Jamf Nation Community

wsg · ‎11-05-2018

I wrote a quick and dirty script to detect if SIP is disabled, and then notify the user.

#!/bin/bash

# Paths to binaries
JAMFHELPER="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"

# Prompt GUI Config
GUI_WINDOW_TITLE="Jamf - System Integrity Protection Disabled"
GUI_ICON="/Library/Application Support/Iterable/logo.png"
GUI_MESSAGE="We have detected your macOS System Integrity Protection (SIP) is disabled. Please re-enable it as soon as possible."
GUI_BUTTON1="OK"
GUI_BUTTON2="Enable SIP"

# Get the System Integrity Protection status
sip_status=$(csrutil status)
if [[ ${sip_status} == *"disabled"* ]]; then
    userSelection=$("$JAMFHELPER" -windowType utility -title "$GUI_WINDOW_TITLE" -icon "$GUI_ICON" -description "$GUI_MESSAGE" -button1 "$GUI_BUTTON1" -button2 "$GUI_BUTTON2")
    if [ "$userSelection" == "2" ]; then
        open https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/ConfiguringSystemIntegrityProtection/ConfiguringSystemIntegrityProtection.html
    else
        exit 0
    fi
fi

exit $?;

Script works fine when I run it locally, it doesn't work so well when it executes through policy:

Script result: 2018-11-05 11:39:42.290 jamfHelper[33228:2536785] GetInputSourceEnabledPrefs user file path = /Users/ankur.mathur/Library/Preferences/com.apple.HIToolbox.plist
2018-11-05 11:39:42.291 jamfHelper[33228:2536785] GetInputSourceEnabledPrefs effective user id path = 0
2018-11-05 11:39:42.291 jamfHelper[33228:2536785] GetInputSourceEnabledPrefs user pref content = <CFBasicHash 0x7f9d4c104650 [0x7fffacae0af0]>{type = immutable dict, count = 4,
entries =>
    0 : <CFString 0x7fffaca14ab8 [0x7fffacae0af0]>{contents = "AppleEnabledInputSources"} = <CFArray 0x7f9d4c11bf00 [0x7fffacae0af0]>{type = immutable, count = 2, values = (
    0 : <CFBasicHash 0x7f9d4c11b300 [0x7fffacae0af0]>{type = immutable dict, count = 3,
entries =>
    0 : <CFString 0x7fffaca12218 [0x7fffacae0af0]>{contents = "InputSourceKind"} = <CFString 0x7fffaca59098 [0x7fffacae0af0]>{contents = "Keyboard Layout"}
    1 : <CFString 0x7fffaca0cd78 [0x7fffacae0af0]>{contents = "KeyboardLayout Name"} = U.S.
    2 : <CFString 0x7fffaca44b78 [0x7fffacae0af0]>{contents = "KeyboardLayout ID"} = <CFNumber 0x37 [0x7fffacae0af0]>{value = +0, type = kCFNumberSInt64Type}
}

    1 : <CFBasicHash 0x7f9d4c11bec0 [0x7fffacae0af0]>{type = immutable dict, count = 2,
entries =>
    0 : <CFString 0x7fffaca12218 [0x7fffacae0af0]>{contents = "InputSourceKind"} = <CFString 0x7f9d4c11b340 [0x7fffacae0af0]>{contents = "Non Keyboard Input Method"}
    1 : Bundle ID = <CFString 0x7f9d4c11be80 [0x7fffacae0af0]>{contents = "com.apple.inputmethod.EmojiFunctionRowItem"}
}

