Originally introduced in Mac OS X Leopard (10.5.1), the built-in macOS Firewall limits incoming connections on a per-application basis (as opposed to a per-port basis). Disabled by default, this worklet enables the macOS firewall.
Evaluation:
#!/bin/bash
# helper function to check if a command exists
function command_exists {
type "$1" &> /dev/null
}
# only evaluate if the socketfilterfw command is available
if command_exists /usr/libexec/ApplicationFirewall/socketfilterfw; then
# check if the firewall is enabled
/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate | grep -q 'enabled'
# yes? no?
exit $?
fi
# socketfilterfw command is not available, move along
exit 0
Remediation:
#!/bin/bash
# turn the firewall on
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
# how did we do?
exit $?