munkireport/security

Module for munkireport.

v4.6 2024-09-25 02:17 UTC

README

The following information is stored in the security table:

  • Gatekeeper Status 10.7+
  • SIP Status 10.11+
  • Firmware Password State
  • Application Firewall State
  • User-Approved Kernel Extension Loading (UAKEL/SKEL) State

In the future, this module can be expanded to support xprotect, screen saver password, etc...

For the application firewall state, there are three possible values:

  • Disabled = 0 - the firewall is fully disabled
  • Enabled = 1 - the firewall is enabled.
  • Block All = 2 - the firewall is enabled, and "Block all incoming connections" is checked in the GUI

For the user-approved kernel extension loading state, there are two possible values:

  • User Approved = 0 - Machines with UAKEL/SKEL turned on in the default state (security.skel.user-approved)
  • Open = 1 - Pre-10.13 machines or machines where UAKEL/SKEL is in disabled state (security.skel.all-approved)

Table Schema

Database:

  • gatekeeper - varchar(255) - Status of Gatekeeper
  • sip - varchar(255) - Status of SIP
  • ssh_groups - varchar(255) - SSH enabled groups
  • ssh_users - varchar(255) - SSH enabled users
  • ard_groups - varchar(255) - Apple Remote Desktop enabled groups
  • root_user - varchar(255) - Status of root user account
  • ard_users - varchar(255) - Apple Remote Desktop enabled users
  • firmwarepw - varchar(255) - Status of firmware password
  • firewall_state - varchar(255) - Status of firewall
  • skel_state - varchar(255) - SKEL state
  • t2_secureboot - varchar(255) - State of SecureBoot
  • t2_externalboot - varchar(255) - State of External Boot
  • activation_lock - varchar(255) - Status of Activation lock
  • filevault_status - boolean - FileVault encrypted or unencrypted
  • filevault_users - varchar(255) - FileVault enabled users
  • as_security_mode - varchar(255) - Security Mode, Apple Silicon Macs only