Mac OS X Server Service List

2010-11-22T00:00:00
ID MACOSX_SERVER_SERVICES.NASL
Type nessus
Reporter This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.
Modified 2010-11-22T00:00:00

Description

By connecting to the remote host via SSH with the supplied credentials, this plugin queries the Mac OS X Server administrative daemon and enumerates services currently running on the system.

                                        
                                            #TRUSTED 08895f6d9f13f11b9836f913663f9860f70e90f90bbaa8628118376de00943b165ab3a30a1e11f56b6b5fe735593cb901b1f8ed47ffc4ecd40548ee779ce6990ece4ae9c55191137cfe05dab28da9c632d69fe738999f45725cc20983804266bc1f97a4b04c549a48854de04ea5767571e69de3192e79113be9b2fcca9164258522fc18a8d075573b77b17efeea4af6c8959c2a17039a8bc77d3566b324c99ae3de98652ad441c07f2aff2323ff00a150b2a0633b9a71cb1be18577e50a8fccdd966548998c763d978c38e8f36a5174538ce41fabf691c0a99dc541da99b2c28170b6cbb08a81c7315b31307014f1e58de1dba697ca031d545d147fab7768cfde4a71dd8ab56a24ae618446b14acc58199a49ca73c5f98bddf132bf541794a4cbf883ed7423f6f0708d4b4817c2eb6e194f376f7ba1654341e7f0b64f490bd794ebed0a64a2901afee49adf4a0b25808c3fa41780344a5bbc30ec90172e9f7600abf9b2c6d5daad4ccbfa45b6ac03748a4dbc8a7f5a9e41dbeefd8b8fc46738d5e8edaf0099ce2a91242e9fff526a7f31888728ef8930fbdf82b3359abfa588838ca95b871e0cf1bea89def9b2a54d98a13f9de26e1e1628f61505c47c3733427a1ceed72df987fd866099e7f46d4be32e9e8778d5180ccbfc4fc689f8f8aa188a1223f5dcfd98b6f9621071db23cca85f19c0ee9dc1d5e700520ee594f6c019
#
# (C) Tenable Network Security, Inc.
#


if (!defined_func("bn_random")) exit(0);


include("compat.inc");


if (description)
{
  script_id(50680);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2017/05/30");

  script_name(english:"Mac OS X Server Service List");
  script_summary(english:"Report list of installed services");

  script_set_attribute(
    attribute:"synopsis",
    value:
"This plugin enumerates services enabled on a Mac OS X Server host or
a host running OS X Server."
  );
  script_set_attribute(
    attribute:"description",
    value:
"By connecting to the remote host via SSH with the supplied
credentials, this plugin queries the Mac OS X Server administrative
daemon and enumerates services currently running on the system."
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Review the list of services enabled and ensure that they agree with
your organization's acceptable use and security policies."
  );
  script_set_attribute(attribute:"risk_factor", value:"None" );
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:mac_os_x_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("macosx_func.inc");



if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
  enable_ssh_wrappers();
else disable_ssh_wrappers();

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X");


# Get the system version.
version = "";

# nb: OS X Server is an external app starting with 10.7.
if (ereg(pattern:"Mac OS X 10\.[0-6]([^0-9]|$)", string:os))
{
  cmd = '/usr/sbin/system_profiler SPSoftwareDataType';
  buf = exec_cmd(cmd:cmd);
  if (isnull(buf)) exit(1, "Failed to run '"+cmd+"'.");

  foreach line (split(buf, keep:FALSE))
  {
    match = eregmatch(pattern:"^ +System Version: (.+)$", string:line);
    if (match)
    {
      version = match[1];
      break;
    }
  }
  if (!strlen(version)) exit(1, "Failed to extract the System Version from the output of '"+cmd+"'.");

  # eg, "Mac OS X Server 10.6.8 (10K549)"
  if ("Mac OS X Server" >!< version) exit(0, "The host is not running Mac OS X Server.");
}
else 
{
  plist = "/Applications/Server.app/Contents/Info.plist";
  cmd = 
    'plutil -convert xml1 -o - \'' + plist + '\' | ' +
    'grep -A 1 CFBundleShortVersionString | ' +
    'tail -n 1 | ' +
    'sed \'s/.*string>\\(.*\\)<\\/string>.*/\\1/g\'';
  version = exec_cmd(cmd:cmd);
  if (!strlen(version)) audit(AUDIT_NOT_INST, "OS X Server");

  # eg, "2.1.1"
}


kb_base = 'MacOSX/Server/';
set_kb_item(name:kb_base+'Version', value:version);


# Get a list of services.
cmd = 'serveradmin list';
buf = exec_cmd(cmd:cmd);
if (!buf) exit(1, "Failed to run '"+cmd+"'.");

svcs = "";
foreach line (split(buf, keep:FALSE))
{
  if (
    ereg(pattern:"^[a-zA-Z0-9]+$", string:line) &&
    "accounts" != line &&
    "config" != line &&
    "filebrowser" != line &&
    "info" != line
  ) svcs += " " + line;
}
if (!svcs) exit(1, "'serveradmin list' output failed to list any services that can be queried: " + buf);


cmd = 'for s in ' + svcs + '; do serveradmin status $s; done';
buf = exec_cmd(cmd:cmd);
if (isnull(buf)) exit(1, "Failed to run '"+cmd+"'.");

info = "";
foreach line (split(buf, keep:FALSE))
{
  if (match = eregmatch(pattern:'^([^:]+):state *= *"?([^"]+)', string:line))
  {
    svc = match[1];
    status = match[2];
    set_kb_item(name:kb_base+svc+"/Status", value:status);
    info += '  - ' + svc + crap(data:" ", length:15-strlen(svc)) + ' : ' + status + '\n';
  }
}
if (!info) exit(1, "'serveradmin list' output does not contain any service info: " + buf);


# Report findings
if (report_verbosity > 0) security_note(port:0, extra:'\n'+info);
else security_note(0);