JAMF Protect won't acknowledge Secure Keyboard Entry in Terminal

aalbright
New Contributor II

I'm very confused on what I'm doing wrong here, we're new customers to JAMF Protect and I've really like it so far but I'm running into an issue I can't find any info about.

2.10 Secure Keyboard Entry in Terminal.app Enabled (Listed as 2.9 in the CIS Benchmark Documentation)

Per the CIS Benchmark documentation this is audited by this command

defaults read -app Terminal SecureKeyboardEntry

Returning a value of 1, my computer does this.

Additionally running the following command shows the proper entry for SecureKeyboardEntry in com.apple.Terminal

➜  ~ sudo defaults read ~/Library/Preferences/com.apple.Terminal | grep SecureKeyboardEntry
    SecureKeyboardEntry = 1;

And finally I'm enforcing this through a profile with the following custom .plist file attached to it. This .plist is provided by JAMF in this repository https://github.com/jamf/CIS-for-macOS-Catalina-CP

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>SecureKeyboardEntry</key>
    <true/>
</dict>
</plist>

In Terminal itself it shows a checkmark next to secure keyboard entry and that cannot be unchecked, showing that my profile enforcement of this setting is working correctly.

After waiting for my Insights to update in JAMF Protect, my computer is still not in compliance.

Any thoughts on how I can get this insight properly reflect its enforcement status in JAMF Protect?

2 REPLIES 2

KatieE
Contributor
Contributor

Hi @aalbright - while scripting against this compliance object years ago, I remember having a lot of trouble with accurate reporting, despite the setting very plainly being in place. I'm pretty sure it's due to aggressive preference caching, so you could try a few things in order of escalation:

killall cfprefsd

2. Logout/login
3. Restart

aalbright
New Contributor II

Hi @kenglish

Thanks for your reply, so I tried that and still no luck.

I also tried removing the custom .plist, and deleting com.apple.Terminal in ~/Library/Prefrences running killall cfprefsd and rebooting to reset my environment.

I tried the following steps and each time waited for the Insights to update
1. Enabling SecureKeyboardEntry in the menu
2. Using sudo defaults write ~/Library/Preferences/com.apple.Terminal SecureKeyboardEntry -bool true and finally
3. Trying just the configuration profile with JAMFs supplied custom .plist

None of that changed anything...

Could there be anything else I'm missing?