Compliance Script Layout
The compliance script is a zsh script with functions for checking settings, applying fixes, and reporting results. Understanding the structure helps you troubleshoot or customize the script.
Script Structure
Section titled “Script Structure”| Section | Description |
|---|---|
| Header | Shebang, variables, paths to audit plist and log file |
| Utility functions | Logging, prompts, menu display |
| Rule checks | Individual check function for each rule |
| Rule fixes | Individual fix function for each rule |
| Main logic | Menu system and command-line argument handling |
Key Functions
Section titled “Key Functions”| Function | Purpose |
|---|---|
run_scan | Execute all rule checks and write results to plist |
run_fix | Apply remediation commands for non-compliant settings |
generate_stats | Display pass/fail counts and compliance percentage |
show_menus | Display interactive menu |
logmessage | Write results to log file |
How Rules Are Checked
Section titled “How Rules Are Checked”Each rule in your baseline becomes a check block in the script:
- Extract current value - Run a command to get the current system setting
- Compare to expected - Check if the value matches the baseline requirement
- Log result - Record pass, fail, or exempt status to the audit plist
How Fixes Are Applied
Section titled “How Fixes Are Applied”Each rule with a fix becomes a fix block in the script:
- Check exemption - Skip if the rule is marked exempt
- Check compliance - Skip if the rule already passed
- Prompt user - Ask for confirmation (unless running with
--fix) - Apply fix - Run the remediation command
Output Files
Section titled “Output Files”| File | Purpose |
|---|---|
/Library/Preferences/org.BASELINE_NAME.audit.plist | Stores check results and exemptions |
/Library/Logs/BASELINE_NAME_baseline.log | Timestamped log of all actions |
Next Steps
Section titled “Next Steps”- How to Generate Compliance Scripts - Create a script from your baseline
- What Are Compliance Scripts? - Learn more about compliance scripts