diff --git a/scripts/generate_scap.py b/scripts/generate_scap.py
index a6b6f4f4..f393fd43 100755
--- a/scripts/generate_scap.py
+++ b/scripts/generate_scap.py
@@ -16,7 +16,7 @@ from time import sleep
import argparse
from xml.sax.saxutils import escape
-warnings.filterwarnings("ignore", category=DeprecationWarning)
+warnings.filterwarnings("ignore", category=DeprecationWarning)
def format_mobileconfig_fix(mobileconfig):
"""Takes a list of domains and setting from a mobileconfig, and reformats it for the output of the fix section of the guide.
@@ -73,7 +73,7 @@ def replace_ocil(xccdf, x):
def create_args():
-
+
parser = argparse.ArgumentParser(
description="Easily generate xccdf, oval, or scap datastream. If no option is defined, it will generate an scap datastream file.")
parser.add_argument("-x", "--xccdf", default=None,
@@ -88,16 +88,16 @@ def create_args():
return parser.parse_args()
def generate_scap(all_rules, all_baselines, args):
-
+
export_as = ""
version_file = "../VERSION.yaml"
with open(version_file) as r:
version_yaml = yaml.load(r, Loader=yaml.SafeLoader)
-
+
if args.xccdf:
export_as = "xccdf"
-
+
if args.oval:
export_as = "oval"
if "ios" in version_yaml['cpe']:
@@ -118,10 +118,10 @@ def generate_scap(all_rules, all_baselines, args):
output = "../build/macOS_{0}_Security_Compliance_Benchmark-{1}".format(version_yaml['os'],filenameversion)
if "ios" in version_yaml['cpe']:
output = "../build/iOS_{0}_Security_Compliance_Benchmark-{1}".format(version_yaml['os'],filenameversion)
-
+
if export_as == "xccdf":
output = output + "_xccdf.xml"
-
+
if export_as == "oval":
output = output + "_oval.xml"
@@ -159,8 +159,8 @@ def generate_scap(all_rules, all_baselines, args):
{4} {1}: Security Configuration
-
-
+
+
Security Content Automation Protocol
National Institute of Standards and Technology
@@ -207,8 +207,8 @@ def generate_scap(all_rules, all_baselines, args):
macOS {1}: Security Configuration
-
-
+
+
Security Content Automation Protocol
National Institute of Standards and Technology
@@ -228,32 +228,32 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(date_time_string, version_yaml['os'], version_yaml['cpe'], version_yaml['version'],date_time_string.split("T")[0] + "Z")
generated_baselines = {}
-
+
for rule in all_rules:
-
+
if glob.glob('../custom/rules/**/{}.yaml'.format(rule),recursive=True):
rule_file = glob.glob('../custom/rules/**/{}.yaml'.format(rule),recursive=True)[0]
custom=True
-
+
elif glob.glob('../rules/*/{}.yaml'.format(rule)):
rule_file = glob.glob('../rules/*/{}.yaml'.format(rule))[0]
custom=False
odv_label = str()
og_rule_yaml = get_rule_yaml(rule_file, custom)
-
+
loop = 1
if "odv" in og_rule_yaml:
loop = len(og_rule_yaml['odv'])
-
+
if args.baseline != "None":
loop = 1
for a in range(0, loop):
-
+
rule_yaml = get_rule_yaml(rule_file, custom)
- try:
-
+ try:
+
# # odv_label = list(rule_yaml['odv'].keys())[a]
# # odv_label.remove('hint')
if args.baseline != "None":
@@ -265,27 +265,27 @@ def generate_scap(all_rules, all_baselines, args):
else:
odv_label = list(rule_yaml['odv'].keys())[a]
-
-
+
+
# if odv_label == "hint":
# continue
-
-
+
+
odv_value = str(rule_yaml['odv'][odv_label])
rule_yaml['title'] = rule_yaml['title'].replace("$ODV",str(odv_value))
rule_yaml['discussion'] = rule_yaml['discussion'].replace("$ODV",odv_value)
rule_yaml['check'] = rule_yaml['check'].replace("$ODV",odv_value)
-
+
rule_yaml['fix'] = rule_yaml['fix'].replace("$ODV",odv_value)
-
-
- for result_value in rule_yaml['result']:
- if "$ODV" == rule_yaml['result'][result_value]:
- rule_yaml['result'][result_value] = rule_yaml['result'][result_value].replace("$ODV",odv_value)
-
-
+
+ if "result" in rule_yaml:
+ for result_value in rule_yaml['result']:
+ if "$ODV" == rule_yaml['result'][result_value]:
+ rule_yaml['result'][result_value] = rule_yaml['result'][result_value].replace("$ODV",odv_value)
+
+
if rule_yaml['mobileconfig_info']:
for mobileconfig_type in rule_yaml['mobileconfig_info']:
if isinstance(rule_yaml['mobileconfig_info'][mobileconfig_type], dict):
@@ -295,30 +295,30 @@ def generate_scap(all_rules, all_baselines, args):
except:
odv_label = "recommended"
-
+
for baseline in all_baselines:
found_rules = []
for tag in rule_yaml['tags']:
if tag == baseline:
if odv_label != "recommended" and odv_label == tag or odv_label == "custom":
-
+
if baseline in generated_baselines:
generated_baselines[baseline].append(rule_yaml['id'] + "_" + odv_label)
else:
generated_baselines[baseline] = [rule_yaml['id'] + "_" + odv_label]
continue
elif odv_label == "recommended" or odv_label == "custom":
-
+
if "odv" in rule_yaml:
if baseline not in rule_yaml['odv']:
if baseline in generated_baselines:
-
+
generated_baselines[baseline].append(rule_yaml['id'] + "_" + odv_label)
else:
generated_baselines[baseline] = [rule_yaml['id'] + "_" + odv_label]
else:
if baseline in generated_baselines:
-
+
generated_baselines[baseline].append(rule_yaml['id'] + "_" + odv_label)
else:
generated_baselines[baseline] = [rule_yaml['id'] + "_" + odv_label]
@@ -347,7 +347,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x)
references = str()
-
+
if "800-53r5" in rule_yaml['references'] and rule_yaml['references']['800-53r5'][0] != "N/A":
references = references + "NIST SP 800-53r5: "
for nist80053 in rule_yaml['references']['800-53r5']:
@@ -379,13 +379,13 @@ def generate_scap(all_rules, all_baselines, args):
for v8controls in rule_yaml['references']['cis']['controls v8']:
references = references + str(v8controls) + ", "
references = references[:-2] + ""
-
+
for k,v in rule_yaml['references'].items():
if k == "cci" or k == "srg":
continue
if k == "custom":
-
-
+
+
for i,u in rule_yaml['references']['custom'].items():
references = references + '{0}: '.format(i)
for refs in rule_yaml['references']['custom'][i]:
@@ -407,9 +407,9 @@ def generate_scap(all_rules, all_baselines, args):
{2}
{3}
-
+
{4}
-
+
{5}{9}
{6}
{7}
@@ -426,19 +426,19 @@ def generate_scap(all_rules, all_baselines, args):
{2}
{3}
-
+
{4}
-
+
{5}{8}
{6}
{7}
-
+
'''.format(rule_yaml['id'] + "_" + odv_label, severity, rule_yaml['title'], rule_yaml['discussion'].replace("<","<").replace(">",">").replace("&","&").rstrip(), rule_yaml['check'].replace("<","<").replace(">",">").replace("&","&").rstrip(), result, cce,rule_yaml['fix'].replace("<","<").replace(">",">").replace("&","&") + "\n" + mobileconfig_info, references)
continue
+
-
-
+
if "inherent" in rule_yaml['tags'] or "n_a" in rule_yaml['tags'] or "permanent" in rule_yaml['tags']:
xccdf_rules = replace_ocil(xccdf_rules,x)
x += 1
@@ -495,13 +495,13 @@ def generate_scap(all_rules, all_baselines, args):
continue
if "os_home_folders_secure" in rule_yaml['id']:
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
@@ -517,7 +517,7 @@ def generate_scap(all_rules, all_baselines, args):
-
+
@@ -551,24 +551,24 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,x+999)
x = x + 1
continue
-
+
if rule_yaml['mobileconfig']:
if "spctl" in rule_yaml['check']:
-
+
if "verbose" in rule_yaml['check']:
xccdf_rules = replace_ocil(xccdf_rules,x)
x = x + 1
continue
else:
-
+
oval_definition = oval_definition + '''
-
-
+
+
{}
- {}
-
+ {}
+
@@ -590,28 +590,28 @@ def generate_scap(all_rules, all_baselines, args):
true
'''.format(rule_yaml['id'] + "_" + odv_label,x)
-
+
x += 1
continue
-
+
for payload_type, info in rule_yaml['mobileconfig_info'].items():
if payload_type == "com.apple.systempolicy.control":
continue
if payload_type == "com.apple.ManagedClient.preferences":
for payload_domain, settings in info.items():
oval_definition = oval_definition + '''
-
-
+
+
{}
- {}
+ {}
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip())
if len(settings) > 1:
oval_definition = oval_definition + ''''''
else:
oval_definition = oval_definition + ''''''
-
+
for key, value in settings.items():
state_kind = ""
if type(value) == bool:
@@ -620,7 +620,7 @@ def generate_scap(all_rules, all_baselines, args):
state_kind = "int"
elif type(value) == str:
state_kind = "string"
-
+
dz = d + 5000
oval_definition = oval_definition + ''''''.format(rule_yaml['id'] + '_' + odv_label + "_" + str(d), dz)
@@ -629,11 +629,11 @@ def generate_scap(all_rules, all_baselines, args):
-
-
+
+
'''.format(rule_yaml['id'] + "_" + odv_label + "_" + str(d),dz,dz,dz)
if payload_domain == "com.apple.dock":
-
+
oval_object = oval_object + '''
/Library/Preferences/com.apple.loginwindow.plist
@@ -661,8 +661,8 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_" + odv_label,dz,payload_domain,key)
-
-
+
+
oval_state = oval_state + '''
{}
@@ -677,19 +677,19 @@ def generate_scap(all_rules, all_baselines, args):
if key == "familyControlsEnabled":
xpath_search = ""
if len(info) > 1:
-
+
xpath_search = info['pathBlackList']
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
-
+ {}
+
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x)
@@ -706,28 +706,28 @@ def generate_scap(all_rules, all_baselines, args):
boolean(plist/dict/array/string/text() = "{}")
'''.format(rule_yaml['id'] + "_" + odv_label,x,str(xpath_search).replace('[',"").replace(']',"").replace("'",""))
-
+
oval_state = oval_state + '''
true
'''.format(rule_yaml['id'] + "_" + odv_label,x)
-
+
x = x + 1
continue
else:
-
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
-
+ {}
+
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x)
@@ -741,7 +741,7 @@ def generate_scap(all_rules, all_baselines, args):
oval_object = oval_object + '''
/Library/Managed Preferences/{}.plist'''.format(rule_yaml['id'] + "_" + odv_label,x,payload_type)
-
+
state_kind = ""
if type(value) == bool:
oval_object = oval_object + '''
@@ -769,16 +769,16 @@ def generate_scap(all_rules, all_baselines, args):
continue
if payload_type == "com.apple.finder":
oval_definition = oval_definition + '''
-
-
+
+
{}
- {}
-
-
+ {}
+
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x)
@@ -797,7 +797,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x+1999,rule_yaml['id'] + "_" + odv_label,x,x)
-
+
state_kind = ""
if type(value) == bool:
oval_object = oval_object + '''
@@ -822,7 +822,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_" + odv_label,x,state_kind,value)
- oval_variable = oval_variable + '''
+ oval_variable = oval_variable + '''
/Library/Managed Preferences/
@@ -832,19 +832,19 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,x+1999)
x += 1
continue
-
+
if payload_type == "com.apple.DiscRecording":
oval_definition = oval_definition + '''
-
-
+
+
{}
- {}
-
-
+ {}
+
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x)
@@ -863,7 +863,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x+1999,rule_yaml['id'] + "_" + odv_label,x,x)
-
+
state_kind = ""
if type(value) == bool:
oval_object = oval_object + '''
@@ -888,7 +888,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_" + odv_label,x,state_kind,value)
- oval_variable = oval_variable + '''
+ oval_variable = oval_variable + '''
/Library/Managed Preferences/
@@ -897,19 +897,19 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,x+1999)
x += 1
- continue
+ continue
if payload_type == "com.apple.Safari" and key == "AutoOpenSafeDownloads":
oval_definition = oval_definition + '''
-
-
+
+
{}
- {}
-
-
+ {}
+
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x)
@@ -928,7 +928,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x+1999,rule_yaml['id'] + "_" + odv_label,x,x)
-
+
state_kind = ""
if type(value) == bool:
oval_object = oval_object + '''
@@ -953,7 +953,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_" + odv_label,x,state_kind,value)
- oval_variable = oval_variable + '''
+ oval_variable = oval_variable + '''
/Library/Managed Preferences/
@@ -962,20 +962,20 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,x+1999)
x += 1
- continue
- if payload_type == "com.apple.systempreferences" and key == "DisabledPreferencePanes" or payload_type == "com.apple.systempreferences" and key == "HiddenPreferencePanes" or payload_type == "com.apple.systempreferences" and key == "DisabledSystemSettings":
-
+ continue
