Application Firewall (AFL) Audit - Mac OS X
Log In or Register to download the BES file, and more.

2 Votes

Versioning - This is the latest version.

1Application Firewall (AFL) Audit - Mac OS X10/9/2014 11:20:50 AM
2Application Firewall (AFL) Audit - Mac OS X10/9/2014 11:48:42 AM
3Application Firewall (AFL) Audit - Mac OS X10/9/2014 11:59:06 AM
4Application Firewall (AFL) Audit - Mac OS X10/9/2014 12:13:36 PM
5Application Firewall (AFL) Audit - Mac OS X10/9/2014 12:16:06 PM
6Application Firewall (AFL) Audit - Mac OS X10/10/2014 11:52:18 AM
7Application Firewall (AFL) Audit - Mac OS X10/10/2014 11:53:51 AM
8Application Firewall (AFL) Audit - Mac OS X10/10/2014 11:55:13 AM
9Application Firewall (AFL) Audit - Mac OS X10/13/2014 7:35:12 AM
10Application Firewall (AFL) Audit - Mac OS X10/13/2014 7:56:26 AM
11Application Firewall (AFL) Audit - Mac OS X10/13/2014 10:42:44 AM
12Application Firewall (AFL) Audit - Mac OS X10/13/2014 10:49:54 AM

Description

Audit for OS X's Application Firewall (ALF).

References:
http://krypted.com/mac-os-x/command-line-alf-on-mac-os-x/

Property Details

ID2994738
StatusProduction - Fully Tested and Ready for Production
TitleApplication Firewall (AFL) Audit - Mac OS X
DomainBESC
Keywordsalf, application firewall, osx, mac, firewall
Added by on 10/13/2014 10:49:54 AM
Last Modified by on 10/13/2014 10:49:54 AM
Counters 16319 Views / 12 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

ALF Version
Period 1 day
 
  * Results in a true/false
Show indented relevance
string "version" of dictionary of file "/Library/Preferences/com.apple.alf.plist"
ALF Global State
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (integer "globalstate" of dictionary of file "/Library/Preferences/com.apple.alf.plist" = 1) then "Enabled" else ERROR "Disabled"
ALF Allow Signed Apps
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (integer "allowsignedenabled" of dictionary of file "/Library/Preferences/com.apple.alf.plist" = 1) then "Enabled" else ERROR "Disabled"
ALF Logging Enabled
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (integer "loggingenabled" of dictionary of file "/Library/Preferences/com.apple.alf.plist" = 1) then "Enabled" else ERROR "Disabled"
ALF Logging Option
Period 1 day
 
  * Results in a true/false
Show indented relevance
if version of operating system >= "10.9" then (if (integer "loggingoption" of dictionary of file "/Library/Preferences/com.apple.alf.plist" = 0) then "throttled" else if (integer "loggingoption" of dictionary of file "/Library/Preferences/com.apple.alf.plist" = 1) then "brief" else if (integer "loggingoption" of dictionary of file "/Library/Preferences/com.apple.alf.plist" = 2) then "detailed" else ERROR "unknown value") else ERROR "OS not Supported"
ALF Stealth Mode
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (integer "stealthenabled" of dictionary of file "/Library/Preferences/com.apple.alf.plist" = 1) then "Enabled" else ERROR "Disabled"
ALF BundleID of Trusted Apps (Incoming Connections)
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (number of strings "bundleid" of dictionaries of values of array "applications" of dictionaries of file "/Library/Preferences/com.apple.alf.plist" > 0) then concatenation "; " of strings "bundleid" of dictionaries of values of array "applications" of dictionaries of file "/Library/Preferences/com.apple.alf.plist" else ERROR "none"
ALF Firewall Exceptions Path to binary (Do Not Appear in PreferencePane)
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (number of strings "path" of dictionaries of values of array "exceptions" of dictionaries of file "/Library/Preferences/com.apple.alf.plist" > 0) then concatenation "; " of strings "path" of dictionaries of values of array "exceptions" of dictionaries of file "/Library/Preferences/com.apple.alf.plist" else ERROR "none"
ALF BundleID of Binaries Required to Request Incoming Access
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (number of strings "id" of dictionaries of values of array "explicitauths" of dictionaries of file "/Library/Preferences/com.apple.alf.plist" > 0) then concatenation "; " of strings "id" of dictionaries of values of array "explicitauths" of dictionaries of file "/Library/Preferences/com.apple.alf.plist" else ERROR "none"
ALF Firewall Exceptions Process Name and State (Appear in PreferencePane when Enabled)
Period 1 day
 
  * Results in a true/false
Show indented relevance
(strings "proc" of it, "State: " & integer "state" of it as string) of dictionaries of values of entries of dictionary "firewall" of dictionary of file "/Library/Preferences/com.apple.alf.plist"
ALF BundleID & State of Trusted Apps
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (number of strings "bundleid" of dictionaries of values of array "applications" of dictionaries of file "/Library/Preferences/com.apple.alf.plist" > 0) then (strings "bundleid" of it, "State: " & (if (integer "state" of it = 2) then "Blocked" else if (integer "state" of it = 0) then "Allowed" else "unkown") ) of dictionaries of values of array "applications" of dictionaries of file "/Library/Preferences/com.apple.alf.plist" else ERROR "none"

Relevance

Used in 17 analyses   * Results in a true/false
Show indented relevance
version of operating system >= "10.6"
Used in 228 fixlets and 100 analyses   * Results in a true/false
Show indented relevance
mac of operating system
Used in 14 analyses   * Results in a true/false
Show indented relevance
exists file "/Library/Preferences/com.apple.alf.plist"

Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as