[SCAP-On-Apple-Dev] [SCAP-On-Apple] Mac OS X proposed pkginfo OVAL Test.
Peter Link
plink53 at mac.com
Sun Jul 14 16:58:23 PDT 2013
OSX provides a very simple method of displaying all applications using About this Mac/More Info as the front end to a System Report. Just need to figure out how the application finds everything. This also finds all devices including printers.
On Jul 12, 2013, at 12:58 PM, Josh Wisenbaker <dubs at apple.com> wrote:
>
> On Jul 12, 2013, at 12:19 PM, Jacobsen, Jasen W. <jasenj1 at mitre.org> wrote:
>
>> What about non application things like libraries, printer drivers or browser plug-ins?
>
> Off the top of my head you could use simple scripting tools like 'lpinfo -m’ to list all the printer drivers on the system.
>
> I think in most cases things like library versions come when you are looking for a specific version though to validate you are beyond a vulnerable level.
>
>>
>> And can you elaborate a little on "use a metadata query and launch services to locate the apps"? Perhaps there are other OS X capabilities that OVAL should make available to system auditors.
>
> Sure. If you are scripting things then you can use the mdfind command to find apps. For example,
>
> mdfind "kMDItemContentTypeTree == 'com.apple.application’"
>
> Is going to instantly find every app on your disks, regardless of where it is stored. You can then loop through them and read the info.plists.
>
> To my mind though it’s easier to do in Objective-C or some other object oriented language than it is to mash all that data around in a bash script. This is some really rough sample stuff code. Note that in the results processing you could also use
>
> NSString *appVersion = [theResult valueForAttribute:(NSString *)kMDItemVersion];
>
> in an effort to not rely on needing to read each plist, but reading the plist lets us cover a use case for if developers don’t fill in both the short version string and the bundle version string.
>
> .....removed script because it made email too long
> _______________________________________________
> SCAP-On-Apple mailing list
> SCAP-On-Apple at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/scap-on-apple
Peter and Nancy Link
plink53 at mac.com
plink53 at me.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/scap-on-apple-dev/attachments/20130714/3f8861b3/attachment.html>
More information about the SCAP-On-Apple-Dev
mailing list