Update for Python 3, rewrite, and AS Macs

README.md

@@ -21,3 +21,24 @@ For the application firewall state, there are three possible values:
 For the user-approved kernel extension loading state, there are two possible values:
 * User Approved = 0 - Machines with UAKEL/SKEL turned on in the default state (security.skel.user-approved)
 * Open = 1 - Pre-10.13 machines or machines where UAKEL/SKEL is in disabled state (security.skel.all-approved)
+
+Table Schema
+-----
+
+Database:
+* gatekeeper - varchar(255) - Status of Gatekeeper
+* sip - varchar(255) - Status of SIP
+* ssh_groups - varchar(255) - SSH enabled groups
+* ssh_users - varchar(255) - SSH enabled users
+* ard_groups - varchar(255) - Apple Remote Desktop enabled groups
+* root_user - varchar(255) - Status of root user account
+* ard_users - varchar(255) - Apple Remote Desktop enabled users
+* firmwarepw - varchar(255) - Status of firmware password
+* firewall_state - varchar(255) - Status of firewall
+* skel_state - varchar(255) - SKEL state
+* t2_secureboot - varchar(255) - State of SecureBoot
+* t2_externalboot - varchar(255) - State of External Boot
+* activation_lock - varchar(255) - Status of Activation lock
+* filevault_status - boolean - FileVault encrypted or unencrypted
+* filevault_users - varchar(255) - FileVault enabled users
+* as_security_mode - varchar(255) - Security Mode, Apple Silicon Macs only

