system_settings_remote_management_disable avoid undocumented mdmclient

usnistgov / macos_security

macOS Security Compliance Project

Other

1.63k stars 189 forks source link

system_settings_remote_management_disable avoid undocumented mdmclient #347

Open nihil-admirari opened 5 months ago

nihil-admirari commented 5 months ago

system_settings_remote_management_disable check uses mdmclient, whose man page states:

WARNING: All command arguments are private. The arguments and output can and will change without notice. Do not rely on any output this command may produce.

CIS “2.3.3.6 Ensure Remote Management Is Disabled” simply does a pgrep:

! /usr/bin/pgrep -q ARDAgent && :
echo $?

May be it makes sense to switch away from mdmclient, considering that CIS have already done so?

robertgendler commented 3 months ago

We have found a handful of undocumented things within the project and test them between OS releases. mdmclient commands seem safe enough.