Skip to content

Used to report on the results of silnite by the Eclectic Light Company

Notifications You must be signed in to change notification settings

macitpros/wm-silnite

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

77 Commits
 
 
 
 
 
 
 
 

Repository files navigation

wm-silnite

Custom plugin for Watchman Monitoring to provide results of silnite by the Eclectic Light Company.

Alerting if specific Apple security updates have not been installed, or are available for installation.

Requires

silnite by the Eclectic Light Company to be installed.

Note from Eclectic Light Company developer:

silnite uses the Swift standard frameworks. These are installed at a system level in later versions of Mojave (10.14.4 and later) and in Catalina (10.15). Those using earlier versions of Mojave (10.14.3 and before), Sierra or High Sierra may need to download and install Swift Runtime Support for Command Tools from https://support.apple.com/kb/DL1998

As of version .9.7.0.0

  • Uses curl to pull down current OS version information from https://gdmf.apple.com/v2/pmv
  • Uses curl result to determine if the current OS matches on alerting for ticket/email (exit 2)
  • Will run OS version check during every run
  • Configuration Data related to XProtect/MRT/etc will continue to run according to schedule
  • Results for Configuration data will be an informational result (no ticket/email) in the Watchman Monitoring dashboard (exit 20)

As of version .9.6.0.0

  • Requires silnite 10 to be installed
  • Creates a text file with results of a full run at /Library/MonitoringClient/PluginSupport/_wm_silnite_results.txt
  • Will run an hourly light run based off results file
  • Full run of silnite results will still be based off Frequency to check for updates... results file will be updated at that time
  • Fixes stale plugin results (now that data is sent during every run)
  • Added Run Count Information to Plugin results
  • Removes Gatekeeper Version reporting (results removed from silnite 10)
  • Adds XProtect Remediator Version reporting
Capture_2023-11-09_08-27-55_AM

As of version .9.5.9:

  • Uses /Library/Preferences/com.apple.SoftwareUpdate.plist/Library/Preferences/com.apple.SoftwareUpdate.plist for gathering list of recommended updates (stops using softwareupdate -l).
  • Adjusts if a plist setting file is missing an expected value.
  • Creates a default settings plist on new installation.
  • Changes default reporting frequency to 8 from 12 (more frequently)

As of version .9.0.1:

As of version .7.0.1:

  • Adds compatibility for silnite 6, which in turn adds compatibility with Apple Silicon and macOS 12.
  • Get silnite version 6 from Eclectic Light: https://eclecticlight.co/lockrattler-systhist/
  • This version is NOT compatible with older versions of silnite. Requires silnite 6 to be installed.

As of version .6.4.0:

Preference Pane

  • Frequency to check for updates

    • Sets how often a full run will be done. More time between full checks will help speed up regular Watchman Monitoring reporting.
  • Unable to check for updates attempts

    • If silnite is unable to check for updates due to a connection failure, an informational warning will be generated (no tickets/emails) in your Watchman Monitoring dashboard. If the number of attempts exceeds this number, an alert (ticket/email) will be generated.

screenshot_1069

Terminal/Command Line Options

  • Force a one-time full run ignoring the frequency count: sudo defaults write /Library/MonitoringClient/PluginSupport/_wm_silnite_settings.plist First_Run -bool true
  • Set the "Frequency to check for updates" count (set NUM to the number): sudo defaults write /Library/MonitoringClient/PluginSupport/_wm_silnite_settings.plist Check_For_Updates _NUM_
  • Set the "Unable to check for updates attempts" count (set NUM to the number): sudo defaults write /Library/MonitoringClient/PluginSupport/_wm_silnite_settings.plist Warn_Updates_Attempts _NUM_

Emails daily/ticket created (exit 2) if...

  • silnite reports updates are available UpdateWaiting = 1

This means...

  • MRT could be out-of-date
  • XProtect Remediator could be out-of-date
  • XProtect could be out-of-date
  • Other updates from softwareupdate are available and will be listed

If unable to check for updates, shows informational warning (exit 20) Includes report of installed versions:

  • MRT
  • XProtect Remediator
  • XProtect

(initial testing complete, still needs more testing) Sends one-time alerts (exit 200) if...

  • SIP Disabled
  • XProtect Disabled

wmscreenshot

Known Issues

  • Need to make adjustments to prevent overwriting existing settings file
  • Once update checking is working, a fresh run should begin, currently not the case.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

About

Used to report on the results of silnite by the Eclectic Light Company

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages