[SCAP-On-Apple-Dev] [SCAP-On-Apple] Mac OS X proposed pkginfo OVAL Test.

Sun Jul 14 18:08:41 PDT 2013

update:

The system report is the results of running 

>system_profiler

This simple command contains the current status of just about everything system related. The application's reporter files (.spreporter) are found in /System/Library/SystemProfiler. There is a SPApplicationsReporter.spreporter file but the basic operation of running the command system_profiler doesn't appear to run this file while using the GUI does. I'm still looking for more information.

Many of you might want more information on certain files but I suggest looking at the System Profiler to see how much can be found using existing, simple applications. 

As for browser plugins, they are normally found in /Library/Internet Plug-Ins making it a simple task to find them.

Excuse me if I'm trying to use the simple way to find things on OSX. 

On Jul 14, 2013, at 4:58 PM, Peter Link <plink53 at mac.com> wrote:

> OSX provides a very simple method of displaying all applications using About this Mac/More Info as the front end to a System Report. Just need to figure out how the application finds everything. This also finds all devices including printers. 
> 
> 
> On Jul 12, 2013, at 12:58 PM, Josh Wisenbaker <dubs at apple.com> wrote:
> 
>> 
>> On Jul 12, 2013, at 12:19 PM, Jacobsen, Jasen W. <jasenj1 at mitre.org> wrote:
>> 
>>> What about non application things like libraries, printer drivers or browser plug-ins?
>> 
>> Off the top of my head you could use simple scripting tools like 'lpinfo -m’ to list all the printer drivers on the system. 
>> 
>> I think in most cases things like library versions come when you are looking for a specific version though to validate you are beyond a vulnerable level.
>> 
>>> 
>>> And can you elaborate a little on "use a metadata query and launch services to locate the apps"? Perhaps there are other OS X capabilities that OVAL should make available to system auditors.
>> 
>> Sure. If you are scripting things then you can use the mdfind command to find apps. For example, 
>> 
>> mdfind "kMDItemContentTypeTree == 'com.apple.application’"
>> 
>> Is going to instantly find every app on your disks, regardless of where it is stored. You can then loop through them and read the info.plists.
>> 
>> To my mind though it’s easier to do in Objective-C or some other object oriented language than it is to mash all that data around in a bash script. This is some really rough sample stuff code. Note that in the results processing you could also use 
>> 
>> NSString *appVersion = [theResult valueForAttribute:(NSString *)kMDItemVersion];
>> 
>> in an effort to not rely on needing to read each plist, but reading the plist lets us cover a use case for if developers don’t fill in both the short version string and the bundle version string.
>> 
>> .....removed script because it made email too long
>> _______________________________________________
>> SCAP-On-Apple mailing list
>> SCAP-On-Apple at lists.macosforge.org
>> https://lists.macosforge.org/mailman/listinfo/scap-on-apple
> 

Peter Link
LLNL retired
plink53 at mac.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/scap-on-apple-dev/attachments/20130714/bbe44b1b/attachment.html>