5.10 Ensure Secure Keyboard Entry Terminal.app Is Enabled

Information

Secure Keyboard Entry prevents other applications on the system and/or network from detecting and recording what is typed into Terminal. Unauthorized applications and malicious code could intercept keystrokes entered in the Terminal.

Rationale:

Enabling Secure Keyboard Entry minimizes the risk of a key logger from detecting what is entered in Terminal.

Impact:

Enabling this in Terminal would prevent an application that is otherwise validly intercepting keyboard input from intercepting that input in Terminal.app. This could impact productivity tools.

Solution

Graphical Method:
Perform the following steps to enable secure keyboard entries in Terminal:

Open the Applications folder

Open the Utilities folder

Open Terminal

Select Terminal in the Menu Bar

Set Secure Keyboard Entry to enabled

Terminal Method:

$ /usr/bin/sudo -u <username> /usr/bin/defaults write -app Terminal SecureKeyboardEntry -bool true

example:

$ /usr/bin/sudo -u firstuser /usr/bin/defaults write -app Terminal SecureKeyboardEntry -bool true

Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.Terminal

The key to include is SecureKeyboardEntry

The key must be set to <true/>

Note: Since the profile method sets a system-wide setting and not a user-level one, the profile method is the preferred method. It is always better to set system-wide than per user.

See Also

https://workbench.cisecurity.org/files/4176