tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-23 22:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

macOS Refactoring (#311)

Browse Source 
* Default all macOS `OS` names as macOS. Added comments to specify `uname` outputs for better understanding.

* Refactored all `Mac` instances referring to macOS over to `macOS` formatting.

Tested on my own machine, unable to find any errors outside of normal parameters.
This commit is contained in:
Justin P 2016-11-05 05:53:22 -05:00 committed by Michael Boelen
parent 0f318a4b7c
commit 50b06efd30
10 changed files with 29 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/binaries
View File

@ -220,7 +220,7 @@
;; ;;
sestatus) SESTATUSFOUND=1; SESTATUSBINARY="${BINARY}"; LogText " Found known binary: sestatus (SELinux client) - ${BINARY}" ;; sestatus) SESTATUSFOUND=1; SESTATUSBINARY="${BINARY}"; LogText " Found known binary: sestatus (SELinux client) - ${BINARY}" ;;
slocate) LOCATEFOUND=1; LOCATEBINARY="${BINARY}"; LogText " Found known binary: slocate (file database) - ${BINARY}" ;; slocate) LOCATEFOUND=1; LOCATEBINARY="${BINARY}"; LogText " Found known binary: slocate (file database) - ${BINARY}" ;;
smbd) SMBDFOUND=1; SMBDBINARY="${BINARY}"; if [ "${OS}" = "MacOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=`${BINARY} -V | grep "^Version" | awk '{ print $2 }'`; fi; LogText "Found ${BINARY} (version ${SMBDVERSION})" ;; smbd) SMBDFOUND=1; SMBDBINARY="${BINARY}"; if [ "${OS}" = "macOS" ]; then SMBDVERSION="unknown"; else SMBDVERSION=`${BINARY} -V | grep "^Version" | awk '{ print $2 }'`; fi; LogText "Found ${BINARY} (version ${SMBDVERSION})" ;;
smtpctl) SMTPCTLBINARY="${BINARY}"; LogText " Found known binary: smtpctl (OpenSMTPD client) - ${BINARY}" ;; smtpctl) SMTPCTLBINARY="${BINARY}"; LogText " Found known binary: smtpctl (OpenSMTPD client) - ${BINARY}" ;;
showmount) SHOWMOUNTFOUND=1; SHOWMOUNTBINARY="${BINARY}"; LogText " Found known binary: showmount (NFS mounts) - ${BINARY}" ;; showmount) SHOWMOUNTFOUND=1; SHOWMOUNTBINARY="${BINARY}"; LogText " Found known binary: showmount (NFS mounts) - ${BINARY}" ;;
sockstat) SOCKSTATFOUND=1; SOCKSTATBINARY="${BINARY}"; LogText " Found known binary: sockstat (open network sockets) - ${BINARY}" ;; sockstat) SOCKSTATFOUND=1; SOCKSTATBINARY="${BINARY}"; LogText " Found known binary: sockstat (open network sockets) - ${BINARY}" ;;

8
include/functions
View File

@ -881,12 +881,12 @@
fi fi
;; ;;
"MacOS") "macOS")
FIND=$(${IFCONFIGBINARY} en0 | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]') FIND=$(${IFCONFIGBINARY} en0 | grep ether | head -1 | awk '{ print $2 }' | tr '[:upper:]' '[:lower:]')
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
HOSTID=$(echo ${FIND} | shasum | awk '{ print $1 }') HOSTID=$(echo ${FIND} | shasum | awk '{ print $1 }')
else else
ReportException "GetHostID" "No MAC address returned on Mac OS" ReportException "GetHostID" "No MAC address returned on macOS"
fi fi
LYNIS_HOSTID2_PART1=$(hostname -s) LYNIS_HOSTID2_PART1=$(hostname -s)
if [ ! -z "${LYNIS_HOSTID2_PART1}" ]; then if [ ! -z "${LYNIS_HOSTID2_PART1}" ]; then
@ -2543,8 +2543,8 @@
# Check for symlink # Check for symlink
if [ -L ${sFILE} ]; then if [ -L ${sFILE} ]; then
# Mac OS does not know -f option, nor do some others # macOS does not know -f option, nor do some others
if [ "${OS}" = "MacOS" ]; then if [ "${OS}" = "macOS" ]; then
# If a Python binary is found, use the one in path # If a Python binary is found, use the one in path
if [ ${BINARY_SCAN_FINISHED} -eq 0 -a "${PYTHONBINARY}" = "" ]; then if [ ${BINARY_SCAN_FINISHED} -eq 0 -a "${PYTHONBINARY}" = "" ]; then
FIND=`which python 2> /dev/null` FIND=`which python 2> /dev/null`

10
include/osdetection
View File

@ -39,23 +39,25 @@
# Mac OS X and macOS # Mac OS X and macOS
Darwin) Darwin)
OS="MacOS" OS="macOS"
if [ -x /usr/bin/sw_vers ]; then if [ -x /usr/bin/sw_vers ]; then
OS_NAME=$(/usr/bin/sw_vers -productName) OS_NAME=$(/usr/bin/sw_vers -productName)
OS_VERSION=$(/usr/bin/sw_vers -productVersion) OS_VERSION=$(/usr/bin/sw_vers -productVersion)
OS_VERSION_NAME="unknown" OS_VERSION_NAME="unknown"
OS_FULLNAME="macOS (unknown version)" OS_FULLNAME="macOS (unknown version)"
case ${OS_VERSION} in case ${OS_VERSION} in
10.9 | 10.9.[0-9]*) OS_FULLNAME="Mac OS X 10.9 (Mavericks)" ;; 10.9 | 10.9.[0-9]*) OS_FULLNAME="Mac OS X 10.9 (Mavericks)" ;;
10.10 | 10.10.[0-9]*) OS_FULLNAME="Mac OS X 10.10 (Yosemite)" ;; 10.10 | 10.10.[0-9]*) OS_FULLNAME="Mac OS X 10.10 (Yosemite)" ;;
10.11 | 10.11.[0-9]*) OS_FULLNAME="Mac OS X 10.11 (El Capitan)" ;; 10.11 | 10.11.[0-9]*) OS_FULLNAME="Mac OS X 10.11 (El Capitan)" ;;
10.12 | 10.12.[0-9]*) OS_NAME="macOS"; OS_FULLNAME="macOS Sierra (${OS_VERSION})" ;; 10.12 | 10.12.[0-9]*) OS_FULLNAME="macOS Sierra (${OS_VERSION})" ;;
*) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;; *) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;;
esac esac
else else
# Fall back to a fairly safe name # Fall back to a fairly safe name
OS_NAME="macOS" OS_NAME="macOS"
# uname -s -r shows Darwin 16.1.0
OS_FULLNAME=$(uname -s -r) OS_FULLNAME=$(uname -s -r)
# shows 16.1.0 for Darwin's version, not macOS's
OS_VERSION=$(uname -r) OS_VERSION=$(uname -r)
fi fi
HARDWARE=$(uname -m) HARDWARE=$(uname -m)
@ -432,7 +434,7 @@
case ${OS} in case ${OS} in
"AIX") ECHOCMD="echo" ;; "AIX") ECHOCMD="echo" ;;
"DragonFly"|"FreeBSD"|"NetBSD") ECHOCMD="echo -e"; ECHONB="echo -n" ;; "DragonFly"|"FreeBSD"|"NetBSD") ECHOCMD="echo -e"; ECHONB="echo -n" ;;
"MacOS") ECHOCMD="echo"; ECHONB="/bin/echo -n" ;; "macOS" | "Mac OS X") ECHOCMD="echo"; ECHONB="/bin/echo -n" ;;
"Solaris") ECHOCMD="echo" ;; "Solaris") ECHOCMD="echo" ;;
"Linux") "Linux")
# Check if dash is used (Debian/Ubuntu) # Check if dash is used (Debian/Ubuntu)

2
include/tests_authentication
View File

@ -304,7 +304,7 @@
FIND=$(${AWKBINARY} -v UID_MIN="${UID_MIN}" -F: '($3 >= UID_MIN && $3 != 65534) || ($3 == 0) { print $1","$3 }' /etc/passwd) FIND=$(${AWKBINARY} -v UID_MIN="${UID_MIN}" -F: '($3 >= UID_MIN && $3 != 65534) || ($3 == 0) { print $1","$3 }' /etc/passwd)
;; ;;
"MacOS") "macOS")
LogText "macOS real users output (ID = 0, or 500-599) using dscacheutil" LogText "macOS real users output (ID = 0, or 500-599) using dscacheutil"
FIND_USERS=$(dscacheutil -q user | ${GREPBINARY} -A 3 -B 2 -e "^uid: 5[0-9][0-9]" | ${GREPBINARY} "^name: " | ${AWKBINARY} '{print $2}') FIND_USERS=$(dscacheutil -q user | ${GREPBINARY} -A 3 -B 2 -e "^uid: 5[0-9][0-9]" | ${GREPBINARY} "^name: " | ${AWKBINARY} '{print $2}')
if [ ! -z "${FIND_USERS}" ]; then if [ ! -z "${FIND_USERS}" ]; then

