Skip to main content
Solved

CIS Benchmark: Secure Keyboard Enabled with Custom .plist File


Forum|alt.badge.img+4

JAMF Nation,

Like many others I am tasked with CIS Benchmark deployment.

I need to enable Secure Keyboard in Terminal.app. It can be done via script but the user can de-select the option after the script runs, allowing their current session to be disabled and thus not enforcing the benchmark how we need it enforced.

A .plist file pushed via Configuration Profile would be the best way to enforce the setting.

In a test I have pushed a .plist file with the Secure Keyboard "key" set to "True" and it works but it also sets every default option in the Terminal so none of it can be changed.

My question: How can I push a .plist file via config profile that ONLY forces the Secure Keyboard key to "true"?

Best answer by boberito

If you upload a Custom Setting plist into a configuration profile with com.apple.terminal

It should do it? And that should also ONLY set that setting, nothing else.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>SecureKeyboardEntry</key>
    <true/>
</dict>
</plist>
View original
Did this topic help you find an answer to your question?

6 replies

boberito
Forum|alt.badge.img+22
  • Jamf Heroes
  • 449 replies
  • Answer
  • August 10, 2018

If you upload a Custom Setting plist into a configuration profile with com.apple.terminal

It should do it? And that should also ONLY set that setting, nothing else.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>SecureKeyboardEntry</key>
    <true/>
</dict>
</plist>

Forum|alt.badge.img+15

Have you taken a look at Jamf's CIS scripts yet?

Not exactly what you're asking, but if you're implementing CIS and don't know about them, you should.

https://github.com/jamfprofessionalservices/CIS-for-macOS-Sierra


Forum|alt.badge.img+4
  • Author
  • Contributor
  • 15 replies
  • August 10, 2018

@boberito ,

AWESOME Username!

I copied the xml script you posted, put it in a text document and attempted to upload to the JSS.

JAMF Pro says to convert it to xml1 with, < /usr/bin/plutil -convert xml1 /path/to/file.plist >. When running the command to convert the file I get the following error in terminal, < Property List error: Unexpected character { at line 1 / JSON error: No string key for value in object around character 1. >

Now, to troubleshoot, I have opened the current terminal .plist and it appears to have the same "Line 1". I also tried to lookup "JSON" errors on Google and that is complicated. I appreciate any help.


Forum|alt.badge.img+4
  • Author
  • Contributor
  • 15 replies
  • August 10, 2018

@Taylor.Armstrong ,

Thank you for that link. I will take a look at that. I also found the Github from @franton. This information helps a ton with this process! Thank you all.


boberito
Forum|alt.badge.img+22
  • Jamf Heroes
  • 449 replies
  • August 10, 2018

@clegger06 I think you pasted it into a Rich Text Document, the default for Text Edit.

Create a plain text document in TextEdit, not a Rich Text Document. Create a new document and pull down from format and do Make Plain Text. Then paste that in. Save it as com.apple.terminal.plist

Upload as a Custom setting.


Forum|alt.badge.img+4
  • Author
  • Contributor
  • 15 replies
  • August 10, 2018

@boberito ,

I am grateful. You have taught me something here today. I appreciate your solving this problem for me. I implemented the .plist and it is exactly what we need. Cheers to you sir!


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings