def analyze_new_files(self):
"""
analyze new plists that are on the host
"""
where_params = self.new_files.keys()
where_statement = "name=%s" % " OR name=".join(
['?'] * len(where_params))
where_clause = [where_statement, where_params]
self.pre_new_files = ORM.select("plist", None, where_clause)
self.post_new_files = []
for fname, fname_hash in self.new_files.iteritems():
self.data = {}
self.plist_name = fname
self.plist_file = read_plist(fname)
self.data["name"] = self.plist_name
self.data["date"] = exec_date
self.data["hash"] = fname_hash
for i in self.check_keys_hash:
self.check_key_executable(i)
for i in self.check_keys:
self.check_key(i)
# Aggregate self.data
self.post_new_files.append(self.data)
def check_firewall_processes(self):
"""
Checks the firewalled processes in the system firewall
"""
alf = read_plist('/Library/Preferences/com.apple.alf.plist')
if alf:
processes = get_plist_key(alf, "firewall")
if processes:
for key, value in processes.iteritems():
try:
name = key
state = str(value['state'])
process = value['proc']
try:
servicebundleid = value['servicebundleid']
except KeyError:
servicebundleid = "KEY DNE"
self.data.append({
"name": name,
"date": exec_date,
"state": state,
"process": process,
"servicebundleid": servicebundleid
})
except KeyError:
pass
except Exception:
pass
def analyze_new_files(self):
"""
analyze new plists that are on the host
"""
where_params = self.new_files.keys()
where_statement = "name=%s" % (" OR name=".join(
['?'] * len(where_params)), )
where_clause = [where_statement, where_params]
self.pre_new_files = ORM.select("plist", None, where_clause)
self.post_new_files = []
for fname, fname_hash in self.new_files.iteritems():
self.data = {}
self.plist_name = fname
self.plist_file = read_plist(fname)
self.data["name"] = self.plist_name
self.data["date"] = exec_date
self.data["hash"] = fname_hash
for i in self.check_keys_hash:
self.check_key_executable(i)
for i in self.check_keys:
self.check_key(i)
# Aggregate self.data
self.post_new_files.append(self.data)
def check_firewall_processes(self):
"""
Checks the firewalled processes in the system firewall
"""
alf = read_plist('/Library/Preferences/com.apple.alf.plist')
if alf:
processes = get_plist_key(alf, "firewall")
if processes:
for key, value in processes.iteritems():
try:
name = key
state = str(value['state'])
process = value['proc']
try:
servicebundleid = value['servicebundleid']
except KeyError:
servicebundleid = "KEY DNE"
self.data.append({
"name": name,
"date": exec_date,
"state": state,
"process": process,
"servicebundleid": servicebundleid
})
except KeyError:
pass
except Exception:
pass
def check_firewall_keys(self):
"""
Checks the top level keys of com.apple.alf.plist
"""
alf = read_plist('/Library/Preferences/com.apple.alf.plist')
if alf:
for i in Config.get("firewall_keys"):
key = str(get_plist_key(alf, i))
if key:
self.data.append({
"name": i,
"date": exec_date,
"value": key
})
def check_firewall_keys(self):
"""
Checks the top level keys of com.apple.alf.plist
"""
alf = read_plist('/Library/Preferences/com.apple.alf.plist')
if alf:
for i in Config.get("firewall_keys"):
key = str(get_plist_key(alf, i))
if key:
self.data.append({
"name": i,
"date": exec_date,
"value": key
})
def check_firewall_explicitauths(self):
"""
Checks the systems firewall explicitauths
"""
alf = read_plist('/Library/Preferences/com.apple.alf.plist')
if alf:
explicitauths = get_plist_key(alf, "explicitauths")
if explicitauths:
for i in explicitauths:
try:
self.data.append({"name": i['id'], "date": exec_date})
except OSError:
pass
except Exception:
pass
def check_firewall_explicitauths(self):
"""
Checks the systems firewall explicitauths
"""
alf = read_plist('/Library/Preferences/com.apple.alf.plist')
if alf:
explicitauths = get_plist_key(alf, "explicitauths")
if explicitauths:
for i in explicitauths:
try:
self.data.append({"name": i['id'], "date": exec_date})
except OSError:
pass
except Exception:
pass
def check_firewall_applications(self):
"""
Checks firewalled application state in the systems firewall
"""
alf = read_plist('/Library/Preferences/com.apple.alf.plist')
if alf:
applications = get_plist_key(alf, "applications")
if applications:
for i in applications:
try:
name = i['bundleid']
state = str(i['state'])
except KeyError:
continue
except Exception:
continue
self.data.append({
"name": name,
"date": exec_date,
"state": state
})
def check_firewall_applications(self):
"""
Checks firewalled application state in the systems firewall
"""
alf = read_plist('/Library/Preferences/com.apple.alf.plist')
if alf:
applications = get_plist_key(alf, "applications")
if applications:
for i in applications:
try:
name = i['bundleid']
state = str(i['state'])
except KeyError:
continue
except Exception:
continue
self.data.append({
"name": name,
"date": exec_date,
"state": state
})
