Closed mrcamuti closed 7 years ago
I used ARD to run Trouton's filevault_2_status_check.sh to verify, for this example.
Could you please look at #375 as I think that is the same issue
Absolutely could be the issue. I'm not familiar enough with the underlying pieces to say, but my setup matches his description of the symptoms.
On Fri, Jan 15, 2016 at 1:57 PM, Arjen van Bochoven < notifications@github.com> wrote:
Could you please look at #375 https://github.com/munkireport/munkireport-php/issues/375 as I think that is the same issue
— Reply to this email directly or view it on GitHub https://github.com/munkireport/munkireport-php/issues/378#issuecomment-172105704 .
Could you please test if the latest commit fixes the issue?
The Storage tab is still incorrectly reporting all drives as "Encrypted".
But... the Security report is correctly tagging computers as unencrypted. Not sure if this is new behavior or not (I had not found the security report before troubleshooting this issue).
On Fri, Jan 15, 2016 at 3:30 PM, Arjen van Bochoven < notifications@github.com> wrote:
Could you please test if the latest commit fixes the issue?
— Reply to this email directly or view it on GitHub https://github.com/munkireport/munkireport-php/issues/378#issuecomment-172125643 .
I just cross-referenced the unencrypted tag in the security report with actual encryption state on the machines, and it's good, but not perfect.
So far: "Encyrpted" TAG in the security report correlates perfectly with actual encryption status. "Unencrypted" TAG is not perfectly correlated with unencrypted status (10.10.5 rMBP with FV2 on, still reporting as "unencrypted")
On Fri, Jan 15, 2016 at 4:29 PM, steve camuti mrcamuti@gmail.com wrote:
The Storage tab is still incorrectly reporting all drives as "Encrypted".
But... the Security report is correctly tagging computers as unencrypted. Not sure if this is new behavior or not (I had not found the security report before troubleshooting this issue).
On Fri, Jan 15, 2016 at 3:30 PM, Arjen van Bochoven < notifications@github.com> wrote:
Could you please test if the latest commit fixes the issue?
— Reply to this email directly or view it on GitHub https://github.com/munkireport/munkireport-php/issues/378#issuecomment-172125643 .
Could you post the output of
/usr/local/munki/preflight.d/cache/disk.plist
from the 10.10.5 rMBP with FV2 on, still reporting as "unencrypted"
Sorry, holiday weekend here in the States. Here's the file you requested. It was captured a full day after the reported behavior, but hoping it's still got what you're looking for.
This machine is not reporting on encryption status which may be a fault in the disk reporting script. Do you have a current version of the disk_reporting script installed? Could you check if /usr/local/munki/preflight.d/disk_info
is the same as
https://github.com/munkireport/munkireport-php/blob/master/app/modules/disk_report/scripts/disk_info
I used diff to compare the two scripts and they're identical line by line. I did just verify that the encryption status is still mis-reporting in the Security report, as well as the Storage report. (Both say unencrypted, but on the device, I verified it is encrypted note that I just thought of, we do use an institutional key, not an individual key for encryption )
On Wed, Jan 20, 2016 at 8:49 AM, Arjen van Bochoven < notifications@github.com> wrote:
This machine is not reporting on encryption status which may be a fault in the disk reporting script. Do you have a current version of the disk_reporting script installed? Could you check if /usr/local/munki/preflight.d/disk_info is the same as
https://github.com/munkireport/munkireport-php/blob/master/app/modules/disk_report/scripts/disk_info
— Reply to this email directly or view it on GitHub https://github.com/munkireport/munkireport-php/issues/378#issuecomment-173268961 .
Could you post the output of
diskutil info -plist /
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" " http://www.apple.com/DTDs/PropertyList-1.0.dtd">
On Thu, Jan 21, 2016 at 2:08 PM, Arjen van Bochoven < notifications@github.com> wrote:
Could you post the output of
diskutil info -plist /
— Reply to this email directly or view it on GitHub https://github.com/munkireport/munkireport-php/issues/378#issuecomment-173725705 .
This is not an encrypted disk. Why do you think it is encrypted? What does it say in the 'Security and Privacy' preference pane?
FileVault is On. Institutional key, the usual.
On Friday, January 22, 2016, Arjen van Bochoven notifications@github.com wrote:
This is not an encrypted disk. Why do you think it is encrypted? What does it say in the 'Security and Privacy' preference pane?
— Reply to this email directly or view it on GitHub https://github.com/munkireport/munkireport-php/issues/378#issuecomment-173859573 .
I can send a screenshot, if that would help.
On Friday, January 22, 2016, steve camuti mrcamuti@gmail.com wrote:
FileVault is On. Institutional key, the usual.
On Friday, January 22, 2016, Arjen van Bochoven <notifications@github.com javascript:_e(%7B%7D,'cvml','notifications@github.com');> wrote:
This is not an encrypted disk. Why do you think it is encrypted? What does it say in the 'Security and Privacy' preference pane?
— Reply to this email directly or view it on GitHub https://github.com/munkireport/munkireport-php/issues/378#issuecomment-173859573 .
What does
fdesetup status
report?
FileVault is turned on.
On Fri, Jan 22, 2016 at 1:29 AM, Arjen van Bochoven < notifications@github.com> wrote:
What does
fdesetup status
report?
— Reply to this email directly or view it on GitHub https://github.com/munkireport/munkireport-php/issues/378#issuecomment-173860222 .
And
diskutil cs list
Redacted LVVM info.
On Fri, Jan 22, 2016 at 11:08 AM, Arjen van Bochoven < notifications@github.com> wrote:
And
diskutil cs list
— Reply to this email directly or view it on GitHub https://github.com/munkireport/munkireport-php/issues/378#issuecomment-174014499 .
And just to make super sure I'm not missing something obvious with the /usr/local/munki/preflight.d/disk_info comparison, I used diff -yI /github_version_local_copy /emailed_version_from_client and got no output, which, as I understand it, means they're identical. Please confirm I haven't gone nuts.
On Fri, Jan 22, 2016 at 11:40 AM, steve camuti mrcamuti@gmail.com wrote:
Redacted LVVM info.
On Fri, Jan 22, 2016 at 11:08 AM, Arjen van Bochoven < notifications@github.com> wrote:
And
diskutil cs list
— Reply to this email directly or view it on GitHub https://github.com/munkireport/munkireport-php/issues/378#issuecomment-174014499 .
The corestorage output did not come through
Just added it on GH to the comment that mentioned it.
I would like some output from this machine to see what's going on with the disk_reporting script. Would you be able to provide the output of:
/usr/sbin/diskutil list -plist
/usr/sbin/diskutil info -plist disk1
/usr/sbin/diskutil cs info -plist disk1
With unredacted ID strings (or globally replaced by another string)
Any progress on this?
I had zipped the files you asked for and then uploaded them through the github web interface. I'm hoping you got them, yeah?
On Thursday, March 3, 2016, Arjen van Bochoven notifications@github.com wrote:
Any progress on this?
— Reply to this email directly or view it on GitHub https://github.com/munkireport/munkireport-php/issues/378#issuecomment-191781946 .
I don't have those files (maybe I lost them), could you send them again?
I'm traveling right now, but once I'm home next week I will see if I have them still.
And thanks for following up on this.
On Thursday, March 3, 2016, Arjen van Bochoven notifications@github.com wrote:
I don't have those files (maybe I lost them), could you send them again?
— Reply to this email directly or view it on GitHub https://github.com/munkireport/munkireport-php/issues/378#issuecomment-191785815 .
Please open this issue again if this is still relevant.
Totally possible that I'm screwing something up, but "Encryption Status" on the Storage module is reporting "Encrypted" for disks that do not have encryption turned on.
Affected OS in my setup includes 10.9.5, 10.10.5, and 10.11.2. I'm running MunkiReport Version 2.7.3.1648