[SCAP-On-Apple-Dev] New OVAL tests for MacOSX
David Solin
david at joval.org
Fri Aug 15 18:11:38 PDT 2014
(Note: cross-posted to two mailing lists)
jOVAL.org has just published OVAL schemas for nine new MacOS test types:
* authorizationdb_test - provides access to plist information stored
in the authorization database
* corestorage_test - provides access to core storage information
* gatekeeper_test - provides access to Gatekeeper information
* keychain_test - provides access to keychain settings
* launchd_test - enumerates launchd-initiated agents/daemons
* rlimit_test - provides access to launchd resource limits
* softwareupdate_test - provides access to softwareupdate list/schedule
* systemprofiler_test - provides access to plist-format data from the
system_profiler
* systemsetup_test - provides access to system setup information
See:
https://github.com/joval/Sandbox/commit/827c2dec9a9c3db51860c288994f452381b33d52
Note, I think the keychain_test is potentially problematic, because
desktop access is required in order to read another user's keychain (so
someone can enter the keychain's password in the dialog box that pops
up) -- meaning it can only be implemented by a host-based user-driven
assessment tool.
Anyway, any feedback (from the Apple community in particular) would be
appreciated.
Best regards,
--David Solin
--
jOVAL.org: SCAP Simplified.
Learn More <http://www.joval.org> | Features
<http://www.joval.org/features/> | Download
<http://www.joval.org/download/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/scap-on-apple-dev/attachments/20140815/8a2da09e/attachment.html>
More information about the SCAP-On-Apple-Dev
mailing list