MCPcopy
hub / github.com/jipegit/OSXAuditor / ParseStartup

Function ParseStartup

osxauditor.py:483–531  ·  view source on GitHub ↗

Parse the different LauchAgents and LaunchDaemons

()

Source from the content-addressed store, hash-verified

481 PrintAndLog(AgentsPath.decode('utf-8') + u' is empty', 'INFO')
482
483def ParseStartup():
484 ''' Parse the different LauchAgents and LaunchDaemons '''
485
486 PrintAndLog(u'Startup', 'SECTION')
487
488 PrintAndLog(u'System agents', 'SUBSECTION')
489 ParseLaunchAgents(os.path.join(ROOT_PATH, 'System/Library/LaunchAgents/'))
490
491 PrintAndLog(u'System daemons', 'SUBSECTION')
492 ParseLaunchAgents(os.path.join(ROOT_PATH, 'System/Library/LaunchDaemons/'))
493
494 PrintAndLog(u'Third party agents', 'SUBSECTION')
495 ParseLaunchAgents(os.path.join(ROOT_PATH, 'Library/LaunchAgents/'))
496
497 PrintAndLog(u'Third party daemons', 'SUBSECTION')
498 ParseLaunchAgents(os.path.join(ROOT_PATH, 'Library/LaunchDaemons/'))
499
500 PrintAndLog(u'System ScriptingAdditions', 'SUBSECTION')
501 ParsePackagesDir(os.path.join(ROOT_PATH, 'System/Library/ScriptingAdditions/'))
502
503 PrintAndLog(u'Third party ScriptingAdditions', 'SUBSECTION')
504 ParsePackagesDir(os.path.join(ROOT_PATH, 'Library/ScriptingAdditions/'))
505
506 # Parse the old and deprecated Startup Items
507 PrintAndLog(u'Deprecated system StartupItems', 'SUBSECTION')
508 ParseStartupItems(os.path.join(ROOT_PATH, 'System/Library/StartupItems/'))
509
510 PrintAndLog(u'Deprecated third party StartupItems', 'SUBSECTION')
511 ParseStartupItems(os.path.join(ROOT_PATH, 'Library/StartupItems/'))
512
513 PrintAndLog(u'Users\' agents', 'SUBSECTION')
514 for User in os.listdir(os.path.join(ROOT_PATH, 'Users')):
515 UserLAPath = os.path.join(ROOT_PATH, 'Users', User, 'Library/LaunchAgents/')
516 if User[0] != '.' and os.path.isdir(UserLAPath):
517 PrintAndLog(User.decode('utf-8') + u'\'s agents', 'SUBSECTION')
518 ParseLaunchAgents(UserLAPath)
519
520 PrintAndLog(u'Users\' LoginItems', 'SUBSECTION')
521 for User in os.listdir(os.path.join(ROOT_PATH, 'Users')):
522 LoginItemsPlistPath = os.path.join(ROOT_PATH, 'Users', User, 'Library/Preferences/com.apple.loginitems.plist')
523 if User[0] != '.' and os.path.isfile(LoginItemsPlistPath):
524 PrintAndLog(User + u'\'s LoginItems', 'SUBSECTION')
525 PrintAndLog(LoginItemsPlistPath, 'DEBUG')
526 LoginItemsPlist = UniversalReadPlist(LoginItemsPlistPath)
527
528 if LoginItemsPlist and 'SessionItems' in LoginItemsPlist:
529 CustomListItems = LoginItemsPlist['SessionItems']['CustomListItems']
530 for CustomListItem in CustomListItems:
531 PrintAndLog(CustomListItem['Name'].decode('utf-8') + u' - ' + binascii.hexlify(CustomListItem['Alias']).decode('hex').decode('utf-8', 'ignore'), 'INFO')
532
533def HashDir(Title, Path):
534 ''' Hash a direrctory and add the hashes'''

Callers 1

MainFunction · 0.85

Calls 5

PrintAndLogFunction · 0.85
ParseLaunchAgentsFunction · 0.85
ParsePackagesDirFunction · 0.85
ParseStartupItemsFunction · 0.85
UniversalReadPlistFunction · 0.85

Tested by

no test coverage detected