Help

Security Analysis tool for Mac?

jnice22
New Contributor II

Posted on ‎04-27-2017 04:00 PM

This probably isn't a Jamf question but I was just wondering if anyone knows a solid security analysis tool that will scan a mac for vulnerabilities? Something a little easier than nessus. Paid is fine.

I just want to run a scan on one of my locked down systems to make sure there isn't any glaring issues (before letting our security guys have at it)

CIS validation would be great...

I have looked around without much luck. I remember using macanalysis a long time ago and it was great.

Thanks,
Jasen

0 Kudos
4 REPLIES 4

al_platt
Contributor II

Posted on ‎04-28-2017 02:59 AM

Depends what you're looking to scan. Try some of Patrick Wardles tools https://objective-see.com/products.html

Lockdown will run through a security build review (kinda)

The rest run in the background to scan for malware etc

0 Kudos

bainter
Contributor

Posted on ‎04-28-2017 09:31 AM

Don't know if this is an appropriate route, but we use CISCAT in a government agency. Requires membership.

[https://benchmarks.cisecurity.org/downloads/](link URL)

Scans to check settings against selectable CIS benchmarks. It's not 100% accurate--there are some settings it doesn't accurately rate in our environment for some reason--but fairly close.

0 Kudos

jnice22
New Contributor II

Posted on ‎04-28-2017 10:50 AM

Thanks! There does appear to be a shortage of tools for remediating security on the Mac. I might need to start a project.

@al_platt Thanks! Lockdown looks like it will be very helpful.

@bainter I will give that a try as well. We should have a membership. I've had fun with recommendations from CIS. Getting everything to work is a chore. It appears that if you have rules applied by policy they are not always caught.

0 Kudos

mrowell
Contributor

Posted on ‎05-02-2017 04:46 AM

@jnice22 have a look at https://www.inspec.io - I believe it has CIS benchmarks.

0 Kudos