LYNIS_HOSTID2_PART1=$(hostname -s)
if [ ! -z "${LYNIS_HOSTID2_PART1}" ]; then
@@ -2543,8 +2543,8 @@
# Check for symlink
if [ -L ${sFILE} ]; then
- # Mac OS does not know -f option, nor do some others
- if [ "${OS}" = "MacOS" ]; then
+ # macOS does not know -f option, nor do some others
+ if [ "${OS}" = "macOS" ]; then
# If a Python binary is found, use the one in path
if [ ${BINARY_SCAN_FINISHED} -eq 0 -a "${PYTHONBINARY}" = "" ]; then
FIND=`which python 2> /dev/null`
diff --git a/include/osdetection b/include/osdetection
index 6a9fab7c..aaddc1b4 100644
--- a/include/osdetection
+++ b/include/osdetection
@@ -39,23 +39,25 @@
# Mac OS X and macOS
Darwin)
- OS="MacOS"
+ OS="macOS"
if [ -x /usr/bin/sw_vers ]; then
OS_NAME=$(/usr/bin/sw_vers -productName)
OS_VERSION=$(/usr/bin/sw_vers -productVersion)
OS_VERSION_NAME="unknown"
OS_FULLNAME="macOS (unknown version)"
case ${OS_VERSION} in
- 10.9 | 10.9.[0-9]*) OS_FULLNAME="Mac OS X 10.9 (Mavericks)" ;;
+ 10.9 | 10.9.[0-9]*) OS_FULLNAME="Mac OS X 10.9 (Mavericks)" ;;
10.10 | 10.10.[0-9]*) OS_FULLNAME="Mac OS X 10.10 (Yosemite)" ;;
10.11 | 10.11.[0-9]*) OS_FULLNAME="Mac OS X 10.11 (El Capitan)" ;;
- 10.12 | 10.12.[0-9]*) OS_NAME="macOS"; OS_FULLNAME="macOS Sierra (${OS_VERSION})" ;;
+ 10.12 | 10.12.[0-9]*) OS_FULLNAME="macOS Sierra (${OS_VERSION})" ;;
*) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;;
esac
else
# Fall back to a fairly safe name
OS_NAME="macOS"
+ # uname -s -r shows Darwin 16.1.0
OS_FULLNAME=$(uname -s -r)
+ # shows 16.1.0 for Darwin's version, not macOS's
OS_VERSION=$(uname -r)
fi
HARDWARE=$(uname -m)
@@ -432,7 +434,7 @@
case ${OS} in
"AIX") ECHOCMD="echo" ;;
"DragonFly"|"FreeBSD"|"NetBSD") ECHOCMD="echo -e"; ECHONB="echo -n" ;;
- "MacOS") ECHOCMD="echo"; ECHONB="/bin/echo -n" ;;
+ "macOS" | "Mac OS X") ECHOCMD="echo"; ECHONB="/bin/echo -n" ;;
"Solaris") ECHOCMD="echo" ;;
"Linux")
# Check if dash is used (Debian/Ubuntu)
diff --git a/include/tests_authentication b/include/tests_authentication
index e8ea4d46..ab424aee 100644
--- a/include/tests_authentication
+++ b/include/tests_authentication
@@ -304,7 +304,7 @@
FIND=$(${AWKBINARY} -v UID_MIN="${UID_MIN}" -F: '($3 >= UID_MIN && $3 != 65534) || ($3 == 0) { print $1","$3 }' /etc/passwd)
;;
- "MacOS")
+ "macOS")
LogText "macOS real users output (ID = 0, or 500-599) using dscacheutil"
FIND_USERS=$(dscacheutil -q user | ${GREPBINARY} -A 3 -B 2 -e "^uid: 5[0-9][0-9]" | ${GREPBINARY} "^name: " | ${AWKBINARY} '{print $2}')
if [ ! -z "${FIND_USERS}" ]; then
diff --git a/include/tests_boot_services b/include/tests_boot_services
index 5c296a12..2c02ae28 100644
--- a/include/tests_boot_services
+++ b/include/tests_boot_services
@@ -136,13 +136,13 @@
#################################################################################
#
# Test : BOOT-5106
- # Description : Check if boot.efi is found on Mac OS X
- Register --test-no BOOT-5106 --os "MacOS" --weight L --network NO --root-only YES --category security --description "Check EFI boot file on Mac OS X"
+ # Description : Check if boot.efi is found on macOS/macOS
+ Register --test-no BOOT-5106 --os "macOS" --weight L --network NO --root-only YES --category security --description "Check EFI boot file on Mac OS X/macOS"
if [ ${SKIPTEST} -eq 0 ]; then
FileExists ${ROOTDIR}System/Library/CoreServices/boot.efi
if [ ${FILE_FOUND} -eq 1 ]; then
- LogText "Result: found Mac OS X boot.efi file"
- BOOT_LOADER="MacOS-boot-EFI"
+ LogText "Result: found macOS/Mac OS X boot.efi file"
+ BOOT_LOADER="macOS-boot-EFI"
BOOT_LOADER_FOUND=1
fi
fi
@@ -201,8 +201,8 @@
LogText "Result: system not booted with Secure Boot (no SecureBoot file found)"
fi
;;
- #MacOS)
- # TODO: Mac OS ioreg -l -p IODeviceTree | ${GREPBINARY} firmware-abi
+ #macOS)
+ # TODO: macOS ioreg -l -p IODeviceTree | ${GREPBINARY} firmware-abi
#;;
*)
LogText "Result: no test implemented yet to test for UEFI on this platform"
@@ -702,7 +702,7 @@
fi
;;
- DragonFly | FreeBSD | MacOS)
+ DragonFly | FreeBSD | macOS)
if [ ! -z "${SYSCTLBINARY}" ]; then
TIME_BOOT=$(${SYSCTLBINARY} kern.boottime | ${AWKBINARY} '{ print $5 }' | ${SEDBINARY} -e 's/,//' | ${GREPBINARY} "[0-9]")
TIME_NOW=$(date "+%s")
diff --git a/include/tests_firewalls b/include/tests_firewalls
index 262aa8d3..25f95907 100644
--- a/include/tests_firewalls
+++ b/include/tests_firewalls
