[FIRE-4534] detection of Little Snitch

db/tests.db

@@ -135,17 +135,39 @@ FIRE-4524:test:security:firewalls::Check for CSF presence:
 FIRE-4526:test:security:firewalls:Solaris:Check ipf status:
 FIRE-4530:test:security:firewalls:FreeBSD:Check IPFW status:
 FIRE-4532:test:security:firewalls:MacOS:Check macOS application firewall:
+FIRE-4534:test:security:firewalls:MacOS:Check Little Snitch firewall:
 FIRE-4536:test:security:firewalls:Linux:Check nftables status:
 FIRE-4538:test:security:firewalls:Linux:Check nftables basic configuration:
 FIRE-4540:test:security:firewalls:Linux:Test for empty nftables configuration:
 FIRE-4590:test:security:firewalls::Check firewall status:
-HRDN-7220:test:security:hardening::Check if one or more compilers are installed:
-HRDN-7222:test:security:hardening::Check compiler permissions:
-HRDN-7230:test:security:hardening::Check for malware scanner:
 HOME-9302:test:security:homedirs::Create list with home directories:
 HOME-9310:test:security:homedirs::Checking for suspicious shell history files:
 #HOME-9314:test:security:homedirs::Create list with home directories:
 HOME-9350:test:security:homedirs::Collecting information from home directories:
+HRDN-7220:test:security:hardening::Check if one or more compilers are installed:
+HRDN-7222:test:security:hardening::Check compiler permissions:
+HRDN-7230:test:security:hardening::Check for malware scanner:
+HTTP-6622:test:security:webservers::Checking Apache presence:
+HTTP-6624:test:security:webservers::Testing main Apache configuration file:
+HTTP-6626:test:security:webservers::Testing other Apache configuration file:
+#HTTP-6628:test:security:webservers::Testing other Apache configuration file:
+#HTTP-6630:test:security:webservers::Determining all loaded Apache modules:
+HTTP-6632:test:security:webservers::Determining all available Apache modules:
+HTTP-6640:test:security:webservers::Determining existence of specific Apache modules:
+HTTP-6641:test:security:webservers::Determining existence of specific Apache modules:
+#HTTP-6642:test:security:webservers::Determining existence of specific Apache modules:
+HTTP-6643:test:security:webservers::Determining existence of specific Apache modules:
+HTTP-6702:test:security:webservers::Check nginx process:
+HTTP-6704:test:security:webservers::Check nginx configuration file:
+HTTP-6706:test:security:webservers::Check for additional nginx configuration files:
+HTTP-6708:test:security:webservers::Check discovered nginx configuration settings:
+HTTP-6710:test:security:webservers::Check nginx SSL configuration settings:
+HTTP-6712:test:security:webservers::Check nginx access logging:
+HTTP-6714:test:security:webservers::Check for missing error logs in nginx:
+HTTP-6716:test:security:webservers::Check for debug mode on error log in nginx:
+#HTTP-67xx:test:security:webservers::Check nginx virtual hosts:
+#HTTP-67xx:test:security:webservers::Check nginx virtual hosts:
+HTTP-6720:test:security:webservers::Check Nginx log files:
 INSE-8002:test:security:insecure_services::Check for enabled inet daemon:
 INSE-8004:test:security:insecure_services::Check for enabled inet daemon:
 INSE-8006:test:security:insecure_services::Check configuration of inetd when disabled:
@@ -192,7 +214,6 @@ MACF-6204:test:security:mac_frameworks::Check AppArmor presence:
 MACF-6208:test:security:mac_frameworks::Check if AppArmor is enabled:
 MACF-6232:test:security:mac_frameworks::Check SELINUX presence:
 MACF-6234:test:security:mac_frameworks::Check SELINUX status:
-RBAC-6272:test:security:mac_frameworks::Check grsecurity presence:
 MACF-6290:test:security:mac_frameworks::Check for implemented MAC framework:
 MAIL-8802:test:security:mail_messaging::Check Exim status:
 MAIL-8814:test:security:mail_messaging::Check postfix process status:
@@ -308,6 +329,7 @@ PRNT-2314:test:security:printers_spools::Check lpd status:
 PRNT-2316:test:security:printers_spools:AIX:Checking /etc/qconfig file:
 PRNT-2418:test:security:printers_spools:AIX:Checking qdaemon printer spooler status:
 PRNT-2420:test:security:printers_spools:AIX:Checking old print jobs:
+RBAC-6272:test:security:mac_frameworks::Check grsecurity presence:
 SCHD-7702:test:security:scheduling::Check status of cron daemon:
 SCHD-7704:test:security:scheduling::Check crontab/cronjobs:
 SCHD-7718:test:security:scheduling::Check at users:
@@ -366,25 +388,4 @@ TOOL-5102:test:security:tooling::Check for presence of Fail2ban:
 TOOL-5104:test:security:tooling::Enabled tests for Fail2ban:
 TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling:
 #VIRT-1920:test::virtualization:Checking VMware guest status:security:
-HTTP-6622:test:security:webservers::Checking Apache presence:
-HTTP-6624:test:security:webservers::Testing main Apache configuration file:
-HTTP-6626:test:security:webservers::Testing other Apache configuration file:
-#HTTP-6628:test:security:webservers::Testing other Apache configuration file:
-#HTTP-6630:test:security:webservers::Determining all loaded Apache modules:
-HTTP-6632:test:security:webservers::Determining all available Apache modules:
-HTTP-6640:test:security:webservers::Determining existence of specific Apache modules:
-HTTP-6641:test:security:webservers::Determining existence of specific Apache modules:
-#HTTP-6642:test:security:webservers::Determining existence of specific Apache modules:
-HTTP-6643:test:security:webservers::Determining existence of specific Apache modules:
-HTTP-6702:test:security:webservers::Check nginx process:
-HTTP-6704:test:security:webservers::Check nginx configuration file:
-HTTP-6706:test:security:webservers::Check for additional nginx configuration files:
-HTTP-6708:test:security:webservers::Check discovered nginx configuration settings:
-HTTP-6710:test:security:webservers::Check nginx SSL configuration settings:
-HTTP-6712:test:security:webservers::Check nginx access logging:
-HTTP-6714:test:security:webservers::Check for missing error logs in nginx:
-HTTP-6716:test:security:webservers::Check for debug mode on error log in nginx:
-#HTTP-67xx:test:security:webservers::Check nginx virtual hosts:
-#HTTP-67xx:test:security:webservers::Check nginx virtual hosts:
-HTTP-6720:test:security:webservers::Check Nginx log files:
 # EOF

