Information
System Integrity Protection is a security feature introduced in OS X 10.11 El Capitan. System Integrity Protection restricts access to System domain locations and restricts runtime attachment to system processes. Any attempt to inspect or attach to a system process will fail. Kernel Extensions are now restricted to /Library/Extensions and are required to be signed with a Developer ID.
Running without System Integrity Protection on a production system runs the risk of the modification of system binaries or code injection of system processes that would otherwise be protected by SIP.
Solution
Terminal Method:
Perform the following steps to enable System Integrity Protection:
- Reboot into the Recovery Partition (reboot and hold down Command + R )
- Select Utilities
- Select Terminal
- Run the following command:
$ /usr/bin/sudo /usr/bin/csrutil enable
Successfully enabled System Integrity Protection. Please restart the machine for the changes to take effect. <xhtml:ol start="5"> - Reboot the computer
Note: If SIP has been disabled, the admin should research why it was disabled. You might also want to assume that the operating system has been compromised. If you believe this is the case, back up any files, and do a clean install to a known good Operating System.
It might be a better option to erase the Mac and reinstall the operating system. That is at your discretion.
Note: You cannot enable System Integrity Protection from the booted operating system. If the remediation is attempted in the booted OS and not the Recovery Partition, the output will give the error csrutil: failed to modify system integrity configuration. This tool needs to be executed from the Recovery OS.
Impact:
System binaries and processes could become compromised.