Skip to main content
Question

Errors running scripts for CIS Compliance from "Digging into Security, Compliance, and Reporting" session

  • October 27, 2016
  • 38 replies
  • 303 views
Show first post

38 replies

J
Forum|alt.badge.img+8
  • jason_bracy
  • Author
  • Valued Contributor
  • November 11, 2016

@kenglish

I think I've figured out a couple of the issues with the remediation script:

For the 5.10 remediation you need the following (thanks @rtrouton https://derflounder.wordpress.com/2014/02/16/managing-the-authorization-database-in-os-x-mavericks/):

security authorizationdb read system.preferences > /tmp/system.preferences.plist
defaults write /tmp/system.preferences.plist shared -bool false
security authorizationdb write system.preferences < /tmp/system.preferences.plist

Then for any of the user level preferences to actually take effect you need to add

killall cfprefsd

If you don't kill cfprefsd, then the changes are overwritten by the current settings. Haven't tested it, so you might also need to do a 

killall -u $LOGGEDINUSER cfprefsd
F
Forum|alt.badge.img+23
  • franton
  • Esteemed Contributor
  • November 11, 2016

@jason.bracy

Sorry, I have to post this here. Please do not kill the cfprefsd process.

This was a dirty hack to refresh the preferences memory cache from 10.9 and doing so causes more potential harm that good. But don't just take my word on it: it was covered in the JNUC 2016 talk by @bentoms and @james_ridsdale .

J
Forum|alt.badge.img+8
  • jason_bracy
  • Author
  • Valued Contributor
  • November 12, 2016

@franton

I appreciate the comment and the link, however using "killall cfprefsd" is the only way that I have been able to retain changes made to certain preferences when changing them with defaults. If you have a better way to make the changes stick, then please share.

F
Forum|alt.badge.img+23
  • franton
  • Esteemed Contributor
  • November 12, 2016

Ok. Authorisation database changes do not need cfprefsd restarted to take effect. Everything else can be done with configuration profiles, which is Apple's preferred method of applying preferences. I only include the defaults commands in my CIS repo for the sake of clarity.

When I get to implement this on the system i'm working on, it'll be via profiles ... at least the stuff that can be done via profiles. The rest will be scripts to run command line tools.

F
Forum|alt.badge.img+23
  • franton
  • Esteemed Contributor
  • November 12, 2016

CIS Benchmark for macOS 10.12 is out.

T
Forum|alt.badge.img+15
  • Taylor_Armstron
  • Valued Contributor
  • November 13, 2016

Thanks franton - wasn't scheduled to be released until tomorrow, but lots like it is up early...

F
Forum|alt.badge.img+23
  • franton
  • Esteemed Contributor
  • November 13, 2016

@Taylor.Armstrong I logged in and there it was!

J
Forum|alt.badge.img+8
  • jason_bracy
  • Author
  • Valued Contributor
  • November 21, 2016

@franton Appreciate the reply (Sorry for the delay in answering, I was traveling all last week)

I would also like to use profiles for configuring CIS requirements, however unfortunately our Cyber Sec team want the CIS tool to show the results of the test and the current implementation of the tools does not read profiles - it doesn't even read the authorizationsdb settings correctly.

I also have to deal with Macs in Secure areas and off network that do not have access to the JSS, so need to have a manual script that can run on those machines.

Obviously Profiles are the best way to go, but as we are all learning in regards to Compliance: Security ≠ Compliance if the compliance audit tool can't read the settings, then we aren't compliant.

F
Forum|alt.badge.img+23
  • franton
  • Esteemed Contributor
  • November 21, 2016

@jason.bracy That's why I suggested having a look at my own CIS repo. I've EA's that do work with profiles. I currently work in Finance where that is a requirement also.

T
Forum|alt.badge.img+15
  • Taylor_Armstron
  • Valued Contributor
  • November 28, 2016

BTW, others in this thread may already have seen, but since I just got back from vacation and hadn't seen a notice, video of Katie's presentation is up.

https://www.jamf.com/resources/digging-into-security-compliance-and-reporting/

@kenglish : I'm going to try to go through and flag the deltas between the 10.11 and 10.12 CIS benchmarks in the next couple of days, if you haven't had a chance to do so yet I'm happy to share if you'd like. My task for the next couple of weeks is to tweak the scripts for 10.12 as needed, along with pushing through review and approval of the 10.12 benchmark on our campus here for adoption.

J
Forum|alt.badge.img+4
  • jlbrown
  • Contributor
  • October 29, 2019

@kenglish I'm getting the same errors: 2019-10-29 15:57:28.637 defaults[1636:24616] 

The domain/default pair of (/Users/cameron/Library/Preferences/com.apple.dock, wvous-tl-corner) does not exist
2019-10-29 15:57:28.718 defaults[1640:24628] 
The domain/default pair of (/Users/cameron/Library/Preferences/com.apple.dock, wvous-bl-corner) does not exist
2019-10-29 15:57:28.741 defaults[1641:24631] 
The domain/default pair of (/Users/cameron/Library/Preferences/com.apple.dock, wvous-tl-corner) does not exist
2.4.6 passed
Print: Entry, ":PrefKeyServicesEnabled", Does Not Exist

Lots like this.

Running this version of the script:

written by Katie English, Jamf October 2016
updated for 10.12 CIS benchmarks by Katie English, Jamf February 2017
updated by Laurent Pertois, Jamf September 2018
github.com/jamfprofessionalservices

User is on Catalina.

Is there an updated script anywhere that fixes these errors?

E
Forum|alt.badge.img+2
  • Espaay
  • New Contributor
  • May 2, 2022

@kenglish I'm getting the same errors: 2019-10-29 15:57:28.637 defaults[1636:24616] 

The domain/default pair of (/Users/cameron/Library/Preferences/com.apple.dock, wvous-tl-corner) does not exist
2019-10-29 15:57:28.718 defaults[1640:24628] 
The domain/default pair of (/Users/cameron/Library/Preferences/com.apple.dock, wvous-bl-corner) does not exist
2019-10-29 15:57:28.741 defaults[1641:24631] 
The domain/default pair of (/Users/cameron/Library/Preferences/com.apple.dock, wvous-tl-corner) does not exist
2.4.6 passed
Print: Entry, ":PrefKeyServicesEnabled", Does Not Exist

Lots like this.

Running this version of the script:

written by Katie English, Jamf October 2016
updated for 10.12 CIS benchmarks by Katie English, Jamf February 2017
updated by Laurent Pertois, Jamf September 2018
github.com/jamfprofessionalservices

User is on Catalina.

Is there an updated script anywhere that fixes these errors?


Hi, any updates to fixing Executing Policy CIS Baseline Scripts - Self Service

Script result: 2022-05-02 09:09:11.378 defaults[7261:67192]
The domain/default pair of (/Library/Application Support/SecurityScoring/org_security_score.plist, OrgScore1_1) does not exist 2022-05-02 09:09:11.392 defaults[7262:67203] The domain/default pair of (/Library/Application Support/SecurityScoring/org_security_score.plist, OrgScore1_2) does not exist 2022-05-02 09:09:11.404 defaults[7264:67208] The domain/default pair of (/Library/Application Support/SecurityScoring/org_security_score.plist, OrgScore1_3) does not exist 2022-05-02 09:09:11.416 defaults[7265:67213] The domain/default pair of (/Library/Application Support/SecurityScoring/org_security_score.plist, OrgScore1_4) does not exist 2022-05-02 09:09:11.429 defaults[7266:67216] The domain/default pair of (/Library/Application Support/SecurityScoring/org_security_score.plist, OrgScore1_5) does not exist 2022-05-02 09:09:11.442 defaults[7267:67220] The domain/default pair of (/Library/Application Support/SecurityScoring/org_security_score.plist, OrgScore1_6) does not exist 2022-05-02 09:09:11.454 defaults[7268:67223] The domain/default pair of (/Library/Application Support/SecurityScoring/org_security_score.plist, OrgScore2_1_1) does not exist

E
Forum|alt.badge.img+2
  • Espaay
  • New Contributor
  • May 2, 2022

We have validated that this path does exist, yet the GITHUB CIS scripts seem not to see it. Every control is showing the "does not exist"

/Library/Application Support/SecurityScoring/org_security_score.plist

Terms & ConditionsCookie settingsAccessibility statement