14
include/tests_boot_services
View File

@ -136,13 +136,13 @@
################################################################################# #################################################################################
# #
# Test : BOOT-5106 # Test : BOOT-5106
# Description : Check if boot.efi is found on Mac OS X # Description : Check if boot.efi is found on macOS/macOS
Register --test-no BOOT-5106 --os "MacOS" --weight L --network NO --root-only YES --category security --description "Check EFI boot file on Mac OS X" Register --test-no BOOT-5106 --os "macOS" --weight L --network NO --root-only YES --category security --description "Check EFI boot file on Mac OS X/macOS"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FileExists ${ROOTDIR}System/Library/CoreServices/boot.efi FileExists ${ROOTDIR}System/Library/CoreServices/boot.efi
if [ ${FILE_FOUND} -eq 1 ]; then if [ ${FILE_FOUND} -eq 1 ]; then
LogText "Result: found Mac OS X boot.efi file" LogText "Result: found macOS/Mac OS X boot.efi file"
BOOT_LOADER="MacOS-boot-EFI" BOOT_LOADER="macOS-boot-EFI"
BOOT_LOADER_FOUND=1 BOOT_LOADER_FOUND=1
fi fi
fi fi
@ -201,8 +201,8 @@
LogText "Result: system not booted with Secure Boot (no SecureBoot file found)" LogText "Result: system not booted with Secure Boot (no SecureBoot file found)"
fi fi
;; ;;
#MacOS) #macOS)
# TODO: Mac OS ioreg -l -p IODeviceTree | ${GREPBINARY} firmware-abi # TODO: macOS ioreg -l -p IODeviceTree | ${GREPBINARY} firmware-abi
#;; #;;
*) *)
LogText "Result: no test implemented yet to test for UEFI on this platform" LogText "Result: no test implemented yet to test for UEFI on this platform"
@ -702,7 +702,7 @@
fi fi
;; ;;
DragonFly | FreeBSD | MacOS) DragonFly | FreeBSD | macOS)
if [ ! -z "${SYSCTLBINARY}" ]; then if [ ! -z "${SYSCTLBINARY}" ]; then
TIME_BOOT=$(${SYSCTLBINARY} kern.boottime | ${AWKBINARY} '{ print $5 }' | ${SEDBINARY} -e 's/,//' | ${GREPBINARY} "[0-9]") TIME_BOOT=$(${SYSCTLBINARY} kern.boottime | ${AWKBINARY} '{ print $5 }' | ${SEDBINARY} -e 's/,//' | ${GREPBINARY} "[0-9]")
TIME_NOW=$(date "+%s") TIME_NOW=$(date "+%s")

6
include/tests_firewalls
View File

@ -356,9 +356,9 @@
################################################################################# #################################################################################
# #
# Test : FIRE-4532 # Test : FIRE-4532
# Description : Check Application Firewall in Mac OS X # Description : Check Application Firewall in macOS
if [ -x /usr/libexec/ApplicationFirewall/socketfilterfw ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi if [ -x /usr/libexec/ApplicationFirewall/socketfilterfw ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check macOS application firewall" Register --test-no FIRE-4532 --weight L --os "macOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check macOS application firewall"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null | ${GREPBINARY} "Firewall is enabled") FIND=$(/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null | ${GREPBINARY} "Firewall is enabled")
if [ ! -z "${FIND}" ]; then if [ ! -z "${FIND}" ]; then
@ -380,7 +380,7 @@
# #
# Test : FIRE-4534 # Test : FIRE-4534
# Description : Check Little Snitch Daemon on macOS # Description : Check Little Snitch Daemon on macOS
Register --test-no FIRE-4534 --weight L --os "MacOS" --network NO --category security --description "Check for presence of Little Snitch on macOS" Register --test-no FIRE-4534 --weight L --os "macOS" --network NO --category security --description "Check for presence of Little Snitch on macOS"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
if IsRunning "Little Snitch Daemon"; then if IsRunning "Little Snitch Daemon"; then
Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_ENABLED}" --color GREEN Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_ENABLED}" --color GREEN

