usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 05:53:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

os_recovery_lock_enable has incorrect key #235

New Issue
Closed
opened 2026-01-19 18:29:45 +00:00 by michael · 0 comments
michael commented 2026-01-19 18:29:45 +00:00
Owner
Copy Link

Originally created by @cipineda on GitHub.

Originally assigned to: @robertgendler on GitHub.

Summary

os_recovery_lock_enable looks for ‘IsRecoveryLockedEnabled’ and should be ‘IsRecoveryLockEnabled’

replace word "Locked" with "Lock"

Steps to reproduce

Run the os_recovery_lock_enable.yaml file

Operating System version

macOS 12.4 (21F79) on M1 processor

What is the current bug behavior?

When running this validation it comes always as a finding even though I have the right profile and key in place.

(What actually happens)
querying the system as follows:
/usr/libexec/mdmclient QuerySecurityInfo | grep IsRecoveryLockEnabled
returns:
IsRecoveryLockEnabled = 1;

running the code in this yaml file:
/usr/libexec/mdmclient QuerySecurityInfo | /usr/bin/grep -c "IsRecoveryLockedEnabled = 1"
returns:
0

What is the expected correct behavior?

the yaml script should return a '1'

Possible fixes

update the yaml code to the following:
/usr/libexec/mdmclient QuerySecurityInfo | /usr/bin/grep -c "IsRecoveryLockEnabled = 1"

Originally created by @cipineda on GitHub. Originally assigned to: @robertgendler on GitHub. <!--- Please read this! Before opening a new issue, make sure to search for keywords in the issues filtered by the "regression" or "bug" label and verify the issue you're about to submit isn't a duplicate. ---> ### Summary os_recovery_lock_enable looks for ‘IsRecoveryLockedEnabled’ and should be ‘IsRecoveryLockEnabled’ replace word "Locked" with "Lock" ### Steps to reproduce Run the os_recovery_lock_enable.yaml file ### Operating System version macOS 12.4 (21F79) on M1 processor ### What is the current *bug* behavior? When running this validation it comes always as a finding even though I have the right profile and key in place. (What actually happens) querying the system as follows: /usr/libexec/mdmclient QuerySecurityInfo | grep IsRecoveryLockEnabled returns: IsRecoveryLockEnabled = 1; running the code in this yaml file: /usr/libexec/mdmclient QuerySecurityInfo | /usr/bin/grep -c "IsRecoveryLockedEnabled = 1" returns: 0 ### What is the expected *correct* behavior? the yaml script should return a '1' ### Possible fixes update the yaml code to the following: /usr/libexec/mdmclient QuerySecurityInfo | /usr/bin/grep -c "IsRecoveryLockEnabled = 1"
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#235
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?