Gatekeeper Status Check Script

As of Mac OS X 10.7.5, Apple has now made Gatekeeper’s GUI functionality available on both Lion and Mountain Lion. Gatekeeper is disabled on Lion Macs by default, but users with admin privileges can turn it on.

To help Mac admins monitor whether Gatekeeper has been enabled, I’ve written a script that checks spctl to see if Gatekeeper’s assessment system is enabled or disabled. When run with root privileges, this script checks 10.7 and 10.8 Macs to see if Gatekeeper is disabled. If Gatekeeper is disabled, script returns Disabled. Any other status will result in script returning Active.

#!/bin/bash

osvers=$(sw_vers -productVersion | awk -F. '{print $2}')

if [[ ${osvers} -lt 7 ]]; then
  echo "Gatekeeper Not Available For This Version Of Mac OS X"
fi

if [[ ${osvers} -ge 9 ]]; then
  echo "Future Not Known Yet. Revise Me In Mid-2013"
fi

# Checks Gatekeeper status on 10.7.x Macs

if [[ ${osvers} -eq 7 ]]; then
    gatekeeper_status=`spctl --status | grep "assessments" | cut -c13-`
   if [ $gatekeeper_status = "disabled" ]; then
      result=Disabled
   else
      result=Active
   fi
   echo $result
fi

# Checks Gatekeeper status on 10.8.x Macs

if [[ ${osvers} -eq 8 ]]; then
    gatekeeper_status=`spctl --status | grep "assessments" | cut -c13-`
   if [ $gatekeeper_status = "disabled" ]; then
      result=Disabled
   else
      result=Active
   fi
   echo $result
fi

This script is available here on my GitHub repo. I’ve also written a Casper Extension Attribute which is available here.