[SCAP-On-Apple-Dev] New OVAL tests for MacOSX

David Solin david at joval.org
Fri Aug 15 18:11:38 PDT 2014

(Note: cross-posted to two mailing lists)

jOVAL.org has just published OVAL schemas for nine new MacOS test types:

  * authorizationdb_test - provides access to plist information stored
    in the authorization database
  * corestorage_test - provides access to core storage information
  * gatekeeper_test - provides access to Gatekeeper information
  * keychain_test - provides access to keychain settings
  * launchd_test - enumerates launchd-initiated agents/daemons
  * rlimit_test - provides access to launchd resource limits
  * softwareupdate_test - provides access to softwareupdate list/schedule
  * systemprofiler_test - provides access to plist-format data from the
  * systemsetup_test - provides access to system setup information


Note, I think the keychain_test is potentially problematic, because 
desktop access is required in order to read another user's keychain (so 
someone can enter the keychain's password in the dialog box that pops 
up) -- meaning it can only be implemented by a host-based user-driven 
assessment tool.

Anyway, any feedback (from the Apple community in particular) would be 

Best regards,
--David Solin


jOVAL.org: SCAP Simplified.
Learn More <http://www.joval.org> | Features 
<http://www.joval.org/features/> | Download 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/scap-on-apple-dev/attachments/20140815/8a2da09e/attachment.html>

More information about the SCAP-On-Apple-Dev mailing list