From 0ea642ad2dab0aadad3ce72fbc81f577822286fc Mon Sep 17 00:00:00 2001 From: Bob Gendler Date: Fri, 15 Sep 2023 12:32:24 -0400 Subject: [PATCH] synchronize across branches --- scripts/generate_scap.py | 1138 +++++++++++++++++++------------------- 1 file changed, 569 insertions(+), 569 deletions(-) diff --git a/scripts/generate_scap.py b/scripts/generate_scap.py index a6b6f4f4..f393fd43 100755 --- a/scripts/generate_scap.py +++ b/scripts/generate_scap.py @@ -16,7 +16,7 @@ from time import sleep import argparse from xml.sax.saxutils import escape -warnings.filterwarnings("ignore", category=DeprecationWarning) +warnings.filterwarnings("ignore", category=DeprecationWarning) def format_mobileconfig_fix(mobileconfig): """Takes a list of domains and setting from a mobileconfig, and reformats it for the output of the fix section of the guide. @@ -73,7 +73,7 @@ def replace_ocil(xccdf, x): def create_args(): - + parser = argparse.ArgumentParser( description="Easily generate xccdf, oval, or scap datastream. If no option is defined, it will generate an scap datastream file.") parser.add_argument("-x", "--xccdf", default=None, @@ -88,16 +88,16 @@ def create_args(): return parser.parse_args() def generate_scap(all_rules, all_baselines, args): - + export_as = "" version_file = "../VERSION.yaml" with open(version_file) as r: version_yaml = yaml.load(r, Loader=yaml.SafeLoader) - + if args.xccdf: export_as = "xccdf" - + if args.oval: export_as = "oval" if "ios" in version_yaml['cpe']: @@ -118,10 +118,10 @@ def generate_scap(all_rules, all_baselines, args): output = "../build/macOS_{0}_Security_Compliance_Benchmark-{1}".format(version_yaml['os'],filenameversion) if "ios" in version_yaml['cpe']: output = "../build/iOS_{0}_Security_Compliance_Benchmark-{1}".format(version_yaml['os'],filenameversion) - + if export_as == "xccdf": output = output + "_xccdf.xml" - + if export_as == "oval": output = output + "_oval.xml" @@ -159,8 +159,8 @@ def generate_scap(all_rules, all_baselines, args): {4} {1}: Security Configuration - - + + Security Content Automation Protocol National Institute of Standards and Technology @@ -207,8 +207,8 @@ def generate_scap(all_rules, all_baselines, args): macOS {1}: Security Configuration - - + + Security Content Automation Protocol National Institute of Standards and Technology @@ -228,32 +228,32 @@ def generate_scap(all_rules, all_baselines, args): '''.format(date_time_string, version_yaml['os'], version_yaml['cpe'], version_yaml['version'],date_time_string.split("T")[0] + "Z") generated_baselines = {} - + for rule in all_rules: - + if glob.glob('../custom/rules/**/{}.yaml'.format(rule),recursive=True): rule_file = glob.glob('../custom/rules/**/{}.yaml'.format(rule),recursive=True)[0] custom=True - + elif glob.glob('../rules/*/{}.yaml'.format(rule)): rule_file = glob.glob('../rules/*/{}.yaml'.format(rule))[0] custom=False odv_label = str() og_rule_yaml = get_rule_yaml(rule_file, custom) - + loop = 1 if "odv" in og_rule_yaml: loop = len(og_rule_yaml['odv']) - + if args.baseline != "None": loop = 1 for a in range(0, loop): - + rule_yaml = get_rule_yaml(rule_file, custom) - try: - + try: + # # odv_label = list(rule_yaml['odv'].keys())[a] # # odv_label.remove('hint') if args.baseline != "None": @@ -265,27 +265,27 @@ def generate_scap(all_rules, all_baselines, args): else: odv_label = list(rule_yaml['odv'].keys())[a] - - + + # if odv_label == "hint": # continue - - + + odv_value = str(rule_yaml['odv'][odv_label]) rule_yaml['title'] = rule_yaml['title'].replace("$ODV",str(odv_value)) rule_yaml['discussion'] = rule_yaml['discussion'].replace("$ODV",odv_value) rule_yaml['check'] = rule_yaml['check'].replace("$ODV",odv_value) - + rule_yaml['fix'] = rule_yaml['fix'].replace("$ODV",odv_value) - - - for result_value in rule_yaml['result']: - if "$ODV" == rule_yaml['result'][result_value]: - rule_yaml['result'][result_value] = rule_yaml['result'][result_value].replace("$ODV",odv_value) - - + + if "result" in rule_yaml: + for result_value in rule_yaml['result']: + if "$ODV" == rule_yaml['result'][result_value]: + rule_yaml['result'][result_value] = rule_yaml['result'][result_value].replace("$ODV",odv_value) + + if rule_yaml['mobileconfig_info']: for mobileconfig_type in rule_yaml['mobileconfig_info']: if isinstance(rule_yaml['mobileconfig_info'][mobileconfig_type], dict): @@ -295,30 +295,30 @@ def generate_scap(all_rules, all_baselines, args): except: odv_label = "recommended" - + for baseline in all_baselines: found_rules = [] for tag in rule_yaml['tags']: if tag == baseline: if odv_label != "recommended" and odv_label == tag or odv_label == "custom": - + if baseline in generated_baselines: generated_baselines[baseline].append(rule_yaml['id'] + "_" + odv_label) else: generated_baselines[baseline] = [rule_yaml['id'] + "_" + odv_label] continue elif odv_label == "recommended" or odv_label == "custom": - + if "odv" in rule_yaml: if baseline not in rule_yaml['odv']: if baseline in generated_baselines: - + generated_baselines[baseline].append(rule_yaml['id'] + "_" + odv_label) else: generated_baselines[baseline] = [rule_yaml['id'] + "_" + odv_label] else: if baseline in generated_baselines: - + generated_baselines[baseline].append(rule_yaml['id'] + "_" + odv_label) else: generated_baselines[baseline] = [rule_yaml['id'] + "_" + odv_label] @@ -347,7 +347,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x) references = str() - + if "800-53r5" in rule_yaml['references'] and rule_yaml['references']['800-53r5'][0] != "N/A": references = references + "NIST SP 800-53r5: " for nist80053 in rule_yaml['references']['800-53r5']: @@ -379,13 +379,13 @@ def generate_scap(all_rules, all_baselines, args): for v8controls in rule_yaml['references']['cis']['controls v8']: references = references + str(v8controls) + ", " references = references[:-2] + "" - + for k,v in rule_yaml['references'].items(): if k == "cci" or k == "srg": continue if k == "custom": - - + + for i,u in rule_yaml['references']['custom'].items(): references = references + '{0}: '.format(i) for refs in rule_yaml['references']['custom'][i]: @@ -407,9 +407,9 @@ def generate_scap(all_rules, all_baselines, args): {2} {3} - + {4} - + {5}{9} {6} {7} @@ -426,19 +426,19 @@ def generate_scap(all_rules, all_baselines, args): {2} {3} - + {4} - + {5}{8} {6} {7} - + '''.format(rule_yaml['id'] + "_" + odv_label, severity, rule_yaml['title'], rule_yaml['discussion'].replace("<","<").replace(">",">").replace("&","&").rstrip(), rule_yaml['check'].replace("<","<").replace(">",">").replace("&","&").rstrip(), result, cce,rule_yaml['fix'].replace("<","<").replace(">",">").replace("&","&") + "\n" + mobileconfig_info, references) continue + - - + if "inherent" in rule_yaml['tags'] or "n_a" in rule_yaml['tags'] or "permanent" in rule_yaml['tags']: xccdf_rules = replace_ocil(xccdf_rules,x) x += 1 @@ -495,13 +495,13 @@ def generate_scap(all_rules, all_baselines, args): continue if "os_home_folders_secure" in rule_yaml['id']: oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + @@ -517,7 +517,7 @@ def generate_scap(all_rules, all_baselines, args): - + @@ -551,24 +551,24 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,x+999) x = x + 1 continue - + if rule_yaml['mobileconfig']: if "spctl" in rule_yaml['check']: - + if "verbose" in rule_yaml['check']: xccdf_rules = replace_ocil(xccdf_rules,x) x = x + 1 continue else: - + oval_definition = oval_definition + ''' - - + + {} - {} - + {} + @@ -590,28 +590,28 @@ def generate_scap(all_rules, all_baselines, args): true '''.format(rule_yaml['id'] + "_" + odv_label,x) - + x += 1 continue - + for payload_type, info in rule_yaml['mobileconfig_info'].items(): if payload_type == "com.apple.systempolicy.control": continue if payload_type == "com.apple.ManagedClient.preferences": for payload_domain, settings in info.items(): oval_definition = oval_definition + ''' - - + + {} - {} + {} '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip()) if len(settings) > 1: oval_definition = oval_definition + '''''' else: oval_definition = oval_definition + '''''' - + for key, value in settings.items(): state_kind = "" if type(value) == bool: @@ -620,7 +620,7 @@ def generate_scap(all_rules, all_baselines, args): state_kind = "int" elif type(value) == str: state_kind = "string" - + dz = d + 5000 oval_definition = oval_definition + ''''''.format(rule_yaml['id'] + '_' + odv_label + "_" + str(d), dz) @@ -629,11 +629,11 @@ def generate_scap(all_rules, all_baselines, args): - - + + '''.format(rule_yaml['id'] + "_" + odv_label + "_" + str(d),dz,dz,dz) if payload_domain == "com.apple.dock": - + oval_object = oval_object + ''' /Library/Preferences/com.apple.loginwindow.plist @@ -661,8 +661,8 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_" + odv_label,dz,payload_domain,key) - - + + oval_state = oval_state + ''' {} @@ -677,19 +677,19 @@ def generate_scap(all_rules, all_baselines, args): if key == "familyControlsEnabled": xpath_search = "" if len(info) > 1: - + xpath_search = info['pathBlackList'] oval_definition = oval_definition + ''' - - - {} + + + {} - {} - - + {} + + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x) @@ -706,28 +706,28 @@ def generate_scap(all_rules, all_baselines, args): boolean(plist/dict/array/string/text() = "{}") '''.format(rule_yaml['id'] + "_" + odv_label,x,str(xpath_search).replace('[',"").replace(']',"").replace("'","")) - + oval_state = oval_state + ''' true '''.format(rule_yaml['id'] + "_" + odv_label,x) - + x = x + 1 continue else: - + oval_definition = oval_definition + ''' - - - {} + + + {} - {} - - + {} + + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x) @@ -741,7 +741,7 @@ def generate_scap(all_rules, all_baselines, args): oval_object = oval_object + ''' /Library/Managed Preferences/{}.plist'''.format(rule_yaml['id'] + "_" + odv_label,x,payload_type) - + state_kind = "" if type(value) == bool: oval_object = oval_object + ''' @@ -769,16 +769,16 @@ def generate_scap(all_rules, all_baselines, args): continue if payload_type == "com.apple.finder": oval_definition = oval_definition + ''' - - + + {} - {} - - + {} + + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x) @@ -797,7 +797,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x+1999,rule_yaml['id'] + "_" + odv_label,x,x) - + state_kind = "" if type(value) == bool: oval_object = oval_object + ''' @@ -822,7 +822,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_" + odv_label,x,state_kind,value) - oval_variable = oval_variable + ''' + oval_variable = oval_variable + ''' /Library/Managed Preferences/ @@ -832,19 +832,19 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,x+1999) x += 1 continue - + if payload_type == "com.apple.DiscRecording": oval_definition = oval_definition + ''' - - + + {} - {} - - + {} + + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x) @@ -863,7 +863,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x+1999,rule_yaml['id'] + "_" + odv_label,x,x) - + state_kind = "" if type(value) == bool: oval_object = oval_object + ''' @@ -888,7 +888,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_" + odv_label,x,state_kind,value) - oval_variable = oval_variable + ''' + oval_variable = oval_variable + ''' /Library/Managed Preferences/ @@ -897,19 +897,19 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,x+1999) x += 1 - continue + continue if payload_type == "com.apple.Safari" and key == "AutoOpenSafeDownloads": oval_definition = oval_definition + ''' - - + + {} - {} - - + {} + + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x) @@ -928,7 +928,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x+1999,rule_yaml['id'] + "_" + odv_label,x,x) - + state_kind = "" if type(value) == bool: oval_object = oval_object + ''' @@ -953,7 +953,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_" + odv_label,x,state_kind,value) - oval_variable = oval_variable + ''' + oval_variable = oval_variable + ''' /Library/Managed Preferences/ @@ -962,20 +962,20 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,x+1999) x += 1 - continue - if payload_type == "com.apple.systempreferences" and key == "DisabledPreferencePanes" or payload_type == "com.apple.systempreferences" and key == "HiddenPreferencePanes" or payload_type == "com.apple.systempreferences" and key == "DisabledSystemSettings": - + continue + if payload_type == "com.apple.systempreferences" and key == "DisabledPreferencePanes" or payload_type == "com.apple.systempreferences" and key == "HiddenPreferencePanes" or payload_type == "com.apple.systempreferences" and key == "DisabledSystemSettings": + oval_definition = oval_definition + ''' - - + + {} - {} - - + {} + + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x) @@ -994,19 +994,19 @@ def generate_scap(all_rules, all_baselines, args): /plist/dict/key[string()="{}"]/following-sibling::*[1]/string[string()="{}"]/text() - + '''.format(x+1999,rule_yaml['id'] + "_" + odv_label,x,x,key,str(value).strip('[]').strip("'")) - - + + oval_state = oval_state + ''' - + {} - + '''.format(rule_yaml['id'] + "_" + odv_label,x,str(value).strip('[]').strip("'")) - oval_variable = oval_variable + ''' + oval_variable = oval_variable + ''' /Library/Managed Preferences/ @@ -1026,20 +1026,20 @@ def generate_scap(all_rules, all_baselines, args): elif type(value) == str: state_kind = "string" else: - + continue - + oval_definition = oval_definition + ''' - - + + {} - {} - - + {} + + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x) @@ -1050,11 +1050,11 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_" + odv_label,x,x,x) - + oval_object = oval_object + ''' /Library/Managed Preferences/{}.plist'''.format(rule_yaml['id'] + "_" + odv_label,x,payload_type) - + if state_kind == "boolean": oval_object = oval_object + ''' name(//*[contains(text(), "{}")]/following-sibling::*[1]) @@ -1063,7 +1063,7 @@ def generate_scap(all_rules, all_baselines, args): oval_object = oval_object + ''' //*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(key) - + oval_state = oval_state + ''' {} @@ -1080,14 +1080,14 @@ def generate_scap(all_rules, all_baselines, args): continue if "SPStorageDataType" in rule_yaml['check']: - + print(rule_yaml['id'] + " - No relevant oval test") xccdf_rules = replace_ocil(xccdf_rules,x) x += 1 continue try: if "fdesetup" in command[3]: - + print(rule_yaml['id'] + " - No relevant oval test") xccdf_rules = replace_ocil(xccdf_rules,x) x += 1 @@ -1098,18 +1098,18 @@ def generate_scap(all_rules, all_baselines, args): if "profiles" in command[3]: if "/usr/bin/profiles status -type enrollment" in rule_yaml['check']: oval_definition = oval_definition + ''' - - + + {} - {} - + {} + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],x,x+899,x+799) oval_test = oval_test + ''' @@ -1140,19 +1140,19 @@ def generate_scap(all_rules, all_baselines, args): try: if "csrutil" in command[3]: if "authenticated-root" in command[3]: - + print(rule_yaml['id'] + " - No relevant oval test") xccdf_rules = replace_ocil(xccdf_rules,x) x += 1 continue oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + @@ -1216,21 +1216,21 @@ def generate_scap(all_rules, all_baselines, args): try: if "pmset" in command[3] and "standby" in rule_yaml['check']: oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] +"_standbydelayhigh",x, rule_yaml['id'] +"_standbydelaylow",x+877, rule_yaml['id'] +"_highstandbythreshold",x+888) - - + + oval_test = oval_test + ''' @@ -1242,14 +1242,14 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_standbydelaylow",x+877,x+877,x+877) - + oval_test = oval_test + ''' '''.format(rule_yaml['id'] + "_highstandbythreshold",x+888,x+888,x+888) - + standbydelayhigh = str() standbydelaylow = str() highstandbythreshold = str() @@ -1263,7 +1263,7 @@ def generate_scap(all_rules, all_baselines, args): standbydelaylow = line.split(" ")[-1].rstrip() if "highstandbythreshold" in line: highstandbythreshold = line.split(" ")[-1].rstrip() - + oval_object = oval_object + ''' SPHardwareDataType @@ -1271,7 +1271,7 @@ def generate_scap(all_rules, all_baselines, args): //*[contains(text(), "platform_UUID")]/following-sibling::string[position()=1]/text() '''.format("hardware UUID",x+999) - oval_variable = oval_variable + ''' + oval_variable = oval_variable + ''' /Library/Preferences/com.apple.PowerManagement. @@ -1283,16 +1283,16 @@ def generate_scap(all_rules, all_baselines, args): oval_object = oval_object + ''' '''.format(rule_yaml['id'] + "_standbydelayhigh",x,x) - + oval_object = oval_object + ''' boolean(plist/dict[key="AC Power"]/dict[key="{}"]/integer/text() = "{}") '''.format("High Standby Delay",standbydelayhigh) - + oval_object = oval_object + ''' '''.format(rule_yaml['id'] + "_standbydelaylow",x+877, x) - + oval_object = oval_object + ''' boolean(plist/dict[key="AC Power"]/dict[key="{}"]/integer/text() = "{}") '''.format("Standby Delay",standbydelaylow) @@ -1300,11 +1300,11 @@ def generate_scap(all_rules, all_baselines, args): oval_object = oval_object + ''' '''.format(rule_yaml['id'] + "_highstandbythreshold",x+888, x) - + oval_object = oval_object + ''' boolean(plist/dict[key="AC Power"]/dict[key="{}"]/integer/text() = "{}") '''.format("Standby Battery Threshold",highstandbythreshold) - + oval_state = oval_state + ''' true @@ -1325,29 +1325,29 @@ def generate_scap(all_rules, all_baselines, args): except: pass if "sudo -V" in rule_yaml['check']: - - + + if "grep" in rule_yaml['check'].split("|")[1]: oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label, x, rule_yaml['id'] + "_" + odv_label,x+5051) - + oval_test = oval_test + ''' '''.format(x, rule_yaml['id'] + "_" + odv_label, x) - + oval_test = oval_test + ''' @@ -1355,7 +1355,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x+5051, rule_yaml['id'] + "_" + odv_label, x+5051) check_string = rule_yaml['fix'].split("echo")[1].split('"')[1] - + oval_object = oval_object + ''' @@ -1373,21 +1373,21 @@ def generate_scap(all_rules, all_baselines, args): {} 1 '''.format(x+5051, rule_yaml['id'] + "_" + odv_label, check_string) - - + + x = x + 1 continue if "awk" in rule_yaml['check'].split("|")[1]: if "timestamp_type" in rule_yaml['fix'] and rule_yaml['result']['string'] == "tty": oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + @@ -1395,13 +1395,13 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label, x+8000, rule_yaml['id'] + "_" + odv_label,x+8001, rule_yaml['id'] + "_" + odv_label,x+8002,rule_yaml['id'] + "_" + odv_label,x+8003) - + oval_test = oval_test + ''' '''.format(x, rule_yaml['id'] + "_" + odv_label, x) - + oval_test = oval_test + ''' @@ -1420,7 +1420,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x+8002, rule_yaml['id'] + "_" + odv_label, x+8002) - + oval_object = oval_object + ''' @@ -1459,27 +1459,27 @@ def generate_scap(all_rules, all_baselines, args): continue else: check_string = "Defaults.*.timestamp_type={}".format(rule_yaml['result']['string']) - + oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label, x+8000, rule_yaml['id'] + "_" + odv_label,x+8001, rule_yaml['id'] + "_" + odv_label,x+8002,rule_yaml['id'] + "_" + odv_label,x+8003) - + oval_test = oval_test + ''' '''.format(x, rule_yaml['id'] + "_" + odv_label, x) - + oval_test = oval_test + ''' @@ -1494,7 +1494,7 @@ def generate_scap(all_rules, all_baselines, args): 1 '''.format(x, rule_yaml['id'] + "_" + odv_label, check_string) - + oval_object = oval_object + ''' @@ -1508,28 +1508,28 @@ def generate_scap(all_rules, all_baselines, args): continue if "ssh_config" in rule_yaml['discussion'] and "dscl" in rule_yaml['check']: - + oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label, x+5000, rule_yaml['id'] + "_" + odv_label,x+5001) - + oval_test = oval_test + ''' '''.format(x, rule_yaml['id'] + "_" + odv_label, x) - + oval_test = oval_test + ''' @@ -1545,9 +1545,9 @@ def generate_scap(all_rules, all_baselines, args): matchy_match = "" for matchNum, match in enumerate(matches, start=1): matchy_match = match.group() - + ssh_config_pattern = matchy_match.split('"')[1] - + oval_object = oval_object + ''' @@ -1566,21 +1566,21 @@ def generate_scap(all_rules, all_baselines, args): {} 1 '''.format(x+5000, rule_yaml['id'] + "_" + odv_label, ssh_config_pattern) - + oval_object = oval_object + ''' {} 1 - + - + .* oval:mscp:ste:{} '''.format(x+5001,rule_yaml['id'] + "_" + odv_label,x,ssh_config_pattern,x+999,x+999) - + oval_state = oval_state + ''' ^[^_\s].* @@ -1600,34 +1600,34 @@ def generate_scap(all_rules, all_baselines, args): continue if "sshd -T" in rule_yaml['check'] and "fips" in rule_yaml['check'] or "sshd -G" in rule_yaml['check'] and "fips" in rule_yaml['check']: fipslist = rule_yaml['check'].split("\n")[0].split("(")[1].replace(")","").replace('" "',"\n").replace('"',"") - - + + oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label, x+5000, rule_yaml['id'] + "_" + odv_label,x+5001) - + oval_test = oval_test + ''' '''.format(x, rule_yaml['id'] + "_" + odv_label, x) - + oval_test = oval_test + ''' '''.format(x+5000, rule_yaml['id'] + "_" + odv_label, x+5000) - + oval_object = oval_object + ''' @@ -1645,38 +1645,38 @@ def generate_scap(all_rules, all_baselines, args): {} 1 '''.format(x+5000, rule_yaml['id'] + "_" + odv_label, fipslist) - + x = x + 1 - + continue if "sshd -T" in rule_yaml['check'] or "sshd -G" in rule_yaml['check']: oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label, x+5000, rule_yaml['id'] + "_" + odv_label,x+5001) - + oval_test = oval_test + ''' '''.format(x, rule_yaml['id'] + "_" + odv_label, x) - + oval_test = oval_test + ''' '''.format(x+5000, rule_yaml['id'] + "_" + odv_label, x+5000) sshd_config_pattern = "" - if "grep" in rule_yaml['check']: + if "grep" in rule_yaml['check']: regex = r"(?<=grep).*$" matches = re.finditer(regex, rule_yaml['check'], re.MULTILINE) matchy_match = "" @@ -1687,12 +1687,12 @@ def generate_scap(all_rules, all_baselines, args): sshd_config_pattern = matchy_match.split('"')[1] elif "'" in matchy_match: sshd_config_pattern = matchy_match.split("'")[1] - + if "awk" in rule_yaml['check']: matchy_match = rule_yaml['check'].split("'")[1].split("/")[1] for item in rule_yaml['result']: sshd_config_pattern = matchy_match + " " + str(rule_yaml['result'][item]) - + oval_object = oval_object + ''' @@ -1710,32 +1710,32 @@ def generate_scap(all_rules, all_baselines, args): {} 1 '''.format(x+5000, rule_yaml['id'] + "_" + odv_label, sshd_config_pattern) - - + + x = x + 1 continue try: if "pmset" in command[3]: oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x) - + oval_test = oval_test + ''' '''.format(rule_yaml['id'] + "_" + odv_label,x,x,x) - + oval_object = oval_object + ''' /Library/Preferences/com.apple.PowerManagement.plist'''.format(rule_yaml['id'] + "_" + odv_label,x) @@ -1759,13 +1759,13 @@ def generate_scap(all_rules, all_baselines, args): pass if "socketfilterfw" in rule_yaml['check']: oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + @@ -1802,13 +1802,13 @@ def generate_scap(all_rules, all_baselines, args): if "systemsetup" in command[3]: oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + @@ -1826,9 +1826,9 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_" + odv_label,x) state_test = "" if "-getnetworktimeserver" in rule_yaml['check']: - + timeservers = rule_yaml['result']['string'] - + state_test = ''' {} '''.format(timeservers) @@ -1843,7 +1843,7 @@ def generate_scap(all_rules, all_baselines, args): abc = 0 if "defaults" in rule_yaml['check'] and "grep" in rule_yaml['check'] and "CURRENT_USER" in rule_yaml['check']: - + regex = r"(?