I'm very confused on what I'm doing wrong here, we're new customers to JAMF Protect and I've really like it so far but I'm running into an issue I can't find any info about.
2.10 Secure Keyboard Entry in Terminal.app Enabled (Listed as 2.9 in the CIS Benchmark Documentation)
Per the CIS Benchmark documentation this is audited by this command
defaults read -app Terminal SecureKeyboardEntry
Returning a value of 1, my computer does this.
Additionally running the following command shows the proper entry for SecureKeyboardEntry in com.apple.Terminal
➜ ~ sudo defaults read ~/Library/Preferences/com.apple.Terminal | grep SecureKeyboardEntry
SecureKeyboardEntry = 1;
And finally I'm enforcing this through a profile with the following custom .plist file attached to it. This .plist is provided by JAMF in this repository https://github.com/jamf/CIS-for-macOS-Catalina-CP
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
In Terminal itself it shows a checkmark next to secure keyboard entry and that cannot be unchecked, showing that my profile enforcement of this setting is working correctly.
After waiting for my Insights to update in JAMF Protect, my computer is still not in compliance.
Any thoughts on how I can get this insight properly reflect its enforcement status in JAMF Protect?
Hi @aalbright - while scripting against this compliance object years ago, I remember having a lot of trouble with accurate reporting, despite the setting very plainly being in place. I'm pretty sure it's due to aggressive preference caching, so you could try a few things in order of escalation:
Thanks for your reply, so I tried that and still no luck.
I also tried removing the custom .plist, and deleting com.apple.Terminal in ~/Library/Prefrences running
killall cfprefsd and rebooting to reset my environment.
I tried the following steps and each time waited for the Insights to update
1. Enabling SecureKeyboardEntry in the menu
sudo defaults write ~/Library/Preferences/com.apple.Terminal SecureKeyboardEntry -bool true and finally
3. Trying just the configuration profile with JAMFs supplied custom .plist
None of that changed anything...
Could there be anything else I'm missing?