go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/os.lr (about) 1 // Copyright (c) Mondoo, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 import "../../core/resources/core.lr" 5 import "../../network/resources/network.lr" 6 7 option provider = "go.mondoo.com/cnquery/providers/os" 8 option go_package = "go.mondoo.com/cnquery/providers/os/resources" 9 10 alias os.base.command = command 11 alias os.base.user = user 12 alias os.base.group = group 13 alias os.base.file = file 14 alias os.base.packages = packages 15 alias os.base.service = service 16 alias os.base.services = services 17 alias os.unix.sshd = sshd 18 alias k8s.kubelet = kubelet 19 20 extend asset { 21 vulnerabilityReport() dict 22 } 23 24 asset.eol @defaults("date") { 25 // Documentation URL 26 docsUrl string 27 // Product URL 28 productUrl string 29 // End-of-Life date 30 date time 31 } 32 33 // Returns platform EOL date information. 34 private mondoo.eol { 35 // Product Name 36 product string 37 // Product Version 38 version string 39 // End-of-Life date for the product 40 date() time 41 } 42 43 // Information about the platform end-of-life. Deprecated in favor of `asset.eol`. This resource will be removed in version 10.0. 44 // Please use asset.eol instead. 45 platform.eol @defaults("date") { 46 // Documentation URL 47 docsUrl string 48 // Product URL 49 productUrl string 50 // End-of-Life date 51 date time 52 } 53 54 platform { 55 // Full advisory & vulnerability report 56 vulnerabilityReport() dict 57 } 58 59 // Returns all platform/package advisories 60 platform.advisories { 61 []audit.advisory 62 // Worst CVSS score for all advisories 63 cvss() audit.cvss 64 // Statistical information: total, critical, high, medium, low, none, unknown 65 stats() dict 66 } 67 68 // Returns all platform/package cves 69 platform.cves { 70 []audit.cve 71 // Worst CVSS score for all cves 72 cvss() audit.cvss 73 // Statistical information: total, critical, high, medium, low, none, unknown 74 stats() dict 75 } 76 77 // Common Vulnerability Scoring System (CVSS) Score 78 private audit.cvss { 79 // CVSS Score ranging from 0.0 to 10.0 80 score float 81 // CVSS score is also represented as a vector string 82 vector string 83 } 84 85 // Platform/package advisory 86 private audit.advisory { 87 // Advisory ID 88 id string 89 // Mondoo Advisory Identifier 90 mrn string 91 // Advisory Title 92 title string 93 // Advisory Description 94 description string 95 // Advisory publication date 96 published time 97 // Last modification date 98 modified time 99 // Worst CVSS Score of all assigned CVEs 100 worstScore audit.cvss 101 } 102 103 // Common Vulnerabilities and Exposures (CVE) 104 private audit.cve { 105 // CVE ID 106 id string 107 // Mondoo CVE Identifier 108 mrn string 109 // CVE state 110 state string 111 // Summary Description 112 summary string 113 // Indicates if the CVE has a CVSS score 114 unscored bool 115 // publication date 116 published time 117 // Last modification date 118 modified time 119 // Worst CVSS Score of all assigned CVEs 120 worstScore audit.cvss 121 } 122 123 machine {} 124 125 // SMBIOS BIOS information 126 machine.bios { 127 // BIOS vendor 128 vendor string 129 // BIOS version 130 version string 131 // BIOS release date 132 releaseDate string 133 } 134 135 // SMBIOS system information 136 machine.system { 137 // Manufacturer 138 manufacturer string 139 // Product Name 140 product string 141 // Version 142 version string 143 // Serial Number 144 serial string 145 // UUID 146 uuid string 147 // SKU Number 148 sku string 149 // Family 150 family string 151 } 152 153 // SMBIOS baseboard (or module) information 154 machine.baseboard { 155 // Manufacturer 156 manufacturer string 157 // Product 158 product string 159 // Version 160 version string 161 // Serial Number 162 serial string 163 // Asset Tag 164 assetTag string 165 } 166 167 // SMBIOS system enclosure or chassis 168 machine.chassis { 169 // Manufacturer 170 manufacturer string 171 // Version 172 version string 173 // Serial Number 174 serial string 175 // Asset Tag Number 176 assetTag string 177 } 178 179 // Operating system information 180 os { 181 // Pretty hostname on macOS/Linux or device name on Windows 182 name() string 183 // ENV variable contents 184 env() map[string]string 185 // PATH variable contents 186 path(env) []string 187 // Current uptime 188 uptime() time 189 // List of available OS updates 190 updates() []os.update 191 // Indicates if a reboot is pending 192 rebootpending() bool 193 // Hostname for this OS 194 hostname() string 195 // Machine ID for this OS 196 machineid() string 197 } 198 199 // Operating system update