csrstat-NG
csrstat-NG copied to clipboard
JayBrown
Print the current macOS System Integrity Protection (SIP) settings
Update of Pike R. Alpha's original csrstat CLI with support for Mojave's XNU v4903.221.2.
You can run the csrstat tool by entering:
./csrstat
Here's an example of the output (latest version):
csrstat v2.0 Copyright (c) 2015-2017 by Pike R. Alpha, 2017-2018 by Joss Brown
System Integrity Protection status: enabled (0x00000000)
Current Configuration:
Apple Internal 0 (disabled) [--no-internal] CSR_ALLOW_APPLE_INTERNAL
Kext Signing 0 (enabled) [--without kext] CSR_ALLOW_UNTRUSTED_KEXTS
Debugging Restrictions 0 (enabled) [--without debug] CSR_ALLOW_TASK_FOR_PID
Filesystem Protections 0 (enabled) [--without fs] CSR_ALLOW_UNRESTRICTED_FS
Kernel Debugging Restrictions 0 (enabled) <n/a> CSR_ALLOW_KERNEL_DEBUGGER
DTrace Restrictions 0 (enabled) [--without dtrace] CSR_ALLOW_UNRESTRICTED_DTRACE
NVRAM Protections 0 (enabled) [--without nvram] CSR_ALLOW_UNRESTRICTED_NVRAM
Device Configuration 0 (disabled) <n/a> CSR_ALLOW_DEVICE_CONFIGURATION
BaseSystem Verification 0 (enabled) [--without basesystem] CSR_ALLOW_ANY_RECOVERY_OS
Unapproved Kexts Restrictions 0 (enabled) <n/a> CSR_ALLOW_UNAPPROVED_KEXTS
Executable Policy 0 (enabled) <n/a> CSR_ALLOW_EXECUTABLE_POLICY_OVERRIDE
Boot into Recovery Mode and modify with: 'csrutil enable [arguments]'
<Note: some flags are not accessible using the csrutil CLI.>
Please note that csrstat ignores the NVRAM variable (csr-active-config), as it should, because that is only valid after a reboot.
JayBrown