osx-config.hjson

/*
    Hjson is the Human JSON format.
    Learn about the specification at: http://hjson.org/
    This must be converted to JSON (e.g. using the `hjson_to_json.py` tool included).
*/

/* syntax:
[
    {
        `description` is a human-readable string describing the configuration being checked; it should be a present-tense statement about a positive security configuration. (REQUIRED FIELD)
        `confidence` indicates subjective estimation of negative side-effects. valid values: "required", "recommended", "experimental". (REQUIRED FIELD)
        `reference` provides a link to where a user can find more information about this configuration, or a citation of where this configuration was taken from. (OPTIONAL FIELD)
        `tests`: // is an ordered array of test objects. (REQUIRED FIELD, should not be empty)
        [
            {
                `type` is "exact match" or "regex match". (REQUIRED FIELD)
                `command` is the command you want to verify the output of (REQUIRED FIELD)
                `command_pass` is the value that `command`'s output should match. If it matches, all tests pass and subsequent tests for this config are not evaluated. (OPTIONAL FIELD)
                `command_fail` is the value that `command`'s output should NOT match. If it matches, all tests fail and subsequent tests for this config are not evaluated. (OPTIONAL FIELD)
                `case_sensitive` is "true" or "false" depending on whether the `command_pass` and/or `command_fail` values are case-sensitive. (REQUIRED FIELD)
            }
        ]
        `fix`: // is a JSON object that specifies how to remediate a broken configuration (REQUIRED FIELD, should not be empty)
        {
            `command` is the command that you use to attempt automatic remediation without sudo privileges. (OPTIONAL FIELD)
            `sudo_command` is the command using sudo privileges that attempts automatic remediation if `command` fails. (OPTIONAL FIELD)
            `manual` is the field that provides manual instructions to be printed to the user at the end of script execution if all automatic fixes fail. (OPTIONAL FIELD)
        }
    }
]
*/
/* NOTES:
    * back-slashes '\' must be escaped with a double black-slash, i.e. '\\'
*/
[
    /* --- BEGIN HOMEBREW SETTINGS --- */
    {
        //Install Homebrew as a useful tool for semi-securely install or updating other tools
        description: "Homebrew is installed."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command:
                    echo $(homebrew_is_installed)
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            //This homebrew script requries sudo privs and so the user of this tool should be alerted as to why she is being prompted for a password
            sudo_command: "/usr/bin/ruby ./scripts/homebrew_install_ed33f044812cc9c509a4d8e6997c44441b06dd4e1fc87f131ee9f319d77fcd50.rb"
            manual:
                '''
                Homebrew is a useful tool for installing and updating programs from the command line.
                There are various things that can go wrong when attempting to install Homebrew.
                Please review their installation guide here:
                https://github.com/Homebrew/brew/blob/master/share/doc/homebrew/Installation.md
                '''
        }
    }
    {
        //Tools installed by Homebrew should be preferred according to the PATH
        //environment variable.
        "description": "Binaries installed to /usr/local/bin are preferred over those in /usr/bin (Note: If this check does not pass, other tests will fail)"
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "bash ./scripts/check_usr_local_bin_pos.sh"
                command_pass: 1
                command_fail: 0
                case_sensitive: false
            }
        ]
        fix:
        {
            //Only "fix" this PATH preference if we haven't already applied the
            //fix to the ~/.profile file. Otherwise, the user will need to
            //restart Terminal in order for this take effect.
            command:
                python ./scripts/set_path_precedence.py "/usr/local/bin" "/usr/bin"
            manual:
                '''
                1. Bring the Terminal application to the foreground if it is not already. You should see the word "Terminal" in the top left corner of your screen.
                2. Select Terminal->Quit
                3. Re-open the Terminal application and run the tool again; this check should now pass.
                '''
        }
    }
    /* ---- END HOMEBREW SETTINGS ---- */

    {
        //JRE is a scourge
        description: "Java Runtime Environment is up to date."
        confidence: recommended
        tests:
        [
            {
                //Pass test if `java` is not installed
                type: "exact match"
                command: java_is_installed
                command_pass: 0
                case_sensitive: false
            }
            {
                //Past test if the latest version available via `brew cask install java` is installed
                type: "exact match"
                command: java -version 2>&1 >/dev/null | grep 'java version'
                command_pass:
                    java version "1.8.0_102"
                case_sensitive: false
            }
        ]
        fix:
        {
            manual:
                '''
                1. Your installation of Java is not up to date. You can either update it or remove it.
                2. To update Java, see: https://www.java.com/en/download/faq/java_mac.xml
                3. To remove Java, see: https://www.java.com/en/download/help/mac_uninstall_java.xml
                '''
        }
    }

    /* --- BEGIN SYSTEM SETTINGS --- */
    {
        //Check if the System Preferences app is closed -- otherwise, it may override changes this app makes.
        description: "The System Preferences application is currently closed."
        confidence: "required"
        reference: "https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/defaults.1.html"
        tests:
        [
            {
                type: "exact match"
                command: "ps ax | grep -c '/Applications/System Preferences.app/Contents/MacOS/System Preferences'"
                command_pass: "2" //a value of "3" means it's running -- the other 2 are `/bin/sh` and the `grep` command.
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                killall "System Preferences" ; sleep 1
        }
    },
    {
        description: "Current user is a non-admin account."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "id -Gn | grep -c -w admin"
                command_pass: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            manual:
                '''
                1. For most of your work, you should be logged into a non-administrator account. If you've already set this up and you're just logged into your admin account in order to run this tool as prescribed, you can ignore this failed test.
                2. To create a new, non-admin user for most of your work: Open System Preferences.
                3. Select "Users & Groups".
                4. If necessary, click the lock icon in the lower left corner and provide your administrator credentials.
                5. Click the "+" to create a new user. Make sure the "Allow user to administer this computer" checkbox is un-checked for that user.
                6. You may also want to add your non-administrator user to a list of users who can use the "sudo" command within the Terminal application to briefly gain administrator-like credentials for special circumstances. See: http://osxdaily.com/2014/02/06/add-user-sudoers-file-mac/
                '''
        }
    },
    {
        //System Preferences->Security & Privacy->Firewall->Turn On Firewall
        //Note: This seems to get overwritten logging out/in. See following, user-specific version.
        description: "The OSX application firewall is enabled (system-wide)."
        confidence: "required"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                //Exempt users who are using Little Snitch
                type: "exact match"
                command: little_snitch_is_installed
                command_pass: 1
                case_sensitive: false
            }
            {
                type: "exact match"
                command: "defaults -currentHost read /Library/Preferences/com.apple.alf globalstate"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write /Library/Preferences/com.apple.alf globalstate -bool true"
            sudo_command: "sudo defaults -currentHost write /Library/Preferences/com.apple.alf globalstate -bool true"
        }
    },
    {
        //System Preferences->Security & Privacy->Firewall->Turn On Firewall
        description: "The OSX application firewall is enabled (current user only)."
        confidence: "required"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                //Exempt users who are using Little Snitch
                type: "exact match"
                command: little_snitch_is_installed
                command_pass: 1
                case_sensitive: false
            }
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.alf globalstate"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.alf globalstate -bool true"
            sudo_command: "sudo defaults -currentHost write ~/Library/Preferences/com.apple.alf globalstate -bool true"
        }
    },
    {
        description: "A password is required to wake the computer from sleep or screen saver (system-wide)."
        confidence: "required"
        reference: "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml"
        tests:
        [
            {
                type: "exact match"
                command: "defaults read /Library/Preferences/com.apple.screensaver askForPassword"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            },
            {
                type: "exact match"
                command: "sudo defaults read /Library/Preferences/com.apple.screensaver askForPassword"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults write /Library/Preferences/com.apple.screensaver askForPassword -bool true"
            sudo_command: "sudo defaults write /Library/Preferences/com.apple.screensaver askForPassword -bool true"
        }
    },
    {
        description: "A password is required to wake the computer from sleep or screen saver (current user only)."
        confidence: "required"
        reference: "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml"
        tests:
        [
            {
                type: "exact match"
                command: "defaults read ~/Library/Preferences/com.apple.screensaver askForPassword"
                command_pass: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults write ~/Library/Preferences/com.apple.screensaver askForPassword -bool true"
        }
    },
    {
        //System Preferences->Security & Privacy->General->Require password [time interval]
        description: "There is no delay between starting the screen saver and locking the machine (system-wide)."
        confidence: "required"
        reference: "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read /Library/Preferences/com.apple.screensaver askForPasswordDelay"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            },
            {
                type: "exact match"
                command: "sudo defaults -currentHost read /Library/Preferences/com.apple.screensaver askForPasswordDelay"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write /Library/Preferences/com.apple.screensaver askForPasswordDelay -bool false"
            sudo_command: "sudo defaults -currentHost write /Library/Preferences/com.apple.screensaver askForPasswordDelay -bool false"
        }
        undo: "defaults -currentHost write /Library/Preferences/com.apple.screensaver askForPasswordDelay -bool true"
    },
    {
        //System Preferences->Security & Privacy->General->Require password [time interval]
        description: "There is no delay between starting the screen saver and locking the machine (current user only)."
        confidence: "required"
        reference: "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.screensaver askForPasswordDelay"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.screensaver askForPasswordDelay -bool false"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.screensaver askForPasswordDelay -bool true"
    },
    {
        description: "Logging is enabled for the operating system."
        confidence: "required"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read /Library/Preferences/com.apple.alf loggingenabled"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"

