2.3.0 Beta One

Improvements

• Replace enable_automatic_updates with enable_automatic_system_updates & enable_automatic_app_store_updates (f6f2594) (e7a1b83)
  • Add entries for both to Commands.MD (eaf21d5)
  • See #17
• Change Mojave Permissions section of README.md to Full Disk Access Permission (6e05f34)
  • Updated with better description
  • Updated to reflect disable_auto_open_safe_downloads requiring the permission
  • See #18

Bug Fixes

• Only attempt to audit/fix disable_auto_open_safe_downloads if Terminal.app has the Full Disk Access permission (dd4cc33)
  • See #18

2.2.0

Improvements

• Support for symlinking Lockdown into $PATH (e860869)
  • See #16
  • Thanks to @JayBrown for the suggestion and code
• Added a new setting Disable Safari Auto Open 'safe' Files (disable_auto_open_safe_downloads) (f5d7811)
  • Updated Commands.md to reflect new setting (699492a)
  • Updated README.md Settings section to reflect new setting (903fb20)

Bug Fixes

• When signature verification fails pipe Minisign output to /dev/null (825ed07)

2.2.0 Beta One

Improvements

• Initial support for symlinking Lockdown into $PATH (e860869)
  • See #16 (Thanks to @JayBrown for the suggestion and initial code)

Bug Fixes

• When signature verification fails pipe Minisign output to /dev/null (825ed07)

2.1.1

Improvements

• check_if_standard_user: Change output wording (a193abc)
  • From: ${USER} is not an administrator
  • To: ${USER} should not be an administrator
  • Thanks to @dataxpress for the PR

2.1.0

Improvements

• Removed *__macos_name variable as it was populated by running strings on System Information.app. The use of strings introduced a dependency on Xcode Command Line Tools. #14 (9ebd166)
  • This change only affects the appearance of the error message printed when trying to execute Lockdown on an unsupported version of macOS.
• Added Commands.md (b14e804)(13a1bca)
  • "Easy to read, non one-liner, version of all the audit and fix commands used by mOSL"

2.0.0 Mojave

Improvements

No new features. Only minor changes to support Mojave

• Updated supported version to 10.14.x and name to Mojave (7a2a924)
• Updated current_macos_name extraction awk command (13531b4)
• README.md:
  • Added Mojave Permissions section (9047cbd)
  • Added Threat Model(ish) section (60109b7)
• Add full_disk_access_check function to check if Terminal.app has been granted the Full Disk Access permission. (c98ad88) (ae4df1b)

Mojave Permissions

• In order to audit/ fix disable mail remote content Terminal.app needs to have the Full Disk Access permission.
  • See the Mojave Permissions section of README.md for more info.

2.0 Beta Three

Improvements

• Add info about debug argument to usage output (16b4a5e)
• Update full_disk_access_check command (ae4df1b)
  • Check if Terminal.app can read /$HOME/Library/Mail
  • Thanks to Howard Oakley for pointing me at TCC Round Up for a list of paths considered "protected storage"

2.0 Beta Two

Improvements

• Add Full Disk Access status to debug output (d76bc71)

2.0 Beta One

Improvements

• Updated supported version to 10.14.x and name to Mojave (7a2a924)
• Updated current_macos_name extraction awk command (13531b4)
• README.md: Added Mojave Permissions section (9047cbd)
• Add full_disk_access_check function to check if Terminal.app has been granted the Full Disk Access permission. (c98ad88)

Mojave Permissions

• In order to audit/ fix disable mail remote content Terminal.app needs to have the Full Disk Access permission.
  • See the Mojave Permissions section of README.md for more info.

1.9.1

Bug Fixes

• Fix set_firmware_password fix-force logic (90f92b9)
  • ./Lockdown fix-force would still present a permission prompt forset_firmware_password