+ if payload_type == "com.apple.systempreferences" and key == "DisabledPreferencePanes" or payload_type == "com.apple.systempreferences" and key == "HiddenPreferencePanes" or payload_type == "com.apple.systempreferences" and key == "DisabledSystemSettings":
+
oval_definition = oval_definition + '''
-
-
+
+
{}
- {}
-
-
+ {}
+
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x)
@@ -994,19 +994,19 @@ def generate_scap(all_rules, all_baselines, args):
/plist/dict/key[string()="{}"]/following-sibling::*[1]/string[string()="{}"]/text()
-
+
'''.format(x+1999,rule_yaml['id'] + "_" + odv_label,x,x,key,str(value).strip('[]').strip("'"))
-
-
+
+
oval_state = oval_state + '''
-
+
{}
-
+
'''.format(rule_yaml['id'] + "_" + odv_label,x,str(value).strip('[]').strip("'"))
- oval_variable = oval_variable + '''
+ oval_variable = oval_variable + '''
/Library/Managed Preferences/
@@ -1026,20 +1026,20 @@ def generate_scap(all_rules, all_baselines, args):
elif type(value) == str:
state_kind = "string"
else:
-
+
continue
-
+
oval_definition = oval_definition + '''
-
-
+
+
{}
- {}
-
-
+ {}
+
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x)
@@ -1050,11 +1050,11 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_" + odv_label,x,x,x)
-
+
oval_object = oval_object + '''
/Library/Managed Preferences/{}.plist'''.format(rule_yaml['id'] + "_" + odv_label,x,payload_type)
-
+
if state_kind == "boolean":
oval_object = oval_object + '''
name(//*[contains(text(), "{}")]/following-sibling::*[1])
@@ -1063,7 +1063,7 @@ def generate_scap(all_rules, all_baselines, args):
oval_object = oval_object + '''
//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(key)
-
+
oval_state = oval_state + '''
{}
@@ -1080,14 +1080,14 @@ def generate_scap(all_rules, all_baselines, args):
continue
if "SPStorageDataType" in rule_yaml['check']:
-
+
print(rule_yaml['id'] + " - No relevant oval test")
xccdf_rules = replace_ocil(xccdf_rules,x)
x += 1
continue
try:
if "fdesetup" in command[3]:
-
+
print(rule_yaml['id'] + " - No relevant oval test")
xccdf_rules = replace_ocil(xccdf_rules,x)
x += 1
@@ -1098,18 +1098,18 @@ def generate_scap(all_rules, all_baselines, args):
if "profiles" in command[3]:
if "/usr/bin/profiles status -type enrollment" in rule_yaml['check']:
oval_definition = oval_definition + '''
-
-
+
+
{}
- {}
-
+ {}
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],x,x+899,x+799)
oval_test = oval_test + '''
@@ -1140,19 +1140,19 @@ def generate_scap(all_rules, all_baselines, args):
try:
if "csrutil" in command[3]:
if "authenticated-root" in command[3]:
-
+
print(rule_yaml['id'] + " - No relevant oval test")
xccdf_rules = replace_ocil(xccdf_rules,x)
x += 1
continue
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
@@ -1216,21 +1216,21 @@ def generate_scap(all_rules, all_baselines, args):
try:
if "pmset" in command[3] and "standby" in rule_yaml['check']:
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] +"_standbydelayhigh",x, rule_yaml['id'] +"_standbydelaylow",x+877, rule_yaml['id'] +"_highstandbythreshold",x+888)
-
-
+
+
oval_test = oval_test + '''
@@ -1242,14 +1242,14 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_standbydelaylow",x+877,x+877,x+877)
-
+
oval_test = oval_test + '''
'''.format(rule_yaml['id'] + "_highstandbythreshold",x+888,x+888,x+888)
-
+
standbydelayhigh = str()
standbydelaylow = str()
highstandbythreshold = str()
@@ -1263,7 +1263,7 @@ def generate_scap(all_rules, all_baselines, args):
standbydelaylow = line.split(" ")[-1].rstrip()
if "highstandbythreshold" in line:
highstandbythreshold = line.split(" ")[-1].rstrip()
-
+
oval_object = oval_object + '''
SPHardwareDataType
@@ -1271,7 +1271,7 @@ def generate_scap(all_rules, all_baselines, args):
//*[contains(text(), "platform_UUID")]/following-sibling::string[position()=1]/text()
'''.format("hardware UUID",x+999)
- oval_variable = oval_variable + '''
+ oval_variable = oval_variable + '''
/Library/Preferences/com.apple.PowerManagement.
@@ -1283,16 +1283,16 @@ def generate_scap(all_rules, all_baselines, args):
oval_object = oval_object + '''
'''.format(rule_yaml['id'] + "_standbydelayhigh",x,x)
-
+
oval_object = oval_object + '''
boolean(plist/dict[key="AC Power"]/dict[key="{}"]/integer/text() = "{}")
'''.format("High Standby Delay",standbydelayhigh)
-
+
oval_object = oval_object + '''
'''.format(rule_yaml['id'] + "_standbydelaylow",x+877, x)
-
+
oval_object = oval_object + '''
boolean(plist/dict[key="AC Power"]/dict[key="{}"]/integer/text() = "{}")
'''.format("Standby Delay",standbydelaylow)
@@ -1300,11 +1300,11 @@ def generate_scap(all_rules, all_baselines, args):
oval_object = oval_object + '''
'''.format(rule_yaml['id'] + "_highstandbythreshold",x+888, x)
-
+
oval_object = oval_object + '''
boolean(plist/dict[key="AC Power"]/dict[key="{}"]/integer/text() = "{}")
'''.format("Standby Battery Threshold",highstandbythreshold)
-
+
oval_state = oval_state + '''
true
@@ -1325,29 +1325,29 @@ def generate_scap(all_rules, all_baselines, args):
except:
pass
if "sudo -V" in rule_yaml['check']:
-
-
+
+
if "grep" in rule_yaml['check'].split("|")[1]:
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label, x, rule_yaml['id'] + "_" + odv_label,x+5051)
-
+
oval_test = oval_test + '''
'''.format(x, rule_yaml['id'] + "_" + odv_label, x)
-
+
oval_test = oval_test + '''
@@ -1355,7 +1355,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x+5051, rule_yaml['id'] + "_" + odv_label, x+5051)
check_string = rule_yaml['fix'].split("echo")[1].split('"')[1]
-
+
oval_object = oval_object + '''
@@ -1373,21 +1373,21 @@ def generate_scap(all_rules, all_baselines, args):
{}
1
'''.format(x+5051, rule_yaml['id'] + "_" + odv_label, check_string)
-
-
+
+
x = x + 1
continue
if "awk" in rule_yaml['check'].split("|")[1]:
if "timestamp_type" in rule_yaml['fix'] and rule_yaml['result']['string'] == "tty":
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
@@ -1395,13 +1395,13 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label, x+8000, rule_yaml['id'] + "_" + odv_label,x+8001, rule_yaml['id'] + "_" + odv_label,x+8002,rule_yaml['id'] + "_" + odv_label,x+8003)
-
+
