Apple Remote Desktop Admin Detection (Mac OS X)

2012-08-22T00:00:00
ID MACOSX_REMOTE_DESKTOP_ADMIN_INSTALLED.NASL
Type nessus
Reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2012-08-22T00:00:00

Description

Apple Remote Desktop Admin is installed on the remote Mac OS X host. It is a tool for managing Mac computers on a network.

                                        
                                            #TRUSTED 18a525ff08596a15e6b644d6962c17b65847352102e59806e737a1f67e00738e6e09b4255b60722b4ad7672f844f0e7bf87b5c30439bad10bee48785d4bfcea5866e80f12063e6077e3e717f192086285621f698648900178a1b36b901b5d3eefa219970f183294ad6ffe9e14e89f1ccba3a53d8d3d08cc64f71d13d5b07d883f270514288ea96b500e944941c29228929875d71da49397410a7f43089e8f17abc500876cb9000abad43c6c8417848afd5406331d4645e8a0213772845b2263391fd2b940653acc52d602b9dc6f28160a518f14a916623bae46cb4f68933aa388f18993e0e4631c042b433a2ca8debdd30d4a9c78b19979f8422015aa8d50fd805f4c39f9ff8951d960a3234c527b586e0e77660655f8f9188ce4776b6546feca4e98d256136735c2bf7aadeaaf8ba7ed4916a5144e7cd8e747fe80135f7d1151a25f3d68610708192bce5c71b32a5ddaebaa40c67e77e99b21ed8e995d6ba710c45d0c6555c1942d0181b538507a5028aa921d4e8146660e3df27fe4e81ad35273028df00aa173c50d38541ebaa8fafa96dcf5a0407a448b37fb20e60c239eb88cddd02479c293377103326d116b67c900c0038890b6f7da770ad1e7135c52f56f274b825ebad9bf0ae5217a8dc250e325ce807a0498d3bbb57fd9dc8ef54ba39103622bf2f9381fb15ba2a236e5764485648bf3dd12af7d68b49f3c25cd866
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(61620);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2019/11/22");

  script_name(english:"Apple Remote Desktop Admin Detection (Mac OS X)");
  script_summary(english:"Reads version from Info.plist");

  script_set_attribute(attribute:"synopsis", value:"A remote management tool is installed on the remote Mac OS X host.");
  script_set_attribute(attribute:"description", value:
"Apple Remote Desktop Admin is installed on the remote Mac OS X host.
It is a tool for managing Mac computers on a network.");
  script_set_attribute(attribute:"see_also", value:"http://www.apple.com/remotedesktop/");
  script_set_attribute(attribute:"solution", value:"n/a");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_remote_desktop");
  script_set_attribute(attribute:"asset_inventory", value:"True");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");
include("install_func.inc");

app = "Apple Remote Desktop Admin";

if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/MacOSX/Version"))audit(AUDIT_HOST_NOT, "running Mac OS X");

kb_base = "MacOSX/Remote_Desktop_Admin";

path = '/Applications/Remote Desktop.app';
plist = path + '/Contents/Info.plist';
cmd =  'plutil -convert xml1 -o - \'' + plist + '\' 2>/dev/null | ' +
  'grep -A 1 CFBundleShortVersionString | ' +
  'tail -n 1 | ' +
  'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
version = exec_cmd(cmd:cmd);
if (!strlen(version)) audit(AUDIT_NOT_INST, app);

set_kb_item(name:kb_base+"/Installed", value:TRUE);
set_kb_item(name:kb_base+"/Path", value:path);

if (version !~ "^[0-9]") exit(1, "The version does not look valid (" + version + ").");
set_kb_item(name:kb_base+"/Version", value:version);

register_install(
  app_name:app,
  path:path,
  version:version,
  cpe:"cpe:/a:apple:apple_remote_desktop");

report_installs(app_name:app);