usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-03-03 17:02:01 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
Files
b751cf4590b6cba8ec70ffbbe64e8e7f55e58013
macos_security/scripts/baseline_identify.py
Dan Brodjieski 58bbc538f4 renamed baseline_identify
2020-07-07 16:57:05 -04:00

64 lines
2.1 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/env python3
# filename: baseline_identify.py
# description: Identify which rules fall on specific baselines.
import argparse
import io
import yaml
import os
from string import Template
from itertools import groupby
import glob
# File path setup
file_dir = os.path.dirname(os.path.abspath(__file__))
parent_dir = os.path.dirname(file_dir)
# import profile_manifests.plist
baselines_file = os.path.join(parent_dir, 'includes', '800-53_baselines.yaml')
with open(baselines_file) as r:
baselines = yaml.load(r, Loader=yaml.SafeLoader)
low_rules = []
mod_rules = []
high_rules = []
# Create sections and rules
for rule in sorted(glob.glob(parent_dir + '/rules/*/*.yaml')):
with open(rule) as r:
rule_yaml = yaml.load(r, Loader=yaml.SafeLoader)
try:
rule_yaml['references']['800-53r4']
except KeyError:
nist_80053r4 = 'N/A'
else:
#nist_80053r4 = ulify(rule_yaml['references']['800-53r4'])
nist_80053r4 = rule_yaml['references']['800-53r4']
for control in nist_80053r4:
if control in baselines['low']:
#print("rule: {} contains: {} which falls on low baseline".format(rule_yaml['id'], control))
if rule_yaml['id'] not in low_rules:
low_rules.append(rule_yaml['id'])
if control in baselines['moderate']:
#print("rule: {} contains: {} which falls on moderate baseline".format(rule_yaml['id'], control))
if rule_yaml['id'] not in mod_rules:
mod_rules.append(rule_yaml['id'])
if control in baselines['high']:
#print("rule: {} contains: {} which falls on high baseline".format(rule_yaml['id'], control))
if rule_yaml['id'] not in high_rules:
high_rules.append(rule_yaml['id'])
print("{} Rules belong on LOW baseline".format(len(low_rules)))
for rule in low_rules:
print(" - {}".format(rule))
print("\n {} Rules that belong on MODERATE baseline".format(len(mod_rules)))
for rule in mod_rules:
print(" - {}".format(rule))
print("\n {} Rules that belong on HIGH baseline".format(len(high_rules)))
for rule in high_rules:
print(" - {}".format(rule))
Reference in New Issue View Git Blame Copy Permalink