            }
        ]
        fix:
        {
            command: "defaults -currentHost write /Library/Preferences/com.apple.alf loggingenabled -bool true"
            sudo_command: "sudo defaults -currentHost write /Library/Preferences/com.apple.alf loggingenabled -bool true"
        }
    },
    {
        description: "Homebrew analytics are disabled."
        confidence: "required"
        reference: "https://github.com/Homebrew/brew/blob/master/share/doc/homebrew/Analytics.md"
        tests:
        [
            {
                type: "exact match"
                //test based on: https://github.com/Homebrew/brew/blob/master/Library/Homebrew/utils/analytics.sh
                command: "[[ -n $HOMEBREW_NO_ANALYTICS ]] && echo 1 || echo 0"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "grep -q 'export HOMEBREW_NO_ANALYTICS=1' ~/.profile || echo 'export HOMEBREW_NO_ANALYTICS=1' >> ~/.profile ; source ~/.profile"
            manual:
                '''
                1. Bring the Terminal application to the foreground if it is not already. You should see the word "Terminal" in the top left corner of your screen.
                2. Select Terminal->Quit
                3. Re-open the Terminal application and run the tool again; this check should now pass.
                '''
        }
    },
    {
        //System Preferences->Security & Privacy->Firewall->Firewall Options...->Enable Stealth Mode
        //Note: This seems to get overwritten logging out/in. See following, user-specific version.
        description: "Stealth mode is enabled for OSX: Computer does not respond to ICMP ping requests or connection attempts from a closed TCP/UDP port. (system-wide)"
        confidence: "recommended"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read /Library/Preferences/com.apple.alf stealthenabled"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults write /Library/Preferences/com.apple.alf stealthenabled -bool true"
            sudo_command: "sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -bool true"
        }
        undo: "sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -bool false"
    },
    {
        //System Preferences->Security & Privacy->Firewall->Firewall Options...->Enable Stealth Mode
        description: "Stealth mode is enabled for OSX: Computer does not respond to ICMP ping requests or connection attempts from a closed TCP/UDP port. (current user only)"
        confidence: "recommended"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.alf stealthenabled"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults write ~/Library/Preferences/com.apple.alf stealthenabled -bool true"
            sudo_command: "sudo defaults write /Library/Preferences/com.apple.alf stealthenabled -bool true"
        }
        undo: "defaults write ~/Library/Preferences/com.apple.alf stealthenabled -bool false"
    },
    {
        //System Preferences->Security & Privacy->Firewall->Firewall Options...->Automatically allow signed software to receive incoming connections
        description: "Automatic whitelisting of Apple-signed applications through the firewall is disabled (system-wide)."
        confidence: "required"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read /Library/Preferences/com.apple.alf allowsignedenabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write /Library/Preferences/com.apple.alf allowsignedenabled -bool false"
            sudo_command: "sudo defaults -currentHost write /Library/Preferences/com.apple.alf allowsignedenabled -bool false"
        }
        undo: "sudo defaults -currentHost write /Library/Preferences/com.apple.alf allowsignedenabled -bool true"
    },
    {
        //System Preferences->Security & Privacy->Firewall->Firewall Options...->Automatically allow signed software to receive incoming connections
        description: "Automatic whitelisting of Apple-signed applications through the firewall is disabled (current user only)."
        confidence: "required"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.alf allowsignedenabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.alf allowsignedenabled -bool false"
        }
        undo: "sudo defaults -currentHost write /Library/Preferences/com.apple.alf allowsignedenabled -bool true"
    },
    {
        description: "Captive portal for connecting to new networks is disabled to prevent MITM attacks."
        confidence: "required"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read /Library/Preferences/SystemConfiguration/com.apple.captive.control Active"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write /Library/Preferences/SystemConfiguration/com.apple.captive.control Active -bool false"
            sudo_command: "sudo defaults -currentHost write /Library/Preferences/SystemConfiguration/com.apple.captive.control Active -bool false"
        }
        undo: "sudo defaults -currentHost write /Library/Preferences/SystemConfiguration/com.apple.captive.control Active -bool true"
    },
    {
        description: "OpenSSL is up to date."
        confidence: "required"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                type: "exact match"
                command: "openssl version"
                command_pass: "OpenSSL 1.0.2h  3 May 2016"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "brew update ; brew install openssl ; brew upgrade openssl ; bash ./scripts/set_openssl_latest_path.sh"
            manual:
                '''
                1. Bring the Terminal application to the foreground if it is not already. You should see the word "Terminal" in the top left corner of your screen.
                2. Select Terminal->Quit
                3. Re-open the Terminal application and run the tool again; this check should now pass.
                '''
        }
    },
    {
        description: "Hidden files are displayed in Finder."
        confidence: "recommended"
        reference: "http://lifehacker.com/the-best-hidden-settings-you-can-unlock-with-os-xs-ter-1476627111"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read /Library/Preferences/SystemConfiguration/com.apple.finder AppleShowAllFiles"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write /Library/Preferences/SystemConfiguration/com.apple.finder AppleShowAllFiles -bool true && killall Dock"
            sudo_command: "sudo defaults -currentHost write /Library/Preferences/SystemConfiguration/com.apple.finder AppleShowAllFiles -bool true && killall Dock"
        }
        undo: "defaults -currentHost write /Library/Preferences/SystemConfiguration/com.apple.finder AppleShowAllFiles -bool false && killall Dock"
    },
    {
        description: "All application software is currently up to date."
        confidence: "required"
        reference: "https://github.com/SummitRoute/osxlockdown/"
        tests:
        [
            {
                type: "exact match"
                command:
                    LASTUPDATE=$(defaults read /Library/Preferences/com.apple.SoftwareUpdate | grep LastSuccessfulDate | sed -e 's@^.* "\([0-9\\-]*\) .*$@\1@'); if [ "$LASTUPDATE" = "$(date +%Y-%m-%d)" ];then echo 1 && exit; fi; echo 0 && exit
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "softwareupdate -i -a"
            sudo_command: "sudo softwareupdate -i -a"
        }
    },
    {
        //System Preferences: App Store: Automatically check for updates
        description: "Automatic check for software updates is enabled."
        confidence: "required"
        reference: "https://github.com/SummitRoute/osxlockdown/"
        tests:
        [
            {
                type: "exact match"
                command: "sudo softwareupdate --schedule | grep -i 'Automatic check is on'"
                command_pass: "Automatic check is on"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "softwareupdate --schedule on"
            sudo_command: "sudo softwareupdate --schedule on"
        }
    },
    {
        //System Preferences->Security & Privacy->General->Allow apps downloaded from
        description: "GateKeeper protection against untrusted applications is enabled."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "spctl --status | grep -i 'assessments enabled'"
                command_pass: "assessments enabled"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "spctl --master-enable"
            sudo_command: "sudo spctl --master-enable"
        }
        undo: "sudo spctl --master-disable"
    },
    {
        //System Preferences->Bluetooth->Turn Bluetooth Off
        description: "Bluetooth is disabled."
        confidence: "experimental"
        tests:
        [
            {
                type: "exact match"
                command: "defaults read /Library/Preferences/com.apple.Bluetooth ControllerPowerState"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            },
            {
                type: "exact match"
                command: "sudo defaults read /Library/Preferences/com.apple.Bluetooth ControllerPowerState"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -bool false; killall -HUP blued"
            sudo_command: "sudo defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -bool false; sudo killall -HUP blued"
        }
        undo: "defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -bool true; killall -HUP blued"
    },
    {
        description: "The infrared receiver is disabled."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "defaults read /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            },
            {
                type: "exact match"
                command: "sudo defaults read /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults write /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled -bool false"
            sudo_command: "sudo defaults write /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled -bool false"
        }
        undo: "defaults write /Library/Preferences/com.apple.driver.AppleIRController DeviceEnabled -bool true"
    },
    {
        description: "AirDrop file sharing is disabled."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "defaults read com.apple.NetworkBrowser DisableAirDrop"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            },
            {
                type: "exact match"
                command: "sudo defaults read com.apple.NetworkBrowser DisableAirDrop"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults_write_ignore_missing com.apple.NetworkBrowser DisableAirDrop -bool true"
        }
        undo: "defaults write com.apple.NetworkBrowser DisableAirDrop -bool false"
    },

        /* Begin: System Preferences->Sharing */
    {
        //System Preferences->Sharing->File Sharing
        description: "File sharing is disabled."
        confidence: "recommended"
        reference: "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml"
        tests:
        [
            {
                type: "exact match"
                command:
                    if [ -n "$(launchctl list | egrep AppleFileServer)" ]; then exit 1; fi; if [ -n "$(grep -i array /Library/Preferences/SystemConfiguration/com.apple.smb.server.plist)" ]; then echo 1; exit; fi; echo 0; exit
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "launchctl unload -w /System/Library/LaunchDaemons/com.apple.AppleFileServer.plist; launchctl unload -w /System/Library/LaunchDaemons/com.apple.smbd.plist"
        }
    },
    {
        //System Preferences->Sharing->Printer Sharing
        description: "Printer sharing is disabled."
        confidence: "required"
        reference: "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml"
        tests:
        [
            {
                type: "exact match"
                command:
                    if [ -n "$(system_profiler SPPrintersDataType | grep Shared | grep Yes)" ]; then echo 1; exit; fi; if [ -n "$(system_profiler SPPrintersDataType | grep 'System Printer Sharing: Yes')" ]; then echo 1; exit; fi; echo 0; exit
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "cupsctl --no-share-printers"
        }
    },
    {
        //System Preferences->Sharing->Remote Login
        description: "Remote login is disabled."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "systemsetup -getremotelogin"
                command_pass: "Remote Login: Off"
                case_sensitive: "false"
            },
            {
                type: "exact match"
                command: "sudo systemsetup -getremotelogin"
                command_pass: "Remote Login: Off"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "systemsetup -f -setremotelogin off"
            sudo_command: "sudo systemsetup -f -setremotelogin off"
        }
        undo: "sudo systemsetup -f -setremotelogin on"
    },
    {
        //System Preferences->Sharing->Remote Management
        description: "Remote Management is disabled."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command:
                    if [ -n "$(ps -ef | egrep "/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/[A]RDAgent")" ]; then echo 1; exit; fi; echo 0; exit
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop"
            sudo_command: "sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop"
        }
    },
    {
        //System Preferences->Sharing->Remote Apple Events
        //See: https://support.apple.com/kb/PH18721?locale=en_US
        description: "Remote Apple events are disabled."
        confidence: "required"
        reference: "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml"
        tests:
        [
            {
                type: "exact match"
                command: "systemsetup -getremoteappleevents"
                command_pass: "Remote Apple Events: Off"
                case_sensitive: "false"
            },
            {
                type: "exact match"
                command: "sudo systemsetup -getremoteappleevents"
                command_pass: "Remote Apple Events: Off"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "systemsetup -setremoteappleevents off"
            sudo_command: "systemsetup -setremoteappleevents off"
        }
        undo: "sudo systemsetup -setremoteappleevents on"

