MCPcopy
hub / github.com/jipegit/OSXAuditor / Main

Function Main

osxauditor.py:1576–1694  ·  view source on GitHub ↗

Here we go

()

Source from the content-addressed store, hash-verified

1574 HTML_LOG_CONTENT += HTML_EVENTS_TL
1575
1576def Main():
1577 ''' Here we go '''
1578
1579 global ROOT_PATH
1580 global HTML_LOG_FILE
1581 global HOSTNAME
1582 global GEOLOCATE_WIFI_AP
1583 global OSX_VERSION
1584
1585 HOSTNAME = socket.gethostname()
1586 Euid = str(os.geteuid())
1587 Egid = str(os.getegid())
1588
1589 Parser = optparse.OptionParser(usage='usage: %prog [options]\n' + __description__ + ' v' + __version__, version='%prog ' + __version__)
1590 Parser.add_option('-p', '--path', dest='RootPath', help='Path to the OS X system to audit (e.g. /mnt/xxx). The running system will be audited if not specified')
1591 Parser.add_option('-t', '--txtoutput', dest='TxtLogFile', help='Path to the txt output log file')
1592 Parser.add_option('-H', '--htmloutput', dest='HTMLLogFile', help='Path to the HTML output log file')
1593 Parser.add_option('-z', '--ziplogs', dest='ZipLogsFile', help='Create a zip file containing all system and users\' logs. Path to directory to put the zip file in')
1594 Parser.add_option('-S', '--syslog', dest='SyslogServer', default=False, help='Syslog server to send the report to')
1595 Parser.add_option('-a', '--all', action='store_true', default=False, help='Analyze all (it is equal to -qsidbAkUe)')
1596 Parser.add_option('-q', '--quarantines', action='store_true', default=False, help='Analyze quarantined files')
1597 Parser.add_option('-s', '--startup', action='store_true', default=False, help='Analyze startup agents and daemons ')
1598 Parser.add_option('-i', '--installedapps', action='store_true', default=False, help='Analyze installed applications')
1599 Parser.add_option('-d', '--downloads', action='store_true', default=False, help='Analyze downloaded files ')
1600 Parser.add_option('-b', '--browsers', action='store_true', default=False, help='Analyze browsers (Safari, FF & Chrome) ')
1601 Parser.add_option('-A', '--airportprefs', action='store_true', default=False, help='Analyze Airport preferences ')
1602 Parser.add_option('-g', '--wifiapgeolocate', action='store_true', default=False, help='Tries to geolocate WiFi AP found in AirportPrefs using Geomena.org')
1603 Parser.add_option('-k', '--kext', action='store_true', default=False, help='Analyze kernel extensions (kext) ')
1604 Parser.add_option('-U', '--usersaccounts', action='store_true', default=False, help='Analyze users\' accounts ')
1605 Parser.add_option('-e', '--eventlogs', action='store_true', default=False, help='Analyze system event logs')
1606 Parser.add_option('-m', '--mrh', action='store_true', default=False, help='Perform a reputation lookup in Team Cymru\'s MRH')
1607 Parser.add_option('-v', '--virustotal', action='store_true', default=False, help='Perform a lookup in VirusTotal database.')
1608 Parser.add_option('-l', '--localhashesdb', dest='LocalDatabase', default=False, help='Path to a local database of suspicious hashes to perform a lookup in')
1609
1610 (options, args) = Parser.parse_args()
1611
1612 if sys.version_info < (2, 7) or sys.version_info > (3, 0):
1613 PrintAndLog(u'You must use python 2.7 or greater but not python 3', 'ERROR') # This error won't be logged
1614 exit(1)
1615
1616 if options.RootPath:
1617 ROOT_PATH = options.RootPath
1618
1619 if options.TxtLogFile:
1620 logging.basicConfig(filename=options.TxtLogFile, filemode='w', level=logging.DEBUG)
1621
1622 if options.SyslogServer:
1623 SyslogSetup(options.SyslogServer)
1624
1625 if options.HTMLLogFile:
1626 try:
1627 HTML_LOG_FILE = codecs.open(options.HTMLLogFile, 'w', 'utf-8')
1628 except (IOError):
1629 PrintAndLog(u'Cannot open ' + options.HTMLLogFile.decode('utf-8') + u'\n', 'ERROR')
1630 except:
1631 PrintAndLog(u'HTML Log setup failed, HTML Log is disabled ', 'ERROR')
1632 HTML_LOG_FILE = False
1633

Callers 1

osxauditor.pyFile · 0.85

Calls 15

PrintAndLogFunction · 0.85
SyslogSetupFunction · 0.85
GetAuditedSystemVersionFunction · 0.85
GetAuditedSystemTimezoneFunction · 0.85
ParseKextFunction · 0.85
ParseStartupFunction · 0.85
ParseInstalledAppsFunction · 0.85
ParseQuarantinesFunction · 0.85
ParseDownloadsFunction · 0.85
ParseBrowsersFunction · 0.85
ParseAirportPrefsFunction · 0.85
ParseUsersAccountsFunction · 0.85

Tested by

no test coverage detected