You are here: Compliance Check Types > Unix Configuration > Custom Items > MACOSX_DEFAULTS_READ

MACOSX_DEFAULTS_READ

The "MACOSX_DEFAULTS_READ" audit check examines the default system values on Mac OS X. This check behaves differently if certain properties are set.

If plist_user is set to all, all user settings are audited, otherwise the specified user setting is audited.

If the byhost property is set to YES in addition to the plist_user property being set, the following query is run:

/usr/bin/defaults -currentHost read /Users/foo/Library/Preferences/ByHost/plist_name plist_item

If the byhost property is not set (and plist_user property is set), then the following query is run:

/usr/bin/defaults -currentHost read /Users/foo/Library/Preferences/plist_name plist_item

If the byhost property is not set (and plist_user property is not set), the following query is run:

/usr/bin/defaults -currentHost read plist_name plist_item

The following properties are supported:

  • plist_name: the plist we want to query. E.g. com.apple.digihub.
  • plist_item: The plist item to be audited. E.g. com.apple.digihub.blank.cd.appeared.
  • plist_option: CANNOT_BE_NULL. If this is set to CANNOT_BE_NULL, the check fails if the setting being audited is not set.
  • byhost: YES. Setting byhost to YES results in a slightly different query.

Examples

<custom_item>

system: "Darwin"

type: MACOSX_DEFAULTS_READ

description: "Automatic actions must be disabled for blank CDs - 'action=1;'"

plist_user: "all"

plist_name: "com.apple.digihub"

plist_item: "com.apple.digihub.blank.cd.appeared"

regex: "\\s*action\\s*=\\s*1;"

plist_option: CANNOT_BE_NULL

</custom_item>

 

<custom_item>

system: "Darwin"

type: MACOSX_DEFAULTS_READ

description: "System must have a password-protected screen saver configured to DoD"

plist_user: "all"

plist_name: "com.apple.screensaver"

byhost: YES

plist_item: "idleTime"

regex: "[A-Za-z0-9_-]+\\s*=\\s*(900|[2-8][0-9][0-9]|1[8-9][0-9])$"

plist_option: CANNOT_BE_NULL

</custom_item>

 

<custom_item>

system: "Darwin"

type: MACOSX_DEFAULTS_READ

description: "System must have a password-protected screen saver configured to DoD"

plist_name: "com.apple.screensaver"

plist_item: "idleTime"

regex: "[A-Za-z0-9_-]+\\s*=\\s*(900|[2-8][0-9][0-9]|1[8-9][0-9])$"

plist_option: CANNOT_BE_NULL

</custom_item>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.