<=\()(.*?)(?=\))" test_str = rule_yaml['check'].split("grep")[1] @@ -1852,25 +1852,25 @@ def generate_scap(all_rules, all_baselines, args): matchy_match = "" for matchNum, match in enumerate(matches, start=1): matchy_match = match.group() - - + + oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x) - + for multi_grep in matchy_match.split("|"): - + oval_definition = oval_definition + ''' '''.format(rule_yaml['id']+"_"+str(abc),x) - + oval_test = oval_test + ''' @@ -1880,7 +1880,7 @@ def generate_scap(all_rules, all_baselines, args): key = matchy_match.split("|")[abc].split(" = ")[0].replace("\"","") value = matchy_match.split("|")[abc].split(" = ")[1].replace(";","") if "$CURRENT_USER" in rule_yaml['check']: - + oval_object = oval_object + ''' @@ -1898,18 +1898,18 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x+1999) plist = rule_yaml['check'].split("read")[1].split()[0].replace(".plist","") - + oval_variable = oval_variable + ''' - /Library/Preferences/{}. + /Library/Preferences/{}. plist '''.format(x,x+1999,plist) - + oval_object = oval_object + ''' '''.format(rule_yaml['id']+"_"+str(abc),x,x) @@ -1917,8 +1917,8 @@ def generate_scap(all_rules, all_baselines, args): oval_datatype = "" try: int(value) - - oval_datatype = "int" + + oval_datatype = "int" oval_object = oval_object + ''' //*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(key) @@ -1937,28 +1937,28 @@ def generate_scap(all_rules, all_baselines, args): {} '''.format(rule_yaml['id']+"_"+str(abc),x,oval_datatype,value) - + abc =+ 1 x = x+1 oval_definition = oval_definition + ''' ''' oval_definition = re.sub('(?=\n\[NOTE\])(?s)(.*)\=\n<', '<', oval_definition) - + x = x+1 break - + if "defaults" in rule_yaml['check']: - + if rule_yaml['id'] == "system_settings_hot_corners_secure" or rule_yaml['id'] == "sysprefs_hot_corners_secure": oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + @@ -1966,7 +1966,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label,x+5000,rule_yaml['id'] + "_" + odv_label,x+5001,rule_yaml['id'] + "_" + odv_label,x+5002) - + oval_test = oval_test + ''' @@ -1994,44 +1994,44 @@ def generate_scap(all_rules, all_baselines, args): plist = rule_yaml['check'].split("read")[1].split()[0].replace(".plist","") check_length = len(rule_yaml['check'].split()) key = rule_yaml['check'].split("\n")[0].replace(" 2>/dev/null","").split()[-1].replace('"','').replace(")",'') - + oval_object = oval_object + ''' .* oval:mscp:ste:{} - + - + '''.format(x+1999,x+1999,rule_yaml['id'] + "_" + odv_label,x,x) oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text() - '''.format(key) + '''.format(key) key = rule_yaml['check'].split("\n")[1].replace(" 2>/dev/null","").split()[-1].replace('"','').replace(")",'') - + oval_object = oval_object + ''' - + '''.format(rule_yaml['id'] + "_" + odv_label,x+5000,x) oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(key) key = rule_yaml['check'].split("\n")[2].replace(" 2>/dev/null","").split()[-1].replace('"','').replace(")",'') - + oval_object = oval_object + ''' - + '''.format(rule_yaml['id'] + "_" + odv_label,x+5001,x) oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(key) key = rule_yaml['check'].split("\n")[3].replace(" 2>/dev/null","").split()[-1].replace('"','').replace(")",'') - + oval_object = oval_object + ''' - + '''.format(rule_yaml['id'] + "_" + odv_label,x+5002,x) oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(key) @@ -2043,8 +2043,8 @@ def generate_scap(all_rules, all_baselines, args): 0 /usr/bin/false '''.format(x+1999) - - + + after_user = plist.split('"')[2] oval_variable = oval_variable + ''' @@ -2056,10 +2056,10 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,x+1999,after_user,x+999) try: check_if = rule_yaml['check'].split("\n")[5] - + modifier = 0 for n in check_if.split(): - + if n.replace('"',"").isdigit(): if modifier >= 4999: modifier = modifier + 1 @@ -2070,25 +2070,25 @@ def generate_scap(all_rules, all_baselines, args): modifier = 4999 x = x + 1 continue - except: - x = x + 1 + except: + x = x + 1 continue - + oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x) - + oval_test = oval_test + ''' @@ -2096,9 +2096,9 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_" + odv_label,x,x,x) plist = rule_yaml['check'].split("read")[1].split()[0].replace(".plist","") - + if "ByHost" in rule_yaml['fix'] or "currentHost" in rule_yaml['fix']: - + oval_object = oval_object + ''' SPHardwareDataType @@ -2107,28 +2107,28 @@ def generate_scap(all_rules, all_baselines, args): '''.format("hardware UUID",x+999) if "$CURRENT_USER" in rule_yaml['check']: - - + + check_length = len(rule_yaml['check'].split()) key = rule_yaml['check'].split()[check_length-1] - + oval_object = oval_object + ''' .* oval:mscp:ste:{} - + - + '''.format(x+1999,x+1999,rule_yaml['id'] + "_" + odv_label,x,x) - - try: + + try: rule_yaml['result']['boolean'] oval_object = oval_object + ''' name(//*[contains(text(), "{}")]/following-sibling::*[1]) '''.format(key) except: - + oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(key) oval_state = oval_state + ''' @@ -2138,7 +2138,7 @@ def generate_scap(all_rules, all_baselines, args): 0 /usr/bin/false '''.format(x+1999) - + oval_variable = oval_variable + ''' @@ -2149,10 +2149,10 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,x+1999,plist,x+999) - + else: - + check_length = len(rule_yaml['check'].split()) key = rule_yaml['check'].replace(" 2>/dev/null","").split()[check_length-1] @@ -2170,8 +2170,8 @@ def generate_scap(all_rules, all_baselines, args): oval_object = oval_object + ''' //*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(key) - - oval_variable = oval_variable + ''' + + oval_variable = oval_variable + ''' {}. @@ -2179,30 +2179,30 @@ def generate_scap(all_rules, all_baselines, args): .plist '''.format(x,plist,x+999) - + elif "$CURRENT_USER" in rule_yaml['check']: - - + + check_length = len(rule_yaml['check'].split()) key = rule_yaml['check'].replace(" 2>/dev/null","").split()[-1] - + oval_object = oval_object + ''' .