Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Many false positives #1

Open
mnrkbys opened this issue Apr 25, 2023 · 4 comments
Open

Many false positives #1

mnrkbys opened this issue Apr 25, 2023 · 4 comments
Assignees
@sametsazak
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@mnrkbys
Copy link

mnrkbys commented Apr 25, 2023
edited
Loading

First of all, thanks for releasing a nice tool.
However, this tool detects many false positives.

For example, "Check If SSH Is Enabled" tries to find '"com.openssh.sshd" => disabled' from the result of "/bin/launchctl print-disabled system".
But this check module also decides "SSH is Enabled" if SSH is disabled.
In my environment (macOS 12.6.5), "/bin/launchctl print-disabled system" returns like below:

% /bin/launchctl print-disabled system         
disabled services = {
	"com.apple.screensharing" => false
	"com.apple.CSCSupportd" => true
	"com.apple.ftpd" => true
	"com.apple.mdmclient.daemon.runatboot" => true
	"com.apple.dhcp6d" => true
	"com.apple.bootpd" => true
	"com.microsoft.autoupdate.helper" => false
	"com.apple.ftp-proxy" => true
}

Actually, I have never enable SSH on this macOS. So, I guess that "com.openssh.sshd" item does not exist.
Therefore, this check module should determine "SSH is Enabled" only if '"com.openssh.sshd" => enabled' exists.
@mnrkbys mnrkbys changed the title Many false positive Many false positives Apr 25, 2023
@mnrkbys
Copy link
Author

mnrkbys commented Apr 25, 2023

By the way, I have realized another point.
The result of "/bin/launchctl print-disabled system" depends on the macOS version.
In macOS 12.6.5, a feature is enabled as "true".
On the other hand, in macOS 13.2.1, a feature is enabled as "enabled".
Therefore, check modules have to recognize the macOS version.

@sametsazak sametsazak self-assigned this Apr 25, 2023
@sametsazak sametsazak added enhancement New feature or request good first issue Good for newcomers labels Apr 25, 2023
@GenoMyb
Copy link

GenoMyb commented Apr 26, 2023

I have also picked up a few iets that say its enabled but its disabled
eg. Remote Apple Events is enabled , but its turned off

@DamienSchreurs
Copy link

Congrats and thank you for starting this endeavour.

Regarding the many false positives that I encountered, did you know that it's possible to configure System Preferences (I'm still on macOS Monterey) such that system-wide preferences can only be accessed and changed after entering an admin password?

Require admin password to access system-wide preferences

You can set that from the Security & Privacy pane by clicking on the "Advanced" button (bottom right corner).

This is, in fact, a great security feature because it will prevent "standard" users configured on the same machine from tampering with important settings.

I suspect that this setting might interfere with the ability of your app to properly scan some settings without asking the user to enter an admin password.

PS: If you need help better understanding Mac-security overall, just let me know since that's what I do as part of my day job.

@sametsazak
Copy link
Owner

It is excellent information for this tool. Thank you. @DamienSchreurs, I'll try to implement this and of course, I'm open to discussion, I'll send an email about the issues that I'm facing right now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sametsazak sametsazak

Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@DamienSchreurs @sametsazak @mnrkbys @GenoMyb