2
include/tests_insecure_services
View File

@ -110,7 +110,7 @@
################################################################################# #################################################################################
# #
if [ ! -z "${LAUNCHCTL_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="No launchctl binary on this system"; fi if [ ! -z "${LAUNCHCTL_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="No launchctl binary on this system"; fi
Register --test-no INSE-8050 --os "MacOS" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight M --network NO --category security --description "Check for insecure services on macOS" Register --test-no INSE-8050 --os "macOS" --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight M --network NO --category security --description "Check for insecure services on macOS"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
TEST_SERVICES="com.apple.fingerd" TEST_SERVICES="com.apple.fingerd"
for ITEM in ${TEST_SERVICES}; do for ITEM in ${TEST_SERVICES}; do

2
include/tests_malware
View File

@ -242,7 +242,7 @@
################################################################################# #################################################################################
# #
# Test : MALW-3288 # Test : MALW-3288
# Description : Check for ClamXav (Mac OS X) # Description : Check for ClamXav (macOS)
if [ -d /Applications/ClamXav.app/Contents/Resources/ScanningEngine/bin/ ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi if [ -d /Applications/ClamXav.app/Contents/Resources/ScanningEngine/bin/ ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no MALW-3288 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for ClamXav" Register --test-no MALW-3288 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for ClamXav"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then

8
include/tests_networking
View File

@ -228,7 +228,7 @@
FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ( $2 == "Link" ) { print $1 }}'` FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ( $2 == "Link" ) { print $1 }}'`
fi fi
;; ;;
DragonFly|FreeBSD|MacOS|NetBSD) DragonFly|FreeBSD|macOS|NetBSD)
FIND=`${IFCONFIGBINARY} -l` FIND=`${IFCONFIGBINARY} -l`
;; ;;
OpenBSD|Solaris) OpenBSD|Solaris)
@ -277,7 +277,7 @@
fi fi
fi fi
;; ;;
MacOS) macOS)
FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="lladdr" || $1=="ether") print $2 }' | ${SORTBINARY} -u` FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="lladdr" || $1=="ether") print $2 }' | ${SORTBINARY} -u`
;; ;;
NetBSD) NetBSD)
@ -333,7 +333,7 @@
fi fi
fi fi
;; ;;
MacOS) macOS)
FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet") print $2 }'` FIND=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet") print $2 }'`
FIND2=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet6") print $2 }'` FIND2=`${IFCONFIGBINARY} -a | ${AWKBINARY} '{ if ($1=="inet6") print $2 }'`
;; ;;
@ -402,7 +402,7 @@
fi fi
;; ;;
MacOS) macOS)
if [ ! "${LSOFBINARY}" = "" ]; then if [ ! "${LSOFBINARY}" = "" ]; then
# UDP and TCP combined # UDP and TCP combined
FIND=`${LSOFBINARY} -i -P | ${AWKBINARY} '{ print $9"|"$8"|"$1"|" }' | ${SEDBINARY} 's/\(.*\)\-\>.*\(\|.*\)/\1\2/' | ${SEDBINARY} 's/\*/'$IP'/' | ${SORTBINARY} -u | ${GREPBINARY} -v "NAME"` FIND=`${LSOFBINARY} -i -P | ${AWKBINARY} '{ print $9"|"$8"|"$1"|" }' | ${SEDBINARY} 's/\(.*\)\-\>.*\(\|.*\)/\1\2/' | ${SEDBINARY} 's/\*/'$IP'/' | ${SORTBINARY} -u | ${GREPBINARY} -v "NAME"`

2
lynis
View File

@ -317,7 +317,7 @@ ${NORMAL}
${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL} ${WARNING}Warning${NORMAL}: ${WHITE}PID file exists, probably another Lynis process is running.${NORMAL}
------------------------------------------------------------------------------ ------------------------------------------------------------------------------
If you are unsure another Lynis process is running currently, you are advised If you are unsure another Lynis process is running currently, you are advised
to stop current process and check the process list first. If you cancelled to stop current process and check the process list first. If you cancelled
(by using CTRL+C) a previous instance, you can ignore this message. (by using CTRL+C) a previous instance, you can ignore this message.