Hello,
I am new to Mac OSX and shell scripting all together. I was wondering if anyone could help get me started in a few scenarios so that I would be able to automate checking a system against a STIG checklist. A STIG Checklist is a DoD Guideline for securing systems. Here is the first instance I would like to learn how to automate:
Open a terminal session and use the following command to view the setting for password history.
sudo pwpolicy -n -getglobalpolicy | tr " " "\n" | grep usingHistory
If the value of usingHistory is less than 15, this is a finding.
NOTE: If the command returns a response of password server is not configured, the system is not managed. Use the following command for non-managed systems.
pwpolicy -n /Local/Default -getglobalpolicy | tr " " "\n" | grep usingHistory
Now, I know that it tells you what to check and makes it so that anyone can perform this check, so please excuse my stupidity. We all have to start somewhere.
I am not interested in fixing a system, just running a script against a system to see if it conforms to the guideline or not. It would be nice if output could be printed telling me if it passes or not, or even print the output into a log file. There will be a couple of hundred checks that I will have to do, so all output will have to go to a log file.
Thank you for your time and assistance!