Unix MACOSX_DEFAULTS_READ custom plist path enhancement

Plugin

21157 - Unix Compliance

Target Release Date

18 Nov 2019

Change

Currently, the Unix MACOSX_DEFAULTS_READ check type only audits plist files in the default preference path, '/Users/username/Library/Preferences'. This enhancement allows for the specification of custom paths used in popular mobile device management (MDM) software packages, such as '/Users/username/Library/Managed Preferences/'

To use the change in a custom audit, add the new flag 'managed_path' to each check needing the path.

Example:

<custom_item>

  type         : MACOSX_DEFAULTS_READ

  description  : "Example check using a managed_path"

  regex        : "1"

  plist_item   : "HasMigratedDefaults"

  plist_name   : "com.apple.Terminal"

  plist_option : CANNOT_BE_NULL

  managed_path : "/Library/Managed\ Preferences/"

</custom_item>

Existing audits will be unaffected by this change, and any check not requiring a new path will default to /Library/Preferences/ automatically.

__________________________________

Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.