oval_test = oval_test + '''
'''.format(x, rule_yaml['id'] + "_" + odv_label, x)
-
+
oval_test = oval_test + '''
@@ -1420,7 +1420,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x+8002, rule_yaml['id'] + "_" + odv_label, x+8002)
-
+
oval_object = oval_object + '''
@@ -1459,27 +1459,27 @@ def generate_scap(all_rules, all_baselines, args):
continue
else:
check_string = "Defaults.*.timestamp_type={}".format(rule_yaml['result']['string'])
-
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label, x+8000, rule_yaml['id'] + "_" + odv_label,x+8001, rule_yaml['id'] + "_" + odv_label,x+8002,rule_yaml['id'] + "_" + odv_label,x+8003)
-
+
oval_test = oval_test + '''
'''.format(x, rule_yaml['id'] + "_" + odv_label, x)
-
+
oval_test = oval_test + '''
@@ -1494,7 +1494,7 @@ def generate_scap(all_rules, all_baselines, args):
1
'''.format(x, rule_yaml['id'] + "_" + odv_label, check_string)
-
+
oval_object = oval_object + '''
@@ -1508,28 +1508,28 @@ def generate_scap(all_rules, all_baselines, args):
continue
if "ssh_config" in rule_yaml['discussion'] and "dscl" in rule_yaml['check']:
-
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label, x+5000, rule_yaml['id'] + "_" + odv_label,x+5001)
-
+
oval_test = oval_test + '''
'''.format(x, rule_yaml['id'] + "_" + odv_label, x)
-
+
oval_test = oval_test + '''
@@ -1545,9 +1545,9 @@ def generate_scap(all_rules, all_baselines, args):
matchy_match = ""
for matchNum, match in enumerate(matches, start=1):
matchy_match = match.group()
-
+
ssh_config_pattern = matchy_match.split('"')[1]
-
+
oval_object = oval_object + '''
@@ -1566,21 +1566,21 @@ def generate_scap(all_rules, all_baselines, args):
{}
1
'''.format(x+5000, rule_yaml['id'] + "_" + odv_label, ssh_config_pattern)
-
+
oval_object = oval_object + '''
{}
1
-
+
-
+
.*
oval:mscp:ste:{}
'''.format(x+5001,rule_yaml['id'] + "_" + odv_label,x,ssh_config_pattern,x+999,x+999)
-
+
oval_state = oval_state + '''
^[^_\s].*
@@ -1600,34 +1600,34 @@ def generate_scap(all_rules, all_baselines, args):
continue
if "sshd -T" in rule_yaml['check'] and "fips" in rule_yaml['check'] or "sshd -G" in rule_yaml['check'] and "fips" in rule_yaml['check']:
fipslist = rule_yaml['check'].split("\n")[0].split("(")[1].replace(")","").replace('" "',"\n").replace('"',"")
-
-
+
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label, x+5000, rule_yaml['id'] + "_" + odv_label,x+5001)
-
+
oval_test = oval_test + '''
'''.format(x, rule_yaml['id'] + "_" + odv_label, x)
-
+
oval_test = oval_test + '''
'''.format(x+5000, rule_yaml['id'] + "_" + odv_label, x+5000)
-
+
oval_object = oval_object + '''
@@ -1645,38 +1645,38 @@ def generate_scap(all_rules, all_baselines, args):
{}
1
'''.format(x+5000, rule_yaml['id'] + "_" + odv_label, fipslist)
-
+
x = x + 1
-
+
continue
if "sshd -T" in rule_yaml['check'] or "sshd -G" in rule_yaml['check']:
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label, x+5000, rule_yaml['id'] + "_" + odv_label,x+5001)
-
+
oval_test = oval_test + '''
'''.format(x, rule_yaml['id'] + "_" + odv_label, x)
-
+
oval_test = oval_test + '''
'''.format(x+5000, rule_yaml['id'] + "_" + odv_label, x+5000)
sshd_config_pattern = ""
- if "grep" in rule_yaml['check']:
+ if "grep" in rule_yaml['check']:
regex = r"(?<=grep).*$"
matches = re.finditer(regex, rule_yaml['check'], re.MULTILINE)
matchy_match = ""
@@ -1687,12 +1687,12 @@ def generate_scap(all_rules, all_baselines, args):
sshd_config_pattern = matchy_match.split('"')[1]
elif "'" in matchy_match:
sshd_config_pattern = matchy_match.split("'")[1]
-
+
if "awk" in rule_yaml['check']:
matchy_match = rule_yaml['check'].split("'")[1].split("/")[1]
for item in rule_yaml['result']:
sshd_config_pattern = matchy_match + " " + str(rule_yaml['result'][item])
-
+
oval_object = oval_object + '''
@@ -1710,32 +1710,32 @@ def generate_scap(all_rules, all_baselines, args):
{}
1
'''.format(x+5000, rule_yaml['id'] + "_" + odv_label, sshd_config_pattern)
-
-
+
+
x = x + 1
continue
try:
if "pmset" in command[3]:
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x)
-
+
oval_test = oval_test + '''
'''.format(rule_yaml['id'] + "_" + odv_label,x,x,x)
-
+
oval_object = oval_object + '''
/Library/Preferences/com.apple.PowerManagement.plist'''.format(rule_yaml['id'] + "_" + odv_label,x)
@@ -1759,13 +1759,13 @@ def generate_scap(all_rules, all_baselines, args):
pass
if "socketfilterfw" in rule_yaml['check']:
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
@@ -1802,13 +1802,13 @@ def generate_scap(all_rules, all_baselines, args):
if "systemsetup" in command[3]:
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
@@ -1826,9 +1826,9 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_" + odv_label,x)
state_test = ""
if "-getnetworktimeserver" in rule_yaml['check']:
-
+
timeservers = rule_yaml['result']['string']
-
+
state_test = '''
{}
'''.format(timeservers)
@@ -1843,7 +1843,7 @@ def generate_scap(all_rules, all_baselines, args):
abc = 0
if "defaults" in rule_yaml['check'] and "grep" in rule_yaml['check'] and "CURRENT_USER" in rule_yaml['check']:
-
+
regex = r"(?<=\()(.*?)(?=\))"
test_str = rule_yaml['check'].split("grep")[1]
@@ -1852,25 +1852,25 @@ def generate_scap(all_rules, all_baselines, args):
matchy_match = ""
for matchNum, match in enumerate(matches, start=1):
matchy_match = match.group()
-
-
+
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x)
-
+
for multi_grep in matchy_match.split("|"):
-
+
oval_definition = oval_definition + '''
'''.format(rule_yaml['id']+"_"+str(abc),x)
-
+
oval_test = oval_test + '''
@@ -1880,7 +1880,7 @@ def generate_scap(all_rules, all_baselines, args):
key = matchy_match.split("|")[abc].split(" = ")[0].replace("\"","")
value = matchy_match.split("|")[abc].split(" = ")[1].replace(";","")
if "$CURRENT_USER" in rule_yaml['check']:
-
+
oval_object = oval_object + '''
@@ -1898,18 +1898,18 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x+1999)
plist = rule_yaml['check'].split("read")[1].split()[0].replace(".plist","")
-
+
oval_variable = oval_variable + '''
- /Library/Preferences/{}.
+ /Library/Preferences/{}.
plist
'''.format(x,x+1999,plist)
-
+
oval_object = oval_object + '''
'''.format(rule_yaml['id']+"_"+str(abc),x,x)
@@ -1917,8 +1917,8 @@ def generate_scap(all_rules, all_baselines, args):
oval_datatype = ""
try:
int(value)
-
- oval_datatype = "int"
+
+ oval_datatype = "int"
oval_object = oval_object + '''
//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(key)
@@ -1937,28 +1937,28 @@ def generate_scap(all_rules, all_baselines, args):
{}
'''.format(rule_yaml['id']+"_"+str(abc),x,oval_datatype,value)
-
+
abc =+ 1
x = x+1
oval_definition = oval_definition + '''
'''
oval_definition = re.sub('(?=\n\[NOTE\])(?s)(.*)\=\n<', '<', oval_definition)
-
+
x = x+1
break
-
+
if "defaults" in rule_yaml['check']:
-
+
if rule_yaml['id'] == "system_settings_hot_corners_secure" or rule_yaml['id'] == "sysprefs_hot_corners_secure":
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
@@ -1966,7 +1966,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label,x+5000,rule_yaml['id'] + "_" + odv_label,x+5001,rule_yaml['id'] + "_" + odv_label,x+5002)
-
+
oval_test = oval_test + '''
@@ -1994,44 +1994,44 @@ def generate_scap(all_rules, all_baselines, args):
plist = rule_yaml['check'].split("read")[1].split()[0].replace(".plist","")
check_length = len(rule_yaml['check'].split())
key = rule_yaml['check'].split("\n")[0].replace(" 2>/dev/null","").split()[-1].replace('"','').replace(")",'')
-
+
oval_object = oval_object + '''
.*
oval:mscp:ste:{}
-
+
-
+
'''.format(x+1999,x+1999,rule_yaml['id'] + "_" + odv_label,x,x)
oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text()
- '''.format(key)
+ '''.format(key)
key = rule_yaml['check'].split("\n")[1].replace(" 2>/dev/null","").split()[-1].replace('"','').replace(")",'')
-
+
oval_object = oval_object + '''
-
+
'''.format(rule_yaml['id'] + "_" + odv_label,x+5000,x)
oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(key)
key = rule_yaml['check'].split("\n")[2].replace(" 2>/dev/null","").split()[-1].replace('"','').replace(")",'')
-
+
oval_object = oval_object + '''
-
+
'''.format(rule_yaml['id'] + "_" + odv_label,x+5001,x)
oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(key)
key = rule_yaml['check'].split("\n")[3].replace(" 2>/dev/null","").split()[-1].replace('"','').replace(")",'')
-
+
oval_object = oval_object + '''
-
+
'''.format(rule_yaml['id'] + "_" + odv_label,x+5002,x)
oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(key)
@@ -2043,8 +2043,8 @@ def generate_scap(all_rules, all_baselines, args):
0
/usr/bin/false
'''.format(x+1999)
-
-
+
+
after_user = plist.split('"')[2]
oval_variable = oval_variable + '''
@@ -2056,10 +2056,10 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,x+1999,after_user,x+999)
try:
check_if = rule_yaml['check'].split("\n")[5]
-
+
modifier = 0
for n in check_if.split():
-
+
if n.replace('"',"").isdigit():
if modifier >= 4999:
modifier = modifier + 1
@@ -2070,25 +2070,25 @@ def generate_scap(all_rules, all_baselines, args):
modifier = 4999
x = x + 1
continue
- except:
- x = x + 1
+ except:
+ x = x + 1
continue
-
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x)
-
+
oval_test = oval_test + '''
@@ -2096,9 +2096,9 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_" + odv_label,x,x,x)
plist = rule_yaml['check'].split("read")[1].split()[0].replace(".plist","")
-
+
if "ByHost" in rule_yaml['fix'] or "currentHost" in rule_yaml['fix']:
-
+
oval_object = oval_object + '''
SPHardwareDataType
@@ -2107,28 +2107,28 @@ def generate_scap(all_rules, all_baselines, args):
'''.format("hardware UUID",x+999)
if "$CURRENT_USER" in rule_yaml['check']:
-
-
+
+
check_length = len(rule_yaml['check'].split())
key = rule_yaml['check'].split()[check_length-1]
-
+
oval_object = oval_object + '''
.*
oval:mscp:ste:{}
-
+
-
+
'''.format(x+1999,x+1999,rule_yaml['id'] + "_" + odv_label,x,x)
-
- try:
+
+ try:
rule_yaml['result']['boolean']
oval_object = oval_object + '''
name(//*[contains(text(), "{}")]/following-sibling::*[1])
'''.format(key)
except:
-
+
oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(key)
oval_state = oval_state + '''
@@ -2138,7 +2138,7 @@ def generate_scap(all_rules, all_baselines, args):
0
/usr/bin/false
'''.format(x+1999)
-
+
oval_variable = oval_variable + '''
@@ -2149,10 +2149,10 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,x+1999,plist,x+999)
-
+
else:
-
+
check_length = len(rule_yaml['check'].split())
key = rule_yaml['check'].replace(" 2>/dev/null","").split()[check_length-1]
@@ -2170,8 +2170,8 @@ def generate_scap(all_rules, all_baselines, args):
oval_object = oval_object + '''
//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(key)
-
- oval_variable = oval_variable + '''
+
+ oval_variable = oval_variable + '''
{}.
@@ -2179,30 +2179,30 @@ def generate_scap(all_rules, all_baselines, args):
.plist
'''.format(x,plist,x+999)
-
+
elif "$CURRENT_USER" in rule_yaml['check']:
-
-
+
+
check_length = len(rule_yaml['check'].split())
key = rule_yaml['check'].replace(" 2>/dev/null","").split()[-1]
-
+
oval_object = oval_object + '''
.*
oval:mscp:ste:{}
-
+
-
+
'''.format(x+1999,x+1999,rule_yaml['id'] + "_" + odv_label,x,x)
-
- try:
+
+ try:
rule_yaml['result']['boolean']
oval_object = oval_object + '''
name(//*[contains(text(), "{}")]/following-sibling::*[1])
'''.format(key)
except:
-
+
oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(key)
oval_state = oval_state + '''
@@ -2212,7 +2212,7 @@ def generate_scap(all_rules, all_baselines, args):
0
/usr/bin/false
'''.format(x+1999)
-
+
oval_variable = oval_variable + '''
@@ -2223,15 +2223,15 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,x+1999,plist,x+999)
else:
-
+
if plist[-6:] != ".plist":
plist = plist + ".plist"
-
+
plist_key = rule_yaml['check'].replace(" 2>/dev/null","").split(" ")[3].rstrip()
oval_object = oval_object + '''
{}'''.format(rule_yaml['id'] + "_" + odv_label,x,plist)
-
+
try:
rule_yaml['result']['boolean']
oval_object = oval_object + '''
@@ -2241,8 +2241,8 @@ def generate_scap(all_rules, all_baselines, args):
oval_object = oval_object + '''
//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(plist_key)
-
-
+
+
datatype = ""
plist_key = rule_yaml['check'].split(" ")[3].rstrip()
for key in rule_yaml['result']:
@@ -2259,20 +2259,20 @@ def generate_scap(all_rules, all_baselines, args):
value = "true"
else:
