macOS Refactoring (#311)

* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.

* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.

Tested on my own machine, unable to find any errors outside of normal parameters.

include/binaries

@@ -220,7 +220,7 @@
                             ;;
                             sestatus)               SESTATUSFOUND=1;       SESTATUSBINARY="${BINARY}";                                                    LogText "  Found known binary: sestatus (SELinux client) - ${BINARY}"                                     ;;
                             slocate)                LOCATEFOUND=1;         LOCATEBINARY="${BINARY}";                                                      LogText "  Found known binary: slocate (file database) - ${BINARY}"                                       ;;
-                            smbd)                   SMBDFOUND=1;           SMBDBINARY="${BINARY}"; if [ "${OS}" = "MacOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=`${BINARY} -V | grep "^Version" | awk '{ print $2 }'`; fi; LogText "Found ${BINARY} (version ${SMBDVERSION})"                                            ;;
+                            smbd)                   SMBDFOUND=1;           SMBDBINARY="${BINARY}"; if [ "${OS}" = "macOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=`${BINARY} -V | grep "^Version" | awk '{ print $2 }'`; fi; LogText "Found ${BINARY} (version ${SMBDVERSION})"                                            ;;
                             smtpctl)                SMTPCTLBINARY="${BINARY}";                                                                            LogText "  Found known binary: smtpctl (OpenSMTPD client) - ${BINARY}"                                    ;;
                             showmount)              SHOWMOUNTFOUND=1;      SHOWMOUNTBINARY="${BINARY}";                                                   LogText "  Found known binary: showmount (NFS mounts) - ${BINARY}"                                        ;;
                             sockstat)               SOCKSTATFOUND=1;       SOCKSTATBINARY="${BINARY}";                                                    LogText "  Found known binary: sockstat (open network sockets) - ${BINARY}"                               ;;

include/functions

@@ -881,12 +881,12 @@
                         fi
                 ;;
 
-                "MacOS")
+                "macOS")
                      FIND=$(${IFCONFIGBINARY} en0 | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]')
                      if [ ! "${FIND}" = "" ]; then
                          HOSTID=$(echo ${FIND} | shasum | awk '{ print $1 }')
                        else
-                         ReportException "GetHostID" "No MAC address returned on Mac OS"
+                         ReportException "GetHostID" "No MAC address returned on macOS"
                      fi
                      LYNIS_HOSTID2_PART1=$(hostname -s)
                      if [ ! -z "${LYNIS_HOSTID2_PART1}" ]; then
@@ -2543,8 +2543,8 @@
         # Check for symlink
         if [ -L ${sFILE} ]; then
 
-                # Mac OS does not know -f option, nor do some others
+                # macOS does not know -f option, nor do some others
-                if [ "${OS}" = "MacOS" ]; then
+                if [ "${OS}" = "macOS" ]; then
                     # If a Python binary is found, use the one in path
                     if [ ${BINARY_SCAN_FINISHED} -eq 0 -a "${PYTHONBINARY}" = "" ]; then
                         FIND=`which python 2> /dev/null`

