[SCAP-On-Apple-Dev] [SCAP-On-Apple] Mac OS X proposed pkginfo OVAL Test.
Jacobsen, Jasen W.
jasenj1 at mitre.org
Thu Jul 11 11:30:46 PDT 2013
Someone in the OVAL community mentioned they were trying to use the package receipt plist files to determine if things were installed. "Things" could be applications, patches, libraries, printer drivers, plug-ins, all sorts of things, not just applications. They found directly checking the plist files to be problematic and found pkgutil should be used instead. We (MITRE) developed the referenced extension schema. Mac OS provides an installation receipt capability much like other package managers on other UNIX systems. It seems that OVAL should support checking this system provided audit trail.
If the audit trail is unreliable or unsuitable for the purpose, that's another good discussion.
- Jasen.
From: Peter Link <plink53 at mac.com<mailto:plink53 at mac.com>>
Date: Thursday, July 11, 2013 2:11 PM
To: MITRE Employee <jasenj1 at mitre.org<mailto:jasenj1 at mitre.org>>
Cc: "scap-on-apple-dev at lists.macosforge.org<mailto:scap-on-apple-dev at lists.macosforge.org>" <scap-on-apple-dev at lists.macosforge.org<mailto:scap-on-apple-dev at lists.macosforge.org>>, "scap-on-apple at lists.macosforge.org<mailto:scap-on-apple at lists.macosforge.org>" <scap-on-apple at lists.macosforge.org<mailto:scap-on-apple at lists.macosforge.org>>, oval-developer-list OVAL Developer List/Closed Public Discussion <oval-developer-list at lists.mitre.org<mailto:oval-developer-list at lists.mitre.org>>
Subject: Re: [SCAP-On-Apple] Mac OS X proposed pkginfo OVAL Test.
Jasen,
What are you trying to achieve? Is your goal a test that logs whether a specific application has (ever) been installed? I'm trying to understand why this would be needed. Knowing whether a patch has been installed was used for Windows systems (although I'm not sure that actually means anything was fixed) but using the existence of an application being installed (or attempted to be) doesn't mean it actually patched something or should be used as validation that something was fixed. It also doesn't necessarily mean the patch or application was completely installed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/scap-on-apple-dev/attachments/20130711/25d39ed8/attachment.html>
More information about the SCAP-On-Apple-Dev
mailing list