Skip to content

Commit

Permalink
Current user is not admin check
Browse files Browse the repository at this point in the history
  • Loading branch information
dz0ny committed Jan 7, 2024
1 parent 6b48418 commit 273384a
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 5 deletions.
8 changes: 7 additions & 1 deletion Pareto Security.xcodeproj/project.pbxproj
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,8 @@
4FB7C68126AFF25300FB1C41 /* Date.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4FB7C68026AFF25300FB1C41 /* Date.swift */; };
4FB7C68726AFF29A00FB1C41 /* NSImage.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4FB7C68626AFF29A00FB1C41 /* NSImage.swift */; };
4FB7C68D26AFFD2600FB1C41 /* FileVault.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4FB7C68C26AFFD2600FB1C41 /* FileVault.swift */; };
4FCAA78B2B4AD7C300A62B4E /* NoAdminUser.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4FCAA78A2B4AD7C300A62B4E /* NoAdminUser.swift */; };
4FCAA78C2B4AD7C300A62B4E /* NoAdminUser.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4FCAA78A2B4AD7C300A62B4E /* NoAdminUser.swift */; };
4FD0A24126A024440070BED4 /* Gatekeeper.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4FD0A24026A024440070BED4 /* Gatekeeper.swift */; };
4FDA93A32771D9FC00F9D8B4 /* Checks.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4FDA93A22771D9FC00F9D8B4 /* Checks.swift */; };
4FDA93A42771D9FC00F9D8B4 /* Checks.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4FDA93A22771D9FC00F9D8B4 /* Checks.swift */; };
Expand Down Expand Up @@ -375,6 +377,7 @@
4FB7C68C26AFFD2600FB1C41 /* FileVault.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = FileVault.swift; sourceTree = "<group>"; };
4FC81A4926C41DC8006EABA8 /* ParetoSecurityTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = ParetoSecurityTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; };
4FC81A4B26C41DC8006EABA8 /* ParetoSecurityTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ParetoSecurityTests.swift; sourceTree = "<group>"; };
4FCAA78A2B4AD7C300A62B4E /* NoAdminUser.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NoAdminUser.swift; sourceTree = "<group>"; };
4FD0A24026A024440070BED4 /* Gatekeeper.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Gatekeeper.swift; sourceTree = "<group>"; };
4FDA93A22771D9FC00F9D8B4 /* Checks.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Checks.swift; sourceTree = "<group>"; };
4FDAD88E26EB784A00F64E61 /* License.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = License.swift; sourceTree = "<group>"; };
Expand Down Expand Up @@ -492,6 +495,8 @@
4F91060227623E4B00D1A348 /* SSHKeys.swift */,
4F17270A2769F3410049B875 /* SSHKeysStrength.swift */,
4F868DD026A5C51C005B876E /* Autologin.swift */,
4FCAA78A2B4AD7C300A62B4E /* NoAdminUser.swift */,
4FA8E5EB2B44428400B7EA9C /* NoUnusedUsers.swift */,
4F868DD226A5C751005B876E /* Screensaver.swift */,
4F4E285F27BD748D006A18C1 /* PasswordAfterSleep.swift */,
4F84A94826CBE21300A1579D /* PasswordtoUnlock.swift */,
Expand Down Expand Up @@ -521,7 +526,6 @@
children = (
4F0371BB26CD00B700B35E43 /* Boot.swift */,
4FB7C68C26AFFD2600FB1C41 /* FileVault.swift */,
4FA8E5EB2B44428400B7EA9C /* NoUnusedUsers.swift */,
4F56AB5A278C57F1001CAAEF /* TimeMachine.swift */,
4F1E6C5D2834F5D200C8AFAB /* SecureTerminal.swift */,
4F1E6C602834F98A00C8AFAB /* SecureiTerm.swift */,
Expand Down Expand Up @@ -1066,6 +1070,7 @@
4F37E7242718122E00A2B254 /* WelcomeView.swift in Sources */,
4F17270C2769F3410049B875 /* SSHKeysStrength.swift in Sources */,
4FB5BD312760E846004E404C /* VSCode.swift in Sources */,
4FCAA78C2B4AD7C300A62B4E /* NoAdminUser.swift in Sources */,
4F37E7252718122E00A2B254 /* OpenWiFi.swift in Sources */,
4F905C4327B6C9B20012C661 /* AutoUpdateCheck.swift in Sources */,
4F37E7262718122E00A2B254 /* IntegrationCheck.swift in Sources */,
Expand Down Expand Up @@ -1200,6 +1205,7 @@
4F8B01B226F4A6CB00EDE14B /* WelcomeView.swift in Sources */,
4F17270B2769F3410049B875 /* SSHKeysStrength.swift in Sources */,
4FB5BD302760E846004E404C /* VSCode.swift in Sources */,
4FCAA78B2B4AD7C300A62B4E /* NoAdminUser.swift in Sources */,
4F5B20C127030BEB0015642A /* OpenWiFi.swift in Sources */,
4F905C4227B6C9B20012C661 /* AutoUpdateCheck.swift in Sources */,
4F6A92E826C52210006C2F2D /* IntegrationCheck.swift in Sources */,
Expand Down
30 changes: 30 additions & 0 deletions Pareto/Checks/Access Security/NoAdminUser.swift
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
//
// NoAdminUser.swift
// Pareto Security
//
// Created by Janez Troha on 19/07/2021.
//

class NoAdminUser: ParetoCheck {
static let sharedInstance = NoAdminUser()
override var UUID: String {
"0659aa04-b81f-7cb9-8000-f8e76dc9185a"
}

override var TitleON: String {
"Current user is not admin"
}

override var TitleOFF: String {
"Current user is admin"
}

var currentCroups: [String] {
return runCMD(app: "/usr/bin/id", args: ["-Gn"]).components(separatedBy: " ")
}

override func checkPasses() -> Bool {

return !currentCroups.contains("admin")
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,12 @@ class NoUnusedUsers: ParetoCheck {
override var TitleOFF: String {
"Unrequired user accounts are present(" + accounts.joined(separator: ",") + ")"
}

var accounts: [String] {
let adminUsers = runCMD(app: "/usr/bin/dscl", args: [".", "-read","/Groups/admin", "GroupMembership"]).components(separatedBy: " ")
let output = runCMD(app: "/usr/bin/dscl", args: [".", "-list", "/Users"]).components(separatedBy: "\n")
let local = output.filter { u in
!u.hasPrefix("_") && u.count > 1 && u != "root" && u != "nobody" && u != "daemon"
!u.hasPrefix("_") && u.count > 1 && u != "root" && u != "nobody" && u != "daemon" && !adminUsers.contains(u)
}
return local
}
Expand Down
3 changes: 2 additions & 1 deletion Pareto/Checks/Checks.swift
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,8 @@ class Claims: ObservableObject {
SSHKeysCheck.sharedInstance,
SSHKeysStrengthCheck.sharedInstance,
PasswordAfterSleepCheck.sharedInstance,
NoUnusedUsers.sharedInstance
NoUnusedUsers.sharedInstance,
NoAdminUser.sharedInstance
]),
Claim(withTitle: "Firewall & Sharing", withChecks: [
FirewallCheck.sharedInstance,
Expand Down
2 changes: 1 addition & 1 deletion Pareto/Info.plist
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
</dict>
</array>
<key>CFBundleVersion</key>
<string>5310</string>
<string>5315</string>
<key>LSApplicationCategoryType</key>
<string>public.app-category.utilities</string>
<key>LSMinimumSystemVersion</key>
Expand Down

0 comments on commit 273384a

Please sign in to comment.