Allister Banks arubdesu

## allTheDMGs.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
import glob
import os
import subprocess
import sys
sys.path.append('/usr/local/munki/munkilib')
import FoundationPlist

path = '/Users/abanks/Library/AutoPkg/Cache'

## internal compliance check wiki.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                arubdesu
                / internal compliance check wiki.md
            
            
              Created
              May 13, 2022 07:58
            
          
    How to Understand More Complicated osquery Compliance Checks

Example query:
with compliance_check as (
  select sha256,
  case when sha256 = 'omgwtfbbqrandomchars00112233445566' then 'OK' else 'FAILED' end ztl_status
  from hash
  where path = '/path/to/conf'
)


## makefile
USE_PKGBUILD=1
include /usr/local/share/luggage/luggage.make
TITLE=iWorkDummyReceipts
REVERSE_DOMAIN=org.my.iWorkDummyReceipts
PACKAGE_VERSION=0.1
PAYLOAD=pack-iWorkDummyReceipts

pack-iWorkDummyReceipts: l_Applications
	@sudo mkdir -p -m 755 ${WORK_D}/Applications/{Numbers,Pages,Keynote}.app/Contents/_MASReceipt
	@sudo touch ${WORK_D}/Applications/{Numbers,Pages,Keynote}.app/Contents/_MASReceipt/receipt

## ruler.py
#!/usr/bin/python
"""Shoves down santa rules 5 at a time to whitelist certs/binaries
NOTICE - if you have a sync server like Zentral configured, you cannot add rules
"""
import os
import subprocess
from multiprocessing.dummy import Pool as ThreadPool

if os.geteuid() != 0:
    exit("Please run this script as root.")

## front.html

    <div class="panel panel-default panel-traffic-light">
        <div class="panel-heading">
            {{ title }}
        </div>
        <!-- /.panel-heading -->
        <div class="panel-body">
          <a href="{% url 'machine_list_front' plugin 'gatekeep' %}" class="btn btn-danger">
			<span class="bigger"> {{ gatekeep }} </span><br />
			{{ gatekeep_label }}

## SantaLogScraper.py
#!/usr/bin/python
import glob
import gzip


certs = [
    "2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32",# apples
    "33b9aee3b089c922952c9240a40a0daa271bebf192cf3f7d964722e8f2170e48",# santas - everything after this isn't included...
    "15b8ce88e10f04c88a5542234fbdfc1487e9c2f64058a05027c7c34fc4201153",# GoogleSoftwareUpdateAgent (~)
    "1808a95f11169c7212a45b44c1c547c1f3e810915014bd892435253a3f8761ca",# Citrix ServiceRecords/ReceiverHelper

## see_ayyys.py
#!/usr/bin/python
"""Check osquery output against whitelisted CA's."""


import json
import os
import subprocess
import sys


## expander
OUTPUT=$(/usr/bin/basename "$1" | /usr/bin/sed -e "s/.pkg//g")
/usr/sbin/pkgutil --expand "$1" /tmp/"$OUTPUT"
open -a "Archive Utility.app" /tmp/"$OUTPUT"/Payload

## simianfacter
#!/usr/local/munki/simian/bin/python
#
# Copyright 2010 Google Inc. All Rights Reserved.

"""Script to output Simian dependent facter-like output of various variables."""

import json
import os
import re
import subprocess

## killUnauthorizedAdminUsers.py
#!/usr/bin/python
import subprocess
import sys
from SystemConfiguration import *
# grab who our logging in user is
cur_console_user = SCDynamicStoreCopyConsoleUser(None, None, None)[0]
# check admin group
cmd = '/usr/bin/dscl', '.', 'list', '/Groups/admin'
out = subprocess.check_output(cmd)
# split output into list of strings for the usernames
	#!/usr/bin/python
	# -- coding: utf-8 --
	import glob
	import os
	import subprocess
	import sys
	sys.path.append('/usr/local/munki/munkilib')
	import FoundationPlist

	path = '/Users/abanks/Library/AutoPkg/Cache'
	USE_PKGBUILD=1
	include /usr/local/share/luggage/luggage.make
	TITLE=iWorkDummyReceipts
	REVERSE_DOMAIN=org.my.iWorkDummyReceipts
	PACKAGE_VERSION=0.1
	PAYLOAD=pack-iWorkDummyReceipts

	pack-iWorkDummyReceipts: l_Applications
	@sudo mkdir -p -m 755 ${WORK_D}/Applications/{Numbers,Pages,Keynote}.app/Contents/_MASReceipt
	@sudo touch ${WORK_D}/Applications/{Numbers,Pages,Keynote}.app/Contents/_MASReceipt/receipt
	#!/usr/bin/python
	"""Shoves down santa rules 5 at a time to whitelist certs/binaries
	NOTICE - if you have a sync server like Zentral configured, you cannot add rules
	"""
	import os
	import subprocess
	from multiprocessing.dummy import Pool as ThreadPool

	if os.geteuid() != 0:
	exit("Please run this script as root.")

	<div class="panel panel-default panel-traffic-light">
	<div class="panel-heading">
	{{ title }}
	</div>
	<!-- /.panel-heading -->
	<div class="panel-body">
	<a href="{% url 'machine_list_front' plugin 'gatekeep' %}" class="btn btn-danger">
	<span class="bigger"> {{ gatekeep }} </span><br />
	{{ gatekeep_label }}
	#!/usr/bin/python
	import glob
	import gzip


	certs = [
	"2aa4b9973b7ba07add447ee4da8b5337c3ee2c3a991911e80e7282e8a751fc32",# apples
	"33b9aee3b089c922952c9240a40a0daa271bebf192cf3f7d964722e8f2170e48",# santas - everything after this isn't included...
	"15b8ce88e10f04c88a5542234fbdfc1487e9c2f64058a05027c7c34fc4201153",# GoogleSoftwareUpdateAgent (~)
	"1808a95f11169c7212a45b44c1c547c1f3e810915014bd892435253a3f8761ca",# Citrix ServiceRecords/ReceiverHelper
	#!/usr/bin/python
	"""Check osquery output against whitelisted CA's."""


	import json
	import os
	import subprocess
	import sys
	OUTPUT=$(/usr/bin/basename "$1" \| /usr/bin/sed -e "s/.pkg//g")
	/usr/sbin/pkgutil --expand "$1" /tmp/"$OUTPUT"
	open -a "Archive Utility.app" /tmp/"$OUTPUT"/Payload
	#!/usr/local/munki/simian/bin/python
	#
	# Copyright 2010 Google Inc. All Rights Reserved.

	"""Script to output Simian dependent facter-like output of various variables."""

	import json
	import os
	import re
	import subprocess