tis-audit-local-admins icon

tis-audit-local-admins

Paquet d’installation silencieuse pour tis-audit-local-admins

0-1
Build LUTI VirusTotal

tis-audit-local-admins

Ce script vérifie les administrateurs locaux configurés sur le poste en les comparant à une liste blanche (allowed_admins_list).

Il est donc nécessaire de définir au préalable les utilisateurs autorisés dans cette liste.

Tout utilisateur administrateur qui ne figure pas dans cette liste sera signalé lors de l’audit.

  • package: tis-audit-local-admins
  • name: tis-audit-local-admins
  • version: 0-1
  • maintainer: Administrator
  • licence: ©
  • target_os: macos,mac
  • architecture: all
  • signature_date:
  • size: 7.98 Ko

package           : tis-audit-local-admins
version           : 0-1
architecture      : all
section           : base
priority          : optional
name              : tis-audit-local-admins
categories        : 
maintainer        : Administrator
description       : Auditer les administrateurs locaux sous MacOS
depends           : 
conflicts         : 
maturity          : PROD
locale            : 
target_os         : macos,mac
min_wapt_version  : 
sources           : 
installed_size    : 
impacted_process  : 
description_fr    : Auditer les administrateurs locaux sous MacOS
description_pl    : Umożliwia audyt lokalnych administratorów w systemie macOS
description_de    : Ermöglicht die Überprüfung lokaler Administratoren unter macOS
description_es    : Permite auditar los administradores locales en macOS
description_pt    : Permite auditar os administradores locais no macOS
description_it    : Consente di verificare gli amministratori locali su macOS
description_nl    : Maakt het mogelijk om lokale beheerders op macOS te controleren
description_ru    : Позволяет выполнять аудит локальных администраторов в macOS
audit_schedule    : 2h
editor            : 
keywords          : 
licence           : ©
homepage          : 
package_uuid      : 64a054c4-7e33-4f68-9536-d72d991f15d5
valid_from        : 
valid_until       : 
forced_install_on : 
changelog         : 
min_os_version    : 
max_os_version    : 
icon_sha256sum    : 4e424cf16b749d1dff5b232130000cd4b633399ee5dddce76f8d8a95117ae105
signer            : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature_date    : 2026-01-19T16:22:08.000000
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes
signature         : eyc0hR5cEGKwMMuigipNENijnfw85ouV0514kIHXEcy7AUrePpu1EobbZDSXNeEHO85i2QHJxJtmoB0Sra1JyojBjUvBd7eSOAZSBYc552a2q4h38/26QkXBgEYz7kOz7r2zBXayJLo/e6yAAKgBRPce2BU3XP9PRe13z9WzfZva2xGjMH0J6dLon84Uq/wgxyBPkadIBFsPNH4D2PAKh2IzXGI7iQGJ3nTGw2R5TXe/jq/Ny6SB7tK2euiAh/B4cSpXVDEFkzhuSNUdrV9eZPcHpFdnFYil93PBYeFJ2z0NFkO6vO5qI9gA1eZ/y+PLbUQSUoAOOy+g7cQFo2AClg==

# -*- coding: utf-8 -*-
from setuphelpers import *

# Define allowed users in admin group
allowed_admins_list = [
    ### SYSTEM ACCOUNTS
    r'root',
    r'_mbsetupuser',  # System installation assistant
    ### OTHERS
    r'my-admin-user',
    r'my-other-admin-user',
]

def install():
    pass

def audit():
    admins_users = run(r'dscacheutil -q group -a name admin | grep users').split(': ')[1].strip('\n').strip().split(' ')
    unallowed_user_in_admins_group = False
    listerror = []
    admins_dict = {"unallowed": [], "allowed": []}

    for user in admins_users:
        if not user.lower() in allowed_admins_list:
            listerror.append(user)
            admins_dict["unallowed"].append(user)
        else:
            admins_dict["allowed"].append(user)

    print("ADMINS LIST : %s" % ",".join(admins_users))  # Allowed users in admin list
    if listerror:
        print("UNALLOWED ADMINS LIST : %s" % ",".join(listerror))  # Bad users in admin list
        unallowed_user_in_admins_group = True

    WAPT.write_audit_data_if_changed("audit-local-admins-macos", "audit-local-admins-macos", admins_dict)

    if unallowed_user_in_admins_group:
        return "ERROR"

    return "OK"





e08f8bb85879845866306ff7179e8c838df7aca9c47bee9c29175f02f0c9901b : WAPT/README.md
dd36f4c929a06b123e026f2930ebefa747acc9428b321e7b0d17708b3cf39142 : WAPT/README_fr.md
38d056ab130f7bf7c481c12636a4e9959de36561d3dfcbe54c6e3571bc0c1dc3 : WAPT/certificate.crt
42c9e7c53f1b5c9711c085a609ad2527dfbc63a16a71800cf178fac8c5eef133 : WAPT/control
4e424cf16b749d1dff5b232130000cd4b633399ee5dddce76f8d8a95117ae105 : WAPT/icon.png
507fa56d082aae7f910e3b4d11c63714ce6b50093d74ee20e27911f6249e448e : luti.json
a563efff97499ba83a8d9fe37943bb4cd2915e100623c729e932664ead3f6661 : setup.py