Apple Remote Desktop Admin Detection (Mac OS X)

2012-08-22T00:00:00
ID MACOSX_REMOTE_DESKTOP_ADMIN_INSTALLED.NASL
Type nessus
Reporter Tenable
Modified 2018-07-30T00:00:00

Description

Apple Remote Desktop Admin is installed on the remote Mac OS X host. It is a tool for managing Mac computers on a network.

                                        
                                            #TRUSTED a6c34aecd6f048a1f408814844d6e15ac3f68b625a5aaf43f29b4045dda157593445bed65f0afb49d9be02b7ac7bbdfdfe9fda32f0ea06f3f715dacbb6200b419a0a679ab82c3aba73d67a849f31c689940b59f9da23bdb3e07a7c2747231476208bbff2bff2ad8715d28fbd6a4d74924028b936add7220cde800200edbe621fb7e2dbd89e2e48fe818c67dbc33ee2e6d3eae033e97902b4ed92889b53fdbcce59cf3edd721732e290c36668116b5ff5977f17ce633b95f34e80f0ff2dcb4405616ef8aae89cf0641d73d28fad985e6fa7d7aed781c325f6e9a7f767e0c274037b9a8af68aa4615421e0fa5a1aa99dffe0eb59ae66decdfa04f4838940fff90bea1fad8fcc081c350aafd5b29812e5daf741698bfd434df8c2c41fc412d06e9014fd8120b11157e79487c9cc05f2f8d748acfb95a2a34f3e79ef6e3aec8e3b31849301d0d4939f3224d79143f7bb3ed52d10fd96a9bc5e5523142ed4378ad6c1fe607a2a07a60f62e2e8c608ec29907592c004480613c554257cb7ce4192e74145e7548a211306852d7bbddd9e8e1350ba5f18ca038d23b85ce45e89dca5be46de1a65ede1a3efa0840bfb78be875cf9952f98341540294be194ce15fb64d6ac5321a87b83bb3d9a7b0107d60d433edbb5795284c1d54ecf5204fb706da7aa3573fca708d57f0e463b9e3dfe58ffc2271e6e362082bca0faaa26d0c5d8c7f249
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(61620);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/30");

  script_name(english:"Apple Remote Desktop Admin Detection (Mac OS X)");
  script_summary(english:"Reads version from Info.plist");

  script_set_attribute(attribute:"synopsis", value:"A remote management tool is installed on the remote Mac OS X host.");
  script_set_attribute(attribute:"description", value:
"Apple Remote Desktop Admin is installed on the remote Mac OS X host.
It is a tool for managing Mac computers on a network.");
  script_set_attribute(attribute:"see_also", value:"http://www.apple.com/remotedesktop/");
  script_set_attribute(attribute:"solution", value:"n/a");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_remote_desktop");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");
include("install_func.inc");

app = "Apple Remote Desktop Admin";

if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/MacOSX/Version"))audit(AUDIT_HOST_NOT, "running Mac OS X");

kb_base = "MacOSX/Remote_Desktop_Admin";

path = '/Applications/Remote Desktop.app';
plist = path + '/Contents/Info.plist';
cmd =  'plutil -convert xml1 -o - \'' + plist + '\' 2>/dev/null | ' +
  'grep -A 1 CFBundleShortVersionString | ' +
  'tail -n 1 | ' +
  'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
version = exec_cmd(cmd:cmd);
if (!strlen(version)) audit(AUDIT_NOT_INST, app);

set_kb_item(name:kb_base+"/Installed", value:TRUE);
set_kb_item(name:kb_base+"/Path", value:path);

if (version !~ "^[0-9]") exit(1, "The version does not look valid (" + version + ").");
set_kb_item(name:kb_base+"/Version", value:version);

register_install(
  app_name:app,
  path:path,
  version:version,
  cpe:"cpe:/a:apple:apple_remote_desktop");

report_installs(app_name:app);