From b4866fa5462d1a05907ae35b777de381545323d0 Mon Sep 17 00:00:00 2001 From: Kris Payne Date: Wed, 30 Nov 2016 14:47:32 -0800 Subject: [PATCH] issue 23 https://github.com/krispayne/CIS-Settings/issues/23 --- ElCapitan_CIS.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ElCapitan_CIS.sh b/ElCapitan_CIS.sh index 1007364..4f9ea41 100644 --- a/ElCapitan_CIS.sh +++ b/ElCapitan_CIS.sh @@ -726,8 +726,14 @@ systemAccess() { # 5.11 Disable ability to login to another user's active and locked session # Level 1 Scored - # Need sed here to edit /etc/pam.d/screensaver - # I believe this is off by default. + + if [[ $(grep -ic "group=admin,wheel fail_safe" /etc/pam.d/screensaver) -eq 0 ]]; then + ScriptLogging " Admins disabled from unlocking other users sessions." + else + ScriptLogging " Admins allowed to unlock other users sessions...." + sed -i.bak s/admin,//g /etc/pam.d/screensaver + ScriptLogging " Admins disabled from unlocking other users sessions." + fi # 5.12 Create a custom message for the Login Screen # Level 1 Scored