euc-samples icon indicating copy to clipboard operation
euc-samples copied to clipboard

Published 20 hours ago verified publisher icon vmware-samples

Issue with macOS Baselines

Open lukemc89 opened this issue 1 year ago • 2 comments

Describe the bug

Have followed the documentaiton for macOS Baselines https://github.com/vmware-samples/euc-samples/tree/master/UEM-Samples/Utilities%20and%20Tools/macOS/Baselines

We've generated the NIST 800-53 low

Created all 3 sensors as required.

Compliance is working as expected, detects 67 settings aren't compliant, the remediation script runs and echos Remediation in Progress in the WS1 Sensor, however remediation doesn't do anything.

I've logged a call with VMware support but they don't seem familiar with these baselines, wondering if this is a known issue?

Reproduction steps

  1. Create sensors and assign to devices

Expected behavior

Remediation makes devices compliant

Additional context

No response

lukemc89 avatar Apr 18 '23 21:04 lukemc89

Hi Luke - if you run the --fix script locally on a device, does it work for you or does it generate any errors?

mzaske3 avatar Apr 19 '23 14:04 mzaske3

Hi Matt, this issue seems to be that once the baseline remediation runs we can no longer elevate/ use sudo (wont accept password / root account . So unable to run the compliance script, I have a feeling one of the settings the baseline applying is locking down root but no luck in finding which one

lukemc89 avatar Apr 28 '23 02:04 lukemc89