search

vmware-samples / euc-samples

Workspace ONE UEM (previously AirWatch) Samples and Guidance
https://code.vmware.com/web/workspace-one
BSD 3-Clause "New" or "Revised" License
271 stars 148 forks source link

Issue with macOS Baselines #274

Open lukemc89 opened 1 year ago

lukemc89 commented 1 year ago

Describe the bug

Have followed the documentaiton for macOS Baselines https://github.com/vmware-samples/euc-samples/tree/master/UEM-Samples/Utilities%20and%20Tools/macOS/Baselines

We've generated the NIST 800-53 low

Created all 3 sensors as required.

Compliance is working as expected, detects 67 settings aren't compliant, the remediation script runs and echos Remediation in Progress in the WS1 Sensor, however remediation doesn't do anything.

I've logged a call with VMware support but they don't seem familiar with these baselines, wondering if this is a known issue?

Reproduction steps

  1. Create sensors and assign to devices

Expected behavior

Remediation makes devices compliant

Additional context

No response

mzaske3 commented 1 year ago

Hi Luke - if you run the --fix script locally on a device, does it work for you or does it generate any errors?

lukemc89 commented 1 year ago

Hi Matt, this issue seems to be that once the baseline remediation runs we can no longer elevate/ use sudo (wont accept password / root account . So unable to run the compliance script, I have a feeling one of the settings the baseline applying is locking down root but no luck in finding which one