* oval:mscp:ste:{} - + - + '''.format(x+1999,x+1999,rule_yaml['id'] + "_" + odv_label,x,x) - - try: + + try: rule_yaml['result']['boolean'] oval_object = oval_object + ''' name(//*[contains(text(), "{}")]/following-sibling::*[1]) '''.format(key) except: - + oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(key) oval_state = oval_state + ''' @@ -2212,7 +2212,7 @@ def generate_scap(all_rules, all_baselines, args): 0 /usr/bin/false '''.format(x+1999) - + oval_variable = oval_variable + ''' @@ -2223,15 +2223,15 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,x+1999,plist,x+999) else: - + if plist[-6:] != ".plist": plist = plist + ".plist" - + plist_key = rule_yaml['check'].replace(" 2>/dev/null","").split(" ")[3].rstrip() oval_object = oval_object + ''' {}'''.format(rule_yaml['id'] + "_" + odv_label,x,plist) - + try: rule_yaml['result']['boolean'] oval_object = oval_object + ''' @@ -2241,8 +2241,8 @@ def generate_scap(all_rules, all_baselines, args): oval_object = oval_object + ''' //*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(plist_key) - - + + datatype = "" plist_key = rule_yaml['check'].split(" ")[3].rstrip() for key in rule_yaml['result']: @@ -2259,20 +2259,20 @@ def generate_scap(all_rules, all_baselines, args): value = "true" else: value = rule_yaml['result'][datatype] - + oval_state = oval_state + ''' {} '''.format(rule_yaml['id'] + "_" + odv_label,x,oval_datatype,value) oval_definition = re.sub('(?=\n\[NOTE\])(?s)(.*)\=\n<', '<', oval_definition) x = x+1 - + continue try: if "security" in command[3]: if rule_yaml['check'].split()[1] == "authorizationdb": check = rule_yaml['check'].split("|") - + authdb = rule_yaml['check'].split()[3] if len(check) > 2: @@ -2280,18 +2280,18 @@ def generate_scap(all_rules, all_baselines, args): key = str(matches).replace("[","").replace("]","").replace("'","") length = len(check[2].split()) - + last_string = check[2].split()[length-1].replace('"',"").replace("<","").replace(">","").replace("/","") - + oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + @@ -2303,7 +2303,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_" + odv_label,x,x,x) - + oval_object = oval_object + ''' {} @@ -2312,20 +2312,20 @@ def generate_scap(all_rules, all_baselines, args): oval_state = oval_state + ''' - + true '''.format(rule_yaml['id'] + "_" + odv_label,x) else: key = (check[1].split()[2].replace("'","")) oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + @@ -2347,7 +2347,7 @@ def generate_scap(all_rules, all_baselines, args): {} '''.format(rule_yaml['id'] + "_" + odv_label,x,key) - + else: if "authorizationdb" in rule_yaml['check']: regex = r"=\(.*.\)" @@ -2355,19 +2355,19 @@ def generate_scap(all_rules, all_baselines, args): matches = re.finditer(regex, rule_yaml['check'], re.MULTILINE) for matchNum, match in enumerate(matches, start=1): matchy_match = match.group().replace('=(',"").replace(")","").replace('"','').split() - + oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion']) for match in matchy_match: - + oval_definition = oval_definition + ''' '''.format(rule_yaml['id'] + "+" + match, x) @@ -2378,7 +2378,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(match,x,x,x) key="shared" value="" - if "false" in rule_yaml["check"]: + if "false" in rule_yaml["check"]: value="false" else: value="true" @@ -2391,11 +2391,11 @@ def generate_scap(all_rules, all_baselines, args): oval_state = oval_state + ''' - + true '''.format(match,x) x += 1 - + oval_definition = oval_definition + "" x += 1 continue @@ -2403,17 +2403,17 @@ def generate_scap(all_rules, all_baselines, args): pass if "/bin/rm" in rule_yaml['fix'] and "/bin/ls" in rule_yaml['check']: oval_definition = oval_definition + ''' - - - {} + + + {} - {} - - + {} + + - - + + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x) oval_test = oval_test + ''' @@ -2421,11 +2421,11 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,rule_yaml['id'] + "_" + odv_label,x) path = rule_yaml['fix'].split("----")[1].split(" ")[-1] - + oval_object = oval_object + ''' {} - + '''.format(x,rule_yaml['id'] + "_" + odv_label,path.rstrip()) x += 1 continue @@ -2433,20 +2433,20 @@ def generate_scap(all_rules, all_baselines, args): try: if "ls" in command[2] or "stat" in command[3].split()[0]: if '/Library/Security/PolicyBanner.rtf' in rule_yaml['check']: - - + + oval_definition = oval_definition + ''' - - - {} + + + {} - {} - - + {} + + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x,rule_yaml['id'] + "_" + odv_label,x+2999) oval_test = oval_test + ''' @@ -2460,33 +2460,33 @@ def generate_scap(all_rules, all_baselines, args): oval_object = oval_object + ''' /Library/Security/PolicyBanner.rtf - + /Library/Security/PolicyBanner.rtfd - + '''.format(x,rule_yaml['id'] + "_" + odv_label,x+2999,rule_yaml['id']) x = x + 1 continue - + s = rule_yaml['check'] config_file = str() oval_variable_need = bool() if "grep" in s.split()[2]: - - + + oval_variable_need = True grep_search = re.search('\((.*?)\)', s).group(1) - + substring = grep_search.split("|")[0] regex = re.search('\'(.*?)\'', substring).group(1) - + try: regex = re.search('/(.*?)