munkireport / security
Module for munkireport.
Installs: 10 375
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 5
Forks: 8
Open Issues: 0
README
The following information is stored in the security table:
- Gatekeeper Status 10.7+
- SIP Status 10.11+
- Firmware Password State
- Application Firewall State
- User-Approved Kernel Extension Loading (UAKEL/SKEL) State
In the future, this module can be expanded to support xprotect, screen saver password, etc...
For the application firewall state, there are three possible values:
- Disabled = 0 - the firewall is fully disabled
- Enabled = 1 - the firewall is enabled.
- Block All = 2 - the firewall is enabled, and "Block all incoming connections" is checked in the GUI
For the user-approved kernel extension loading state, there are two possible values:
- User Approved = 0 - Machines with UAKEL/SKEL turned on in the default state (security.skel.user-approved)
- Open = 1 - Pre-10.13 machines or machines where UAKEL/SKEL is in disabled state (security.skel.all-approved)
Table Schema
Database:
- gatekeeper - varchar(255) - Status of Gatekeeper
- sip - varchar(255) - Status of SIP
- ssh_groups - varchar(255) - SSH enabled groups
- ssh_users - varchar(255) - SSH enabled users
- ard_groups - varchar(255) - Apple Remote Desktop enabled groups
- root_user - varchar(255) - Status of root user account
- ard_users - varchar(255) - Apple Remote Desktop enabled users
- firmwarepw - varchar(255) - Status of firmware password
- firewall_state - varchar(255) - Status of firewall
- skel_state - varchar(255) - SKEL state
- t2_secureboot - varchar(255) - State of SecureBoot
- t2_externalboot - varchar(255) - State of External Boot
- activation_lock - varchar(255) - Status of Activation lock
- filevault_status - boolean - FileVault encrypted or unencrypted
- filevault_users - varchar(255) - FileVault enabled users
- as_security_mode - varchar(255) - Security Mode, Apple Silicon Macs only