A Jamf Pro Extension Attribute to report the status of macOS Ventura’s new Rapid Security Response
Background
For a number of macOS versions, we’ve been reporting on the status of Install system data files and security updates.
macOS Ventura introduces Rapid Security Response:
macOS 13 introduce a new mechanism to ship security fixes to users more frequently.
Extension Attribute
The Extension Attribute below will report on the status of both the previous and latest versions of macOS.
#!/bin/sh ##################################################################################### # A script to determine the status of the macOS Ventura 13 Rapid Security Response, # # or "Install system data files and security updates" for earlier OSes. # ##################################################################################### result="Unknown" cdiTest=$( /usr/bin/defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist ConfigDataInstall 2>&1 ) case "${cdiTest}" in *"does not exist" ) result="Enabled" ;; 0 ) result="Disabled" ;; 1 ) result="Enabled" ;; esac echo "<result>${result}</result>" exit 0
Updates
31-Oct-2022
Thanks to Søren Theilgaard for pointing out that any Extension Attribute which reads a key / value pair inside of /Library/Managed Preferences/
is simply reporting back what a MDM Configuration Profile has already set, which is of little use.
On macOS 12, ConfigDataInstall
lives inside of com.apple.SoftwareUpdate.plist
and I was able to correct the code above.
On macOS 13, I can’t seem to find either ConfigDataInstall
or allowRapidSecurityResponseInstallation
in any com.apple.*.plist
.
01-Nov-2022
The above Extension Attribute has been updated and another big thanks to Søren Theilgaard for confirming what we observed on closer inspection:
- The absence of the
ConfigDataInstall
key in/Library/Preferences/com.apple.SoftwareUpdate.plist
indicates Rapid Security Response is enabled.
% /usr/bin/defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist { LastFullSuccessfulDate = "2022-11-01 09:47:23 +0000"; LastSuccessfulDate = "2022-11-01 09:47:45 +0000"; PrimaryLanguages = ( "en-US" ); }
- Only after Rapid Security Response is disabled does the
ConfigDataInstall
key in appear incom.apple.SoftwareUpdate.plist
% /usr/bin/defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist { ConfigDataInstall = 0; CriticalUpdateInstall = 0; LastFullSuccessfulDate = "2022-11-01 09:47:23 +0000"; LastSuccessfulDate = "2022-11-01 09:47:45 +0000"; PrimaryLanguages = ( "en-US" ); }
- The Extension Attribute does not need to differentiate between OS versions (i.e.,
10
,11
,12
,13
); thecase
statement was removed.