    },
    {
        //System Preferences->Sharing->Internet Sharing
        description: "Internet Sharing is disabled on all network interfaces."
        confidence: "required"
        reference: "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml"
        tests:
        [
            {
                type: "exact match"
                command: "defaults read /Library/Preferences/SystemConfiguration/com.apple.nat NAT | grep -c 'Enabled = 1'"
                command_pass: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add Enabled -bool false"
            sudo_command: "sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict-add Enabled -bool false"
        }
    },
        /* End: System Preferences->Sharing */
    {
        //System Preferences->Energy Saver->Wake for network access
        description: "Wake on Network Access feature is disabled."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "systemsetup getwakeonnetworkaccess"
                command_pass: "Wake On Network Access: Off"
                case_sensitive: "false"
            },
            {
                type: "exact match"
                command: "sudo systemsetup getwakeonnetworkaccess"
                command_pass: "Wake On Network Access: Off"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "systemsetup -setwakeonnetworkaccess off"
            sudo_command: "sudo systemsetup -setwakeonnetworkaccess off"
        }
        undo: "sudo systemsetup -setwakeonnetworkaccess on"
    },
    {
        //Disables NTPd. There are definitely some downsides to this; some security software requires synchronized clocks, so this increases the risk of getting out of sync. I think most of this software will fail-safe, though. Disabling this has various benefits. See discussion here: https://github.com/SummitRoute/osxlockdown/issues/18
        description: "Automatic setting of time and date is disabled."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "systemsetup getusingnetworktime"
                command_pass: "Network Time: Off"
                command_fail: "Network Time: On"
                case_sensitive: "false"
            },
            {
                type: "exact match"
                command: "sudo systemsetup getusingnetworktime"
                command_pass: "Network Time: Off"
                command_fail: "Network Time: On"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "systemsetup setusingnetworktime off"
            sudo_command: "sudo systemsetup setusingnetworktime off"
        }
        undo: "sudo systemsetup setusingnetworktime on"
    },
    {
        //There are a number of attacks based on IPv6 use. For the sake of simplicity, it's best to disable it entirely unless it is required. See: https://www.ernw.de/download/ERNW_Hardening_IPv6_MacOS-X_v1_0.pdf
        description: "IPv6 is disabled on all network interfaces."
        confidence: "recommended"
        reference: "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml"
        tests:
        [
            {
                type: "exact match"
                command:
                    networksetup -listallnetworkservices | while read i; do SUPPORT=$(networksetup -getinfo "$i" | grep "IPv6: Automatic") && if [ -n "$SUPPORT" ]; then echo 1; fi; done; echo 0; exit
                command_pass: "0"
                //command_fail would be one or more instances of the character "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                networksetup -listallnetworkservices | while read i; do SUPPORT=$(networksetup -getinfo "$i" | grep "IPv6: Automatic") && if [ -n "$SUPPORT" ]; then networksetup -setv6off "$i"; fi; done;
        }
    },
    {
        description: "An administrator password is required to change system-wide preferences."
        confidence: "required"
        reference: "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml"
        tests:
        [
            {
                type: "exact match"
                command:
                    if [ -n "$(security authorizationdb read system.preferences 2> /dev/null | grep -A1 shared | grep -E '(true|false)' | grep 'false')" ]; then echo 0; else echo 1; fi
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            //TODO: Add warning to user before fix command is run that she will be prompted for her admin credentials. this requires a new field
            command:
                security authorizationdb read system.preferences > /tmp/system.preferences.plist &&/usr/libexec/PlistBuddy -c "Set :shared false" /tmp/system.preferences.plist && security authorizationdb write system.preferences < /tmp/system.preferences.plist
        }
    },
    {
        description: "Documents are not stored to iCloud Drive by default. (May be mistaken if iCloud is disabled)"
        confidence: "required"
        reference: "http://mjtsai.com/blog/2014/10/26/yosemite-uploads-unsaved-documents-and-recent-addresses-to-icloud/"
        tests:
        [
            {
                type: "exact match"
                command: "defaults read NSGlobalDomain NSDocumentSaveNewDocumentsToCloud"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false"
        }
        undo: "defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool true"
    },
    {
        description: "The File Vault key is protected when going to standby mode."
        //Once this set of configurations is proven stable, this can be upgraded from "experimental" to "recommended". We may want to warn the user first that waking will be slower and require authenticating twice.
        confidence: "experimental"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                type: "exact match"
                command: "bash ./scripts/DestroyFVKeyOnStandby_check.sh"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            //Additional configurations are required to make this setting not fight with powernap/standby/autopoweroff. See: https://github.com/drduh/OS-X-Security-and-Privacy-Guide/issues/124
            command: "pmset -a destroyfvkeyonstandby 1 ; pmset -a hibernatemode 25 ; pmset -a powernap 0 ; pmset -a standby 0 ; pmset -a standbydelay 0; pmset -a autopoweroff 0"
            sudo_command: "sudo pmset -a destroyfvkeyonstandby 1 ; sudo pmset -a hibernatemode 25 ; sudo pmset -a powernap 0 ; sudo pmset -a standby 0 ; sudo pmset -a standbydelay 0; sudo pmset -a autopoweroff 0"
        }
    },
    {
        description: "The system will store a copy of memory to persistent storage, and will remove power to memory."
        confidence: "recommended"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                type: "regex match"
                command: "pmset -g"
                command_pass: ".*hibernatemode\\s+25.*"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "pmset -a hibernatemode 25"
            sudo_command: "sudo pmset -a hibernatemode 25"
        }
    },
    {
        description: "git is up to date or is not installed"
        confidence: "required"
        tests:
        [
            {
                type: "regex match"
                command: "git --version"
                command_pass: ".*(command not found|2\\.9\\.3).*"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            //Only "fix" this PATH preference if we haven't already applied the
            //fix to the ~/.profile file. Otherwise, the user will need to
            //restart Terminal in order for this take effect.
            command:
                brew update ; brew install git ; brew upgrade git ; python ./scripts/set_path_precedence.py "/usr/local/bin" "/usr/bin"
            manual:
                '''
                1. Bring the Terminal application to the foreground if it is not already. You should see the word "Terminal" in the top left corner of your screen.
                2. Select Terminal->Quit
                3. Re-open the Terminal application and run the tool again; this check should now pass.
                '''
        }
    },
    {
        description: "Apple Push Notifications are disabled."
        confidence: "recommended"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                type: "regex match"
                command: "launchctl list"
                command_pass: "^((?!com\\.apple\\.apsd).)*$"
                case_sensitive: "false"
            },
            {
                type: "regex match"
                command: "sudo launchctl list"
                command_pass: "^((?!com\\.apple\\.apsd).)*$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "launchctl unload -w /System/Library/LaunchDaemons/com.apple.apsd.plist"
            sudo_command: "sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.apsd.plist"
        }
        undo: "sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.apsd.plist"
    },
    {
        description: "Google DNS servers are used by default on all network interfaces."
        confidence: "recommended"
        tests:
        [
            {
                type: "regex match"
                command: "networksetup listallnetworkservices | grep -v 'An asterisk' | xargs -I{} networksetup -getdnsservers '{}' "
                command_pass: "^(8\\.8\\.8\\.8\\n8\\.8\\.4\\.4\n*)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            sudo_command: sudo bash ./scripts/use_google_dns.sh
        }
    },
    {
        description: "The curl utility is up to date or absent from the system."
        confidence: "required"
        tests:
        [
            {
                type: "regex match"
                command: "curl --version"
                command_pass: ".*(command not found|7\\.50\\.1).*"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                brew update ; brew install curl ; brew upgrade curl ; python ./scripts/set_path_precedence.py "/usr/local/bin" "/usr/bin"
        }
        undo: "brew unlink curl"
    },
    {
        description: "FileVault file system encryption is enabled."
        confidence: "required"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                type: "regex match"
                command: "fdesetup status -verbose"
                command_pass: "^.*FileVault is On.*$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            /*
             * I'm disabling the fixes below for now, because the decryption key
             * that the user should back up is printed to STDOUT. See:
             * https://derflounder.wordpress.com/2013/10/22/managing-mavericks-filevault-2-with-fdesetup/
             * https://github.com/SummitRoute/osxlockdown/blob/master/commands.yaml
             */
            //command: "fdesetup enable"
            //sudo_command: "sudo fdesetup enable"
            manual:
                '''
                1. Open System Preferences.
                2. Select "Security & Privacy"
                3. Select "FileVault".
                4. Click the "Turn On FileVault" button and follow the instructions.
                5. Decline to use iCloud or other Apple accounts for login. Instead, allow it to generate an offline decryption key. Store your decryption key somewhere safe so that you can decrypt your hard drive if something breaks, but prevent your enemies from acquiring yoru decryption key.
                '''
        }
        undo: ""
    },
    {
        description: "FileVault file system encryption is enabled at the root directory."
        confidence: "required"
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide"
        tests:
        [
            {
                type: "regex match"
                command: "fdesetup status -verbose"
                command_pass: "^.*device path \\=\\s+.*$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            manual: "Sorry, no instructions are currently available to remediate this issue."
        }
    },
    {
        //System Preferences->Desktop & Screen Saver->Start after
        description: "The idle timer for screen saver activation is set to 10 minutes or less."
        confidence: "recommended"
        reference: "https://github.com/SummitRoute/osxlockdown/blob/58697f5162fe9e43df7dc9b6b94ffa34b0e11d4f/commands.yaml"
        tests:
        [
            {
                type: "regex match"
                //This is a clever way for polling settings for multiple users from the current logged in user :-)
                command:
                    UUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep "IOPlatformUUID" | sed -e 's/^.*"\(.*\)"$/\1/'`; for i in $(find /Users -type d -maxdepth 1); do PREF=$i/Library/Preferences/ByHost/com.apple.screensaver.$UUID; if [ -e $PREF.plist ]; then TIMEOUT=$(defaults read $PREF.plist idleTime) && if [ $TIMEOUT -eq 0 ] || [ $TIMEOUT -gt 600 ]; then echo 1; fi; else echo 0; fi; done;
                command_pass: "^(0\n*)+$" //all zeroes
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                UUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep "IOPlatformUUID" | sed -e 's/^.*"\(.*\)"$/\1/'`; for i in $(find /Users -type d -maxdepth 1); do PREF=$i/Library/Preferences/ByHost/com.apple.screensaver.$UUID; if [ -e $PREF.plist ]; then defaults -currentHost write $PREF.plist idleTime -int 600; fi; done
        }
    }
    {
        description: "System Integrity Protection (SIP) is enabled."
        confidence: required
        reference: "https://github.com/drduh/OS-X-Security-and-Privacy-Guide#system-integrity-protection"
        tests:
        [
            {
                //SIP is not available for OS X before 10.11
                //TODO: not sure about 10.12
                type: "exact match"
                command: is_el_capitan
                command_pass: 0
                case_sensitive: false
            }
            {
                type: "exact match"
                command: "csrutil status"
                command_pass: "System Integrity Protection status: enabled."
                case_sensitive: false
            }
        ]
        fix:
        {
            manual:
                '''
                1. SIP should be enabled by default on your El Capitan machine. You must boot into "Recovery OS" in order to use the "csrutil enable" command. See: https://derflounder.wordpress.com/2015/10/01/system-integrity-protection-adding-another-layer-to-apples-security-model/
                '''
        }
    }
    /* ---- END SYSTEM SETTINGS ---- */