value = rule_yaml['result'][datatype]
-
+
oval_state = oval_state + '''
{}
'''.format(rule_yaml['id'] + "_" + odv_label,x,oval_datatype,value)
oval_definition = re.sub('(?=\n\[NOTE\])(?s)(.*)\=\n<', '<', oval_definition)
x = x+1
-
+
continue
try:
if "security" in command[3]:
if rule_yaml['check'].split()[1] == "authorizationdb":
check = rule_yaml['check'].split("|")
-
+
authdb = rule_yaml['check'].split()[3]
if len(check) > 2:
@@ -2280,18 +2280,18 @@ def generate_scap(all_rules, all_baselines, args):
key = str(matches).replace("[","").replace("]","").replace("'","")
length = len(check[2].split())
-
+
last_string = check[2].split()[length-1].replace('"',"").replace("<","").replace(">","").replace("/","")
-
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
@@ -2303,7 +2303,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_" + odv_label,x,x,x)
-
+
oval_object = oval_object + '''
{}
@@ -2312,20 +2312,20 @@ def generate_scap(all_rules, all_baselines, args):
oval_state = oval_state + '''
-
+
true
'''.format(rule_yaml['id'] + "_" + odv_label,x)
else:
key = (check[1].split()[2].replace("'",""))
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
@@ -2347,7 +2347,7 @@ def generate_scap(all_rules, all_baselines, args):
{}
'''.format(rule_yaml['id'] + "_" + odv_label,x,key)
-
+
else:
if "authorizationdb" in rule_yaml['check']:
regex = r"=\(.*.\)"
@@ -2355,19 +2355,19 @@ def generate_scap(all_rules, all_baselines, args):
matches = re.finditer(regex, rule_yaml['check'], re.MULTILINE)
for matchNum, match in enumerate(matches, start=1):
matchy_match = match.group().replace('=(',"").replace(")","").replace('"','').split()
-
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'])
for match in matchy_match:
-
+
oval_definition = oval_definition + '''
'''.format(rule_yaml['id'] + "+" + match, x)
@@ -2378,7 +2378,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(match,x,x,x)
key="shared"
value=""
- if "false" in rule_yaml["check"]:
+ if "false" in rule_yaml["check"]:
value="false"
else:
value="true"
@@ -2391,11 +2391,11 @@ def generate_scap(all_rules, all_baselines, args):
oval_state = oval_state + '''
-
+
true
'''.format(match,x)
x += 1
-
+
oval_definition = oval_definition + ""
x += 1
continue
@@ -2403,17 +2403,17 @@ def generate_scap(all_rules, all_baselines, args):
pass
if "/bin/rm" in rule_yaml['fix'] and "/bin/ls" in rule_yaml['check']:
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
-
+ {}
+
+
-
-
+
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x)
oval_test = oval_test + '''
@@ -2421,11 +2421,11 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,rule_yaml['id'] + "_" + odv_label,x)
path = rule_yaml['fix'].split("----")[1].split(" ")[-1]
-
+
oval_object = oval_object + '''
{}
-
+
'''.format(x,rule_yaml['id'] + "_" + odv_label,path.rstrip())
x += 1
continue
@@ -2433,20 +2433,20 @@ def generate_scap(all_rules, all_baselines, args):
try:
if "ls" in command[2] or "stat" in command[3].split()[0]:
if '/Library/Security/PolicyBanner.rtf' in rule_yaml['check']:
-
-
+
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
-
+ {}
+
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label,x+2999)
oval_test = oval_test + '''
@@ -2460,33 +2460,33 @@ def generate_scap(all_rules, all_baselines, args):
oval_object = oval_object + '''
/Library/Security/PolicyBanner.rtf
-
+
/Library/Security/PolicyBanner.rtfd
-
+
'''.format(x,rule_yaml['id'] + "_" + odv_label,x+2999,rule_yaml['id'])
x = x + 1
continue
-
+
s = rule_yaml['check']
config_file = str()
oval_variable_need = bool()
if "grep" in s.split()[2]:
-
-
+
+
oval_variable_need = True
grep_search = re.search('\((.*?)\)', s).group(1)
-
+
substring = grep_search.split("|")[0]
regex = re.search('\'(.*?)\'', substring).group(1)
-
+
try:
regex = re.search('/(.*?)/', regex).group(1)
except:
regex = regex
- config_file = substring = grep_search.split("|")[0].split()[-1]
+ config_file = substring = grep_search.split("|")[0].split()[-1]
oval_object = oval_object + '''
@@ -2500,7 +2500,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,rule_yaml['id'] + "_" + odv_label,x+999)
-
+
else:
oval_variable_need = False
config_file = s.split()[2]
@@ -2508,20 +2508,20 @@ def generate_scap(all_rules, all_baselines, args):
s = rule_yaml['fix']
fix_command = re.search('-\n(.*?)\n-', s).group(1).split('$')[0]
-
+
oval_definition = oval_definition + '''
-
-
-
- {}
+
+
+
+ {}
- {}
-
-
+ {}
+
+
-
-
+
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x)
oval_test = oval_test + '''
@@ -2529,7 +2529,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,rule_yaml['id'] + "_" + odv_label,x,x)
-
+
if "-" in fix_command and "R" in fix_command or rule_yaml['fix'].split("\n")[2][-1] == "*":
behavior = ''
if "audit" in rule_yaml['id']:
@@ -2550,30 +2550,30 @@ def generate_scap(all_rules, all_baselines, args):
{}
{}
-
+
'''.format(rule_yaml['id'] + "_" + odv_label,x,behavior,config_file)
state_test = ""
if "-" in fix_command and "N" in fix_command and "chmod" in fix_command:
state_test = '''
false
'''
-
+
elif "chgrp" in fix_command:
state_test = '''
{}
'''.format(rule_yaml['result']['integer'])
elif "chown" in fix_command:
-
+
state_test = '''
{}
'''.format(rule_yaml['result']['integer'])
-
+
elif "chmod" in fix_command:
-
+
perms = fix_command.split()[1]
-
+
if perms[0] == "0":
state_test = '''
false
@@ -2595,7 +2595,7 @@ def generate_scap(all_rules, all_baselines, args):
true
true'''
elif perms[0] == "4":
-
+
state_test = '''
true
false
@@ -2615,7 +2615,7 @@ def generate_scap(all_rules, all_baselines, args):
true
true
true'''
-
+
if perms[1] == "0":
state_test = state_test + '''
false
@@ -2637,7 +2637,7 @@ def generate_scap(all_rules, all_baselines, args):
true
true'''
elif perms[1] == "4":
-
+
state_test = state_test + '''
true
false
@@ -2659,11 +2659,11 @@ def generate_scap(all_rules, all_baselines, args):
true'''
if perms[2] == "0":
-
+
state_test = state_test + '''
false
false
- false'''
+ false'''
if perms[2] == "1":
state_test = state_test + '''
false
@@ -2709,7 +2709,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_" + odv_label,x) + state_test + '''
'''
-
+
x += 1
continue
except:
@@ -2719,19 +2719,19 @@ def generate_scap(all_rules, all_baselines, args):
if "UserShell" in rule_yaml['check']:
shell = rule_yaml['check'].split()[9].replace('"','')
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x)
