Custom Checks

Custom checks allow you to define your own rules using YAML files. This allows you to have your checks for what you deem necessary for your security. These are scoped to your own user account and can't run under sudo.

To enable them, you have to enable an option under Pareto Security preferences and create a folder ParetoSecurity in Documents and add a .yaml file that follows the US NIST specification. Note that each time you make a change or add a new check, you have to restart the app for it to pick up the changes.

For example, if you wanted to create a check that will report when you have outdated brew packages.

id: brew_outdated_packages
title: No Outdated Brew packages
# get list out outaded packages, count lines, if lines are found print 1
check: |
  brew outdated | wc -l | tr -d [:space:] | xargs | awk '{ if ($1 >= 1) {print "1"} else {print "0"}}'
result:
  integer: 0

The above example would have a strange check title, "No Outdated Brew packages are passing." You can add titleOn and titleOff parameters to describe your check better.

id: brew_outdated_packages
titlePass: No Outdated Brew packages found
titleFail: New Brew packages found
# get list out outaded packages, count lines, if lines are found print 1
check: |
  brew outdated | wc -l | tr -d [:space:] | xargs | awk '{ if ($1 >= 1) {print "1"} else {print "0"}}'
result:
  integer: 0

Now, when you would click on the check in Pareto Security, it guides you to this page, which is not ideal. However, you can specify any valid URL as a parameter that would link you to your docs.

id: brew_outdated_packages
titlePass: No Outdated Brew packages found
titleFail: New Brew packages found
url: https://docs.brew.sh/FAQ
# get list out outaded packages, count lines, if lines are found print 1
check: |
  brew outdated | wc -l | tr -d [:space:] | xargs | awk '{ if ($1 >= 1) {print "1"} else {print "0"}}'
result:
  integer: 0

For a lot more examples, check out NIST macOS Security Compliance Project on GitHub.