+26Does anyone have a working Extension Attribute to read if the Root account is enabled? The one I was using does not appear to work anymore, and none of the commands I am seeing on the internet are working either.
This is what I was using.
#!/bin/bash
rootCheck=$(dscl . read /Users/root | grep AuthenticationAuthority > /dev/null 2>&1 ; echo $?)
if [ "${rootCheck}" == 1 ]; then
echo "<result>Disabled</result>"
else
echo "<result>Enabled</result>"\\
fi
Best answer by mvu
The command below is from the CIS Ventura guide. Could you hash it up and re-fit for your EA?
Terminal Method:
Run the following command to verify the the root user has not been enabled:
$ /usr/bin/sudo /usr/bin/dscl . -read /Users/root AuthenticationAuthority |
No such key: AuthenticationAuthority |
+20The command below is from the CIS Ventura guide. Could you hash it up and re-fit for your EA?
Terminal Method:
Run the following command to verify the the root user has not been enabled:
$ /usr/bin/sudo /usr/bin/dscl . -read /Users/root AuthenticationAuthority |
No such key: AuthenticationAuthority |
+26The command below is from the CIS Ventura guide. Could you hash it up and re-fit for your EA?
Terminal Method:
Run the following command to verify the the root user has not been enabled:
$ /usr/bin/sudo /usr/bin/dscl . -read /Users/root AuthenticationAuthority |
No such key: AuthenticationAuthority |
I did not think to check the CIS benchmarks, ill give that a try. thanks.
+26@mvu that got what I needed, thank you much.
If anyone else needs it, here is the EA.
#!/bin/bash
rootCheck=`/usr/bin/sudo /usr/bin/dscl . -read /Users/root AuthenticationAuthority`
if [ "${rootCheck}" == dsenableroot ]; then
echo "Disabled"
exit 0
else
echo "Enabled"
fi+20Cool. Thanks for sharing your EA.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.