Mit der folgenden Funktion besteht die Chance die Einstellungen für das Netzwerk zu auditieren.

SECTION12 ()
{
local file1=/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
local file1_exists=0
local file2=/private/var/db/dslocal/nodes/Default/groups/com.apple.access_screensharing.plist
local file2_exists=0


local entry1=`defaults read /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist | grep NoMulticastAdvertisements | wc -l`
local entry2=`defaults read /private/var/db/dslocal/nodes/Default/groups/com.apple.access_screensharing.plist | grep "user" | wc -l`
local entry3=`defaults read /private/var/db/dslocal/nodes/Default/groups/com.apple.access_screensharing.plist | grep "groupmember" | wc -l`
local entry4=`defaults read /private/var/db/dslocal/nodes/Default/groups/com.apple.access_screensharing.plist | grep "nestedgroups" | wc -l`


if [ -e "${file1}" ]; then file1_exists=1; fi
if [ -e "${file2}" ]; then file2_exists=1; fi

echo "\n" >>${SUMMARY_FILE}
echo "\t reading Network settings" | tee -a ${SUMMARY_FILE}
system_profiler SPNetworkDataType | tee -a ${SUMMARY_FILE}
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading Network location settings" | tee -a ${SUMMARY_FILE}
system_profiler SPNetworkLocationDataType | tee -a ${SUMMARY_FILE}
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for LocalHostName" | tee -a ${SUMMARY_FILE}
scutil --get LocalHostName | tee -a ${SUMMARY_FILE}
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for HostName" | tee -a ${SUMMARY_FILE}
if [[ $(scutil --get HostName) == $(scutil --get LocalHostName) ]]; then
scutil --get HostName | tee -a ${SUMMARY_FILE}
else
echo "no hostname are configured, it should be $(scutil --get LocalHostName)" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for ComputerName" | tee -a ${SUMMARY_FILE}
if [[ $(scutil --get ComputerName) == $(scutil --get LocalHostName) ]]; then
scutil --get ComputerName | tee -a ${SUMMARY_FILE}
else
echo "different hostname and Computername are configured, it should be $(scutil --get LocalHostName)" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for NetBIOSName" | tee -a ${SUMMARY_FILE}
if [[ $(defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName ) == $(scutil --get LocalHostName) ]]; then
defaults read /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName | tee -a ${SUMMARY_FILE}
else
echo "different hostname and NetBIOSName are configured, it should be $(scutil --get LocalHostName)" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - Disable AirDrop" | tee -a ${SUMMARY_FILE}
if [ ${file1_exists} == "1" ]; then
echo "${file1} is present" | tee -a ${SUMMARY_FILE}
if [ ${entry1} == "1" ]; then
defaults read /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist | grep NoMulticastAdvertisements | tee -a ${SUMMARY_FILE}
else
echo "entry NoMulticastAdvertisements is not present" | tee -a ${SUMMARY_FILE}
fi
else
echo "${file1} is not present" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t search for all .netrc files" | tee -a ${SUMMARY_FILE}
find / -name "*.netrc" | tee -a ${SUMMARY_FILE}

echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - DNS servers" | tee -a ${SUMMARY_FILE}
if [[ $(system_profiler SPNetworkDataType | grep "Server Addresses:" | wc -l) != "0" ]]; then
system_profiler SPNetworkDataType | tee -a ${SUMMARY_FILE}
else
echo "no dns server are configured" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - NTP servers" | tee -a ${SUMMARY_FILE}
if [[ $(systemsetup -getnetworktimeserver | wc -l) != "0" ]]; then
systemsetup -getnetworktimeserver | tee -a ${SUMMARY_FILE}
else
echo "no ntp server are configured" | tee -a ${SUMMARY_FILE}
fi
###

echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - Restrict screen sharing to no users" | tee -a ${SUMMARY_FILE}
if [ ${file2_exists} == "1" ]; then
echo "${file2} is present" | tee -a ${SUMMARY_FILE}
if [ ${entry2} == "1" ]; then
defaults read /private/var/db/dslocal/nodes/Default/groups/com.apple.access_screensharing.plist | sed -n '/users/,/);/p' | tee -a ${SUMMARY_FILE}
else
echo "entry users is not present" | tee -a ${SUMMARY_FILE}
fi
else
echo "${file2} is not present" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - Restrict screen sharing to no groupmembers" | tee -a ${SUMMARY_FILE}
if [ ${file2_exists} == "1" ]; then
echo "${file2} is present" | tee -a ${SUMMARY_FILE}
if [ ${entry3} == "1" ]; then
defaults read /private/var/db/dslocal/nodes/Default/groups/com.apple.access_screensharing.plist | sed -n '/groupmembers/,/);/p' | tee -a ${SUMMARY_FILE}
else
echo "entry groupmembers is not present" | tee -a ${SUMMARY_FILE}
fi
else
echo "${file2} is not present" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t reading settings for - Restrict screen sharing to no nestedgroups" | tee -a ${SUMMARY_FILE}
if [ ${file2_exists} == "1" ]; then
echo "${file2} is present" | tee -a ${SUMMARY_FILE}
if [ ${entry4} == "1" ]; then
defaults read /private/var/db/dslocal/nodes/Default/groups/com.apple.access_screensharing.plist | sed -n '/nestedgroups/,/);/p' | tee -a ${SUMMARY_FILE}
NESTEDGROUPS=`defaults read pivate/var/db/dslocal/nodes/Default/groups/com.apple.access_screensharing.plist | grep -A1 "nestedgroups" | sed -n '/"/,/"/p'| sed 's/"//g'`
dsmemberutil getid -X ${NESTEDGROUPS}
else
echo "entry nestedgroups is not present" | tee -a ${SUMMARY_FILE}
fi
else
echo "${file2} is not present" | tee -a ${SUMMARY_FILE}
fi
###


echo "\n" >>${SUMMARY_FILE}
echo "\t running remote management process" | tee -a ${SUMMARY_FILE}
ps -A | grep Remote | tee -a ${SUMMARY_FILE}
###


echo "\n" >>${SUMMARY_FILE}
echo "\t listing all IPv4 network connections" | tee -a ${SUMMARY_FILE}
lsof -i4 | tee -a ${SUMMARY_FILE}
###


echo "\n" >>${SUMMARY_FILE}
echo "\t listing all IPv6 network connections" | tee -a ${SUMMARY_FILE}
lsof -i6 | tee -a ${SUMMARY_FILE}
}
###

#
# section 12
##
GEN_SUMMARY_SEPARATOR
echo " M 2.478 Planung des sicheren Einsatzes von Mac OS X" | tee -a ${SUMMARY_FILE}
echo " M 2.479 Planung der Sicherheitsrichtlinien von Mac OS X" | tee -a ${SUMMARY_FILE}
echo " M 4.371 Konfiguration von Mac OS X Clients" | tee -a ${SUMMARY_FILE}
echo " J.12. Network Services" | tee -a ${SUMMARY_FILE}
SECTION12

 

Zum Seitenanfang