information 200 os.update @defaults("name") { 201 // Name of the update 202 name string 203 // Category of the update 204 category string 205 // Severity of the update 206 severity string 207 // Indicates if a restart is required 208 restart bool 209 // Package format for this update 210 format string 211 } 212 213 os.base { 214 embed machine 215 216 // Pretty Hostname on macOS/Linux or device name on Windows 217 name() string 218 // ENV variable contents 219 env() map[string]string 220 // PATH variable contents 221 path(env) []string 222 // Current uptime 223 uptime() time 224 // List of available OS updates 225 updates() []os.update 226 // Indicates if a reboot is pending 227 rebootpending() bool 228 // Hostname for this OS 229 hostname() string 230 // User groups 231 groups() groups 232 // Users 233 users() users 234 } 235 236 os.unix { 237 embed os.base as base 238 } 239 240 os.linux { 241 embed os.unix as unix 242 243 // iptables firewall for IPv4 244 iptables() iptables 245 // iptables firewall for IPv6 246 ip6tables() ip6tables 247 } 248 249 // Operating system root certificates 250 os.rootCertificates { 251 []certificate(content) 252 // List of files that define these certificates 253 files []file 254 content(files) []string 255 } 256 257 // Results of running a command on the system 258 command { 259 init(command string) 260 // Raw contents of the command 261 command string 262 // Standard output from running the command 263 stdout(command) string 264 // Standard error output from running the command 265 stderr(command) string 266 // Exit code the command returned 267 exitcode(command) int 268 } 269 270 // Results of running a PowerShell script on the system 271 powershell { 272 init(script string) 273 // Raw contents of the script 274 script string 275 // Standard output from running the script 276 stdout() string 277 // Standard error output from running the script 278 stderr() string 279 // Exit code the script returned 280 exitcode() int 281 } 282 283 // File on the system 284 file @defaults("path size permissions.string") { 285 init(path string) 286 // Location of the file on the system 287 path string 288 // Filename without path prefix of this file 289 basename(path) string 290 // Path to the folder containing this file 291 dirname(path) string 292 // Contents of this file 293 content(path, exists) string 294 // Indicator if this file exists on the system 295 exists(path) bool 296 // Permissions for this file 297 permissions(path) file.permissions 298 // Size of this file on disk 299 size(path) int 300 // Ownership information about the user 301 user() user 302 // Ownership information about the group 303 group() group 304 // Denotes whether the path is empty 305 empty(path) bool 306 } 307 308 // Access permissions for a given file 309 private file.permissions @defaults("string") { 310 // Raw POSIX mode for the permissions 311 mode int 312 // Indicator if this file is readable by its owner 313 user_readable bool 314 // Indicator if this file is writeable by its owner 315 user_writeable bool 316 // Indicator if this file is executable by its owner 317 user_executable bool 318 // Indicator if this file is readable by members of the group 319 group_readable bool 320 // Indicator if this file is writeable by members of the group 321 group_writeable bool 322 // Indicator if this file is executable by members of the group 323 group_executable bool 324 // Indicator if this file is readable by others 325 other_readable bool 326 // Indicator if this file is writeable by others 327 other_writeable bool 328 // Indicator if this file is executable by others 329 other_executable bool 330 // SUID bit indicator 331 suid bool 332 // SGID bit indicator 333 sgid bool 334 // Sticky bit indicator 335 sticky bool 336 // Whether the file describes a directory 337 isDirectory bool 338 // Whether the file describes a regular file 339 isFile bool 340 // Whether the file is a symlink 341 isSymlink bool 342 // A simple printed string version of the permissions 343 string() string 344 } 345 346 files {} 347 348 // Find files on the system 349 files.find { 350 []file 351 // From sets the starting point for the search operation 352 from string 353 // xdev indicates if other devices will be searched 354 xdev bool 355 // What types of files will be listed (directories, files, devices, etc) 356 type string 357 // A regular expression for the file search 358 regex string 359 // What permissions the file matches 360 permissions int 361 // Search name of the name 362 name string 363 } 364 365 // Parse INI files 366 parse.ini { 367 init(path string, delimiter string) 368 // Symbol that