Unix/Linux Go Back    

OS X (Apple) OS X is a line of Unix-based graphical operating systems developed, marketed, and sold by Apple.

Creating Shell Script for STIG Checklist MAC OSX 10.6

OS X (Apple)

Thread Tools Search this Thread Display Modes
Old Unix and Linux 10-18-2011
john3j04 john3j04 is offline
Registered User
Join Date: Oct 2011
Last Activity: 18 October 2011, 1:22 PM EDT
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Error Creating Shell Script for STIG Checklist MAC OSX 10.6


I am new to Mac OSX and shell scripting all together. I was wondering if anyone could help get me started in a few scenarios so that I would be able to automate checking a system against a STIG checklist. A STIG Checklist is a DoD Guideline for securing systems. Here is the first instance I would like to learn how to automate:

Open a terminal session and use the following command to view the setting for password history.

sudo pwpolicy -n -getglobalpolicy | tr " " "\n" | grep usingHistory

If the value of usingHistory is less than 15, this is a finding.

NOTE: If the command returns a response of password server is not configured, the system is not managed. Use the following command for non-managed systems.

pwpolicy -n /Local/Default -getglobalpolicy | tr " " "\n" | grep usingHistory

Now, I know that it tells you what to check and makes it so that anyone can perform this check, so please excuse my stupidity. We all have to start somewhere.

I am not interested in fixing a system, just running a script against a system to see if it conforms to the guideline or not. It would be nice if output could be printed telling me if it passes or not, or even print the output into a log file. There will be a couple of hundred checks that I will have to do, so all output will have to go to a log file.

Thank you for your time and assistance!
Old Unix and Linux 10-20-2011
bcarter5876 bcarter5876 is offline
Registered User
Join Date: Oct 2011
Last Activity: 6 March 2012, 4:08 PM EST
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts

A great deal of effort has been put in by people at cisecurity.org in creating tools to do just what you are looking for. There is a spreadsheet of security guidelines, as well as the Unix bash commands that will allow you to check for compliance. They even have a compliance tool that you can customize and run against your systems. I recommend checking their material out. For purpose of full disclosure, I am a member of the working group for Mac OS X security guidelines.

p.s. This looks like a direct quote from the 18 Aug 2011 DISA STIG, are you actively working on this project?

Last edited by bcarter5876; 10-20-2011 at 04:37 PM.. Reason: remove html
Old Unix and Linux 10-20-2011
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
Join Date: Aug 2005
Last Activity: 20 January 2017, 5:46 PM EST
Location: Saskatchewan
Posts: 21,780
Thanks: 1,027
Thanked 4,038 Times in 3,746 Posts
Well, for starters, does that line you pasted work when you type it into Terminal? I have my doubts. Macintosh machines don't allow easy access to root, which that line of code appears to need access to. ('sudo commandname' runs 'commandname' as root, if the user has permissions.)

Modifications to OSX's setup may be necessary to make OSX insecure enough to run your security testing script.
Old Unix and Linux 01-26-2012
jackie_singh jackie_singh is offline
Registered User
Join Date: Jan 2012
Last Activity: 12 February 2012, 3:53 AM EST
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Mac OS X 10.6 Draft STIG Shell Script

I thought someone on this board may be able to use a set of scripts I've developed to check and remediate OS X 10.6 machines using the draft STIG guidance released in August. It is available at MacSTIG . com

There is further information on its use available in the readme.txt.


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
(Urgent):Creating flat file using sql script and sqlplus from UNIX Shell Script praka Shell Programming and Scripting 6 04-15-2009 07:09 AM
Checklist for Shell Script reqd Shivdatta Shell Programming and Scripting 2 11-30-2007 10:59 AM
Shell script creating too many processes. Miller_K Shell Programming and Scripting 3 05-22-2007 12:42 PM
Creating my first Shell Script plmahan Shell Programming and Scripting 1 11-21-2004 11:32 PM
help on creating shell script master_6ez Shell Programming and Scripting 1 11-21-2004 09:21 PM

All times are GMT -4. The time now is 04:13 PM.