Mit folgender Funktion kann die Konfiguration der Benutzerkonten und Typen ausgelesen werden.

SUMMARY_FILE=${HW_UUID}_${DATE}.txt

SECTION4 ()
{
local file1=/Library/Preferences/com.apple.loginwindow.plist
local file1_exists=0
local entry1=defaults read /Library/Preferences/com.apple.loginwindow.plist | grep "GuestEnabled" | wc -l
local file2=/Library/Preferences/com.apple.AppleFileServer.plist
local file2_exists=0
local entry2=${file2}| grep "guestAccess" | wc -l
local entry3=cat /etc/sudoers | grep "Defaults tty_tickets"| wc -l
local entry4=cat /etc/sudoers | grep "Defaults timestamp_timeout"| wc -l

echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - Disable guest user account" | tee -a ${SUMMARY_FILE}
if [ -e "${file1}" ]; then file1_exists=1; fi
if [ ${file1_exists} == "1" ]; then
echo "${file1} is present" | tee -a ${SUMMARY_FILE}
if [ ${entry1} == "1" ]; then
defaults read /Library/Preferences/com.apple.loginwindow.plist | grep "GuestEnabled" | tee -a ${SUMMARY_FILE}
else
echo "entry GuestEnabled is not present" | tee -a ${SUMMARY_FILE}
fi
else
echo "${file1} is not present" | tee -a ${SUMMARY_FILE}
fi
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - Disable guest access to shared folders" | tee -a ${SUMMARY_FILE}
if [ -e "${file2}" ]; then file2_exists=1; fi
if [ ${file2_exists} == "1" ]; then
echo "${file2} is present" | tee -a ${SUMMARY_FILE}
if [ ${entry2} == "1" ]; then
defaults read /Library/Preferences/com.apple.AppleFileServer.plist | grep "guestAccess" | tee -a ${SUMMARY_FILE}
else
echo "entry guestAccess is not present" | tee -a ${SUMMARY_FILE}
fi
else
echo "${file2} is not present" | tee -a ${SUMMARY_FILE}
fi
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - Restrict sudo authentication to single Terminal" | tee -a ${SUMMARY_FILE}

if [ ${entry3} == "1" ]; then
cat /etc/sudoers | grep "Defaults tty_tickets" | tee -a ${SUMMARY_FILE}
else
echo "entry Defaults tty_tickets is not present" | tee -a ${SUMMARY_FILE}
fi
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - Set sudo authentication frequency" | tee -a ${SUMMARY_FILE}
if [ ${entry4} == "1" ]; then
cat /etc/sudoers | grep "Defaults timestamp_timeout" | tee -a ${SUMMARY_FILE}
else
echo "entry Defaults timestamp_timeout is not present" | tee -a ${SUMMARY_FILE}
fi
###

echo "\n" >>${SUMMARY_FILE}
echo "\t listing the accounts that are being reported as local admin users" | tee -a ${SUMMARY_FILE}
LIST_LOCAL_ADMIN

echo "\n" >>${SUMMARY_FILE}
# echo "\t reading settings for - Only root has UID 0" | tee -a ${SUMMARY_FILE}
echo "\t listing the accounts that are being reported as root (wheel) group users" | tee -a ${SUMMARY_FILE}
LIST_MEMBER_WHEEL

echo "\n" >>${SUMMARY_FILE}
echo "\t listing the accounts that are being reported as users with ID 0" | tee -a ${SUMMARY_FILE}
dscl . list /Users UniqueID | awk '$2 == 0 { print $1 }' | tee -a ${SUMMARY_FILE}

echo "\n" >>${SUMMARY_FILE}
echo "\t generate user list of users with UID greater than 500" | tee -a ${SUMMARY_FILE}
dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }' | tee -a ${SUMMARY_FILE}

}
###

##
# section 4
##
GEN_SUMMARY_SEPARATOR
echo " M 2.478 Planung des sicheren Einsatzes von Mac OS X" | tee -a ${SUMMARY_FILE}
echo " M 2.479 Planung der Sicherheitsrichtlinien von Mac OS X" | tee -a ${SUMMARY_FILE}
echo " M 4.371 Konfiguration von Mac OS X Clients" | tee -a ${SUMMARY_FILE}
echo " M 5.167 Sicherheit beim Fernzugriff unter Mac OS X" | tee -a ${SUMMARY_FILE}
echo " J.4. User Account Types" | tee -a ${SUMMARY_FILE}
SECTION4

Zum Seitenanfang