START A DISCUSSION
Login START A DISCUSSION
back Back

Block execution of bash and zsh scripts in Mac

expand collapsive

Hi everyone,
We are using Hexnode to manage Mac & iOS devices in our organization. Macs are used by most of our employees and though we add restrictions on the device end, they can still run scripts via terminal to access some of the restricted features. Is there any way to block the users from executing bash or zsh scripts in the device?

27 January 2023
Tags:
mac script

All Replies

  • Hexnode

    27 January 2023

    Darvin

    Moderator

    Hi @timothy, thanks for reaching out to us.

    Regarding your case, blocking the Terminal app in your Mac endpoints will be the ideal solution. You can use the Blacklist/Whitelist policy to block the Terminal app via Hexnode UEM.

    Blacklisting enables you to block access to a particular app or a list of apps on the device.

    You can Blacklist the Terminal app by heading to Policies > New Policy > New Blank Policy > macOS > App Management > Blacklist/Whitelist.

    In the Blacklist/Whitelist policy, you can choose the type as Blacklist and click on Add to search & add the Terminal app to the list. Save & associate the policy with the target devices. This prevents the user from accessing the Terminal app.

    Whitelisting enables you to allow only the required apps to be accessible on the device.

    To Whitelist all the required work apps other than the Terminal app, choose the type as Whitelist in the Blacklist/Whitelist policy. Click on Add to search and add the apps required for work.

    Once you have added all the required apps to the policy, save and associate the policy with the target devices. In this case, the user cannot access any app other than the apps that you have mentioned in the policy.

    I hope this resolves your issue.

    Darvin Hudson,
    Hexnode UEM

     

    27 January 2023

  • Hexnode

    28 January 2023

    Darvin

    Moderator

    Hi @soren,
    As you mentioned, setting the login shell to /bin/false can partially resolve the case but the user will still be able to run simple commands in the Terminal app without logging in to a shell at all. Also, this might create login issues.

    Hence it is suggested to block the Terminal app by Blacklist/Whitelist policy.

    Hope this clarifies your query, please reach out to us in case of any further queries.

    Darvin Hudson,
    Hexnode UEM

    28 January 2023

Not what you're looking for? Try asking the Help Community replies

Not what you're looking for?

Try asking the Help Community replies

Trending Topics

Error while encrypting FileVault via policy

Any remote option to suspend an ongoing OS update with scripts

Mac Is Asking For Credentials For Remote Management Profile.

PKG file installation failed. Error Code: 1001.

OneDrive not syncing with the Mac

Confirm action

×

This action cannot be reverted

Confirm

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .