(Note: cross-posted to two mailing lists)

jOVAL.org has just published OVAL schemas for nine new MacOS test types:

authorizationdb_test - provides access to plist information stored in the authorization database
corestorage_test - provides access to core storage information
gatekeeper_test - provides access to Gatekeeper information
keychain_test - provides access to keychain settings
launchd_test - enumerates launchd-initiated agents/daemons
rlimit_test - provides access to launchd resource limits
softwareupdate_test - provides access to softwareupdate list/schedule
systemprofiler_test - provides access to plist-format data from the system_profiler
systemsetup_test - provides access to system setup information

See: https://github.com/joval/Sandbox/commit/827c2dec9a9c3db51860c288994f452381b33d52

Note, I think the keychain_test is potentially problematic, because desktop access is required in order to read another user's keychain (so someone can enter the keychain's password in the dialog box that pops up) -- meaning it can only be implemented by a host-based user-driven assessment tool.

Anyway, any feedback (from the Apple community in particular) would be appreciated.

Best regards,
--David Solin

jOVAL.org: SCAP Simplified.
Learn More | Features | Download