-
+
oval_test = oval_test + '''
@@ -2744,7 +2744,7 @@ def generate_scap(all_rules, all_baselines, args):
{}
'''.format(rule_yaml['id'] + "_" + odv_label,x,command[5].split()[0])
-
+
oval_state = oval_state + '''
{}
@@ -2759,51 +2759,51 @@ def generate_scap(all_rules, all_baselines, args):
awk_file = ""
awk_search = ""
field_sep = ""
-
+
if "grep -qE" in rule_yaml['fix']:
awk_file = rule_yaml['fix'].split(" ")[3].strip(" ")
awk_search = rule_yaml['fix'].split(" ")[2].strip("\"")
-
+
elif "grep" in rule_yaml['check']:
awk_file = rule_yaml['check'].split("|")[0].split(" ")[-2]
awk_search = rule_yaml['check'].split("|")[-1].split(" ")[-2].strip("\'")
-
+
else:
awk_file = rule_yaml['check'].split("'")[2].strip(" ")
awk_search = rule_yaml['check'].split("'")[1].split("/")[1]
-
- try:
+
+ try:
field_sep = rule_yaml['check'].split("-F")[1].split(" ")[0].replace('\"',"")
except:
field_sep = " "
- try:
-
+ try:
+
awk_result = rule_yaml['result']['string']
- except:
-
+ except:
+
awk_result = str(rule_yaml['result']['integer'])
-
+
if awk_search[0] != "^":
awk_search = "^" + awk_search + field_sep + awk_result
else:
awk_search = awk_search + field_sep + awk_result
-
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
-
+ {}
+
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x)
oval_test = oval_test + '''
@@ -2823,33 +2823,33 @@ def generate_scap(all_rules, all_baselines, args):
pass
try:
if "grep" in command[3] and not "pgrep" in command[3]:
-
+
if "bannerText" in rule_yaml['check'] or "fips_" in rule_yaml['check']:
-
+
text_to_find = rule_yaml['check'].split("=")[1].split('"')[1]
matches = text_to_find.replace(".","\.").replace(")","\)").replace("(","\(").replace("*","\*")
-
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
+ {}
-
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x)
oval_test = oval_test + '''
'''.format(x, rule_yaml['id'] + "_" + odv_label, x)
-
+
file_path = rule_yaml["check"].split(" ")[-1].rstrip()
-
+
oval_object = oval_object + '''
{}
@@ -2860,32 +2860,32 @@ def generate_scap(all_rules, all_baselines, args):
x += 1
continue
else:
-
+
s = rule_yaml['check']
-
- try:
-
+
+ try:
+
grep_search = re.search('"(.*?)"', s).group(1)
-
- except:
-
+
+ except:
+
grep_search = re.search('\'(.*?)\'', s).group(1)
-
-
+
+
grep_file = rule_yaml['check'].split(grep_search,1)[1].split(" ")[1]
-
-
+
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
-
+ {}
+
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x)
oval_test = oval_test + '''
@@ -2907,13 +2907,13 @@ def generate_scap(all_rules, all_baselines, args):
if "launchctl" in command[2] or "launchctl" in rule_yaml['fix']:
if "disable" in command[2] and "=> true" in rule_yaml['check'] or "unload -w" in rule_yaml['fix'] or "disable" in command[2] and "=> disabled" in rule_yaml['check']:
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
@@ -2927,17 +2927,17 @@ def generate_scap(all_rules, all_baselines, args):
-
+
'''.format(rule_yaml['id'] + "_" + odv_label,x,x,x,x+999,rule_yaml['id'] + "_" + odv_label,x+999)
-
+
domain = str()
if "launchctl" not in rule_yaml['check']:
domain = rule_yaml['fix'].split()[4].split('/')[4].replace(".plist","")
-
+
else:
s = command[5].split()[2]
domain = re.search('"(.*?)"', s).group(1)
-
+
oval_object = oval_object + '''
/var/db/com.apple.xpc.launchd/disabled.plist
@@ -2946,7 +2946,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_" + odv_label,x,domain,x+999,rule_yaml['id'] + "_" + odv_label,domain)
-
+
status = ""
if "enable" in rule_yaml["fix"]:
status = "false"
@@ -2956,16 +2956,16 @@ def generate_scap(all_rules, all_baselines, args):
{}
'''.format(rule_yaml['id'] + "_" + odv_label,x,status)
-
+
elif "launchctl unload" in rule_yaml['fix']:
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
@@ -2975,38 +2975,38 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,rule_yaml['id'] + "_" + odv_label,x)
-
+
domain = str()
-
+
if "launchctl" not in rule_yaml['check']:
domain = rule_yaml['fix'].split()[4].split('/')[4].replace(".plist","")
-
+
else:
s = command[5].split()[2]
domain = re.search('"(.*?)"', s).group(1)
-
+
oval_object = oval_object + '''
'''.format(x, rule_yaml['id'] + "_" + odv_label,domain)
-
+
elif "defaults write" in rule_yaml['fix']:
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
+ {}
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x)
-
+
oval_test = oval_test + '''
@@ -3014,9 +3014,9 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_" + odv_label,x,x,x)
plist = rule_yaml['fix'].split(" ")[2].replace(".plist","")
# plist = rule_yaml['check'].split("read")[1].split()[0].replace(".plist","")
-
+
if "ByHost" in rule_yaml['fix'] or "currentHost" in rule_yaml['fix']:
-
+
oval_object = oval_object + '''
SPHardwareDataType
@@ -3025,28 +3025,28 @@ def generate_scap(all_rules, all_baselines, args):
'''.format("hardware UUID",x+999)
if "$CURRENT_USER" in rule_yaml['check']:
-
-
-
+
+
+
key = rule_yaml['fix'].split("defaults")[1].split(" ")[3]
-
+
oval_object = oval_object + '''
.*
oval:mscp:ste:{}
-
+
-
+
'''.format(x+1999,x+1999,rule_yaml['id'] + "_" + odv_label,x,x)
-
+
if rule_yaml['fix'].split("defaults")[1].split(" ")[4] == "-bool":
rule_yaml['result']['boolean']
oval_object = oval_object + '''
name(//*[contains(text(), "{}")]/following-sibling::*[1])
'''.format(key)
else:
-
+
oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(key)
oval_state = oval_state + '''
@@ -3056,7 +3056,7 @@ def generate_scap(all_rules, all_baselines, args):
0
/usr/bin/false
'''.format(x+1999)
-
+
oval_variable = oval_variable + '''
@@ -3067,11 +3067,11 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,x+1999,plist,x+999)
-
+
else:
-
-
+
+
key = rule_yaml['fix'].split("defaults")[1].split(" ")[3]
oval_object = oval_object + '''
@@ -3079,9 +3079,9 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(rule_yaml['id'] + "_" + odv_label,x,x)
-
+
if rule_yaml['fix'].split("defaults")[1].split(" ")[4] == "-bool":
-
+
oval_object = oval_object + '''
name(//*[contains(text(), "{}")]/following-sibling::*[1])
'''.format(key)
@@ -3089,8 +3089,8 @@ def generate_scap(all_rules, all_baselines, args):
oval_object = oval_object + '''
//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(key)
-
- oval_variable = oval_variable + '''
+
+ oval_variable = oval_variable + '''
{}.