)}
    1 : <CFString 0x7fffaca34618 [0x7fffacae0af0]>{contents = "AppleSelectedInputSources"} = <CFArray 0x7f9d4c10ec70 [0x7fffacae0af0]>{type = immutable, count = 2, values = (
    0 : <CFBasicHash 0x7f9d4c10ebf0 [0x7fffacae0af0]>{type = immutable dict, count = 2,
entries =>
    0 : <CFString 0x7fffaca12218 [0x7fffacae0af0]>{contents = "InputSourceKind"} = <CFString 0x7f9d4c104e50 [0x7fffacae0af0]>{contents = "Non Keyboard Input Method"}
    1 : Bundle ID = <CFString 0x7f9d4c10ebb0 [0x7fffacae0af0]>{contents = "com.apple.inputmethod.EmojiFunctionRowItem"}
}

    1 : <CFBasicHash 0x7f9d4c10ec30 [0x7fffacae0af0]>{type = immutable dict, count = 3,
entries =>
    0 : <CFString 0x7fffaca12218 [0x7fffacae0af0]>{contents = "InputSourceKind"} = <CFString 0x7fffaca59098 [0x7fffacae0af0]>{contents = "Keyboard Layout"}
    1 : <CFString 0x7fffaca0cd78 [0x7fffacae0af0]>{contents = "KeyboardLayout Name"} = U.S.
    2 : <CFString 0x7fffaca44b78 [0x7fffacae0af0]>{contents = "KeyboardLayout ID"} = <CFNumber 0x37 [0x7fffacae0af0]>{value = +0, type = kCFNumberSInt64Type}
}

)}
    2 : <CFString 0x7f9d4c11ea40 [0x7fffacae0af0]>{contents = "AppleInputSourceHistory"} = <CFArray 0x7f9d4c104610 [0x7fffacae0af0]>{type = immutable, count = 1, values = (
    0 : <CFBasicHash 0x7f9d4c1045d0 [0x7fffacae0af0]>{type = immutable dict, count = 3,
entries =>
    0 : <CFString 0x7fffaca12218 [0x7fffacae0af0]>{contents = "InputSourceKind"} = <CFString 0x7fffaca59098 [0x7fffacae0af0]>{contents = "Keyboard Layout"}
    1 : <CFString 0x7fffaca0cd78 [0x7fffacae0af0]>{contents = "KeyboardLayout Name"} = U.S.
    2 : <CFString 0x7fffaca44b78 [0x7fffacae0af0]>{contents = "KeyboardLayout ID"} = <CFNumber 0x37 [0x7fffacae0af0]>{value = +0, type = kCFNumberSInt64Type}
}

)}
    5 : <CFString 0x7fffaca88b78 [0x7fffacae0af0]>{contents = "AppleCurrentKeyboardLayoutInputSourceID"} = <CFString 0x7fffacaa6cf8 [0x7fffacae0af0]>{contents = "com.apple.keylayout.US"}
}
LSOpenURLsWithRole() failed with error -600 for the URL https://developer.apple.com/library/archive/documentation/Security/Conceptual/System_Integrity_Protection_Guide/ConfiguringSystemIntegrityProtection/ConfiguringSystemIntegrityProtection.html.

Any suggestions?

m_donovan · ‎11-05-2018

Not sure about the error. However if you are running 10.12.2 or better you can re-enable SIP with

/usr/bin/csrutil clear

and at the next restart SIP is enabled. No need to have the user do it. Here is a blog the Eric Gomez did about it.

wsg · ‎11-05-2018

Outstanding, thank you @m.donovan - I'll rewrite the script to do this to reduce complexity.

bearzooka · ‎11-06-2018

I am also having these kind of errors with JAMF Helper and some of our operations rely on this. Does anyone here know what's going on with it?

Thanks.

m_donovan · ‎11-06-2018

I finally got some time to test your script. It worked both locally and as a policy on 10.11 - 10.14. I am currently running JamfPro 10.6.1 on self hosted Linux servers. What version of JamfPro are you running?

wsg · ‎11-06-2018

10.7.1-t1536934276

That said, I ended up refactoring the script to use /usr/bin/csrutil clear when SIP is disabled. Much cleaner, and no more errors :)

Jamf Nation Community

Jamfhelper spews errors