Updates to Enumeration of Groups on MacOS Summary The MacOS...
Updates to Enumeration of Groups on MacOS Summary The MacOS user & group enumeration plugin has been updated to enumerate nested groups, and to collect the SMBSID for Active-Directory-created groups. Change Users and groups on a MacOS scan target are enumerated with plugin 95929. The plugin has been improved, and will now enumerate nested groups - groups that are a subset of another group. In addition, if a group was created by Microsoft Active Directory or Entra, by joining the scan target to one of these directory services, the SMBSID of the group will be collected, so that it can be used as a unique identifier to match with other assets. Impact Additional nested group and SMBSID group data will be added to the existing users and groups identified in Plugin 95929, if available. Users should see no expansion of users or groups identified in their scan output as a result of this change. Plugin 95929 - macOS and Mac OS X User List Enumeration Target Release Date August 23. 2023
Unix MACOSX_DEFAULTS_READ custom plist path enhancement...
Unix MACOSX_DEFAULTS_READ custom plist path enhancement Plugin 21157 - Unix Compliance Target Release Date 18 Nov 2019 Change Currently, the Unix MACOSX_DEFAULTS_READ check type only audits plist files in the default preference path, '/Users/username/Library/Preferences'. This enhancement allows for the specification of custom paths used in popular mobile device management (MDM) software packages, such as '/Users/username/Library/Managed Preferences/' To use the change in a custom audit, add the new flag 'managed_path' to each check needing the path. Example: <custom_item> type : MACOSX_DEFAULTS_READ description : "Example check using a managed_path" regex : "1" plist_item : "HasMigratedDefaults" plist_name : "com.apple.Terminal" plist_option : CANNOT_BE_NULL managed_path : "/Library/Managed\ Preferences/" </custom_item> Existing audits will be unaffected by this change, and any check not requiring a new path will default to /Library/Preferences/ automatically. __________________________________ Tenable Research Release Highlights are posted in advance of significant new releases or updates to existing plugins or audit files that are important for early customer notification.