include/osdetection

@@ -39,7 +39,7 @@
 
         # Mac OS X and macOS
         Darwin)
-            OS="MacOS"
+            OS="macOS"
             if [ -x /usr/bin/sw_vers ]; then
                 OS_NAME=$(/usr/bin/sw_vers -productName)
                 OS_VERSION=$(/usr/bin/sw_vers -productVersion)
@@ -49,13 +49,15 @@
                     10.9 | 10.9.[0-9]*) OS_FULLNAME="Mac OS X 10.9 (Mavericks)" ;;
                     10.10 | 10.10.[0-9]*) OS_FULLNAME="Mac OS X 10.10 (Yosemite)" ;;
                     10.11 | 10.11.[0-9]*) OS_FULLNAME="Mac OS X 10.11 (El Capitan)" ;;
-                    10.12 | 10.12.[0-9]*) OS_NAME="macOS"; OS_FULLNAME="macOS Sierra (${OS_VERSION})" ;;
+                    10.12 | 10.12.[0-9]*) OS_FULLNAME="macOS Sierra (${OS_VERSION})" ;;
                     *) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;;
                 esac
             else
                 # Fall back to a fairly safe name
                 OS_NAME="macOS"
+                # uname -s -r shows Darwin 16.1.0
                 OS_FULLNAME=$(uname -s -r)
+                # shows 16.1.0 for Darwin's version, not macOS's
                 OS_VERSION=$(uname -r)
             fi
             HARDWARE=$(uname -m)
@@ -432,7 +434,7 @@
     case ${OS} in
         "AIX")                           ECHOCMD="echo" ;;
         "DragonFly"|"FreeBSD"|"NetBSD")  ECHOCMD="echo -e"; ECHONB="echo -n" ;;
-        "MacOS")                         ECHOCMD="echo"; ECHONB="/bin/echo -n" ;;
+        "macOS" | "Mac OS X")                         ECHOCMD="echo"; ECHONB="/bin/echo -n" ;;
         "Solaris")                       ECHOCMD="echo" ;;
         "Linux")
             # Check if dash is used (Debian/Ubuntu)

include/tests_authentication

@@ -304,7 +304,7 @@
                 FIND=$(${AWKBINARY} -v UID_MIN="${UID_MIN}" -F: '($3 >= UID_MIN && $3 != 65534) || ($3 == 0) { print $1","$3 }' /etc/passwd)
             ;;
 
-            "MacOS")
+            "macOS")
                 LogText "macOS real users output (ID = 0, or 500-599) using dscacheutil"
                 FIND_USERS=$(dscacheutil -q user | ${GREPBINARY} -A 3 -B 2 -e "^uid: 5[0-9][0-9]" | ${GREPBINARY} "^name: " | ${AWKBINARY} '{print $2}')
                 if [ ! -z "${FIND_USERS}" ]; then

include/tests_boot_services

@@ -136,13 +136,13 @@
 #################################################################################
 #
     # Test        : BOOT-5106
-    # Description : Check if boot.efi is found on Mac OS X
+    # Description : Check if boot.efi is found on macOS/macOS
-    Register --test-no BOOT-5106 --os "MacOS" --weight L --network NO --root-only YES --category security --description "Check EFI boot file on Mac OS X"
+    Register --test-no BOOT-5106 --os "macOS" --weight L --network NO --root-only YES --category security --description "Check EFI boot file on Mac OS X/macOS"
     if [ ${SKIPTEST} -eq 0 ]; then
         FileExists ${ROOTDIR}System/Library/CoreServices/boot.efi
         if [ ${FILE_FOUND} -eq 1 ]; then
-            LogText "Result: found Mac OS X boot.efi file"
+            LogText "Result: found macOS/Mac OS X boot.efi file"
-            BOOT_LOADER="MacOS-boot-EFI"
+            BOOT_LOADER="macOS-boot-EFI"
             BOOT_LOADER_FOUND=1
         fi
     fi
@@ -201,8 +201,8 @@
                     LogText "Result: system not booted with Secure Boot (no SecureBoot file found)"
                 fi
             ;;
-            #MacOS)
+            #macOS)
-            # TODO: Mac OS ioreg -l -p IODeviceTree | ${GREPBINARY} firmware-abi
+            # TODO: macOS ioreg -l -p IODeviceTree | ${GREPBINARY} firmware-abi
             #;;
             *)
                 LogText "Result: no test implemented yet to test for UEFI on this platform"
@@ -702,7 +702,7 @@
                 fi
                 ;;
 
