[SCAP-On-Apple-Dev] [SCAP-On-Apple] Mac OS X proposed pkginfo OVAL Test.
Jacobsen, Jasen W.
jasenj1 at mitre.org
Tue Jul 16 06:08:44 PDT 2013
"I'm guessing that a receipt database only works for executable code that was installed through some standard process. Is this the case?"
Yes. When the "Installer" is used to install something, then receipts get written. There is lots of software that is installed without using the Installer – e.g. Dragging an application to the Applications folder.
- Jasen.
From: Todd Heberlein <todd_heberlein at mac.com<mailto:todd_heberlein at mac.com>>
Date: Monday, July 15, 2013 9:24 PM
To: MITRE Employee <jasenj1 at mitre.org<mailto:jasenj1 at mitre.org>>
Cc: Peter Link <plink53 at mac.com<mailto:plink53 at mac.com>>, oval-developer-list OVAL Developer List/Closed Public Discussion <oval-developer-list at lists.mitre.org<mailto:oval-developer-list at lists.mitre.org>>, "scap-on-apple at lists.macosforge.org<mailto:scap-on-apple at lists.macosforge.org>" <scap-on-apple at lists.macosforge.org<mailto:scap-on-apple at lists.macosforge.org>>, "scap-on-apple-dev at lists.macosforge.org<mailto:scap-on-apple-dev at lists.macosforge.org>" <scap-on-apple-dev at lists.macosforge.org<mailto:scap-on-apple-dev at lists.macosforge.org>>
Subject: Re: [SCAP-On-Apple-Dev] [SCAP-On-Apple] Mac OS X proposed pkginfo OVAL Test.
On Jul 11, 2013, at 11:30 AM, "Jacobsen, Jasen W." <jasenj1 at mitre.org<mailto:jasenj1 at mitre.org>> wrote:
We (MITRE) developed the referenced extension schema. Mac OS provides an installation receipt capability much like other package managers on other UNIX systems. It seems that OVAL should support checking this system provided audit trail.
If the audit trail is unreliable or unsuitable for the purpose, that's another good discussion.
I'm guessing that a receipt database only works for executable code that was installed through some standard process. Is this the case?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/scap-on-apple-dev/attachments/20130716/9ea8f7dc/attachment-0001.html>
More information about the SCAP-On-Apple-Dev
mailing list