Is there an existing issue for this?
Rule ID
system_settings_install_macos_updates_enforce
Platform
macOS
OS version(s) affected
26 and 15.
What's wrong?
Check script fails or gives a false result
What is the current behavior?
Check fix needs to be updated for DDM
Reports incorrectly when only applied via DDM
What is the expected behavior?
The expected behavior is check DDM
Relevant output
Suggested fix
mdm=$(/usr/bin/osascript -l JavaScript << EOS
$.NSUserDefaults.alloc.initWithSuiteName('com.apple.SoftwareUpdate')\
.objectForKey('AutomaticallyInstallMacOSUpdates').js
EOS
)
ddm=$(/usr/bin/plutil -convert json /private/var/db/softwareupdate/SoftwareUpdateDDMStatePersistence.plist -o - | /usr/bin/jq -r '.SUCorePersistedStatePolicyFields | .SUCoreDDMDeclarationGlobalSettings | .automaticallyInstallOSUpdates')
if [[ "${mdm}" == "true" ]] || [[ "${ddm}" == "1" ]]; then
echo "true"
else
echo "false"
fi
as proposed check.
Is there an existing issue for this?
Rule ID
system_settings_install_macos_updates_enforce
Platform
macOS
OS version(s) affected
26 and 15.
What's wrong?
Check script fails or gives a false result
What is the current behavior?
Check fix needs to be updated for DDM
Reports incorrectly when only applied via DDM
What is the expected behavior?
The expected behavior is check DDM
Relevant output
Suggested fix
as proposed check.