Apple Remote Desktop Admin Detection (Mac OS X)

2012-08-22T00:00:00
ID MACOSX_REMOTE_DESKTOP_ADMIN_INSTALLED.NASL
Type nessus
Reporter Tenable
Modified 2018-05-16T00:00:00

Description

Apple Remote Desktop Admin is installed on the remote Mac OS X host. It is a tool for managing Mac computers on a network.

                                        
                                            #TRUSTED b01e38ab431f56aab23d4a330ac7590cf90d3622226bd6bd3c8dae8938f370a437fa2a3ed85caa919fcd0555583d85bdbc487714d5d826e8c316ee63b123f60436561cda1a2c249d0500af5480503a4dc1dd3bb49cca94413b1a28a73d88c596c73f5954ccb5c4559e0efab6280d77e9768c649bb0773c745a49d592763de8fbeab6db1ab8349d380ff1ebb0e5ca99558da22e6d2babf0a54368dfc6647476f16ee04d1509f8c7c443795f111a4e2654f2ba3f8190fe03a77691fcfc038e65efd40e4d3c63f1f91a4272097c5606c2d18bf7d22c92a4f0f6066ea4fa349d8cb93b71122994c471c59afd57dce6612dbf863f362a18e5afa628302f56f0ef9f4bd9162848017c027b713065717fa60afd579aead4474895d3f789b4690c4b74ca99c1d974164ffa33759cef3a45bd560d517bb3ff82588122cfa7281fb7fe79517fa3f169626b6de3682aea55b83a4a0e237e9335c13281d9ead97332c7cade96f3504122ce135ccd07212f7b708eb7fdbe69323478eeea53124cffa56e48245ef45797531ba9c01749aa38c1c181cb2fa1d4b14a873e42768f655a1e33f8546b844104e1f52406abf36505ca8c7024f3f0d6140ea6f8ae166f170a175ff64505d3ff3826ac03dab9c88bf3074f5b784431062344f5792a4027f73a8a04ea116e913880648b4f301e25ca755000965b616bf7af80e399bbc5f19c9960182826ab
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(61620);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2018/05/16");

  script_name(english:"Apple Remote Desktop Admin Detection (Mac OS X)");
  script_summary(english:"Reads version from Info.plist");

  script_set_attribute(attribute:"synopsis", value:"A remote management tool is installed on the remote Mac OS X host.");
  script_set_attribute(attribute:"description", value:
"Apple Remote Desktop Admin is installed on the remote Mac OS X host.
It is a tool for managing Mac computers on a network.");
  script_set_attribute(attribute:"see_also", value:"http://www.apple.com/remotedesktop/");
  script_set_attribute(attribute:"solution", value:"n/a");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_remote_desktop");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");
include("install_func.inc");

app = "Apple Remote Desktop Admin";

if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/MacOSX/Version"))audit(AUDIT_HOST_NOT, "running Mac OS X");

kb_base = "MacOSX/Remote_Desktop_Admin";

path = '/Applications/Remote Desktop.app';
plist = path + '/Contents/Info.plist';
cmd =  'plutil -convert xml1 -o - \'' + plist + '\' | ' +
  'grep -A 1 CFBundleShortVersionString | ' +
  'tail -n 1 | ' +
  'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
version = exec_cmd(cmd:cmd);
if (!strlen(version)) audit(AUDIT_NOT_INST, app);

set_kb_item(name:kb_base+"/Installed", value:TRUE);
set_kb_item(name:kb_base+"/Path", value:path);

if (version !~ "^[0-9]") exit(1, "The version does not look valid (" + version + ").");
set_kb_item(name:kb_base+"/Version", value:version);

register_install(
  app_name:app,
  path:path,
  version:version,
  cpe:"cpe:/a:apple:apple_remote_desktop");

report =
  '\n  Path    : ' + path +
  '\n  Version : ' + version + '\n';

report_installs(app_name:app, extra:report);