    /* ---BEGIN SAFARI BROWSER SETTINGS--- */
    {
        //Check if the Safari app is closed -- otherwise, it may override changes this app makes.
        description: "The Safari application is currently closed."
        confidence: "required"
        reference: "https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/defaults.1.html"
        tests:
        [
            {
                type: "exact match"
                command: "ps ax | grep -c '/Applications/Safari.app/Contents/MacOS/Safari'"
                command_pass: "2" //a value of "3" means it's running -- the other 2 are `/bin/sh` and the `grep` command.
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                killall "Safari" ; sleep 1
        }
    },
    {
        //Safari->Preferences->AutoFill->Credit cards
        description: "Safari will not auto-fill credit card data."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari AutoFillCreditCardData"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari AutoFillCreditCardData -bool false"
        }
    },
    {
        //Safari->Preferences->AutoFill->Using info from my Contacts card
        description: "Safari will not auto-fill your contact data."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari AutoFillFromAddressBook"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari AutoFillFromAddressBook -bool false"
        }
    },
    {
        //Safari->Preferences->AutoFill->Other forms
        description: "Safari will not auto-fill miscellaneous forms."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari AutoFillMiscellaneousForms"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari AutoFillMiscellaneousForms -bool false"
        }
    },
    {
        //Safari->Preferences->AutoFill->User names and passwords
        description: "Safari will not auto-fill usernames or passwords."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari AutoFillPasswords"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari AutoFillPasswords -bool false"
        }
    },
    {
        //Safari->Preferences->General->Open "safe" files after downloading
        description: "Files downloaded in Safari are not automatically opened."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari AutoOpenSafeDownloads"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari AutoOpenSafeDownloads -bool false"
        }
    },
    {
        //Safari->Preferences->Privacy->Cookies and website data->Always block
        description: "Cookies and local storage are always blocked in Safari."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari BlockStoragePolicy"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari BlockStoragePolicy -bool false"
        }
    },
    {
        //Safari->Develop->Disable Extensions
        //Note: Extensions are often a persistence mechanism for browser-based malware.
        description: "Safari extensions are disabled."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari ExtensionsEnabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari ExtensionsEnabled -bool false"
        }
    },
    {
        //Safari->Preferences->Security->Fraudulent sites->Warn when visiting a fraudulent website
        description: "The Safari web browser will warn when visiting known fraudulent websites."
        //I'm setting this to recommended for on the basis that there is like a privacy trade-off
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari WarnAboutFraudulentWebsites"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WarnAboutFraudulentWebsites -bool true"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WarnAboutFraudulentWebsites -bool false"
    },
    {
        //Safari->Preferences->Security->Web Content->Enable JavaScript
        description: "JavaScript is disabled in the Safari web browser."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptEnabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptEnabled -bool false"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptEnabled -bool true"
    },
    {
        description: "JavaScript is disabled in the Safari web browser (Legacy version)."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari WebKitJavaScriptEnabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitJavaScriptEnabled -bool false"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitJavaScriptEnabled -bool true"
    },
    {
        //Safari->Preferences->Security->Web Content->Block pop-up windows
        description: "Pop-up windows are blocked in the Safari web browser."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptCanOpenWindowsAutomatically"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptCanOpenWindowsAutomatically -bool false"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptCanOpenWindowsAutomatically -bool true"
    },
    {
        //Safari->Preferences->Security->Web Content->Block pop-up windows
        description: "Pop-up windows are blocked in the Safari web browser (Legacy version)."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari WebKitJavaScriptCanOpenWindowsAutomatically"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitJavaScriptCanOpenWindowsAutomatically -bool false"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitJavaScriptCanOpenWindowsAutomatically -bool true"
    },
    {
        //Safari->Preferences->Security->Web Content->Allow WebGL
        description: "The WebGL plug-in is disabled in the Safari web browser."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2WebGLEnabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2WebGLEnabled -bool false"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2WebGLEnabled -bool true"
    },
    {
        //Safari->Preferences->Security->Internet plug-ins->Allow Plug-ins
        description: "Plug-ins are disabled in the Safari web browser."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2PluginsEnabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2PluginsEnabled -bool false"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2PluginsEnabled -bool true"
    },
    {
        description: "Plug-ins are disabled in the Safari web browser (Legacy version)."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari WebKitPluginsEnabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitPluginsEnabled -bool false"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitPluginsEnabled -bool true"
    },
    {
        //Safari->Preferences->Security->Internet plug-ins->Plug-in Settings...->When visiting other websites
        description: "Plug-ins are blocked by default in the Safari web browser unless a site is explicitly added to a list of allowed sites."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari PlugInFirstVisitPolicy"
                command_pass: "PlugInPolicyBlock"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari PlugInFirstVisitPolicy PlugInPolicyBlock"
        }
    },
    {
        //Safari->Preferences->Security->Internet plug-ins->Plug-in Settings...->Java->When visiting other websites->Block
        description: "The Java plug-in for Safari web browser is blocked unless a site is explicitly added to a list of allowed sites."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                //Note: dictionary values for PList fields are easier to handle with `PlistBuddy` instead of `defaults`.
                command:
                    /usr/libexec/PlistBuddy -c "Print :ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInFirstVisitPolicy" ~/Library/Preferences/com.apple.Safari.plist
                command_pass: "PlugInPolicyBlock"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                /usr/libexec/PlistBuddy -c "Add :ManagedPlugInPolicies dict" ~/Library/Preferences/com.apple.Safari.plist ; /usr/libexec/PlistBuddy -c "Add :ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin dict" ~/Library/Preferences/com.apple.Safari.plist ; /usr/libexec/PlistBuddy -c "Add :ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInFirstVisitPolicy string PlugInPolicyBlock" ~/Library/Preferences/com.apple.Safari.plist; /usr/libexec/PlistBuddy -c "Set :ManagedPlugInPolicies:com.oracle.java.JavaAppletPlugin:PlugInFirstVisitPolicy PlugInPolicyBlock" ~/Library/Preferences/com.apple.Safari.plist
        }
    },
    {
        //Safari->Preferences->Security->Internet plug-ins->Plug-in Settings...->Java
        description: "The Java plug-in is disabled in the Safari web browser."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabled -bool false"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabled -bool true"
    },
    {
        //This appears to be an old method circa 2009 for disabling Java. See: http://alblue.bandlem.com/2009/05/disabling-java-in-webkit.html
        description: "The Java plug-in is disabled in the Safari web browser (Legacy version)."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari WebKitJavaEnabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitJavaEnabled -bool false"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitJavaEnabled -bool true"
    },
    {
        //Safari->Develop->Treat SHA-1 Certificates as Insecure
        description: "The Safari web browser is configured to treat SHA-1 certificates as insecure."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari TreatSHA1CertificatesAsInsecure"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari TreatSHA1CertificatesAsInsecure -bool true"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari TreatSHA1CertificatesAsInsecure -bool false"
    },
    {
        //Safari->Preferences->Search->Preload Top Hit in the background
        description: "The Safari web browser will not pre-load webpages that rank highly as search matches."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari PreloadTopHit"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari PreloadTopHit -bool false"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari PreloadTopHit -bool true"
    },
    {
        //Safari->Preferences->Search->Search engine->Include search engine suggestions
        description: "The Safari web browser will not include search engine suggestions for text typed in the location bar."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari SuppressSearchSuggestions"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari SuppressSearchSuggestions -bool true"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari SuppressSearchSuggestions -bool false"
    },
    {
        //Safari->Preferences->Search->Smart Search Field->Include Safari Suggestions
        description: "The Safari web browser's search suggestions are disabled."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari UniversalSearchEnabled"
                command_pass: "0"
                command_fail: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari UniversalSearchEnabled -bool false"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari UniversalSearchEnabled -bool true"
    },
    {
        //Safari->Preferences->Privacy->Website tracking->Ask websites not to track me
        description: "The Safari web browser uses the Do-Not-Track HTTP header."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari SendDoNotTrackHTTPHeader"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari SendDoNotTrackHTTPHeader -bool true"
        }
        undo: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari SendDoNotTrackHTTPHeader -bool false"
    },
    {
        description: "PDF viewing is disabled in the Safari web browser."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari WebKitOmitPDFSupport"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari WebKitOmitPDFSupport -bool true"
        }
        undo: ""
    },
    {
        //Safari->Preferences->Advanced->Smart Search Field->Show full website address
        //This might help prevent phishing attacks
        description: "Full website addresses are displayed in the location bar of the Safari web browser."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Preferences/com.apple.Safari ShowFullURLInSmartSearchField"
                command_pass: "1"
                command_fail: "0"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Preferences/com.apple.Safari ShowFullURLInSmartSearchField -bool true"
        }
        undo: defaults -currentHost write ~/Library/Preferences/com.apple.Safari ShowFullURLInSmartSearchField -bool false"
    },
    /* ----END SAFARI BROWSER SETTINGS---- */

