I have been tasked by our security team to limit the terminal app to only allow admin accounts to open it due to a vulnerability. Any suggestions or best practices/advice on this? I do not want to rescrict the app completely because we use it for troubleshooting but we want the standard user to be locked down as much as possible.
Question
Limit Terminal access to admin only
+1
+26This is something your security team should be doing with an Endpoint Permissions Manager tool. You can block list the application with a Jamf app restriction, but that is all or nothing. If they want this to be granular they will need to onboard a tool (if one does not already exist) that can do this.
+7You should also then look into blocking apps like iTerm. That would be an easy work around for any developer. Maybe a better tactic is to block sudo access or make people standard users.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.