From david at joval.org Fri Aug 15 18:11:38 2014 From: david at joval.org (David Solin) Date: Fri, 15 Aug 2014 20:11:38 -0500 Subject: [SCAP-On-Apple-Dev] New OVAL tests for MacOSX Message-ID: <53EEAFCA.2030008@joval.org> (Note: cross-posted to two mailing lists) jOVAL.org has just published OVAL schemas for nine new MacOS test types: * authorizationdb_test - provides access to plist information stored in the authorization database * corestorage_test - provides access to core storage information * gatekeeper_test - provides access to Gatekeeper information * keychain_test - provides access to keychain settings * launchd_test - enumerates launchd-initiated agents/daemons * rlimit_test - provides access to launchd resource limits * softwareupdate_test - provides access to softwareupdate list/schedule * systemprofiler_test - provides access to plist-format data from the system_profiler * systemsetup_test - provides access to system setup information See: https://github.com/joval/Sandbox/commit/827c2dec9a9c3db51860c288994f452381b33d52 Note, I think the keychain_test is potentially problematic, because desktop access is required in order to read another user's keychain (so someone can enter the keychain's password in the dialog box that pops up) -- meaning it can only be implemented by a host-based user-driven assessment tool. Anyway, any feedback (from the Apple community in particular) would be appreciated. Best regards, --David Solin -- jOVAL.org: SCAP Simplified. Learn More | Features | Download -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at joval.org Fri Aug 15 18:11:44 2014 From: david at joval.org (David Solin) Date: Fri, 15 Aug 2014 20:11:44 -0500 Subject: [SCAP-On-Apple-Dev] New OVAL tests for MacOSX Message-ID: <53EEAFD0.9070001@joval.org> (Note: cross-posted to two mailing lists) jOVAL.org has just published OVAL schemas for nine new MacOS test types: * authorizationdb_test - provides access to plist information stored in the authorization database * corestorage_test - provides access to core storage information * gatekeeper_test - provides access to Gatekeeper information * keychain_test - provides access to keychain settings * launchd_test - enumerates launchd-initiated agents/daemons * rlimit_test - provides access to launchd resource limits * softwareupdate_test - provides access to softwareupdate list/schedule * systemprofiler_test - provides access to plist-format data from the system_profiler * systemsetup_test - provides access to system setup information See: https://github.com/joval/Sandbox/commit/827c2dec9a9c3db51860c288994f452381b33d52 Note, I think the keychain_test is potentially problematic, because desktop access is required in order to read another user's keychain (so someone can enter the keychain's password in the dialog box that pops up) -- meaning it can only be implemented by a host-based user-driven assessment tool. Anyway, any feedback (from the Apple community in particular) would be appreciated. Best regards, --David Solin -- jOVAL.org: SCAP Simplified. Learn More | Features | Download -------------- next part -------------- An HTML attachment was scrubbed... URL: