usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity

Missing full paths #322

New Issue
Closed
opened 2026-01-19 18:30:03 +00:00 by michael · 2 comments
michael commented 2026-01-19 18:30:03 +00:00
Owner
Copy Link

Originally created by @robertgendler on GitHub.

The check reads

/usr/bin/csrutil status | grep -c 'System Integrity Protection status: enabled.'

Should be for consistency
/usr/bin/csrutil status | /usr/bin/grep -c 'System Integrity Protection status: enabled.'

Also the file is listed as os_SIP_enable.yaml, and should be os_sip_enable.yaml

The check reads for os_system_wide_preferences_configure
/usr/bin/security authorizationdb read system.preferences 2> /dev/null | grep -A 1 "<key>shared</key>" | grep -c "<false/>"
Should be for consistency
/usr/bin/security authorizationdb read system.preferences 2> /dev/null | /usr/bin/grep -A 1 "<key>shared</key>" | grep -c "<false/>"

Same with os_unlock_active_user_session_disable

/usr/bin/security authorizationdb read system.login.screensaver 2>&1 | grep -c 'use-login-window-ui'

Should be for consistency
/usr/bin/security authorizationdb read system.login.screensaver 2>&1 | /usr/bin/grep -c 'use-login-window-ui'

os_secure_boot_verify
/usr/sbin/nvram 94b73556-2197-4702-82a8-3e1337dafbfb:AppleSecureBootPolicy | grep -c '%02'

Should be for consistency

/usr/sbin/nvram 94b73556-2197-4702-82a8-3e1337dafbfb:AppleSecureBootPolicy | /usr/bin/grep -c '%02'

os_firmware_password_require
/usr/sbin/firmwarepasswd -check | grep -c "Password Enabled: Yes"

Should be
/usr/sbin/firmwarepasswd -check | /usr/bin/grep -c "Password Enabled: Yes"

Originally created by @robertgendler on GitHub. The check reads ` /usr/bin/csrutil status | grep -c 'System Integrity Protection status: enabled.' ` Should be for consistency ` /usr/bin/csrutil status | /usr/bin/grep -c 'System Integrity Protection status: enabled.' ` Also the file is listed as os_SIP_enable.yaml, and should be os_sip_enable.yaml The check reads for os_system_wide_preferences_configure ` /usr/bin/security authorizationdb read system.preferences 2> /dev/null | grep -A 1 "<key>shared</key>" | grep -c "<false/>" ` Should be for consistency ` /usr/bin/security authorizationdb read system.preferences 2> /dev/null | /usr/bin/grep -A 1 "<key>shared</key>" | grep -c "<false/>" ` Same with os_unlock_active_user_session_disable `/usr/bin/security authorizationdb read system.login.screensaver 2>&1 | grep -c 'use-login-window-ui'` Should be for consistency `/usr/bin/security authorizationdb read system.login.screensaver 2>&1 | /usr/bin/grep -c 'use-login-window-ui'` os_secure_boot_verify `/usr/sbin/nvram 94b73556-2197-4702-82a8-3e1337dafbfb:AppleSecureBootPolicy | grep -c '%02'` Should be for consistency `/usr/sbin/nvram 94b73556-2197-4702-82a8-3e1337dafbfb:AppleSecureBootPolicy | /usr/bin/grep -c '%02'` os_firmware_password_require `/usr/sbin/firmwarepasswd -check | grep -c "Password Enabled: Yes"` Should be `/usr/sbin/firmwarepasswd -check | /usr/bin/grep -c "Password Enabled: Yes"`
michael commented 2026-01-19 18:30:04 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

Resolved

@robertgendler commented on GitHub: Resolved
michael commented 2026-01-19 18:30:04 +00:00
Author
Owner
Copy Link

@robertgendler commented on GitHub:

os_uamdm_require missing awk and grep path.

@robertgendler commented on GitHub: os_uamdm_require missing awk and grep path.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: usnistgov/macos_security#322
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?