js/security.js

@@ -0,0 +1,97 @@
+var formatSecurityFirewall = function(colNumber, row){
+    var col = $('td:eq('+colNumber+')', row),
+        colvar = col.text();
+    colvar = colvar == '1' ? '<span class="label label-success">'+i18n.t('enabled')+'</span>' :
+    colvar = colvar == '2' ? '<span class="label label-success">'+i18n.t('security.block_all')+'</span>' :
+    (colvar === '0' ? '<span class="label label-danger">'+i18n.t('disabled')+'</span>' : colvar)
+    col.html(colvar)
+}
+
+var formatSecurityFileVaultEncrypted = function(colNumber, row){
+    var col = $('td:eq('+colNumber+')', row),
+        colvar = col.text();
+    colvar = colvar == '1' ? '<span class="label label-success">'+i18n.t('encrypted')+'</span>' :
+    (colvar === '0' ? '<span class="label label-danger">'+i18n.t('unencrypted')+'</span>' : 
+    colvar = '<span class="label label-default">'+i18n.t('unknown')+'</span>')
+    col.html(colvar)
+}
+
+var formatSecurityGatekeeper = function(colNumber, row){
+    var col = $('td:eq('+colNumber+')', row),
+        colvar = col.text();
+    colvar = colvar == 'Active' ? '<span class="label label-success">'+i18n.t('enabled')+'</span>' :
+    colvar = (colvar == 'Not Supported' ? '<span class="label label-info">'+i18n.t('unsupported')+'</span>' : 
+    colvar = '<span class="label label-danger">'+i18n.t('disabled')+'</span>')
+    col.html(colvar)
+}
+
+var formatSecurityRootUser = function(colNumber, row){
+    var col = $('td:eq('+colNumber+')', row),
+        colvar = col.text();
+    colvar = colvar == '0' ? '<span class="label label-success">'+i18n.t('disabled')+'</span>' :
+    colvar = (colvar == '1' ? '<span class="label label-danger">'+i18n.t('enabled')+'</span>' :
+    colvar = '<span class="label label-default">'+i18n.t('unknown')+'</span>')
+    col.html(colvar)
+}
+
+var formatSecurityFirmwarePW = function(colNumber, row){
+    var col = $('td:eq('+colNumber+')', row),
+        colvar = col.text();
+    colvar = colvar == 'Yes' ? '<span class="label label-success">'+i18n.t('enabled')+'</span>' :
+    colvar = colvar == 'command' ? '<span class="label label-success">'+i18n.t('enabled')+'</span>' :
+    colvar = colvar == 'No' ? '<span class="label label-danger">'+i18n.t('disabled')+'</span>' :
+    colvar = (colvar == 'Not Supported' ? '<span class="label label-info">'+i18n.t('unsupported')+'</span>' : 
+    colvar = '<span class="label label-default">'+i18n.t('unknown')+'</span>')
+    col.html(colvar)
+}
+
+var formatSecuritySKEL = function(colNumber, row){
+    var col = $('td:eq('+colNumber+')', row),
+        colvar = col.text();
+    colvar = colvar == '1' ? '<span class="label label-info">'+i18n.t('security.skel.all-approved')+'</span>' :
+    colvar = (colvar == '0' ? '<span class="label label-info">'+i18n.t('security.skel.user-approved')+'</span>' :
+    colvar = '<span class="label label-default">'+i18n.t('unknown')+'</span>')
+    col.html(colvar)
+}
+
+var formatSecuritySecureBoot = function(colNumber, row){
+    var col = $('td:eq('+colNumber+')', row),
+        colvar = col.text();
+    colvar = colvar == 'SECUREBOOT_FULL' ? '<span class="label label-success">'+i18n.t('security.full')+'</span>' :
+    colvar = colvar == 'SECUREBOOT_MEDIUM' ? '<span class="label label-warning">'+i18n.t('security.medium')+'</span>' :
+    colvar = colvar == 'SECUREBOOT_OFF' ? '<span class="label label-danger">'+i18n.t('security.off')+'</span>' :
+    colvar = (colvar == 'SECUREBOOT_UNSUPPORTED' ? '<span class="label label-info">'+i18n.t('security.unsupported')+'</span>' : 
+    colvar = '<span class="label label-default">'+i18n.t('unknown')+'</span>')
+    col.html(colvar)
+}
+
+var formatSecurityExternalBoot = function(colNumber, row){
+    var col = $('td:eq('+colNumber+')', row),
+        colvar = col.text();
+    colvar = colvar == 'EXTERNALBOOT_ON' ? '<span class="label label-danger">'+i18n.t('security.on')+'</span>' :
+    colvar = colvar == 'EXTERNALBOOT_OFF' ? '<span class="label label-success">'+i18n.t('security.off')+'</span>' :
+    colvar = (colvar == 'EXTERNALBOOT_UNSUPPORTED' ? '<span class="label label-info">'+i18n.t('security.unsupported')+'</span>' : 
+    colvar = '<span class="label label-default">'+i18n.t('unknown')+'</span>')
+    col.html(colvar)
+}
+
+var formatASSecurityMode = function(colNumber, row){
+    var col = $('td:eq('+colNumber+')', row),
+        colvar = col.text();
+    colvar = colvar == 'FULL_SECURITY' ? '<span class="label label-success">'+i18n.t('security.full')+'</span>' :
+    colvar = colvar == 'REDUCED_SECURITY' ? '<span class="label label-warning">'+i18n.t('security.reduced')+'</span>' :
+    colvar = colvar == 'PERMISSIVE_SECURITY' ? '<span class="label label-danger">'+i18n.t('security.permissive')+'</span>' :
+    colvar = (colvar == 'SECURITYMODE_UNSUPPORTED' ? '<span class="label label-info">'+i18n.t('security.unsupported')+'</span>' : 
+    colvar = '<span class="label label-default">'+i18n.t('unknown')+'</span>')
+    col.html(colvar)
+}
+
+var formatSecurityActivationLock = function(colNumber, row){
+    var col = $('td:eq('+colNumber+')', row),
+        colvar = col.text();
+    colvar = colvar == 'activation_lock_enabled' ? '<span class="label label-danger">'+i18n.t('enabled')+'</span>' :
+    colvar = colvar == 'activation_lock_disabled' ? '<span class="label label-success">'+i18n.t('disabled')+'</span>' :
+    colvar = (colvar == 'not_supported' ? '<span class="label label-info">'+i18n.t('security.unsupported')+'</span>' : 
+    colvar = '<span class="label label-default">'+i18n.t('unknown')+'</span>')
+    col.html(colvar)
+}

