Merge pull request #1458 from grandcentrix/mac-check-filevault-status

Added CRYP-7932 to determine if the system has enabled macOS FileVault.
2024-05-14 19:27:06 +02:00 · 2024-05-14 19:27:06 +02:00 · c8c7eeb2ec
parent c13da07039 79632bfbe5
commit c8c7eeb2ec
1 changed files with 27 additions and 0 deletions
--- a/include/tests_crypto
+++ b/include/tests_crypto
@ -217,6 +217,33 @@
    fi
 #
 #################################################################################
+#
+    # Test        : CRYP-7932
+    # Description : Determine if system has enabled macOS FileVault encryption
+    Register --test-no CRYP-7932 --os macOS --weight L --network NO --category crypto --description "Determine if system has enabled macOS FileVault encryption"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if command -v fdesetup &> /dev/null; then
+            case $(fdesetup status) in
+                *"FileVault is On."*)
+                    LogText "Result: FileVault is enabled."
+                    Display --indent 2 --text "- FileVault is enabled." --result "${STATUS_OK}" --color GREEN
+                    Report "encryption[]=filevault"
+                    AddHP 3 3
+                    ;;
+                *)
+                    LogText "Result: FileVault is not enabled."
+                    Display --indent 2 --text "- FileVault is not enabled." --result "${STATUS_WARNING}" --color RED
+                    AddHP 0 3
+                    ;;
+            esac
+        else
+            LogText "Result: fdesetup command not found. Unable to determine FileVault status."
+            Display --indent 2 --text "- Unable to determine FileVault status (fdesetup command not found)." --result "${STATUS_WARNING}" --color YELLOW
+            AddHP 0 3
+        fi
+    fi
+#
+#################################################################################
 #
    # Test        : CRYP-8002
    # Description : Gather available kernel entropy