usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

Prevent fixes when not needed #280

New Issue
Closed
opened 2026-01-19 18:29:55 +00:00 by michael · 1 comment
michael commented 2026-01-19 18:29:55 +00:00
Owner
Copy Link

Originally created by @robertgendler on GitHub.

In rules that edit text files, adding

/usr/bin/grep -qE "(regular expression from the check) file/to/change || (current fix)

It will prevent the fix from occurring if not needed

for audit_flags_ad_configure for example
/usr/bin/grep -qE "^flags.*[^-]ad" /etc/security/audit_control || /usr/bin/sed -i.bak '/^flags/ s/$/,ad/' /etc/security/audit_control; /usr/sbin/audit -s

Originally created by @robertgendler on GitHub. In rules that edit text files, adding `/usr/bin/grep -qE "(regular expression from the check) file/to/change || (current fix)` It will prevent the fix from occurring if not needed for audit_flags_ad_configure for example `/usr/bin/grep -qE "^flags.*[^-]ad" /etc/security/audit_control || /usr/bin/sed -i.bak '/^flags/ s/$/,ad/' /etc/security/audit_control; /usr/sbin/audit -s`
michael commented 2026-01-19 18:29:55 +00:00
Author
Owner
Copy Link

@golbiga commented on GitHub:

This has been addressed in main, big_sur, and catalina.

@golbiga commented on GitHub: This has been addressed in `main`, `big_sur`, and `catalina`.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#280
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?