Removing a rule from guidance will not remove the rule from audit file

[jmahlman]

Summary

When removing rules from a custom baseline, the affected rule is not removed from the audit file if the compliance check and fix were run on a machine.

Steps to reproduce

1. Create a custom baseline with any rules in it
2. Run the compliance script that is generated in check mode
3. Note the items in the audit file
4. Remove any rule from the baseline script
5. Re-run the compliance script in check mode
6. Note that the removed item is still in the audit file with the previous result

Operating System version

12.4 (21F79) 12.5b3

What is the current bug behavior?

The removed rule remains in the audit file and keep the result from the last run.

What is the expected correct behavior?

The removed rule should be removed from the audit file.

Possible fixes

• Re-create the audit file each run
• Ensure that removed baseline checks are removed from the audit file using logical checks in compliance script

[robertgendler]

Potential fix add --reset

[jmahlman]

I have run the following tests successfully:

/path/to/cis_script.sh --reset Result: Removed audit file properly and dropped into menu

/path/to/cis_script.sh --check --reset Result: Removed audit file and ran fresh check.

Run script via Jamf policy with --check as parameter 4 and --reset ad parameter 5 Result: Removed audit file and ran a clean check removing the changed rules

I'd say this is a pretty good solution, just include the proper documentation that if it needs to be run from Jamf that the flags need to be in different parameters..unless I;'m the only idiot who didn't know that ;)