/', regex).group(1) except: regex = regex - config_file = substring = grep_search.split("|")[0].split()[-1] + config_file = substring = grep_search.split("|")[0].split()[-1] oval_object = oval_object + ''' @@ -2500,7 +2500,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,rule_yaml['id'] + "_" + odv_label,x+999) - + else: oval_variable_need = False config_file = s.split()[2] @@ -2508,20 +2508,20 @@ def generate_scap(all_rules, all_baselines, args): s = rule_yaml['fix'] fix_command = re.search('-\n(.*?)\n-', s).group(1).split('$')[0] - + oval_definition = oval_definition + ''' - - - - {} + + + + {} - {} - - + {} + + - - + + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x) oval_test = oval_test + ''' @@ -2529,7 +2529,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,rule_yaml['id'] + "_" + odv_label,x,x) - + if "-" in fix_command and "R" in fix_command or rule_yaml['fix'].split("\n")[2][-1] == "*": behavior = '' if "audit" in rule_yaml['id']: @@ -2550,30 +2550,30 @@ def generate_scap(all_rules, all_baselines, args): {} {} - + '''.format(rule_yaml['id'] + "_" + odv_label,x,behavior,config_file) state_test = "" if "-" in fix_command and "N" in fix_command and "chmod" in fix_command: state_test = ''' false ''' - + elif "chgrp" in fix_command: state_test = ''' {} '''.format(rule_yaml['result']['integer']) elif "chown" in fix_command: - + state_test = ''' {} '''.format(rule_yaml['result']['integer']) - + elif "chmod" in fix_command: - + perms = fix_command.split()[1] - + if perms[0] == "0": state_test = ''' false @@ -2595,7 +2595,7 @@ def generate_scap(all_rules, all_baselines, args): true true''' elif perms[0] == "4": - + state_test = ''' true false @@ -2615,7 +2615,7 @@ def generate_scap(all_rules, all_baselines, args): true true true''' - + if perms[1] == "0": state_test = state_test + ''' false @@ -2637,7 +2637,7 @@ def generate_scap(all_rules, all_baselines, args): true true''' elif perms[1] == "4": - + state_test = state_test + ''' true false @@ -2659,11 +2659,11 @@ def generate_scap(all_rules, all_baselines, args): true''' if perms[2] == "0": - + state_test = state_test + ''' false false - false''' + false''' if perms[2] == "1": state_test = state_test + ''' false @@ -2709,7 +2709,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_" + odv_label,x) + state_test + ''' ''' - + x += 1 continue except: @@ -2719,19 +2719,19 @@ def generate_scap(all_rules, all_baselines, args): if "UserShell" in rule_yaml['check']: shell = rule_yaml['check'].split()[9].replace('"','') oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x) - + oval_test = oval_test + ''' @@ -2744,7 +2744,7 @@ def generate_scap(all_rules, all_baselines, args): {} '''.format(rule_yaml['id'] + "_" + odv_label,x,command[5].split()[0]) - + oval_state = oval_state + ''' {} @@ -2759,51 +2759,51 @@ def generate_scap(all_rules, all_baselines, args): awk_file = "" awk_search = "" field_sep = "" - + if "grep -qE" in rule_yaml['fix']: awk_file = rule_yaml['fix'].split(" ")[3].strip(" ") awk_search = rule_yaml['fix'].split(" ")[2].strip("\"") - + elif "grep" in rule_yaml['check']: awk_file = rule_yaml['check'].split("|")[0].split(" ")[-2] awk_search = rule_yaml['check'].split("|")[-1].split(" ")[-2].strip("\'") - + else: awk_file = rule_yaml['check'].split("'")[2].strip(" ") awk_search = rule_yaml['check'].split("'")[1].split("/")[1] - - try: + + try: field_sep = rule_yaml['check'].split("-F")[1].split(" ")[0].replace('\"',"") except: field_sep = " " - try: - + try: + awk_result = rule_yaml['result']['string'] - except: - + except: + awk_result = str(rule_yaml['result']['integer']) - + if awk_search[0] != "^": awk_search = "^" + awk_search + field_sep + awk_result else: awk_search = awk_search + field_sep + awk_result - + oval_definition = oval_definition + ''' - - - {} + + + {} - {} - - + {} + + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x) oval_test = oval_test + ''' @@ -2823,33 +2823,33 @@ def generate_scap(all_rules, all_baselines, args): pass try: if "grep" in command[3] and not "pgrep" in command[3]: - + if "bannerText" in rule_yaml['check'] or "fips_" in rule_yaml['check']: - + text_to_find = rule_yaml['check'].split("=")[1].split('"')[1] matches = text_to_find.replace(".","\.").replace(")","\)").replace("(","\(").replace("*","\*") - + oval_definition = oval_definition + ''' - - - {} + + + {} - {} + {} - + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x) oval_test = oval_test + ''' '''.format(x, rule_yaml['id'] + "_" + odv_label, x) - + file_path = rule_yaml["check"].split(" ")[-1].rstrip() - + oval_object = oval_object + ''' {} @@ -2860,32 +2860,32 @@ def generate_scap(all_rules, all_baselines, args): x += 1 continue else: - + s = rule_yaml['check'] - - try: - + + try: + grep_search = re.search('"(.*?)"', s).group(1) - - except: - + + except: + grep_search = re.search('\'(.*?)\'', s).group(1) - - + + grep_file = rule_yaml['check'].split(grep_search,1)[1].split(" ")[1] - - + + oval_definition = oval_definition + ''' - - - {} + + + {} - {} - - + {} + + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x) oval_test = oval_test + ''' @@ -2907,13 +2907,13 @@ def generate_scap(all_rules, all_baselines, args): if "launchctl" in command[2] or "launchctl" in rule_yaml['fix']: if "disable" in command[2] and "=> true" in rule_yaml['check'] or "unload -w" in rule_yaml['fix'] or "disable" in command[2] and "=> disabled" in rule_yaml['check']: oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + @@ -2927,17 +2927,17 @@ def generate_scap(all_rules, all_baselines, args): - + '''.format(rule_yaml['id'] + "_" + odv_label,x,x,x,x+999,rule_yaml['id'] + "_" + odv_label,x+999) - + domain = str() if "launchctl" not in rule_yaml['check']: domain = rule_yaml['fix'].split()[4].split('/')[4].replace(".plist","") - + else: s = command[5].split()[2] domain = re.search('"(.*?)"', s).group(1) - + oval_object = oval_object + ''' /var/db/com.apple.xpc.launchd/disabled.plist @@ -2946,7 +2946,7 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_" + odv_label,x,domain,x+999,rule_yaml['id'] + "_" + odv_label,domain) - + status = "" if "enable" in rule_yaml["fix"]: status = "false" @@ -2956,16 +2956,16 @@ def generate_scap(all_rules, all_baselines, args): {} '''.format(rule_yaml['id'] + "_" + odv_label,x,status) - + elif "launchctl unload" in rule_yaml['fix']: oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + @@ -2975,38 +2975,38 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,rule_yaml['id'] + "_" + odv_label,x) - + domain = str() - + if "launchctl" not in rule_yaml['check']: domain = rule_yaml['fix'].split()[4].split('/')[4].replace(".plist","") - + else: s = command[5].split()[2] domain = re.search('"(.*?)"', s).group(1) - + oval_object = oval_object + ''' '''.format(x, rule_yaml['id'] + "_" + odv_label,domain) - + elif "defaults write" in rule_yaml['fix']: oval_definition = oval_definition + ''' - - - {} + + + {} - {} - + {} + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'],rule_yaml['id'] + "_" + odv_label,x) - + oval_test = oval_test + ''' @@ -3014,9 +3014,9 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_" + odv_label,x,x,x) plist = rule_yaml['fix'].split(" ")[2].replace(".plist","") # plist = rule_yaml['check'].split("read")[1].split()[0].replace(".plist","") - + if "ByHost" in rule_yaml['fix'] or "currentHost" in rule_yaml['fix']: - + oval_object = oval_object + ''' SPHardwareDataType @@ -3025,28 +3025,28 @@ def generate_scap(all_rules, all_baselines, args): '''.format("hardware UUID",x+999) if "$CURRENT_USER" in rule_yaml['check']: - - - + + + key = rule_yaml['fix'].split("defaults")[1].split(" ")[3] - + oval_object = oval_object + ''' .* oval:mscp:ste:{} - + - + '''.format(x+1999,x+1999,rule_yaml['id'] + "_" + odv_label,x,x) - + if rule_yaml['fix'].split("defaults")[1].split(" ")[4] == "-bool": rule_yaml['result']['boolean'] oval_object = oval_object + ''' name(//*[contains(text(), "{}")]/following-sibling::*[1]) '''.format(key) else: - + oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(key) oval_state = oval_state + ''' @@ -3056,7 +3056,7 @@ def generate_scap(all_rules, all_baselines, args): 0 /usr/bin/false '''.format(x+1999) - + oval_variable = oval_variable + ''' @@ -3067,11 +3067,11 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,x+1999,plist,x+999) - + else: - - + + key = rule_yaml['fix'].split("defaults")[1].split(" ")[3] oval_object = oval_object + ''' @@ -3079,9 +3079,9 @@ def generate_scap(all_rules, all_baselines, args): '''.format(rule_yaml['id'] + "_" + odv_label,x,x) - + if rule_yaml['fix'].split("defaults")[1].split(" ")[4] == "-bool": - + oval_object = oval_object + ''' name(//*[contains(text(), "{}")]/following-sibling::*[1]) '''.format(key) @@ -3089,8 +3089,8 @@ def generate_scap(all_rules, all_baselines, args): oval_object = oval_object + ''' //*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(key) - - oval_variable = oval_variable + ''' + + oval_variable = oval_variable + ''' {}. @@ -3098,30 +3098,30 @@ def generate_scap(all_rules, all_baselines, args): .plist '''.format(x,plist,x+999) - + elif "$CURRENT_USER" in rule_yaml['check']: - - + + check_length = len(rule_yaml['check'].split()) key = rule_yaml['fix'].split("defaults")[1].split(" ")[3] - + oval_object = oval_object + ''' .* oval:mscp:ste:{} - + - + '''.format(x+1999,x+1999,rule_yaml['id'] + "_" + odv_label,x,x) - + if rule_yaml['fix'].split("defaults")[1].split(" ")[4] == "-bool": - + oval_object = oval_object + ''' name(//*[contains(text(), "{}")]/following-sibling::*[1]) '''.format(key) else: - + oval_object = oval_object + '''//*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(key) oval_state = oval_state + ''' @@ -3131,7 +3131,7 @@ def generate_scap(all_rules, all_baselines, args): 0 /usr/bin/false '''.format(x+1999) - + oval_variable = oval_variable + ''' @@ -3142,15 +3142,15 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,x+1999,plist,x+999) else: - + if plist[-6:] != ".plist": plist = plist + ".plist" plist_key = rule_yaml['fix'].split("defaults")[1].split(" ")[3] - + oval_object = oval_object + ''' {}'''.format(rule_yaml['id'] + "_" + odv_label,x,plist) - + try: rule_yaml['result']['boolean'] oval_object = oval_object + ''' @@ -3160,21 +3160,21 @@ def generate_scap(all_rules, all_baselines, args): oval_object = oval_object + ''' //*[contains(text(), "{}")]/following-sibling::*[1]/text() '''.format(plist_key) - - + + datatype = "" plist_key = rule_yaml['fix'].split("defaults")[1].split(" ")[3] - + oval_datatype = rule_yaml['fix'].split("defaults")[1].split(" ")[4].replace("-","") if oval_datatype == "integer": oval_datatype = "int" - + if oval_datatype == "bool": oval_datatype = "boolean" value = rule_yaml['fix'].split("defaults")[1].split(" ")[5].replace(";","") - + oval_state = oval_state + ''' {} @@ -3183,30 +3183,30 @@ def generate_scap(all_rules, all_baselines, args): x = x+1 - + continue else: - + oval_definition = oval_definition + ''' - - - {} + + + {} - {} - - + {} + + - + '''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'].rstrip(),rule_yaml['id'] + "_" + odv_label,x) oval_test = oval_test + ''' '''.format(x,rule_yaml['id'] + "_" + odv_label,x) - + domain = command[5].split()[2] domain = domain.replace('"','').replace("'",'') @@ -3215,10 +3215,10 @@ def generate_scap(all_rules, all_baselines, args): '''.format(x,rule_yaml['id'] + "_" + odv_label,domain) x += 1 - continue + continue except: pass - + for k in generated_baselines.keys(): xccdf_profiles = xccdf_profiles + ''' @@ -3229,7 +3229,7 @@ def generate_scap(all_rules, all_baselines, args):