    /* ---BEGIN APPLE MAIL SETTINGS--- */
    {
        //Check if the Mail app is closed -- otherwise, it may override changes this app makes.
        description: "The Mail application is currently closed."
        confidence: required
        reference: "https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/defaults.1.html"
        tests:
        [
            {
                type: "exact match"
                command: "ps ax | grep -c '/Applications/Mail.app/Contents/MacOS/Mail'"
                command_pass: 2 //a value of "3" means it's running -- the other 2 are `/bin/sh` and the `grep` command.
                case_sensitive: false
            }
        ]
        fix:
        {
            command:
                killall "Mail" ; sleep 1
        }
    },
    {
        //Mail->Preferences->Viewing->Load remote content in messages
        description: "Apple Mail does not automatically load remote content in e-mails."
        confidence: recommended
        tests:
        [
            {
                //If Apple Mail is not in use by the user, this test passes
                type: "exact match"
                command: apple_mail_in_use
                command_pass: 0
                case_sensitive: false
            }
            {
                type: "exact match"
                command: "defaults read ~/Library/Preferences/com.apple.mail-shared DisableURLLoading"
                command_pass: 1
                command_fail: 0
                case_sensitive: false
            }
        ]
        fix:
        {
            command: "defaults write ~/Library/Preferences/com.apple.mail-shared DisableURLLoading -bool true"
        }
        undo: "defaults write ~/Library/Preferences/com.apple.mail-shared DisableURLLoading -bool false"
    },
    {
        //Mail->Preferences->Junk Mail->Enable junk mail filtering AND When junk mail arrives: Move it to the Junk mailbox
        description: "Mail identified by Apple Mail as junk is sent to the Junk mailbox."
        confidence: recommended
        tests:
        [
            {
                //If Apple Mail is not in use by the user, this test passes
                type: "exact match"
                command: apple_mail_in_use
                command_pass: 0
                case_sensitive: false
            }
            {
                type: "exact match"
                command: "defaults -currentHost read ~/Library/Containers/com.apple.mail/Data/Library/Preferences/com.apple.mail JunkMailBehavior"
                command_pass: 2
                case_sensitive: false
            }
        ]
        fix:
        {
            command: "defaults -currentHost write ~/Library/Containers/com.apple.mail/Data/Library/Preferences/com.apple.mail JunkMailBehavior -int 2"
        }
    },
    {
        description: "GPGMail is in use."
        confidence: recommended
        tests:
        [
            {
                type: "exact match"
                command: gpg_mail_in_use
                command_pass: 1
                command_fail: 0
                case_sensitive: false
            }
        ]
        fix:
        {
            manual:
                '''
                1. Visit https://gpgtools.org/ and install GPG Suite. This tool can be used to encrypted and sign emails sent to other PGP users.
                '''
        }
    }
    {
        //Mail->Preferences->GPGMail->Composing->Encrypt new messages by default
        description: "New e-mails composed in Apple Mail are encrypted by GPGMail if the receiver's PGP is present in the keychain."
        confidence: recommended
        tests:
        [
            {
                //If Apple Mail is not in use by the user, this test passes
                type: "exact match"
                command: apple_mail_in_use
                command_pass: 0
                case_sensitive: false
            }
            {
                //If GPG Mail is not in use by the user, this test passes
                type: "exact match"
                command: gpg_mail_in_use
                command_pass: 0
                case_sensitive: false
            }
            {
                type: "exact match"
                command: "defaults read ~/Library/Preferences/org.gpgtools.gpgmail EncryptNewEmailsByDefault"
                command_pass: 1
                command_fail: 0
                case_sensitive: false
            }
        ]
        fix:
        {
            command: "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist EncryptNewEmailsByDefault -bool true"
        }
        undo: "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist EncryptNewEmailsByDefault -bool false"
    },
    {
        //Mail->Preferences->GPGMail->Composing->Encrypt drafts
        description: "New e-mails composed in Apple Mail and saved as drafts are encrypted by GPGMail."
        confidence: required
        tests:
        [
            {
                //If Apple Mail is not in use by the user, this test passes
                type: "exact match"
                command: apple_mail_in_use
                command_pass: 0
                case_sensitive: false
            }
            {
                //If GPG Mail is not in use by the user, this test passes
                type: "exact match"
                command: gpg_mail_in_use
                command_pass: 0
                case_sensitive: false
            }
            {
                type: "exact match"
                command: "defaults read ~/Library/Preferences/org.gpgtools.gpgmail OptionallyEncryptDrafts"
                command_pass: 1
                command_fail: 0
                case_sensitive: false
            }
        ]
        fix:
        {
            command: "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist OptionallyEncryptDrafts -bool true"
        }
        undo: "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist OptionallyEncryptDrafts -bool false"
    },
    {
        //Mail->Preferences->GPGMail->Composing->Sign new messages by default
        description: "New e-mails composed in Apple Mail are signed by GPGMail."
        confidence: required
        tests:
        [
            {
                //If Apple Mail is not in use by the user, this test passes
                type: "exact match"
                command: apple_mail_in_use
                command_pass: 0
                case_sensitive: false
            }
            {
                //If GPG Mail is not in use by the user, this test passes
                type: "exact match"
                command: gpg_mail_in_use
                command_pass: 0
                case_sensitive: false
            }
            {
                type: "exact match"
                command: "defaults read ~/Library/Preferences/org.gpgtools.gpgmail SignNewEmailsByDefault"
                command_pass: 1
                command_fail: 0
                case_sensitive: false
            }
        ]
        fix:
        {
            command: "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist SignNewEmailsByDefault -bool true"
        }
        undo: "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist SignNewEmailsByDefault -bool false"
    },
    {
        //Mail->Preferences->GPGMail->Updates->Automatically check for updates
        description: "Apple Mail automatically checks for updates to GPGMail."
        confidence: required
        tests:
        [
            {
                //If Apple Mail is not in use by the user, this test passes
                type: "exact match"
                command: apple_mail_in_use
                command_pass: 0
                case_sensitive: false
            }
            {
                //If GPG Mail is not in use by the user, this test passes
                type: "exact match"
                command: gpg_mail_in_use
                command_pass: 0
                case_sensitive: false
            }
            {
                type: "exact match"
                command: "defaults read ~/Library/Preferences/org.gpgtools.gpgmail SUEnableAutomaticChecks"
                command_pass: 1
                command_fail: 0
                case_sensitive: false
            }
        ]
        fix:
        {
            command: "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist SUEnableAutomaticChecks -bool true"
        }
        undo: "defaults write ~/Library/Preferences/org.gpgtools.gpgmail.plist SUEnableAutomaticChecks -bool false"
    },
    /* ----END APPLE MAIL SETTINGS---- */

