[SCAP-On-Apple] [SCAP-On-Apple-Dev] Mac OS X proposed pkginfo OVAL Test.
plink53 at mac.com
Sun Jul 14 18:08:41 PDT 2013
The system report is the results of running
This simple command contains the current status of just about everything system related. The application's reporter files (.spreporter) are found in /System/Library/SystemProfiler. There is a SPApplicationsReporter.spreporter file but the basic operation of running the command system_profiler doesn't appear to run this file while using the GUI does. I'm still looking for more information.
Many of you might want more information on certain files but I suggest looking at the System Profiler to see how much can be found using existing, simple applications.
As for browser plugins, they are normally found in /Library/Internet Plug-Ins making it a simple task to find them.
Excuse me if I'm trying to use the simple way to find things on OSX.
On Jul 14, 2013, at 4:58 PM, Peter Link <plink53 at mac.com> wrote:
> OSX provides a very simple method of displaying all applications using About this Mac/More Info as the front end to a System Report. Just need to figure out how the application finds everything. This also finds all devices including printers.
> On Jul 12, 2013, at 12:58 PM, Josh Wisenbaker <dubs at apple.com> wrote:
>> On Jul 12, 2013, at 12:19 PM, Jacobsen, Jasen W. <jasenj1 at mitre.org> wrote:
>>> What about non application things like libraries, printer drivers or browser plug-ins?
>> Off the top of my head you could use simple scripting tools like 'lpinfo -m’ to list all the printer drivers on the system.
>> I think in most cases things like library versions come when you are looking for a specific version though to validate you are beyond a vulnerable level.
>>> And can you elaborate a little on "use a metadata query and launch services to locate the apps"? Perhaps there are other OS X capabilities that OVAL should make available to system auditors.
>> Sure. If you are scripting things then you can use the mdfind command to find apps. For example,
>> mdfind "kMDItemContentTypeTree == 'com.apple.application’"
>> Is going to instantly find every app on your disks, regardless of where it is stored. You can then loop through them and read the info.plists.
>> To my mind though it’s easier to do in Objective-C or some other object oriented language than it is to mash all that data around in a bash script. This is some really rough sample stuff code. Note that in the results processing you could also use
>> NSString *appVersion = [theResult valueForAttribute:(NSString *)kMDItemVersion];
>> in an effort to not rely on needing to read each plist, but reading the plist lets us cover a use case for if developers don’t fill in both the short version string and the bundle version string.
>> .....removed script because it made email too long
>> SCAP-On-Apple mailing list
>> SCAP-On-Apple at lists.macosforge.org
plink53 at mac.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the SCAP-On-Apple