[SCAP-On-Apple-Dev] [SCAP-On-Apple] Mac OS X proposed pkginfo OVAL Test.
todd_heberlein at mac.com
Mon Jul 15 18:24:48 PDT 2013
On Jul 11, 2013, at 11:30 AM, "Jacobsen, Jasen W." <jasenj1 at mitre.org> wrote:
> We (MITRE) developed the referenced extension schema. Mac OS provides an installation receipt capability much like other package managers on other UNIX systems. It seems that OVAL should support checking this system provided audit trail.
> If the audit trail is unreliable or unsuitable for the purpose, that's another good discussion.
I'm guessing that a receipt database only works for executable code that was installed through some standard process. Is this the case?
A lot of things (like Gatekeeper) were not designed to handle a lot of atypical but by no means not unheard of situations. For example, even if you have Gatekeeper to only run executables signed by a developer, if that app is on a USB thumb drive (or other USB drive) and you double click on it, Gatekeeper won't stop it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the SCAP-On-Apple-Dev