Gatekeeper is a built-in security feature of macOS—originally introduced in Mac OS X Lion (10.7.3)—that enforces code signing and verifies downloaded applications before allowing them to run. This worklet ensures that Gatekeeper is always enabled on a macOS system.
Evaluation:
#!/bin/bash
# helper function to check if a command exists
function command_exists {
type "$1" &> /dev/null
}
# only evaluate if the spctl command is available
if command_exists spctl; then
# check if gatekeeper is enabled
spctl --status | grep -q "assessments enabled"
# yay? or nay?
exit $?
fi
# spctl command not available, move along
exit 0
Remediation:
#!/bin/bash
# enable gatekeeper for all users
spctl --master-enable
# did we succeed?
exit $?