@@ -356,9 +356,9 @@
#################################################################################
#
# Test : FIRE-4532
- # Description : Check Application Firewall in Mac OS X
+ # Description : Check Application Firewall in macOS
if [ -x /usr/libexec/ApplicationFirewall/socketfilterfw ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
- Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check macOS application firewall"
+ Register --test-no FIRE-4532 --weight L --os "macOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check macOS application firewall"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null | ${GREPBINARY} "Firewall is enabled")
if [ ! -z "${FIND}" ]; then
@@ -380,7 +380,7 @@
#
# Test : FIRE-4534
# Description : Check Little Snitch Daemon on macOS
- Register --test-no FIRE-4534 --weight L --os "MacOS" --network NO --category security --description "Check for presence of Little Snitch on macOS"
+ Register --test-no FIRE-4534 --weight L --os "macOS" --network NO --category security --description "Check for presence of Little Snitch on macOS"
if [ ${SKIPTEST} -eq 0 ]; then
if IsRunning "Little Snitch Daemon"; then
Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_ENABLED}" --color GREEN
diff --git a/include/tests_insecure_services b/include/tests_insecure_services
index c5e39a99..129683fd 100644
--- a/include/tests_insecure_services
+++ b/include/tests_insecure_services
@@ -110,7 +110,7 @@
#################################################################################
#
if [ ! -z "${LAUNCHCTL_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="No launchctl binary on this system"; fi
- Register --test-no INSE-8050 --os "MacOS" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight M --network NO --category security --description "Check for insecure services on macOS"
+ Register --test-no INSE-8050 --os "macOS" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight M --network NO --category security --description "Check for insecure services on macOS"
if [ ${SKIPTEST} -eq 0 ]; then
TEST_SERVICES="com.apple.fingerd"
for ITEM in ${TEST_SERVICES}; do
diff --git a/include/tests_malware b/include/tests_malware
index c7e3e6b1..7e82b56b 100644
--- a/include/tests_malware
+++ b/include/tests_malware
@@ -242,7 +242,7 @@
#################################################################################
#
# Test : MALW-3288
- # Description : Check for ClamXav (Mac OS X)
+ # Description : Check for ClamXav (macOS)
if [ -d /Applications/ClamXav.app/Contents/Resources/ScanningEngine/bin/ ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no MALW-3288 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for ClamXav"
if [ ${SKIPTEST} -eq 0 ]; then
diff --git a/include/tests_networking b/include/tests_networking
index b2534e4b..de297add 100644
--- a/include/tests_networking
+++ b/include/tests_networking
@@ -228,7 +228,7 @@
FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ( $2 == "Link" ) { print $1 }}'`
fi
;;
- DragonFly|FreeBSD|MacOS|NetBSD)
+ DragonFly|FreeBSD|macOS|NetBSD)
FIND=`${IFCONFIGBINARY} -l`
;;
OpenBSD|Solaris)
@@ -277,7 +277,7 @@
fi
fi
;;
- MacOS)
+ macOS)
FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="lladdr" || $1=="ether") print $2 }' | ${SORTBINARY} -u`
;;
NetBSD)
@@ -333,7 +333,7 @@
fi
fi
;;
- MacOS)
+ macOS)
FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet") print $2 }'`
FIND2=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet6") print $2 }'`
;;
@@ -402,7 +402,7 @@
fi
;;
- MacOS)
+ macOS)
if [ ! "${LSOFBINARY}" = "" ]; then
# UDP and TCP combined
FIND=`${LSOFBINARY} -i -P | ${AWKBINARY} '{ print $9"|"$8"|"$1"|" }' | ${SEDBINARY} 's/\(.*\)\-\>.*\(\|.*\)/\1\2/' | ${SEDBINARY} 's/\*/'$IP'/' | ${SORTBINARY} -u | ${GREPBINARY} -v "NAME"`
diff --git a/lynis b/lynis
index 70c33e63..06c88841 100755
--- a/lynis
+++ b/lynis
@@ -317,7 +317,7 @@ ${NORMAL}
${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}
------------------------------------------------------------------------------
-If you are unsure another Lynis process is running currently, you are advised
+If you are unsure another Lynis process is running currently, you are advised
to stop current process and check the process list first. If you cancelled
(by using CTRL+C) a previous instance, you can ignore this message.