Allister Banks arubdesu

## osxlockdown.conf
{
  "packs": {
    "osxlockdown": {
      "platform": "darwin",
      "version": ".1",
      "queries": {
        "OS Updates": {
          "query": "select value from preferences where path = '/Library/Preferences/com.apple.SoftwareUpdate.plist' and key = 'LastSuccessfulDate';",
          "interval": "86400",
          "description": "Verify all Apple OS-bundled software has checked it's configured server recently",

## front.html

    <div class="panel panel-default panel-traffic-light">
        <div class="panel-heading">
            {{ title }}
        </div>
        <!-- /.panel-heading -->
        <div class="panel-body">
          <a href="{% url 'machine_list_front' plugin 'gatekeep' %}" class="btn btn-danger">
			<span class="bigger"> {{ gatekeep }} </span><br />
			{{ gatekeep_label }}

## darwin hitlist.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                arubdesu
                / darwin hitlist.md
            
            
              Last active
              August 18, 2016 02:03
            
              
                In response to https://twitter.com/osquery/status/707386435406471169
              
          
    Teddy was aware of recently:


keychain autolocking/statuses
password policies info
ASL configurations
applications install log
power management details (pmset)
gatekeeper configuration

✅sudo details/configuration and list of sudoers

  
## Vagrantfile
# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure(2) do |config|
  config.vm.box = "puppetlabs/ubuntu-14.04-64-nocm"
  config.vm.network "forwarded_port", guest: 8000, host: 8000
  # note: if rolling back snapshots w/ 1.8, this may cause a lenghty re-provision
  config.vm.provision "shell", inline: <<-SHELL
    sudo apt-get update
    sudo apt-get install -y software-properties-common && \

## LSbootstrapper.py
#!/usr/bin/python
"""Enables location services, allows Maps and Timezone"""
import os
import platform
import subprocess
import sys
try:
    sys.path.append('/usr/local/munki/munkilib/')
    import FoundationPlist
except ImportError as error:

## catalogs.rb
Facter.add(:munki_catalog_array) do
  confine :kernel => "Darwin"
  setcode do
    Dir.entries('/Library/Managed Installs/catalogs').select {|f| !File.directory? f}
  end
end

## see_ayyys.py
#!/usr/bin/python
"""Check osquery output against whitelisted CA's."""


import json
import os
import subprocess
import sys


## xprotect_fetcher.py
#!/usr/bin/python
"""
Checks the MountainLion-Era version of the xprotect plist for the current
version number, compares it against version on disk.
"""


import urllib2
import sys
sys.path.append("/usr/local/munki/munkilib")

## change_tz-1.0.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>OnDemand</key>
	<true/>
	<key>_metadata</key>
	<dict>
		<key>created_by</key>
		<string>abanks</string>

## fix_timezone.py
#!/usr/bin/python
'''Uses a web geoip service and cocoaDialog to allow end users to change
   the time zone on their Mac (assuming they can get on the internet)'''


import json
import subprocess
import sys
import urllib2
from gmacpyutil import cocoadialog
	{
	"packs": {
	"osxlockdown": {
	"platform": "darwin",
	"version": ".1",
	"queries": {
	"OS Updates": {
	"query": "select value from preferences where path = '/Library/Preferences/com.apple.SoftwareUpdate.plist' and key = 'LastSuccessfulDate';",
	"interval": "86400",
	"description": "Verify all Apple OS-bundled software has checked it's configured server recently",

	<div class="panel panel-default panel-traffic-light">
	<div class="panel-heading">
	{{ title }}
	</div>
	<!-- /.panel-heading -->
	<div class="panel-body">
	<a href="{% url 'machine_list_front' plugin 'gatekeep' %}" class="btn btn-danger">
	<span class="bigger"> {{ gatekeep }} </span><br />
	{{ gatekeep_label }}
	# -- mode: ruby --
	# vi: set ft=ruby :

	Vagrant.configure(2) do \|config\|
	config.vm.box = "puppetlabs/ubuntu-14.04-64-nocm"
	config.vm.network "forwarded_port", guest: 8000, host: 8000
	# note: if rolling back snapshots w/ 1.8, this may cause a lenghty re-provision
	config.vm.provision "shell", inline: <<-SHELL
	sudo apt-get update
	sudo apt-get install -y software-properties-common && \
	#!/usr/bin/python
	"""Enables location services, allows Maps and Timezone"""
	import os
	import platform
	import subprocess
	import sys
	try:
	sys.path.append('/usr/local/munki/munkilib/')
	import FoundationPlist
	except ImportError as error:
	Facter.add(:munki_catalog_array) do
	confine :kernel => "Darwin"
	setcode do
	Dir.entries('/Library/Managed Installs/catalogs').select {\|f\| !File.directory? f}
	end
	end
	#!/usr/bin/python
	"""Check osquery output against whitelisted CA's."""


	import json
	import os
	import subprocess
	import sys
	#!/usr/bin/python
	"""
	Checks the MountainLion-Era version of the xprotect plist for the current
	version number, compares it against version on disk.
	"""


	import urllib2
	import sys
	sys.path.append("/usr/local/munki/munkilib")
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>OnDemand</key>
	<true/>
	<key>_metadata</key>
	<dict>
	<key>created_by</key>
	<string>abanks</string>
	#!/usr/bin/python
	'''Uses a web geoip service and cocoaDialog to allow end users to change
	the time zone on their Mac (assuming they can get on the internet)'''


	import json
	import subprocess
	import sys
	import urllib2
	from gmacpyutil import cocoadialog