Root Account Enabled Extension Attribute

AJPinto
Honored Contributor III

Does anyone have a working Extension Attribute to read if the Root account is enabled? The one I was using does not appear to work anymore, and none of the commands I am seeing on the internet are working either.

 

This is what I was using.

 

 

#!/bin/bash

rootCheck=$(dscl . read /Users/root | grep AuthenticationAuthority > /dev/null 2>&1 ; echo $?)
if [ "${rootCheck}" == 1 ]; then
    echo "<result>Disabled</result>"
else
    echo "<result>Enabled</result>"\
fi

 

 

 

1 ACCEPTED SOLUTION

obi-k
Valued Contributor III

The command below is from the CIS Ventura guide. Could you hash it up and re-fit for your EA?

Terminal Method:

Run the following command to verify the the root user has not been enabled:

 

$ /usr/bin/sudo /usr/bin/dscl . -read /Users/root AuthenticationAuthority
No such key: AuthenticationAuthority

View solution in original post

4 REPLIES 4

obi-k
Valued Contributor III

The command below is from the CIS Ventura guide. Could you hash it up and re-fit for your EA?

Terminal Method:

Run the following command to verify the the root user has not been enabled:

 

$ /usr/bin/sudo /usr/bin/dscl . -read /Users/root AuthenticationAuthority
No such key: AuthenticationAuthority

AJPinto
Honored Contributor III

I did not think to check the CIS benchmarks, ill give that a try. thanks.

AJPinto
Honored Contributor III

@obi-k that got what I needed, thank you much. 

 

If anyone else needs it, here is the EA.

 

#!/bin/bash
rootCheck=`/usr/bin/sudo /usr/bin/dscl . -read /Users/root AuthenticationAuthority`
if [ "${rootCheck}" == dsenableroot ]; then
	echo "Disabled"
        exit 0
else
	echo "Enabled"
fi

obi-k
Valued Contributor III

Cool. Thanks for sharing your EA.