[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect directory permissions after executing the CIS security remediation script under Catalina #9

Open
Tionit opened this issue Mar 16, 2020 · 1 comment · May be fixed by #10
Open

Incorrect directory permissions after executing the CIS security remediation script under Catalina #9

Tionit opened this issue Mar 16, 2020 · 1 comment · May be fixed by #10

Comments

@Tionit
Copy link
Tionit commented Mar 16, 2020
edited
Loading

After Audit 5.1.3 from the Security Remediation script was executed, chmod o-w gets now applied to /private/tmp/

This is wrong and applications can then no longer write to the directory and therefore no longer run as intended.

This seems to happen because /private/tmp/ is a symbolic link to /System/Volumes/Data/private/tmp/. And this is on the read-only system partition under Catalina.

Please adjust the script so that this no longer happens. Thanks!
@Tionit
Copy link
Author
Tionit commented Mar 16, 2020
edited
Loading

A correction can look as follows:

if [ "$Audit5_1_3" = "1" ]; then
	IFS=$'\n'
	for sysPermissions in $( find /System -type d -perm -2 | grep -v "Public/Drop Box\|Data/private" ); do
		chmod -R o-w "$sysPermissions"
	done
	echo $(date -u) "5.1.3 enforced" | tee -a "$logFile"

@Tionit Tionit changed the title Incorrect directory permissions after executing the CIS security script under Catalina Incorrect directory permissions after executing the CIS security remediation script under Catalina Mar 16, 2020
pcmxgti added a commit to pcmxgti/CIS-for-macOS-High-Sierra-CP that referenced this issue Mar 18, 2020
@pcmxgti
Fix directory permissions on Catalina
9cc6663 
This resolves jamf#9, but there should be more thorough research on what
directories in /System should not be modified by the remediation script.
pcmxgti added a commit to pcmxgti/CIS-for-macOS-High-Sierra-CP that referenced this issue Mar 18, 2020
@pcmxgti
Fix directory permissions on Catalina
25a59ec 
This resolves jamf#9, but there should be more thorough research on what
directories in /System should not be modified by the remediation script.
@pcmxgti pcmxgti linked a pull request Mar 18, 2020 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix directory permissions on Catalina pcmxgti/CIS-for-macOS-High-Sierra-CP
1 participant
@Tionit