5.20 System Integrity Protection status

Information

System Integrity Protection is a security feature introduced in OS X 10.11 El Capitan. System Integrity Protection restricts access to System domain locations and restricts runtime attachment to system processes. Any attempt to attempt to inspect or attach to a system process will fail. Kernel Extensions are now restricted to /Library/Extensions and are required to be signed with a Developer ID.

Rationale:

Running without System Integrity Protection on a production system runs the risk of the modification of system binaries or code injection of system processes that would otherwise be protected by SIP.

Impact:

System binaries and processes could become compromised

Solution

Perform the following while booted in macOS Recovery Partition.

Select Terminal from the Utilities menu

Run the following command in Terminal:

/usr/bin/csrutil enable



The output should be:

Successfully enabled System Integrity Protection. Please restart the machine for the changes to take effect.



Reboot.

If a change is to the status is attempted from the booted Operating System rather than the recovery partition an error will be generated.
csrutil: failed to modify system integrity configuration. This tool needs to be executed from the Recovery OS.

See Also

https://workbench.cisecurity.org/files/3092

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-7(1)

Plugin: Unix

Control ID: cf0b1e474c37a90632f1b3493bbf044ea3fee9ccc75082066b010675b5ac7b56