    /* ---BEGIN GOOGLE CHROME SETTINGS--- */
    {
        //Check if the Chrome app is closed -- otherwise, it may override changes this app makes.
        description: "The Google Chrome browser is currently closed."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "exact match"
                command: "ps ax | grep -c 'Google Chrome.app'"
                command_pass: 2 //a value of "3" or higher means it's running -- the first 2 are `/bin/sh` and the `grep` command.
                case_sensitive: false
            }
        ]
        fix:
        {
            command:
                killall "Google Chrome" ; sleep 3
        }
    },
    {
        //Chrome->Preferences->Show Advanced Settings->Privacy->Use a web service to help resolve navigation errors
        description: "All Google Chrome web browser profiles prevent information leakage through navigation errors."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' alternate_error_pages.enabled
                command_pass: "^(False\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' alternate_error_pages.enabled -bool false
        }
    },
    {
        //Chrome->Preferences->Show Advanced Settings->Privacy->Use a prediction service to help complete searches and URLs typed in the address bar or the app launcher
        description: "All Google Chrome web browser profiles prevent information leakage through URL suggestions."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' search.suggest_enabled
                command_pass: "^(False\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python  ./scripts/chrome_defaults.py write '{}' search.suggest_enabled -bool false
        }
    },
    {
        //Chrome->Preferences->Show Advanced Settings->Privacy->Use a prediction service to load pages more quickly
        description: "All Google Chrome web browser profiles prevent information leakage through network prediction."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' net.network_prediction_options
                command_pass: "^(2\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' net.network_prediction_options -int 2
        }
    },
    {
        //Chrome->Preferences->Show Advanced Settings->Privacy->Automatically report details of possible security incidents to Google
        description: "All Google Chrome web browser profiles prevent information leakage by blocking security incidents reports to Google."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' safebrowsing.extended_reporting_enabled
                command_pass: "^(False\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' safebrowsing.extended_reporting_enabled -bool false
        }
    },
    {
        //Another potentially controversial setting: Enabling Google Safe Browsing. My guess is that, on the whole, this will make machines more secure than it makes them insecure, but it's worth pointing out that there are privacy leaks and that there are allegations of NSA exploitation targeting using this feature. See reference field below.
        //Chrome->Preferences->Show Advanced Settings->Privacy->Protect you and your device from dangerous sites
        description: "All Google Chrome web browser profiles have Google Safe Browsing enabled."
        confidence: "recommended"
        reference: "https://en.wikipedia.org/wiki/Google_Safe_Browsing"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' safebrowsing.enabled
                command_pass: "^(True\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' safebrowsing.enabled -bool true
        }
    },
    {
        //Chrome->Preferences->Show Advanced Settings->Privacy->Use a web service to help resolve spelling errors
        description: "All Google Chrome web browser profiles prevent information leakage through spell-checking network services."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' spellcheck.use_spelling_service
                command_pass: "^(False\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' spellcheck.use_spelling_service -bool false
        }
    },
    {
        //Chrome->Preferences->Show Advanced Settings->Privacy->Automatically send usage statistics and crash reports to Google
        description: "All Google Chrome web browser profiles prevent information leakage through reporting usage statistics to Google."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    if [ -e "$(ls ~/Library/Application\ Support/Google/Chrome/Consent\ To\ Send\ Stats)" ]; then echo "True"; exit; fi ; echo $(python ./scripts/chrome_defaults.py read ~/Library/Application\ Support/Google/Chrome/Local\ State user_experience_metrics.reporting_enabled)
                command_pass: ".*False$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                rm ~/Library/Application\ Support/Google/Chrome/Consent\ To\ Send\ Stats ; python ./scripts/chrome_defaults.py write "$(ls ~/Library/Application\ Support/Google/Chrome/Local\ State)" user_experience_metrics.reporting_enabled -bool false
        }
    },
    {
        //Chrome->Preferences->Show Advanced Settings->Privacy->Send a "Do Not Track" request with your browsing traffic
        description: "All Google Chrome web browser profiles use the Do-Not-Track HTTP header."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                //This check should short-circuit and match the regex if Chrome is not installed
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' enable_do_not_track
                command_pass: "^(True\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' enable_do_not_track -bool true
        }
    },
    {
        //Chrome->Preferences->Show Advanced Settings->Privacy->Content Settings->Pop-ups->Do not allow any site to show pop-ups (recommended)
        description: "All Google Chrome web browser profiles prevent pop-ups."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' profile.default_content_setting_values.popups
                command_pass:
                    ^((The attribute 'profile.default_content_setting_values.popups' does not exist in '[^']+'\.\n?)|(None\n?))+$
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py delete '{}' profile.default_content_setting_values.popups
        }
    },
    {
        //Chrome->Preferences->Show Advanced Settings->Privacy->Content Settings->Location->Do not allow any site to track your physical location
        description: "All Google Chrome web browser profiles prevent geolocation by websites."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' profile.default_content_setting_values.geolocation
                command_pass: "^(2\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' profile.default_content_setting_values.geolocation -int 2
        }
    },
    {
        //Users should be strongly discouraged from using NPAPI plugins; see reference. My concern here is that the current warning message in Chrome is not sufficiently scary that merely prompting the user to approve access will allow the average user to make a good security choice, so I'm recommending that unsandboxed plugins be blocked completely.
        //Chrome->Preferences->Show Advanced Settings->Privacy->Content Settings->Unsandboxed plugin access->Do not allow any sites to use a plugin to access your computer
        description: "All Google Chrome web browser profiles block unsandboxed plug-in software."
        confidence: "recommended"
        reference: "http://superuser.com/questions/654595/adobe-flash-player-ppapi-vs-npapi-in-google-chrome"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' profile.default_content_setting_values.ppapi_broker
                command_pass: "^(2\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' profile.default_content_setting_values.ppapi_broker -int 2
        }
    },
    {
        //Chrome->Preferences->Show Advanced Settings->Passwords and forms->Enable Autofill to fill out web forms in a single click
        description: "All Google Chrome web browser profiles prevent filling personal information into forms automatically."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' autofill.enabled
                command_pass: "^(False\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' autofill.enabled -bool false
        }
    },
    {
        //Possibly controversial, but I'm suggesting that Password Manager in Chrome be disabled in favor of a better one, such as KeePass or LastPass. Passwords stored in Google Password Manager are stored at passwords.google.com and may be availble on unanticipated devices without additional apps or extensions installed.
        //Chrome->Preferences->Show Advanced Settings->Passwords and forms->Offer to save your web passwords.
        description: "All Google Chrome web browser profiles have disabled Password Manager."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' profile.password_manager_enabled
                command_pass: "^(False\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' profile.password_manager_enabled -bool false
        }
    },
    {
        //Chrome->Preferences->Show Advanced Settings->Passwords and forms->Manage passwords->Auto Sign-In
        description: "All Google Chrome web browser profiles have disabled automatic sign-in for stored passwords."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' credentials_enable_autosignin
                command_pass: "^(False\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' credentials_enable_autosignin -bool false
        }
    },
    {
        //Chrome->Preferences->Show Advanced Settings->Google CloudPrint->Show notifications when new printers are detected on network
        description: "All Google Chrome web browser profiles have disabled Google CloudPrint."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' local_discovery.notifications_enabled
                command_pass: "^(False\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' local_discovery.notifications_enabled -bool false
        }
    },
    {
        //Note: I'm not so clear on what 'clear_lso_data_enabled' does. Maybe it should typically be set to true? 'False' is the setting achieved when you disable Flash through the plugins GUI.
        //chrome://plugins/->Adobe Flash Player->Disable
        description: "All Google Chrome web browser profiles block Flash cookies."
        confidence: "required"
        reference: "https://en.wikipedia.org/wiki/Local_shared_object"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' browser.clear_lso_data_enabled
                command_pass: "^(False\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' browser.clear_lso_data_enabled -bool false
        }
    },
    {
        //chrome://plugins/->Adobe Flash Player->Disable
        description: "All Google Chrome web browser profiles have disabled the Chrome Pepper Flash Player plug-in."
        confidence: "required"
        reference: "http://www.newtriks.com/2012/12/01/how-to-disable-the-chrome-pepper-flash-player/"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' browser.pepper_flash_settings_enabled
                command_pass: "^(False\n?)+$"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py write '{}' browser.pepper_flash_settings_enabled -bool false
        }
    },
    {
        //chrome://plugins/->Adobe Flash Player->Disable
        description: "All Google Chrome web browser profiles have disabled the Adobe Shockwave Flash plug-in."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' plugins.plugins_list
                command_pass:
                    ^(\[[^\[]+'enabled': False, 'name': 'Shockwave Flash'[^\]]+\]\n?)+$
                case_sensitive: "false"
            }
        ]
        fix:
        {
            //To simplify syntax, most of this logic has been stored in the "chrome_flash.sh" script
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} ./scripts/chrome_flash.sh '{}'
        }
    },
    {
        //chrome://plugins/->Adobe Flash Player->Disable
        description: "All Google Chrome web browser profiles have disabled the Adobe Flash Player plug-in."
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' plugins.plugins_list
                command_pass:
                    ^(\[[^\[]+'enabled': False, 'name': 'Adobe Flash Player'[^\]]+\]\n?)+$
                case_sensitive: "false"
            }
        ]
        fix:
        {
            //To simplify syntax, most of this logic has been stored in the "chrome_flash.sh" script
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} ./scripts/chrome_flash.sh '{}'
        }
    },
    {
        //chrome://plugins/->Native Client->Disable
        description: "All Google Chrome web browser profiles have disabled the Native Client plug-in."
        confidence: "required"
        reference: "https://developer.chrome.com/native-client"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' plugins.plugins_list
                command_pass:
                    ^(\[[^\[]+'enabled': False, 'name': 'Native Client'[^\]]+\]\n?)+$
                case_sensitive: "false"
            }
        ]
        fix:
        {
            //To simplify syntax, most of this logic has been stored in the "chrome_nativeclient.sh" script
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} bash ./scripts/chrome_nativeclient.sh '{}'
        }
    },
    {
        //chrome://plugins/->Widevine Content Decryption Module->Disable
        description: "All Google Chrome web browser profiles have disabled the Widevine Content Decryption Module plug-in."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "regex match"
                command:
                    find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' plugins.plugins_list
                command_pass:
                    ^(\[[^\[]+'enabled': False, 'name': 'Widevine Content Decryption Module'[^\]]+\]\n?)+$
                case_sensitive: "false"
            }
        ]
        fix:
        {
            //To simplify syntax, most of this logic has been stored in the "chrome_widevine.sh" script
            command:
                find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} bash ./scripts/chrome_widevine.sh '{}'
        }
    },
    {
        //chrome://extensions/->uBlock Origin
        description: "All Google Chrome web browser profiles have enabled the uBlock Origin extension."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "exact match"
                //This style of bash command basically prints "False" and exits any time it detects a problem in any Chrome profile, since we're looking for 100% compliance. We'll create an exception for the default System and Guest profiles, since these are not configurable through the GUI.
                command:
                    DISABLEREASONS=$(find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' extensions.settings.cjpalhdlnbpafiamejdnhcphjbkeiagm.disable_reasons | grep -v "does not exist" | grep -v "not found") ; if [[ -n $DISABLEREASONS ]] ; then echo "False" ; exit ; fi ; BADSTATE=$(find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | grep -v "Guest Profile" | grep -v "System Profile" | xargs -I{} python ./scripts/chrome_defaults.py read '{}' extensions.settings.cjpalhdlnbpafiamejdnhcphjbkeiagm.state | grep -v "1") ; if [[ -n $BADSTATE ]] ; then echo "False" ; fi ; echo "True" ;
                command_pass: "True"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            manual:
                '''
                1. For each of your Chrome profiles, visit https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm in Google Chrome.
                2. Select "Add to Chrome".
                3. Complete any required follow-up steps as instructed on the screen.
                '''
        }
    },
    {
        //chrome://extensions/->Ghostery
        description: "All Google Chrome web browser profiles have enabled the Ghostery extension."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "exact match"
                //This style of bash command basically prints "False" and exits any time it detects a problem in any Chrome profile, since we're looking for 100% compliance. We'll create an exception for the default System and Guest profiles, since these are not configurable through the GUI.
                command:
                    DISABLEREASONS=$(find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' extensions.settings.mlomiejdfkolichcflejclcbmpeaniij.disable_reasons | grep -v "does not exist" | grep -v "not found") ; if [[ -n $DISABLEREASONS ]] ; then echo "False" ; exit ; fi ; BADSTATE=$(find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | grep -v "Guest Profile" | grep -v "System Profile" | xargs -I{} python ./scripts/chrome_defaults.py read '{}' extensions.settings.mlomiejdfkolichcflejclcbmpeaniij.state | grep -v "1") ; if [[ -n $BADSTATE ]] ; then echo "False" ; fi ; echo "True" ;
                command_pass: "True"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            manual:
                '''
                1. For each of your Chrome profiles, visit https://chrome.google.com/webstore/detail/ghostery/mlomiejdfkolichcflejclcbmpeaniij in Google Chrome.
                2. Select "Add to Chrome".
                3. Complete any required follow-up steps as instructed on the screen.
                '''
        }
    },
    {
        //chrome://extensions/->ScriptSafe
        description: "All Google Chrome web browser profiles have enabled the ScriptSafe extension."
        confidence: "experimental"
        tests:
        [
            {
                type: "exact match"
                command: chrome_is_installed
                command_pass: 0
                case_sensitive: false
            },
            {
                type: "exact match"
                //This style of bash command basically prints "False" and exits any time it detects a problem in any Chrome profile, since we're looking for 100% compliance. We'll create an exception for the default System and Guest profiles, since these are not configurable through the GUI.
                command:
                    DISABLEREASONS=$(find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | xargs -I{} python ./scripts/chrome_defaults.py read '{}' extensions.settings.oiigbmnaadbkfbmpbfijlflahbdbdgdf.disable_reasons | grep -v "does not exist" | grep -v "not found") ; if [[ -n $DISABLEREASONS ]] ; then echo "False" ; exit ; fi ; BADSTATE=$(find ~/Library/Application\ Support/Google/Chrome -name "Preferences" -maxdepth 2 | grep -v "Guest Profile" | grep -v "System Profile" | xargs -I{} python ./scripts/chrome_defaults.py read '{}' extensions.settings.oiigbmnaadbkfbmpbfijlflahbdbdgdf.state | grep -v "1") ; if [[ -n $BADSTATE ]] ; then echo "False" ; fi ; echo "True" ;
                command_pass: "True"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            manual:
                '''
                1. For each of your Chrome profiles, visit https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf in Google Chrome.
                2. Select "Add to Chrome".
                3. Complete any required follow-up steps as instructed on the screen.
                '''
        }
    },
    {
        description: "Google Chrome is the default web browser."
        confidence: "recommended"
        tests:
        [
            {
                type: "exact match"
                command:
                    VERSIONER_PERL_PREFER_32_BIT=true perl -MMac::InternetConfig -le 'print +(GetICHelper "http")[1]'
                command_pass: "Google Chrome"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            manual:
                '''
                1. Install Google Chrome if not already installed.
                2. Open System Preferences.
                3. Select "General".
                4. Under "Default web browser", select "Google Chrome".
                '''
        }
    }

