As posted by Tim Sutton, the installation of “Security Update 2015-002” on a 10.8.5 or 10.9.5 Mac will leave the /mach_kernel file visible. That’s fine, until someone deletes the file & then can’t boot their Mac.
As ever, Rich Trouton has blogged a method to hide the file via Casper.
However, Rich does love an EA & I’m not so inclined therefore the following is an EA free method to achieve the same end.
This Security Update changes the Build Version of the OS, as mentioned in here & as illustrated by Rich here in the same thread.
We can use that to create a Smart Group as shown below:
So the criteria is;
Operating System is 12F2501 or Operating System is 13F1066
As mentioned by Tim in his post, Apple have a KB article on how to re-hide the mach_kernel file.
We can now create a Policy that is scoped to the Smart Group we created above, with a trigger of “Recurring Check-in” & an “Execution Frequency” of “Once per computer”
We then add the below command take from the above linked Apple KB, in the “Execute Command” field under “Files andProcesses”
chflags hidden /mach_kernel
Click “Save” & we’re done.
6 thoughts on “Security Update 2015-002 & mach_kernel file visibility”
Thanks for the info and screenshots!
Anyway to do this via Munki? I can’t figure out a conditional_item that would address this
The script can we run when the files hidden, so perhaps deploy a launch daemon that runs the script at every boot.
Why not use an EA here? Both ways will definitely work, just curious why you’d go to the trouble of developing this just to avoid using an EA.
Using an EA would then also need a smart group & another policy.
It’s actually more work that way than the version here. Let alone the extra head room every EA then adds to each recon.
yep, that’s what I thought.