Hi,
I'm trying to set the preference for Safari via a configuration profile. Is this possible with a config profile? I can't get it to take on Ventura.
Many thanks in advance.
Page 1 / 1
Hey there, the CIS page actually shows that this can indeed be set with a config profile like yours. Note that the checkbox will not be disabled but if you uncheck it and relaunch Safari it'll be checked again.
Oh. I was off because I thought the box would be grayed out. Thanks, I tried it again and your right: It is checked again. Thanks, @jmahlman
I did a script below, but the config profile is better.
#!/bin/sh
currentUser=$(ls -l /dev/console | awk '{print $3}')
sudo -u $currentUser /usr/bin/defaults write /Users/$currentUser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WebKitPreferences.privateClickMeasurementEnabled -bool true
exit 0
Wanted to put it out there that there is a bug with the current version of Jamf Compliance Editor which renders this control broken. Took me quite a bit of time to solve this, going to report it to the GitHub to have their documentation updated.
You need to modify the Audit with this after the "result_value=$("
/usr/bin/profiles -P -o stdout | /usr/bin/grep '"WebKitPreferences.privateClickMeasurementEnabled" = 1' | /usr/bin/awk '{ if ($1) {print "1"} else {print "0"}}
#!/bin/bash
#####----- Rule: os_safari_advertising_privacy_protection_enable -----#####
## Addresses the following NIST 800-53 controls:
# * N/A
rule_arch=""
if [[ "$arch" == "$rule_arch" ]] || [[ -z "$rule_arch" ]]; then
#echo 'Running the command to check the settings for: os_safari_advertising_privacy_protection_enable ...' | tee -a "$audit_log"
unset result_value
result_value=$(/usr/bin/profiles -P -o stdout | /usr/bin/grep '"WebKitPreferences.privateClickMeasurementEnabled" = 1' | /usr/bin/awk '{ if ($1) {print "1"} else {print "0"}}'
)
# expected result {'integer': 1}
# check to see if rule is exempt
unset exempt
unset exempt_reason
exempt=$(/usr/bin/osascript -l JavaScript << EOS 2>/dev/null
ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('org.cis_lvl1.audit').objectForKey('os_safari_advertising_privacy_protection_enable'))["exempt"]
EOS
)
exempt_reason=$(/usr/bin/osascript -l JavaScript << EOS 2>/dev/null
ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('org.cis_lvl1.audit').objectForKey('os_safari_advertising_privacy_protection_enable'))["exempt_reason"]
EOS
)
if [[ $result_value == "1" ]]; then
/bin/echo "$(date -u) os_safari_advertising_privacy_protection_enable passed (Result: $result_value, Expected: "{'integer': 1}")" | /usr/bin/tee -a "$audit_log"
/usr/bin/defaults write "$audit_plist" os_safari_advertising_privacy_protection_enable -dict-add finding -bool NO
/usr/bin/logger "mSCP: cis_lvl1 - os_safari_advertising_privacy_protection_enable passed (Result: $result_value, Expected: "{'integer': 1}")"
else
if [[ ! $exempt == "1" ]] || [[ -z $exempt ]];then
/bin/echo "$(date -u) os_safari_advertising_privacy_protection_enable failed (Result: $result_value, Expected: "{'integer': 1}")" | /usr/bin/tee -a "$audit_log"
/usr/bin/defaults write "$audit_plist" os_safari_advertising_privacy_protection_enable -dict-add finding -bool YES
/usr/bin/logger "mSCP: cis_lvl1 - os_safari_advertising_privacy_protection_enable failed (Result: $result_value, Expected: "{'integer': 1}")"
else
/bin/echo "$(date -u) os_safari_advertising_privacy_protection_enable failed (Result: $result_value, Expected: "{'integer': 1}") - Exemption Allowed (Reason: "$exempt_reason")" | /usr/bin/tee -a "$audit_log"
/usr/bin/defaults write "$audit_plist" os_safari_advertising_privacy_protection_enable -dict-add finding -bool YES
/usr/bin/logger "mSCP: cis_lvl1 - os_safari_advertising_privacy_protection_enable failed (Result: $result_value, Expected: "{'integer': 1}") - Exemption Allowed (Reason: "$exempt_reason")"
/bin/sleep 1
fi
fi
else
/bin/echo "$(date -u) os_safari_advertising_privacy_protection_enable does not apply to this architechture" | tee -a "$audit_log"
/usr/bin/defaults write "$audit_plist" os_safari_advertising_privacy_protection_enable -dict-add finding -bool NO
fi
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.