    /* ----END GOOGLE CHROME SETTINGS---- */

    /* --- BEGIN COMMON MALWARE DETECTION --- */

    {
        description: "OSX/Keydnap malware is not present."
        confidence: "required"
        reference: "http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/"
        tests:
        [
            {
                type: "exact match"
                command:
                    if [ -e "/Applications/Transmission.app/Contents/Resources/License.rtf" ] ; then echo 1 ; else echo 0 ; fi
                command_fail: 1
                case_sensitive: false
            }
            {
                type: "exact match"
                command:
                    if [ -e "/Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf" ] ; then echo 1 ; else echo 0 ; fi
                command_fail: 1
                case_sensitive: false
            }
            {
                type: "exact match"
                command:
                    if [ -e "$HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd" ] ; then echo 1 ; else echo 0 ; fi
                command_fail: 1
                case_sensitive: false
            }
            {
                type: "exact match"
                command:
                    if [ -e "$HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id" ] ; then echo 1 ; else echo 0 ; fi
                command_fail: 1
                case_sensitive: false
            }
            {
                type: "exact match"
                command:
                    if [ -e "$HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist" ] ; then echo 1 ; else echo 0 ; fi
                command_fail: 1
                case_sensitive: false
            }
            {
                type: "exact match"
                command:
                    if [ -e "/Library/Application Support/com.apple.iCloud.sync.daemon/" ] ; then echo 1 ; else echo 0 ; fi
                command_fail: 1
                case_sensitive: false
            }
            {
                type: "exact match"
                command:
                    if [ -e "/Library/Application Support/com.apple.iCloud.sync.daemon/" ] ; then echo 1 ; else echo 0 ; fi
                command_pass: 0
                command_fail: 1
                case_sensitive: false
            }
        ]
        fix:
        {
            manual:
                '''
                1. One or more of the files associated with the OSX/Keydnap malware was found. Please report this to the authors of osx-config-check via GitHub (https://github.com/kristovatlas/osx-config-check) or Twitter (https://twitter.com/kristovatlas).
                2. Refer to this link: http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/
                '''
        }
    }

    /* ---- END COMMON MALWARE DETECTION ---- */

    /* useful for debugging `sudo_command`
    {
        description: "Can read /private/var/root"
        confidence: "required"
        tests:
        [
            {
                type: "regex match"
                command: "ls /private/var/root"
                command_pass: ".*Library.*"
                case_sensitive: "true"
            },
            {
                type: "regex match"
                command: "sudo ls /private/var/root"
                command_pass: ".*Library.*"
                case_sensitive: "true"
            }
        ]
        fix:
        {
            manual: ""
        }
    }
    */
    /* useful for debugging api.sh
    {
        description: "DEBUG for api.sh"
        confidence: "required"
        tests:
        [
            {
                type: "exact match"
                command:
                    echo $(homebrew_is_installed)
                command_pass: "1"
                case_sensitive: "false"
            }
        ]
        fix:
        {
            manual: "blah"
        }
    }
    */
]