CIS Benchmark: Secure Keyboard Enabled with Custom .plist File

clegger06
New Contributor III

JAMF Nation,

Like many others I am tasked with CIS Benchmark deployment.

I need to enable Secure Keyboard in Terminal.app. It can be done via script but the user can de-select the option after the script runs, allowing their current session to be disabled and thus not enforcing the benchmark how we need it enforced.

A .plist file pushed via Configuration Profile would be the best way to enforce the setting.

In a test I have pushed a .plist file with the Secure Keyboard "key" set to "True" and it works but it also sets every default option in the Terminal so none of it can be changed.

My question: How can I push a .plist file via config profile that ONLY forces the Secure Keyboard key to "true"?

1 ACCEPTED SOLUTION

boberito
Valued Contributor

If you upload a Custom Setting plist into a configuration profile with com.apple.terminal

It should do it? And that should also ONLY set that setting, nothing else.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>SecureKeyboardEntry</key>
    <true/>
</dict>
</plist>

View solution in original post

6 REPLIES 6

boberito
Valued Contributor

If you upload a Custom Setting plist into a configuration profile with com.apple.terminal

It should do it? And that should also ONLY set that setting, nothing else.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>SecureKeyboardEntry</key>
    <true/>
</dict>
</plist>

Taylor_Armstron
Valued Contributor

Have you taken a look at Jamf's CIS scripts yet?

Not exactly what you're asking, but if you're implementing CIS and don't know about them, you should.

https://github.com/jamfprofessionalservices/CIS-for-macOS-Sierra

clegger06
New Contributor III

@boberito ,

AWESOME Username!

I copied the xml script you posted, put it in a text document and attempted to upload to the JSS.

JAMF Pro says to convert it to xml1 with, < /usr/bin/plutil -convert xml1 /path/to/file.plist >. When running the command to convert the file I get the following error in terminal, < Property List error: Unexpected character { at line 1 / JSON error: No string key for value in object around character 1. >

Now, to troubleshoot, I have opened the current terminal .plist and it appears to have the same "Line 1". I also tried to lookup "JSON" errors on Google and that is complicated. I appreciate any help.

clegger06
New Contributor III

@Taylor.Armstrong ,

Thank you for that link. I will take a look at that. I also found the Github from @franton. This information helps a ton with this process! Thank you all.

boberito
Valued Contributor

@clegger06 I think you pasted it into a Rich Text Document, the default for Text Edit.

Create a plain text document in TextEdit, not a Rich Text Document. Create a new document and pull down from format and do Make Plain Text. Then paste that in. Save it as com.apple.terminal.plist

Upload as a Custom setting.

clegger06
New Contributor III

@boberito ,

I am grateful. You have taught me something here today. I appreciate your solving this problem for me. I implemented the .plist and it is exactly what we need. Cheers to you sir!