Mit folgender Funktion kann die Konfiguration der Anwendungs- und Paket-Firewall ausgelesen werden.

SUMMARY_FILE=${HW_UUID}_${DATE}.txt

SECTION8 ()
{
echo "\n" >>${SUMMARY_FILE}
##
# section 8a
##
echo "\t reading Application Firewall Settings" | tee -a ${SUMMARY_FILE}
echo "\t reading settings for - Turn on firewall" | tee -a ${SUMMARY_FILE}
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate | tee -a ${SUMMARY_FILE}

echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - Turn on firewall and block all incoming connections" | tee -a ${SUMMARY_FILE}
/usr/libexec/ApplicationFirewall/socketfilterfw --getblockall | tee -a ${SUMMARY_FILE}

echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - Automatically allow signed software to receive incoming connections" | tee -a ${SUMMARY_FILE}
/usr/libexec/ApplicationFirewall/socketfilterfw --getallowsigned | tee -a ${SUMMARY_FILE}

echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - Enable firewall logging" | tee -a ${SUMMARY_FILE}
/usr/libexec/ApplicationFirewall/socketfilterfw --getloggingmode | tee -a ${SUMMARY_FILE}
/usr/libexec/ApplicationFirewall/socketfilterfw --getloggingopt | tee -a ${SUMMARY_FILE}

echo "reading Firewall settings" | tee -a ${SUMMARY_FILE}
system_profiler SPFirewallDataType | tee -a ${SUMMARY_FILE}

##
# section 8b
##
echo "\n" >>${SUMMARY_FILE}
echo "\t reading pf Firewall Settings" | tee -a ${SUMMARY_FILE}
echo "\t reading settings for - Turn on firewall" | tee -a ${SUMMARY_FILE}
defaults read /System/Library/LaunchDaemons/com.apple.pfctl | grep "Disabled" | tee -a ${SUMMARY_FILE}

echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - Run firewall automatically on system startup" | tee -a ${SUMMARY_FILE}
defaults read /System/Library/LaunchDaemons/com.apple.pfctl | grep -A4 "ProgramArguments" | tee -a ${SUMMARY_FILE}
defaults read /System/Library/LaunchDaemons/com.apple.pfctl | grep "RunAtLoad" | tee -a ${SUMMARY_FILE}

echo "\n" >>${SUMMARY_FILE}
echo "\t reading pf configuration" | tee -a ${SUMMARY_FILE}
cat /etc/pf.conf | tee -a ${SUMMARY_FILE}
}
###

##
# section 8
##
GEN_SUMMARY_SEPARATOR
echo " M 2.478 Planung des sicheren Einsatzes von Mac OS X" | tee -a ${SUMMARY_FILE}
echo " M 2.479 Planung der Sicherheitsrichtlinien von Mac OS X" | tee -a ${SUMMARY_FILE}
echo " M 4.371 Konfiguration von Mac OS X Clients" | tee -a ${SUMMARY_FILE}
echo " M 5.166 Konfiguration der Mac OS X Personal Firewall " | tee -a ${SUMMARY_FILE}
echo " J.8. Firewalls" | tee -a ${SUMMARY_FILE}
SECTION8

Zum Seitenanfang