is separating keys and values 369 delimiter string 370 // File that is being parsed 371 file file 372 // Raw content of the file that is parsed 373 content(file) string 374 // A map of sections and key-value pairs 375 sections(content, delimiter) map[string]map[string]string 376 // A map of parameters that don't belong to sections 377 params(sections) map[string]string 378 } 379 380 // Parse JSON files 381 parse.json { 382 init(path string) 383 // File that is being parsed 384 file file 385 // Raw content of the file that is parsed 386 content(file) string 387 // The parsed parameters that are defined in this file 388 params(content) dict 389 } 390 391 // Parse plist files 392 parse.plist { 393 init(path string) 394 // File that is being parsed 395 file file 396 // Raw content of the file that is parsed 397 content(file) string 398 // The parsed parameters that are defined in this file 399 params(content) dict 400 } 401 402 // Parse YAML files 403 parse.yaml { 404 init(path string) 405 // File that is being parsed 406 file file 407 // Raw content of the file that is parsed 408 content(file) string 409 // The parsed parameters that are defined in this file 410 params(content) dict 411 } 412 413 // Parse Certificates from files 414 parse.certificates { 415 []network.certificate(content, path) 416 init(path string) 417 // Certificate file path 418 path string 419 // Certificate file 420 file() file 421 // Certificate file content 422 content(file) string 423 } 424 425 // Parse OpenPGP from files 426 parse.openpgp { 427 []network.openpgp.entity(content) 428 init(path string) 429 // Path of the OpenPGP file. Deprecated: Please use file.path instead 430 path string 431 // OpenPGP file 432 file file 433 // OpenPGP file content 434 content(file) string 435 } 436 437 // User on this system 438 user @defaults("name uid gid") { 439 // User ID 440 uid int 441 // User's Group ID 442 gid int 443 // User's Security Identifier (Windows) 444 sid string 445 // Name of the user 446 name string 447 // Home folder 448 home string 449 // Default shell configured 450 shell string 451 // Indicates if the user is enabled 452 enabled bool 453 // List of authorized keys 454 authorizedkeys(home) authorizedkeys 455 // List of SSH keys 456 sshkeys() []privatekey 457 // Group that user is a member of 458 group(gid) group 459 } 460 461 // Private Key Resource 462 privatekey { 463 // PEM data 464 pem string 465 // Key path on disk (deprecated, use file instead) 466 path string 467 // File on disk for this private key 468 file file 469 encrypted bool 470 } 471 472 // Users configured on this system 473 users { 474 []user 475 } 476 477 // List of SSH Authorized Keys 478 authorizedkeys { 479 []authorizedkeys.entry(file, content) 480 init(path string) 481 path string 482 file file 483 content(file) string 484 } 485 486 // SSH authorized keys entry 487 authorizedkeys.entry @defaults("key") { 488 line int 489 type string 490 key string 491 label string 492 options []string 493 file file 494 } 495 496 // Group on this system 497 group @defaults("name gid") { 498 init(id string) 499 // Group ID 500 gid int 501 // Group's Security Identifier (Windows) 502 sid string 503 // Name of this group 504 name string 505 // Users who are members of this group 506 members() []user 507 } 508 509 // Groups configured on this system 510 groups { 511 []group 512 } 513 514 // Package on the platform or OS 515 package @defaults("name version") { 516 // May be initialized with the name only, in which case it will look up 517 // the package with the given name on the system. 518 init(name string) 519 520 // Name of the package 521 name string 522 // Current version of the package 523 version string 524 // Architecture of this package 525 arch string 526 // Epoch of this package 527 epoch string 528 529 // Format of this package (e.g. rpm, deb) 530 format string 531 // Status of this package (e.g. if it is needed) 532 status() string 533 // Package description 534 description string 535 536 // Package origin (optional) 537 origin() string 538 539 // Available version 540 available string 541 // Indicates if this package is installed 542 installed bool 543 // Indicates if this package is outdated 544 outdated() bool 545 } 546 547 // List of packages on this system 548 packages { 549 []package 550 } 551 552 // PAM configuration (Pluggable Authentication Module) 553 pam.conf { 554 init(path string) 555 // List of files that make up the PAM configuration 556 files() []file 557 // The raw PAM configuration (across all files) 558 content(files) string 559 // Deprecated: A list of services that are configured via PAM 560 