- Deleted "filevault_status" variable

- Now checks if "fdesetup" exists
- Add some hardening points (AddHP): 3 of 3 when enabled, 0 of 3, when not.
This commit is contained in:
Florian Sonnenschein 2024-05-14 16:02:51 +02:00
parent 0b7e8c3bfe
commit 79632bfbe5
1 changed files with 19 additions and 13 deletions

View File

@ -222,19 +222,25 @@
# Description : Determine if system has enabled macOS FileVault encryption # Description : Determine if system has enabled macOS FileVault encryption
Register --test-no CRYP-7932 --os macOS --weight L --network NO --category crypto --description "Determine if system has enabled macOS FileVault encryption" Register --test-no CRYP-7932 --os macOS --weight L --network NO --category crypto --description "Determine if system has enabled macOS FileVault encryption"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
filevault_status=$(fdesetup status) if command -v fdesetup &> /dev/null; then
case $(fdesetup status) in
case "$filevault_status" in *"FileVault is On."*)
*"FileVault is On."*) LogText "Result: FileVault is enabled."
LogText "Result: FileVault is enabled." Display --indent 2 --text "- FileVault is enabled." --result "${STATUS_OK}" --color GREEN
Display --indent 2 --text "- FileVault is enabled." --result "${STATUS_OK}" --color GREEN Report "encryption[]=filevault"
Report "encryption[]=filevault" AddHP 3 3
;; ;;
*) *)
LogText "Result: FileVault is not enabled." LogText "Result: FileVault is not enabled."
Display --indent 2 --text "- FileVault is not enabled." --result "${STATUS_WARNING}" --color RED Display --indent 2 --text "- FileVault is not enabled." --result "${STATUS_WARNING}" --color RED
;; AddHP 0 3
esac ;;
esac
else
LogText "Result: fdesetup command not found. Unable to determine FileVault status."
Display --indent 2 --text "- Unable to determine FileVault status (fdesetup command not found)." --result "${STATUS_WARNING}" --color YELLOW
AddHP 0 3
fi
fi fi
# #
################################################################################# #################################################################################