Apple Remote Desktop Admin Detection (Mac OS X)

2012-08-22T00:00:00
ID MACOSX_REMOTE_DESKTOP_ADMIN_INSTALLED.NASL
Type nessus
Reporter Tenable
Modified 2017-05-30T00:00:00

Description

Apple Remote Desktop Admin is installed on the remote Mac OS X host. It is a tool for managing Mac computers on a network.

                                        
                                            #TRUSTED 8c99d1688435550467f127f5f2e1fa5e7d29d81c4697943f703e37f1fe8c2c8acaaada616f702a8a25870cc98bd79987d472aee12f601f607482359a5d74d0c3d475722ea865b724be085bc8ef194b54f801424a33a1971c1fce56bef5bd0762d1c9bec93aa95fa31a342337343922efa1e7dbe64d8709f92fa8137105328248269770af788ef6b3542e7e6c2e18b45f564782d9100a9e72c2fbf2b49e6e4cd4b322c9f8a40f1a7bd20c739017883674baeb87736b1d822fbfc7778c4d55cd874f89e6f77a48b4f5070883bac6fe3f983eea249eb5bc210c7d2a7875ab3e10952d53fe7f3c96bedc73e180bea18164f2ead7cf45dee5cc2589a12d41565421bea5e98909b6560176163f01cc88509f2a308e013b4e16fd954d42543addcfe29d86abf38d7067f04d2907bc2225a1eaa9786d715d208864ecc67f029c8050b71ab43231c19d19c06e833af9ce984c237790e06303bc08b136ab2e741a6e86f1d7d6b8f692c0de5e80070051e2445513c93728a833dc5373329763820cee90dac639c02daa7649f8866afeb9c1e1bd89045892e3988dd85fff16897e8229279befe7cbe2ed1fc8058c57b79377254018efcf6413b0378d5a61c389e89acbc209b1f2a91dabd28b3cf587fced579d5dae5a0348eecbe2613ae93210d4a3fc1f78659ed358673c405745e272c5cf2d0b82d750729d9df442c8d3cb533f600fab1d21
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(61620);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2017/05/30");

  script_name(english:"Apple Remote Desktop Admin Detection (Mac OS X)");
  script_summary(english:"Reads version from Info.plist");

  script_set_attribute(attribute:"synopsis", value:"A remote management tool is installed on the remote Mac OS X host.");
  script_set_attribute(attribute:"description", value:
"Apple Remote Desktop Admin is installed on the remote Mac OS X host.
It is a tool for managing Mac computers on a network.");
  script_set_attribute(attribute:"see_also", value:"http://www.apple.com/remotedesktop/");
  script_set_attribute(attribute:"solution", value:"n/a");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_remote_desktop");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");
include("install_func.inc");



if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/MacOSX/Version"))audit(AUDIT_HOST_NOT, "running Mac OS X");

kb_base = "MacOSX/Remote_Desktop_Admin";

path = '/Applications/Remote Desktop.app';
plist = path + '/Contents/Info.plist';
cmd =  'plutil -convert xml1 -o - \'' + plist + '\' | ' +
  'grep -A 1 CFBundleShortVersionString | ' +
  'tail -n 1 | ' +
  'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
version = exec_cmd(cmd:cmd);
if (!strlen(version)) audit(AUDIT_NOT_INST, "Apple Remote Desktop Admin");

set_kb_item(name:kb_base+"/Installed", value:TRUE);
set_kb_item(name:kb_base+"/Path", value:path);

if (version !~ "^[0-9]") exit(1, "The version does not look valid (" + version + ").");
set_kb_item(name:kb_base+"/Version", value:version);

register_install(
  app_name:"Apple Remote Desktop Admin",
  path:path,
  version:version,
  cpe:"cpe:/a:apple:apple_remote_desktop");

if (report_verbosity > 0)
{
  report =
    '\n  Path    : ' + path +
    '\n  Version : ' + version + '\n';
  security_note(port:0, extra:report);
}
else security_note(0);