-             DragonFly | FreeBSD | MacOS)
+             DragonFly | FreeBSD | macOS)
                 if [ ! -z "${SYSCTLBINARY}" ]; then
                     TIME_BOOT=$(${SYSCTLBINARY} kern.boottime | ${AWKBINARY} '{ print $5 }' | ${SEDBINARY} -e 's/,//' | ${GREPBINARY} "[0-9]")
                     TIME_NOW=$(date "+%s")

include/tests_firewalls

@@ -356,9 +356,9 @@
 #################################################################################
 #
     # Test        : FIRE-4532
-    # Description : Check Application Firewall in Mac OS X
+    # Description : Check Application Firewall in macOS
     if [ -x /usr/libexec/ApplicationFirewall/socketfilterfw ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check macOS application firewall"
+    Register --test-no FIRE-4532 --weight L --os "macOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check macOS application firewall"
     if [ ${SKIPTEST} -eq 0 ]; then
         FIND=$(/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null | ${GREPBINARY} "Firewall is enabled")
         if [ ! -z "${FIND}" ]; then
@@ -380,7 +380,7 @@
 #
     # Test        : FIRE-4534
     # Description : Check Little Snitch Daemon on macOS
-    Register --test-no FIRE-4534 --weight L --os "MacOS" --network NO --category security --description "Check for presence of Little Snitch on macOS"
+    Register --test-no FIRE-4534 --weight L --os "macOS" --network NO --category security --description "Check for presence of Little Snitch on macOS"
     if [ ${SKIPTEST} -eq 0 ]; then
         if IsRunning "Little Snitch Daemon"; then
             Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_ENABLED}" --color GREEN

include/tests_insecure_services

@@ -110,7 +110,7 @@
 #################################################################################
 #
     if [ ! -z "${LAUNCHCTL_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="No launchctl binary on this system"; fi
-    Register --test-no INSE-8050 --os "MacOS" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight M --network NO --category security --description "Check for insecure services on macOS"
+    Register --test-no INSE-8050 --os "macOS" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight M --network NO --category security --description "Check for insecure services on macOS"
     if [ ${SKIPTEST} -eq 0 ]; then
         TEST_SERVICES="com.apple.fingerd"
         for ITEM in ${TEST_SERVICES}; do

include/tests_malware

@@ -242,7 +242,7 @@
 #################################################################################
 #
     # Test        : MALW-3288
-    # Description : Check for ClamXav (Mac OS X)
+    # Description : Check for ClamXav (macOS)
     if [ -d /Applications/ClamXav.app/Contents/Resources/ScanningEngine/bin/ ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
     Register --test-no MALW-3288 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for ClamXav"
     if [ ${SKIPTEST} -eq 0 ]; then

include/tests_networking

@@ -228,7 +228,7 @@
                     FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ( $2 == "Link" ) { print  $1 }}'`
                 fi
             ;;
-            DragonFly|FreeBSD|MacOS|NetBSD)
+            DragonFly|FreeBSD|macOS|NetBSD)
                 FIND=`${IFCONFIGBINARY} -l`
             ;;
             OpenBSD|Solaris)
@@ -277,7 +277,7 @@
                     fi
                 fi
                 ;;
-            MacOS)
+            macOS)
                 FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="lladdr" || $1=="ether") print $2 }' | ${SORTBINARY} -u`
                 ;;
             NetBSD)
@@ -333,7 +333,7 @@
                     fi
                 fi
                 ;;
-            MacOS)
+            macOS)
                 FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet") print $2 }'`
                 FIND2=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet6") print $2 }'`
                 ;;
@@ -402,7 +402,7 @@
                 fi
                 ;;
 
-            MacOS)
+            macOS)
                 if [ ! "${LSOFBINARY}" = "" ]; then
                     # UDP and TCP combined
                     FIND=`${LSOFBINARY} -i -P | ${AWKBINARY} '{ print $9"|"$8"|"$1"|" }' | ${SEDBINARY} 's/\(.*\)\-\>.*\(\|.*\)/\1\2/' | ${SEDBINARY} 's/\*/'$IP'/' | ${SORTBINARY} -u | ${GREPBINARY} -v "NAME"`