include/tests_firewalls

@@ -360,19 +360,42 @@
     # Test        : FIRE-4532
     # Description : Check Application Firewall in Mac OS X
     if [ -x /usr/libexec/ApplicationFirewall/socketfilterfw ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
-    Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check Mac OS X application firewall"
+    Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check macOS application firewall"
     if [ ${SKIPTEST} -eq 0 ]; then
         FIND=$(/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null | ${GREPBINARY} "Firewall is enabled")
         if [ ! -z "${FIND}" ]; then
-            Display --indent 2 --text "- Checking Mac OS X: Application Firewall" --result "${STATUS_ENABLED}" --color GREEN
+            Display --indent 2 --text "- Checking macOS: Application Firewall" --result "${STATUS_ENABLED}" --color GREEN
             AddHP 3 3
-            LogText "Result: application firewall of Mac OS X is enabled"
+            LogText "Result: application firewall of macOS is enabled"
+            FIREWALL_ACTIVE=1
             APPLICATION_FIREWALL_ACTIVE=1
+            Report "firewall_software[]=macosx-app-fw"
             Report "app_fw[]=macosx-app-fw"
         else
-            Display --indent 2 --text "- Checking IPFW" --result "${STATUS_DISABLED}" --color YELLOW
+            if IsVerbose; Display --indent 2 --text "- Checking macOS: Application Firewall" --result "${STATUS_DISABLED}" --color YELLOW; fi
             AddHP 1 3
-            LogText "Result: application firewall of Mac OS X is disabled"
+            LogText "Result: application firewall of macOS is disabled"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FIRE-4534
+    # Description : Check Little Snitch Daemon on macOS
+    Register --test-no FIRE-4534 --weight L --os "MacOS" --network NO --category security --description "Check for presence of Little Snitch on macOS"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ ! -z "${FIND}" ]; then
+            Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_ENABLED}" --color GREEN
+            AddHP 3 3
+            LogText "Result: little Snitch found"
+            FIREWALL_ACTIVE=1
+            APPLICATION_FIREWALL_ACTIVE=1
+            Report "app_fw[]=little-snitch"
+            Report "firewall_software[]=little-snitch"
+        else
+            if IsVerbose; then Display --indent 2 --text "- Checking Little Snitch Daemon" --result "${STATUS_DISABLED}" --color YELLOW; fi
+            AddHP 1 3
+            LogText "Result: could not find Little Snitch"
         fi
     fi
 #