Compliance Script Layout

Below are the main parameters and interactive options available in the compliance script.
Due to the script’s complexity and flexibility, we provide an overview of its usage and interface rather than the full layout.

Running the Script

You can run the script either interactively or by using command-line flags:

sudo ./build/800-53r5_moderate/800-53r5_moderate_compliance.sh

Interactive Menu Example

When run interactively, you’ll see a menu like this:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        M A I N - M E N U
  macOS Security Compliance Tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Last compliance scan: No scans have been run

1. View Last Compliance Report
2. Run New Compliance Scan
3. Run Commands to remediate non-compliant settings
4. Exit
Enter choice [ 1 - 4 ]

Command-Line Options

You can also use command-line flags for automated or non-interactive use:

./mscp_compliance.sh Usage
./mscp_compliance.sh [--check] [--fix] [--cfc] [--stats] [--compliant] [--non_compliant] [--reset] [--reset-all] [--quiet=<value>]

Optional parameters:

• --check
  Run the compliance checks without interaction.

• --fix
  Run the remediation commands without interaction.

• --cfc
  Runs a check, fix, and check cycle without interaction.

• --stats
  Display statistics from the last compliance check.

• --compliant
  Report the number of compliant checks.

• --non_compliant
  Report the number of non-compliant checks.

• --reset
  Clear all results for the current baseline.

• --reset-all
  Clear all results for all MSCP baselines.

• --quiet=<value>
  Control output verbosity:
    1 – Show only failed and exempted checks
    2 – Show minimal output