科技回声

9 条评论

c0wl超过 10 年前

OSXAuditor is pretty dope and we used it a bunch at Yelp. Over time, we created what we think is an inspired next version - <a href="https://github.com/Yelp/osxcollector" rel="nofollow">https://github.com/Yelp/osxcollector</a>

评论 #8316437 未加载

评论 #8316237 未加载

评论 #8315951 未加载

评论 #8317366 未加载

评论 #8316024 未加载

spiralganglion超过 10 年前

This looks like an interesting project. But, there's one bit of information, which is missing from the description and this discussion, that would help a lot with my understanding.Is this a tool for a user who wants to learn more about their own machine, or a non-user who wants to know how a given machine has been used?More information about the use cases of such a tool would be most helpful.

评论 #8316993 未加载

w0rd-driven超过 10 年前

I'd say this isn't quite ready for prime time. The errors I received were annoying and you're not going to get an end user or most IT admins to parse the python just to find the errors.I've only had 3 major errors but they were significant: 1) I'm on Yosemite so GetAuditedSystemVersion() looks for a PatchVersion variable that simply isn't there. The header reads 10.10 not 10.10.patch as expected. 2) The Safari parsing snafu listed in my previous comment. Opening Safari isn't enough, you have to use the browser quite a bit. The same could likely be said for all browser tests and it would be a good idea to outline precisely what this needs to be. Hint: A new system or install of Yosemite for instance will produce the errors I saw. 3) There's a parsing bug in ParseMailAppAccount() and I just commented out the call completely.Any number of these could just be Yosemite related but I don't think so. All of the bugs I ran into are variations on index out of bounds due to some hardcoded assumption that mostly works, except in this instance apparently. I'm not the only one with these nagging bugs based on the issues list but mine do seem very specific to Yosemite or how I do(n't) use my system.

korzun超过 10 年前

Cool idea.But using raw md5 hashes to verify against a blacklist is kind of useless. Especially now.You should be using smarter file signatures:<a href="http://hooked-on-mnemonics.blogspot.com/2011/01/intro-to-creating-anti-virus-signatures.html" rel="nofollow">http://hooked-on-mnemonics.blogspot.com/2011/01/intro-to-cre...</a>

评论 #8315871 未加载

rrggrr超过 10 年前

Great idea. Love to run it, but... crash and burn:~/Library/Safari/LastSession.plist Traceback (most recent call last): File "osxauditor.py", line 1702, in <module> Main() File "osxauditor.py", line 1663, in Main ParseBrowsers() File "osxauditor.py", line 808, in ParseBrowsers ParseSafari() File "osxauditor.py", line 745, in ParseSafari ParseSafariProfile(User, UserSafariProfilePath) File "osxauditor.py", line 717, in ParseSafariProfile LastSession = LastSessionPlist["SessionWindows"][0]["TabStates"][0] File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/PyObjC/objc/_convenience.py", line 451, in __getitem__objectAtIndex_ return container_unwrap(self.objectAtIndex_(idx), RuntimeError) IndexError: NSRangeException - -[__NSCFArray objectAtIndex:]: index (0) beyond bounds (0)

评论 #8315800 未加载

评论 #8315889 未加载

评论 #8315788 未加载

SmileyKeith超过 10 年前

This looks nice but there are a ton of issues around pyobjc. I've never been able to successfully install it on 10.9.

评论 #8315857 未加载

mcescalante超过 10 年前

Very interested to try this out on my own machines to see the results. I know somebody who does computer security at a University and the staff there has been frustrated with the lack of available forensics tools for OSX, so this may nicely fill an empty niche for some industry people as well.

makeset超过 10 年前

Application path scanning follows symlinks recursively. One upwards link, and it never terminates.

entelechy0超过 10 年前

I'm getting an error after running it:[INFO] Users' LoginItems [INFO] 's LoginItems [INFO] /Users//Library/Preferences/com.apple.loginitems.plist [INFO] Cannot parse /Users//Library/Preferences/com.apple.loginitems.plist (Binary or JSON plist may FAIL)Traceback (most recent call last): File "osxauditor.py", line 1702, in <module> Main() File "osxauditor.py", line 1651, in Main ParseStartup() File "osxauditor.py", line 550, in ParseStartup if "SessionItems" in LoginItemsPlist: TypeError: argument of type 'bool' is not iterable

评论 #8316581 未加载

9 条评论

c0wl超过 10 年前

评论 #8316437 未加载

评论 #8316237 未加载

评论 #8315951 未加载

评论 #8317366 未加载

评论 #8316024 未加载

spiralganglion超过 10 年前

评论 #8316993 未加载

w0rd-driven超过 10 年前

korzun超过 10 年前

评论 #8315871 未加载

rrggrr超过 10 年前

评论 #8315800 未加载

评论 #8315889 未加载

评论 #8315788 未加载

SmileyKeith超过 10 年前

This looks nice but there are a ton of issues around pyobjc. I've never been able to successfully install it on 10.9.

评论 #8315857 未加载

mcescalante超过 10 年前

makeset超过 10 年前

Application path scanning follows symlinks recursively. One upwards link, and it never terminates.

entelechy0超过 10 年前

评论 #8316581 未加载

OS X Auditor

9 条评论

OS X Auditor

9 条评论