Originally introduced in Mac OS X Leopard (10.5.1), the built-in macOS Firewall limits incoming connections on a per-application basis (as opposed to a per-port basis). Disabled by default, this worklet enables the macOS firewall.

Evaluation:

#!/bin/bash





# helper function to check if a command exists


function command_exists {


    type "$1" &> /dev/null


}





# only evaluate if the socketfilterfw command is available


if command_exists /usr/libexec/ApplicationFirewall/socketfilterfw; then


    # check if the firewall is enabled


    /usr/libexec/ApplicationFirewall/socketfilterfw  --getglobalstate | grep -q 'enabled'





    # yes? no?


    exit $?


fi





# socketfilterfw command is not available, move along


exit 0

Remediation:

#!/bin/bash





# turn the firewall on


/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on





# how did we do?


exit $?