services(files) map[string][]string 561 // List of services with parsed entries that are configured via PAM 562 entries(files) map[string][]pam.conf.serviceEntry 563 } 564 565 private pam.conf.serviceEntry @defaults("service module") { 566 // Service file that entry is from 567 service string 568 // Line number in service file - used for ID 569 lineNumber int 570 // Type for pam entry, ie auth, password etc 571 pamType string 572 // Level of control, ie required, requisite, sufficient 573 control string 574 // PAM module used 575 module string 576 // Configuration options for pam service entry 577 options []string 578 } 579 580 // SSH server resource 581 sshd {} 582 583 // SSH server configuration 584 sshd.config { 585 init(path? string) 586 // File of this SSH server configuration 587 file() file 588 // A list of lexically sorted files making up the SSH server configuration 589 files(file) []file 590 // Raw content of this SSH server config 591 content(files) string 592 // Configuration values of this SSH server 593 params(content) map[string]string 594 // Ciphers configured for this SSH server 595 ciphers(params) []string 596 // MACs configured for this SSH server 597 macs(params) []string 598 // Key Exchange Algorithms configured for this SSH server 599 kexs(params) []string 600 // Host Keys configured for this SSH server 601 hostkeys(params) []string 602 } 603 604 // Service on this system 605 service @defaults("name running enabled type") { 606 init(name string) 607 // Name of this service 608 name string 609 // Service description 610 description string 611 // Is it installed? 612 installed bool 613 // Is it running? 614 running bool 615 // Is it enabled? (start at boot) 616 enabled bool 617 // Type information 618 type string 619 // Is it masked? 620 masked bool 621 } 622 623 // Services configured on this system 624 services { 625 []service 626 } 627 628 // System kernel information 629 kernel @defaults("info") { 630 // Active kernel information 631 info() dict 632 // Kernel parameters map 633 parameters() map[string]string 634 // List of kernel modules 635 modules() []kernel.module 636 // Installed Versions 637 installed() []dict 638 } 639 640 // System kernel module information 641 kernel.module @defaults("name loaded") { 642 init(name string) 643 644 // Name of the kernel module 645 name string 646 // Size of the kernel module 647 size string 648 // Indicates if this module is loaded 649 loaded bool 650 } 651 652 // Docker host resource 653 docker { 654 // List all Docker images 655 images() []docker.image 656 // List all Docker containers 657 containers() []docker.container 658 } 659 660 // Docker image 661 docker.image { 662 // Image ID 663 id string 664 // Image size in kilobytes 665 size int 666 // Virtual image size in kilobytes 667 virtualsize int 668 // Tag key value pairs 669 tags []string 670 // Labels key value pairs 671 labels map[string]string 672 } 673 674 // Docker container 675 docker.container { 676 embed os.linux as os 677 678 // Container ID 679 id string 680 // Container command 681 command string 682 // Container image 683 image string 684 // Image ID 685 imageid string 686 // Container names 687 names []string 688 // Container state 689 state string 690 // Status message 691 status string 692 // Label key value pairs 693 labels map[string]string 694 } 695 696 // IPv4 tables 697 iptables { 698 // IPv4 input chain stats 699 input() []iptables.entry 700 // IPv4 output chain stats 701 output() []iptables.entry 702 } 703 704 // IPv6 tables 705 ip6tables { 706 // IPv6 input chain stats 707 input() []iptables.entry 708 // IPv6 output chain stats 709 output() []iptables.entry 710 } 711 712 iptables.entry { 713 //Line number of statistic - used to create id 714 lineNumber int 715 //packets from iptable 716 packets int 717 //This field tells us how large the packet is in octets, including headers and everything. 718 bytes int 719 //If a packet matches the rule, the target specifies what should be done with it. 720 target string 721 //protocol of the next level layer. For example, this may be TCP, UDP or ICMP among others. 722 protocol string 723 //indicates IP options 724 opt string 725 //input 726 in string 727 //output 728 out string 729 //source address field that lets the receiver know where the packet came from. 730 source string 731 //The destination IP address or subnet of the traffic, or anywhere 732 destination string 733 //The options field contains different optional settings within the header, 734 //such as Internet timestamps, SACK or record route options. 735 options string 736 //input or output - used to create id 737 chain string 738 } 739 740 // Process on this system 741 process @defaults("executable pid state") { 742 init(pid int) 743 // PID (process ID) 744 pid int 745 // State of the process (sleeping, running, etc) 746 state() string 747 // Executable that is running this process 748 executable() string 749 // Full command used to run this process 750 command() string 751 // Map of additional flags 752 flags() map[string]string 753 } 754 755 // Processes available on this system 756 processes { 757 []process 758 } 759 760 // TCP/IP port on the system 761 port @defaults("port protocol address process.executable") { 762 // Protocol of this port 763 protocol string 764 // Port number 765 port int 766 // Local address of this port 767 address string 768 // User configured for this port 769 user user 770 // Process that is connected to this port 771 process() process 772 // State of this open port 773 state string 774 // Remote address connected to this port 775 remoteAddress string 776 // Remote port connected to this port 777 remotePort int 778 // TLS on this port, if it is available 779 tls(address, port, protocol) network.tls 780 } 781 782 // TCP/IP ports on the system 783 ports { 784 []port 785 // All listening ports 786 listening() []port 787 } 788 789 // Windows audit policies 790 auditpol { 791 []auditpol.entry 792 } 793 794 // Windows audit policy 795 auditpol.entry @defaults("subcategory inclusionsetting exclusionsetting") { 796 // Machine name 797 machinename string 798 // Policy Target 799 policytarget string 800 // Subcategory 801 subcategory string 802 // Subcategory GUID 803 subcategoryguid string 804 // Inclusive setting 805 inclusionsetting string 806 // Exclusive settings 807 exclusionsetting string 808 } 809 810 // Windows local security policy 811 secpol { 812 // System Access 813 systemaccess() map[string]string 814 // Event Audit 815 eventaudit() map[string]string 816 // Registry Values 817 registryvalues() map[string]string 818 // Privilege Rights 819 privilegerights() map[string][]string 820 } 821 822 // NTP service configuration 823 ntp.conf { 824 init(path string) 825 // File of this NTP service configuration 826 file() file 827 // Raw contents of this NTP service configuration 828 content(file) string 829 // List of settings for this NTP service 830 settings(content) []string 831 // List of servers for this NTP service 832 servers(settings) []string 833 // List of access control restrictions for this NTP service 834 restrict(settings) []string 835 // Additional information for clock drivers 836 fudge(settings) []string 837 } 838 839 // Rsyslog service configuration 840 rsyslog.conf { 841 init(path string) 842 // Path for the main rsyslog file and search 843 path() string 844 // Files that make up this Rsyslog service configuration 845 files(path) []file 846 // Raw contents of this Rsyslog service configuration 847 content(files) string 848 // List of settings for this Rsyslog service 849 settings(content) []string 850 } 851 852 // Shadow password suite configuration 853 logindefs { 854 init(path string) 855 // Current configuration file for resource 856 file() file 857 // Content of the configuration file 858 content(file) string 859 // Parsed logindef parameter 860 params(content) map[string]string 861 } 862 863 // Unix list block devices 864 lsblk { 865 []lsblk.entry 866 } 867 868 // Unix block device 869 lsblk.entry { 870 // Device name 871 name string 872 // Filesystem Type 873 fstype string 874 // label for the fs 875 label string 876 // uuid for the fs 877 uuid string 878 // mountpoints for the device 879 mountpoints []string 880 } 881 882 // Unix Mounted Filesystem 883 mount { 884 []mount.point 885 } 886 887 // Unix mount point 888 mount.point @defaults("device path fstype") { 889 init(path string) 890 // Device 891 device string 892 // Path 893 path string 894 // Filesystem Type 895 fstype string 896 // Mount Options 897 options map[string]string 898 // Flag whether the mount point is mounted 899 mounted bool 900 } 901 902 // Shadowed Password File 903 shadow { 904 []shadow.entry 905 } 906 907 // Shadowed password file entry 908 shadow.entry { 909 // User 910 user string 911 // Password 912 password string 913 // Date of last password change 914 lastchanged time 915 // Minimum password age 916 mindays int 917 // Maximum password age 918 maxdays int 919 // Password warning period 920 warndays int 921 // Password inactivity period 922 inactivedays int 923 // Account expiration date 924 expirydates string 925 // Reserved field 926 reserved string 927 } 928 929 // Yum package manager resource 930 yum { 931 // variables defined built-in in Yum configuration files (/etc/yum.conf and all .repo files in the /etc/yum.repos.d/) 932 vars() map[string]string 933 // List of all configured yum repositories 934 repos() []yum.repo 935 } 936 937 // Yum repository resource 938 yum.repo { 939 init(id string) 940 // Repository ID 941 id string 942 // Human-readable repository name 943 name string 944 // Repository status 945 status string 946 // URL where the repodata directory of a repository is located 947 baseurl []string 948 // Indicator when the repository will expire 949 expire string 950 // Deprecated: location of the repo configuration file, use file.path 951 filename string 952 // Repository configuration file path 953 file file 954 // Repository revision 955 revision string 956 // Packages in repository 957 pkgs string 958 // File size of this repository 959 size string 960 // Mirrors for this repository 961 mirrors string 962 // Indicates if this repository is used as package source 963 enabled() bool 964 } 965 966 // Windows registry key 967 registrykey @defaults("path") { 968 init(path string) 969 // Registry key path 970 path string 971 // Indicates if the property exists 972 exists() bool 973 // deprecated: Registry key properties, use `items` instead 974 properties() map[string]string 975 // Registry key items 976 items() []registrykey.property 977 // Registry key children 978 children() []string 979 } 980 981 // Windows registry key property 982 registrykey.property @defaults("path name") { 983 init(path string, name string) 984 // Registry key path 985 path string 986 // Registry key name 987 name string 988 // Indicates if the property exists 989 exists() bool 990 // deprecated: Registry key property value converted to string, use `data` instead 991 value() string 992 // Registry key type 993 type() string 994 // Registry key data 995 data() dict 996 } 997 998 // Container Image 999 container.image @defaults("name") { 1000 // Image reference 1001 reference string 1002 // Fully-qualified reference name 1003 name string 1004 // Identifier of type-specific portion of the image reference 1005 identifier string 1006 // Identifier Type `tag` or `digest` 1007 identifierType string 1008 // Repository used for Container Image 1009 repository() container.repository 1010 } 1011 1012 // Container registry repository 1013 container.repository { 1014 // Container Registry Repository Name 1015 name string 1016 // URL Scheme 1017 scheme string 1018 // Container Registry Repository URL 1019 fullName string 1020 // Container Registry URL 1021 registry string 1022 } 1023 1024 // Kubernetes Kubelet configuration 1025 kubelet { 1026 // Kubelet config file 1027 configFile file 1028 // Kubelet process 1029 process process 1030 // Combination of config file parameters and cli parameters 1031 configuration dict 1032 } 1033 1034 // Python package details found on operating system image 1035 python { 1036 init(path? string) 1037 // Path to a specific site-packages location to exclusively scan through (empty means search through default locations) 1038 path string 1039 1040 // Packages returns a list of all discovered packages 1041 packages() []python.package 1042 1043 // Toplevel returns a list of all packages which were specifically installed (ie. not auto-installed as a dependency) 1044 toplevel() []python.package 1045 } 1046 1047 // Python package information 1048 python.package @defaults("name version") { 1049 init(path? string) 1050 1051 // ID is the python.package unique identifier 1052 id string 1053 1054 // Name of the package 1055 name() string 1056 1057 // File containing the package metadata 1058 file file 1059 1060 // Version of the package 1061 version() string 1062 1063 // License of the package 1064 license() string 1065 1066 // Author of the package 1067 author() string 1068 1069 // Short package description 1070 summary() string 1071 1072 // List of packages depended on 1073 dependencies() []python.package 1074 } 1075 1076 // macOS specific resources 1077 macos { 1078 // macOS user defaults 1079 userPreferences() map[string]dict 1080 // macOS user defaults for current host 1081 userHostPreferences() map[string]dict 1082 // macOS global account policies 1083 globalAccountPolicies() dict 1084 } 1085 1086 // macOS application layer firewall (ALF) service 1087 macos.alf { 1088 // Allow downloaded software to receive incoming connections 1089 allowDownloadSignedEnabled int 1090 // Allow built-in software to receive incoming connections for signed software 1091 allowSignedEnabled int 1092 // Flag if firewall is unloaded 1093 firewallUnload int 1094 // Indicates if the firewall is enabled 1095 globalState int 1096 // Specifies if alf.log is used 1097 loggingEnabled int 1098 // Specifies logging flags 1099 loggingOption int 1100 // Stealth mode 1101 stealthEnabled int 1102 // ALF version 1103 version string 1104 // Service exceptions 1105 exceptions []dict 1106 // Services explicitly allowed to perform networking 1107 explicitAuths []string 1108 // Applications with exceptions for network blocking 1109 applications []dict 1110 } 1111 1112 // macOS Time Machine 1113 macos.timemachine { 1114 // macOS Time Machine preferences 1115 preferences() dict 1116 } 1117 1118 // macOS machine settings 1119 // The resource requires at least "admin" privileges to run 1120 macos.systemsetup { 1121 // Current date 1122 date() string 1123 // Current time in 24-hour format 1124 time() string 1125 // Current time zone 1126 timeZone() string 1127 // Whether network time is on or off 1128 usingNetworkTime() string 1129 // Configured network time server 1130 networkTimeServer() string 1131 // Amount of idle time until machine sleeps 1132 sleep() []string 1133 // Amount of idle time until display sleeps 1134 displaySleep() string 1135 // Amount of idle time until hard disk sleeps 1136 harddiskSleep() string 1137 // Whether wake on modem is on or off 1138 wakeOnModem() string 1139 // Whether wake on network access is on or off 1140 wakeOnNetworkAccess() string 1141 // Whether restart on power failure is on or off 1142 restartPowerFailure() string 1143 // Whether restart on freeze is on or off 1144 restartFreeze() string 1145 // Whether the power button can sleep the computer 1146 allowPowerButtonToSleepComputer() string 1147 // Whether remote login (SSH) is on or off 1148 remoteLogin() string 1149 // Whether remote apple events are on or off 1150 remoteAppleEvents() string 1151 // Computer name 1152 computerName() string 1153 // Local subnet name 1154 localSubnetName() string 1155 // Current startup disk 1156 startupDisk() string 1157 // Number of seconds after which the computer will start up after a power failure 1158 waitForStartupAfterPowerFailure() string 1159 // Whether or not the keyboard should be disabled when the X Serve enclosure lock is engaged 1160 disableKeyboardWhenEnclosureLockIsEngaged() string 1161 } 1162 1163 // Windows-specific resource to get operating system details 1164 windows { 1165 // A consolidated object of system and operating system properties 1166 // 1167 // see https://docs.microsoft.com/en-us/dotnet/api/microsoft.powershell.commands.computerinfo?view=powershellsdk-1.1.0 for more information 1168 computerInfo() dict 1169 1170 // Hotfixes installed on the computer 1171 hotfixes() []windows.hotfix 1172 1173 // Information about Windows Server roles, role services, and features that are available for installation and installed on a specified server. 1174 features() []windows.feature 1175 } 1176 1177 // Windows hotfix resource 1178 windows.hotfix { 1179 init(hotfixId string) 1180 // Hotfix ID 1181 hotfixId string 1182 // Type of hotfix eg. `Update` or `Security Update` 1183 description string 1184 // Reference to knowledge base 1185 caption string 1186 // Date the hotfix was installed on 1187 installedOn time 1188 // User that installed the hotfix 1189 installedBy string 1190 } 1191 1192 // Windows feature resource 1193 windows.feature { 1194 init(name string) 1195 // Feature full path 1196 path string 1197 // Command IDs of role, role service, or feature 1198 name string 1199 // Feature name 1200 displayName string 1201 // Feature description 1202 description string 1203 // Flag indicates whether the feature is installed 1204 installed bool 1205 // Feature installation state 1206 installState int 1207 } 1208 1209 // Windows Firewall resource 1210 windows.firewall { 1211 // Global firewall settings 1212 settings() dict 1213 // Settings that apply to the per-profile configurations of the Windows Firewall with Advanced Security 1214 profiles() []windows.firewall.profile 1215 // Firewall rules 1216 rules() []windows.firewall.rule 1217 } 1218 1219 // Windows Firewall profile entry 1220 // https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wfascimprov/msft-netfirewallprofile 1221 windows.firewall.profile { 1222 instanceID string 1223 // Name of the profile 1224 name string 1225 // Whether the firewall is enabled on this profile 1226 enabled int 1227 // Default action for inbound traffic 1228 defaultInboundAction int 1229 // Default action for outbound traffic 1230 defaultOutboundAction int 1231 // If this is true, administrators will be able to create firewall rules which allow unsolicited inbound traffic to be accepted if this is false, such rules will be ignored 1232 allowInboundRules int 1233 // Determines whether local firewall rules should be merged into the effective policy along with group policy settings 1234 allowLocalFirewallRules int 1235 // Determines whether local IPsec rules should be merged into the effective policy along with rules from group policy 1236 allowLocalIPsecRules int 1237 // Whether to respect user allowed applications created in the legacy firewall 1238 allowUserApps int 1239 // Whether to respect globally opened ports created in the legacy firewall 1240 allowUserPorts int 1241 // Whether to allow unicast responses to multicast traffic 1242 allowUnicastResponseToMulticast int 1243 // If true, users will be notified when an application listens on a port that is close 1244 notifyOnListen int 1245 // Whether to use stealth mode for IPsec-protected traffic 1246 enableStealthModeForIPsec int 1247 // Maximum size the log file can reach before being rotated 1248 logMaxSizeKilobytes int 1249 // Whether to log allowed packets 1250 logAllowed int 1251 // Whether to log blocked traffic 1252 logBlocked int 1253 // Whether to log an event when rules are ignored 1254 logIgnored int 1255 // Filename in which to store the firewall log 1256 logFileName string 1257 } 1258 1259 // Windows Firewall rule entry 1260 // https://docs.microsoft.com/en-us/previous-versions/windows/desktop/wfascimprov/msft-netfirewallrule 1261 windows.firewall.rule { 1262 // A string that uniquely identifies this instance within the PolicyStore 1263 instanceID string 1264 // Name of the rule 1265 name string 1266 // Localized name of this rule 1267 displayName string 1268 // Brief description of the rule 1269 description string 1270 // The group that this rule belongs to 1271 displayGroup string 1272 // Indicates whether this rule is administratively enabled or disabled 1273 // values: enabled (1), disabled (2) 1274 enabled int 1275 // Specifies which direction of traffic to match with this rule 1276 // values: inbound (1), outbound (2) 1277 direction int 1278 // Specifies the action to take on traffic that matches this rule 1279 action int 1280 // Specifies how this firewall rule will handle edge traversal cases 1281 // values: block (0), allow (1), defer to user (2), defer to app (3) 1282 edgeTraversalPolicy int 1283 // Whether to group UDP packets into conversations based upon the local address, local port, and remote port 1284 looseSourceMapping bool 1285 // Whether to group UDP packets into conversations based only upon the local address and port 1286 localOnlyMapping bool 1287 // PrimaryStatus provides a high level status value 1288 // values: unknown (0), ok (1), degraded (2), error (3) 1289 primaryStatus int 1290 // Detailed status of the rule 1291 status string 1292 // If this object is retrieved from the ActiveStore 1293 enforcementStatus string 1294 // Contains the path to the policy store where this rule originally came from 1295 policyStoreSource string 1296 // Describes the type of policy store where this rule originally came from 1297 policyStoreSourceType int 1298 } 1299 1300 // Windows BitLocker 1301 windows.bitlocker { 1302 volumes() []windows.bitlocker.volume 1303 } 1304 1305 // Windows BitLocker volume 1306 windows.bitlocker.volume { 1307 // Unique identifier for the volume 1308 deviceID string 1309 // Drive letter of the volume 1310 driveLetter string 1311 // Indicates the status of the encryption or decryption on the volume 1312 conversionStatus dict 1313 // Encryption algorithm and key size used on the volume 1314 encryptionMethod dict 1315 // Indicates whether the contents of the volume are accessible from Windows 1316 // 0 = full contents of the volume are accessible 1317 // 1 = all or a portion of the contents of the volume are not accessible 1318 lockStatus int 1319 // Persistent identifier for the volume on this system 1320 persistentVolumeID string 1321 // Status of the volume, whether or not BitLocker is protecting the volume 1322 // 0 = Protection Off 1323 // 1 = Protection On 1324 // 2 = Protection Unknown 1325 protectionStatus dict 1326 // BitLocker Full Volume Encryption metadata version of the volume 1327 version dict 1328 } 1329 1330 windows.security { 1331 products() []windows.security.product 1332 } 1333 1334 private windows.security.product { 1335 type string 1336 guid string 1337 name string 1338 state int 1339 productState string 1340 signatureState string 1341 timestamp time 1342 } 1343 1344 // Returns the health for Windows security provider 1345 windows.security.health { 1346 firewall dict 1347 autoUpdate dict 1348 antiVirus dict 1349 antiSpyware dict 1350 internetSettings dict 1351 uac dict 1352 securityCenterService dict 1353 }