usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 05:53:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

Big Sur Compliance Script Error #222

New Issue
Closed
opened 2026-01-19 18:29:42 +00:00 by michael · 3 comments
michael commented 2026-01-19 18:29:42 +00:00
Owner
Copy Link

Originally created by @paparooky on GitHub.

Summary

generated compliance script for Big Sur cis_lvl1 or lvl2 doesn't run

Steps to reproduce

Verify current git repo
checkout to Big Sur branch
% ./scripts/generate_baseline.py -k cis_lvl1 [or lvl2]
% ./scripts/generate_guidance.py -s -p build/baselines/cis_lvl1 [or 2].yaml
Errors:
Generating configuration profiles...
There are errors in the following files, please correct the .yaml file(s)!
../rules/os/os_terminal_secure_keyboard_enable.yaml
../rules/os/os_terminal_secure_keyboard_enable.yaml
../rules/sysprefs/sysprefs_bluetooth_menu_enable.yaml
../rules/sysprefs/sysprefs_bluetooth_menu_enable.yaml
../rules/sysprefs/sysprefs_wifi_menu_enable.yaml
../rules/sysprefs/sysprefs_wifi_menu_enable.yaml
% sudo ./build/cis_lvl1/cis_lvl1_compliance.sh
Returns:
./build/cis_lvl1/cis_lvl1_compliance.sh:3850: condition expected: $result_value

Operating System version

11.7

Intel or Apple Silicon

VMware VM hosted on Intel Mac
Not seeing this behavior on Catalina or Monterey VMs in the respective branches

What is the current bug behavior?

See steps to produce

What is the expected correct behavior?

No errors in rule .yaml files
Compliance script runs
I have

Relevant logs and/or screenshots

none

Output of checks

See steps to produce

Possible fixes

Originally created by @paparooky on GitHub. ### Summary generated compliance script for Big Sur cis_lvl1 or lvl2 doesn't run ### Steps to reproduce Verify current git repo checkout to Big Sur branch % ./scripts/generate_baseline.py -k cis_lvl1 [or lvl2] % ./scripts/generate_guidance.py -s -p build/baselines/cis_lvl1 [or 2].yaml Errors: Generating configuration profiles... There are errors in the following files, please correct the .yaml file(s)! ../rules/os/os_terminal_secure_keyboard_enable.yaml ../rules/os/os_terminal_secure_keyboard_enable.yaml ../rules/sysprefs/sysprefs_bluetooth_menu_enable.yaml ../rules/sysprefs/sysprefs_bluetooth_menu_enable.yaml ../rules/sysprefs/sysprefs_wifi_menu_enable.yaml ../rules/sysprefs/sysprefs_wifi_menu_enable.yaml % sudo ./build/cis_lvl1/cis_lvl1_compliance.sh Returns: ./build/cis_lvl1/cis_lvl1_compliance.sh:3850: condition expected: $result_value ### Operating System version 11.7 ### Intel or Apple Silicon VMware VM hosted on Intel Mac Not seeing this behavior on Catalina or Monterey VMs in the respective branches ### What is the current *bug* behavior? See steps to produce ### What is the expected *correct* behavior? No errors in rule .yaml files Compliance script runs I have ### Relevant logs and/or screenshots none ### Output of checks See steps to produce ### Possible fixes
michael commented 2026-01-19 18:29:42 +00:00
Author
Owner
Copy Link

@golbiga commented on GitHub:

@paparooky Looks like we had an issue with the yaml in sysprefs_time_server_configure. I've fixed it and tested both cis lvl1 and 2. Please checkout dev_big_sur_issue189 and test it out and see if that resolves your issue. Thanks for reporting the issue.

@golbiga commented on GitHub: @paparooky Looks like we had an issue with the yaml in `sysprefs_time_server_configure`. I've fixed it and tested both cis lvl1 and 2. Please checkout `dev_big_sur_issue189` and test it out and see if that resolves your issue. Thanks for reporting the issue.
michael commented 2026-01-19 18:29:42 +00:00
Author
Owner
Copy Link

@golbiga commented on GitHub:

We updated the big_sur branch. Closing the issue.

@golbiga commented on GitHub: We updated the big_sur branch. Closing the issue.
michael commented 2026-01-19 18:29:42 +00:00
Author
Owner
Copy Link

@paparooky commented on GitHub:

@golbiga That does the trick. Thanks!

@paparooky commented on GitHub: @golbiga That does the trick. Thanks!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#222
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?