[SCAP-On-Apple-Dev] [SCAP-On-Apple] Mac OS X proposed pkginfo OVAL Test.

Peter Link plink53 at mac.com
Mon Jul 15 20:24:04 PDT 2013 

It's my understanding that system profiler tracks what is currently installed (software and hardware), that's it. If someone ran an application from a thumb drive then removed the thumb drive, system profiler won't list it after it's been removed. My thoughts on what SCAP content should and shouldn't do aren't necessarily in line with others but I was going to use it to validate the current configuration of Macs. I wasn't going to use it as a tool to monitor what someone has used their Mac for. 

When you look at USGCB configurations and how they are used, they are only validating a correct configuration, which can include whether patches and updates have been performed. Depending on how these standard configurations are defined, they might include the ability or lack of ability to run applications from external devices. In some government configurations, external ports might be disabled (hopefully system profiler will show this, I haven't checked. If not there are other ways to determine this) thereby potentially disabling the ability to run external applications. As I said, I don't believe the plan for SCAP content is to monitor these types of things.


On Jul 15, 2013, at 6:25 PM, Todd Heberlein <todd_heberlein at mac.com> wrote:

> 
> On Jul 15, 2013, at 10:50 AM, Peter Link <plink53 at mac.com> wrote:
> 
>> Jasen and Josh, does this help? 
>> 
>> system_profiler -xml SPApplicationsDataType > ~/Desktop/SPlist
>> 
>> gives complete listing of all applications found on the Mac, including drivers and anything application related. Output is XML file stored wherever you want it.
> 
> Does this only apply to executable content installed through standard installation procedures?
> 
> For example, if you have Google software (like Chrome) and its software updater regular downloads executables, runs them, then deletes them. Would these executables be captured by system_profiler?
> 
> What about PHP, Python, R, Bourne shell code, etc.?  Are these of interest?
> 
> Todd
> 

Peter Link
LLNL retired
plink53 at mac.com

More information about the SCAP-On-Apple-Dev mailing list