@@ -3098,30 +3098,30 @@ def generate_scap(all_rules, all_baselines, args):
.plist
'''.format(x,plist,x+999)
-
+
elif "$CURRENT_USER" in rule_yaml['check']:
-
-
+
+
check_length = len(rule_yaml['check'].split())
key = rule_yaml['fix'].split("defaults")[1].split(" ")[3]
-
+
oval_object = oval_object + '''
.*
oval:mscp:ste:{}
-
+
-
+
'''.format(x+1999,x+1999,rule_yaml['id'] + "_" + odv_label,x,x)
-
+
if rule_yaml['fix'].split("defaults")[1].split(" ")[4] == "-bool":
-
+
oval_object = oval_object + '''
name(//*[contains(text(), "{}")]/following-sibling::*[1])
'''.format(key)
else:
-
+
oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(key)
oval_state = oval_state + '''
@@ -3131,7 +3131,7 @@ def generate_scap(all_rules, all_baselines, args):
0
/usr/bin/false
'''.format(x+1999)
-
+
oval_variable = oval_variable + '''
@@ -3142,15 +3142,15 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,x+1999,plist,x+999)
else:
-
+
if plist[-6:] != ".plist":
plist = plist + ".plist"
plist_key = rule_yaml['fix'].split("defaults")[1].split(" ")[3]
-
+
oval_object = oval_object + '''
{}'''.format(rule_yaml['id'] + "_" + odv_label,x,plist)
-
+
try:
rule_yaml['result']['boolean']
oval_object = oval_object + '''
@@ -3160,21 +3160,21 @@ def generate_scap(all_rules, all_baselines, args):
oval_object = oval_object + '''
//*[contains(text(), "{}")]/following-sibling::*[1]/text()
'''.format(plist_key)
-
-
+
+
datatype = ""
plist_key = rule_yaml['fix'].split("defaults")[1].split(" ")[3]
-
+
oval_datatype = rule_yaml['fix'].split("defaults")[1].split(" ")[4].replace("-","")
if oval_datatype == "integer":
oval_datatype = "int"
-
+
if oval_datatype == "bool":
oval_datatype = "boolean"
value = rule_yaml['fix'].split("defaults")[1].split(" ")[5].replace(";","")
-
+
oval_state = oval_state + '''
{}
@@ -3183,30 +3183,30 @@ def generate_scap(all_rules, all_baselines, args):
x = x+1
-
+
continue
else:
-
+
oval_definition = oval_definition + '''
-
-
- {}
+
+
+ {}
- {}
-
-
+ {}
+
+
-
+
'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x)
oval_test = oval_test + '''
'''.format(x,rule_yaml['id'] + "_" + odv_label,x)
-
+
domain = command[5].split()[2]
domain = domain.replace('"','').replace("'",'')
@@ -3215,10 +3215,10 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(x,rule_yaml['id'] + "_" + odv_label,domain)
x += 1
- continue
+ continue
except:
pass
-
+
for k in generated_baselines.keys():
xccdf_profiles = xccdf_profiles + '''
@@ -3229,7 +3229,7 @@ def generate_scap(all_rules, all_baselines, args):
'''.format(v)
xccdf_profiles = xccdf_profiles + '''
'''
-
+
total_xccdf = xccdfPrefix + xccdf_profiles + '''
@@ -3239,7 +3239,7 @@ def generate_scap(all_rules, all_baselines, args):
The check/fix commands outlined in this section must be run with elevated privileges.
- ''' + xccdf_rules + '''
+ ''' + xccdf_rules + '''
'''
total_scap = scapPrefix + xccdf_profiles + '''
@@ -3250,9 +3250,9 @@ def generate_scap(all_rules, all_baselines, args):
The check/fix commands outlined in this section must be run with elevated privileges.
- ''' + xccdf_rules + '''
+ ''' + xccdf_rules + '''
-
+
@@ -3267,11 +3267,11 @@ def generate_scap(all_rules, all_baselines, args):
total_oval = total_oval + "\n" + oval_state + "\n\n"
if oval_variable != "":
total_oval = total_oval + "\n\n" + oval_variable + "\n\n"
-
+
total_oval = total_oval + "\n"
-
+
final_oval = re.sub('(?=\n\[NOTE\])(?s)(.*)\=\n$.*', '<', total_oval)
-
+
total_scap = total_scap + final_oval + '''
@@ -3395,15 +3395,15 @@ def generate_scap(all_rules, all_baselines, args):
print("Error writing Oval file.")
else:
cmd = cmd + " " + scap_file + "temp --format --output " + scap_file
-
+
os.popen(cmd).read()
if os.path.exists(scap_file):
- os.remove(scap_file + "temp")
+ os.remove(scap_file + "temp")
def get_rule_yaml(rule_file, custom=False, baseline_name=""):
""" Takes a rule file, checks for a custom version, and returns the yaml for the rule
"""
- global resulting_yaml
+ global resulting_yaml
resulting_yaml = {}
names = [os.path.basename(x) for x in glob.glob('../custom/rules/**/*.yaml', recursive=True)]
file_name = os.path.basename(rule_file)
@@ -3419,13 +3419,13 @@ def get_rule_yaml(rule_file, custom=False, baseline_name=""):
else:
with open(rule_file) as r:
rule_yaml = yaml.load(r, Loader=yaml.SafeLoader)
-
+
try:
og_rule_path = glob.glob('../rules/**/{}'.format(file_name), recursive=True)[0]
except IndexError:
og_rule_path = glob.glob('../custom/rules/**/{}'.format(file_name), recursive=True)[0]
resulting_yaml['customized'] = ["customized rule"]
-
+
with open(og_rule_path) as og:
og_rule_yaml = yaml.load(og, Loader=yaml.SafeLoader)
@@ -3444,7 +3444,7 @@ def get_rule_yaml(rule_file, custom=False, baseline_name=""):
resulting_yaml['references'][ref] = rule_yaml['references'][ref]
except KeyError:
resulting_yaml['references'][ref] = og_rule_yaml['references'][ref]
- try:
+ try:
if "custom" in rule_yaml['references']:
resulting_yaml['references']['custom'] = rule_yaml['references']['custom']
if 'customized' in resulting_yaml:
@@ -3465,7 +3465,7 @@ def get_rule_yaml(rule_file, custom=False, baseline_name=""):
resulting_yaml['tags'] = og_rule_yaml['tags'] + rule_yaml['tags']
except KeyError:
resulting_yaml['tags'] = og_rule_yaml['tags']
- else:
+ else:
try:
if og_rule_yaml[yaml_field] == rule_yaml[yaml_field]:
resulting_yaml[yaml_field] = og_rule_yaml[yaml_field]
@@ -3477,10 +3477,10 @@ def get_rule_yaml(rule_file, custom=False, baseline_name=""):
resulting_yaml['customized'] = ["customized {}".format(yaml_field)]
except KeyError:
resulting_yaml[yaml_field] = og_rule_yaml[yaml_field]
-
+
return resulting_yaml
-
-
+
+
class MacSecurityRule():
def __init__(self, title, rule_id, severity, discussion, check, fix, cci, cce, nist_controls, disa_stig, srg, odv, tags, result_value, mobileconfig, mobileconfig_info):
self.rule_title = title
@@ -3606,16 +3606,16 @@ def available_tags(all_rules):
available_tags.sort()
return available_tags
-
+
def get_controls(all_rules):
all_controls = []
for rule in all_rules:
for control in rule.rule_80053r4:
if control not in all_controls:
all_controls.append(control)
-
+
all_controls.sort()
-
+
return all_controls
def main():
@@ -3630,7 +3630,7 @@ def main():
os.chdir(file_dir)
all_rules = collect_rules()
-
+
all_rules_pruned = []
# for rule in all_rules:
@@ -3655,7 +3655,7 @@ def main():
for rule in all_rules:
if rule.rule_id not in all_rules_pruned:
all_rules_pruned.append(rule.rule_id)
-
+
generate_scap(all_rules_pruned, all_baselines, args)
os.chdir(original_working_directory)