locales/en.json

@@ -1,20 +1,26 @@
 {
     "ard_groups": "ARD Groups",
     "ard_users": "ARD Users",
+    "activation_lock_status": "Activation Lock Status",
     "block_all": "Block All",
     "firewall_state": "Firewall State",
+    "filevault_status": "FileVault Status",
+    "filevault_users": "FileVault Users",
     "firmwarepw": "Firmware Password",
     "full": "Full",
     "gatekeeper": "Gatekeeper Status",
     "gatekeeper_active": "Gatekeeper Active",
     "gatekeeper_disabled": "Gatekeeper Disabled",
     "medium": "Medium",
+    "permissive": "Permissive",
     "off": "Off",
     "on": "On",
+    "reduced": "Reduced",
     "report": "Security Report",
     "root_user": "Root User",
     "root_user_status": "Root User Status",
     "security": "Security",
+    "security_mode": "Security Mode",
     "sip": "SIP Status",
     "sip_active": "SIP Active",
     "sip_disabled": "SIP Disabled",

migrations/2021_04_13_000001_security_add_activation_lock.php

@@ -0,0 +1,27 @@
+<?php
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Capsule\Manager as Capsule;
+
+class SecurityAddActivationLock extends Migration
+{
+    private $tableName = 'security';
+
+    public function up()
+    {
+        $capsule = new Capsule();
+        $capsule::schema()->table($this->tableName, function (Blueprint $table) {
+          $table->string('activation_lock')->default('')->nullable();
+          $table->index('activation_lock');
+
+        });
+    }
+
+    public function down()
+    {
+        $capsule = new Capsule();
+        $capsule::schema()->table($this->tableName, function (Blueprint $table) {
+            $table->dropColumn('activation_lock');
+        });
+    }
+}

migrations/2022_08_16_000001_security_add_as_security_mode.php

@@ -0,0 +1,27 @@
+<?php
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Capsule\Manager as Capsule;
+
+class SecurityAddAsSecurityMode extends Migration
+{
+    private $tableName = 'security';
+
+    public function up()
+    {
+        $capsule = new Capsule();
+        $capsule::schema()->table($this->tableName, function (Blueprint $table) {
+          $table->string('as_security_mode')->nullable();
+          $table->index('as_security_mode');
+
+        });
+    }
+
+    public function down()
+    {
+        $capsule = new Capsule();
+        $capsule::schema()->table($this->tableName, function (Blueprint $table) {
+            $table->dropColumn('as_security_mode');
+        });
+    }
+}

migrations/2023_03_23_000001_security_add_filevault_info.php

@@ -0,0 +1,30 @@
+<?php
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Capsule\Manager as Capsule;
+
+class SecurityAddFilevaultInfo extends Migration
+{
+    private $tableName = 'security';
+
+    public function up()
+    {
+        $capsule = new Capsule();
+        $capsule::schema()->table($this->tableName, function (Blueprint $table) {
+          $table->boolean('filevault_status')->nullable();
+          $table->string('filevault_users')->nullable();
+          $table->index('filevault_status');
+          $table->index('filevault_users');
+
+        });
+    }
+
+    public function down()
+    {
+        $capsule = new Capsule();
+        $capsule::schema()->table($this->tableName, function (Blueprint $table) {
+            $table->dropColumn('filevault_status');
+            $table->dropColumn('filevault_users');
+        });
+    }
+}

provides.yml

@@ -0,0 +1,36 @@
+detail_widgets:
+    security_detail:
+        view: security_detail_widget
+listings:
+    security:
+        view: security_listing
+        i18n: security.security
+reports:
+    security:
+        view: security
+        i18n: security.report
+widgets:
+    firmwarepw:
+        view: firmwarepw_widget
+    gatekeeper:
+        view: gatekeeper_widget
+    sip:
+        view: sip_widget
+    firewall_state:
+        view: firewall_state_widget
+    skel_state:
+        view: skel_state_widget
+    root_user:
+        view: root_user_widget
+    ssh_state:
+        view: ssh_state_widget
+    t2_externalboot:
+        view: t2_externalboot_widget
+    t2_secureboot:
+        view: t2_secureboot_widget
+    activation_lock:
+        view: activation_lock_widget
+    security_filevault_status:
+        view: security_filevault_status_widget
+    as_security_mode:
+        view: as_security_mode_widget