[SCAP-On-Apple-Dev] [SCAP-On-Apple] Mac OS X proposed pkginfo OVAL Test.

Peter Link plink53 at mac.com
Sun Jul 14 16:58:23 PDT 2013 

OSX provides a very simple method of displaying all applications using About this Mac/More Info as the front end to a System Report. Just need to figure out how the application finds everything. This also finds all devices including printers. 


On Jul 12, 2013, at 12:58 PM, Josh Wisenbaker <dubs at apple.com> wrote:

> 
> On Jul 12, 2013, at 12:19 PM, Jacobsen, Jasen W. <jasenj1 at mitre.org> wrote:
> 
>> What about non application things like libraries, printer drivers or browser plug-ins?
> 
> Off the top of my head you could use simple scripting tools like 'lpinfo -m’ to list all the printer drivers on the system. 
> 
> I think in most cases things like library versions come when you are looking for a specific version though to validate you are beyond a vulnerable level.
> 
>> 
>> And can you elaborate a little on "use a metadata query and launch services to locate the apps"? Perhaps there are other OS X capabilities that OVAL should make available to system auditors.
> 
> Sure. If you are scripting things then you can use the mdfind command to find apps. For example, 
> 
> mdfind "kMDItemContentTypeTree == 'com.apple.application’"
> 
> Is going to instantly find every app on your disks, regardless of where it is stored. You can then loop through them and read the info.plists.
> 
> To my mind though it’s easier to do in Objective-C or some other object oriented language than it is to mash all that data around in a bash script. This is some really rough sample stuff code. Note that in the results processing you could also use 
> 
> NSString *appVersion = [theResult valueForAttribute:(NSString *)kMDItemVersion];
> 
> in an effort to not rely on needing to read each plist, but reading the plist lets us cover a use case for if developers don’t fill in both the short version string and the bundle version string.
> 
> .....removed script because it made email too long
> _______________________________________________
> SCAP-On-Apple mailing list
> SCAP-On-Apple at lists.macosforge.org
> https://lists.macosforge.org/mailman/listinfo/scap-on-apple

Peter and Nancy Link
plink53 at mac.com
plink53 at me.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/scap-on-apple-dev/attachments/20130714/3f8861b3/attachment.html>

More information about the SCAP-On-Apple-Dev mailing list