Opened 22 months ago

Last modified 10 months ago

#66878 new defect

Crowdstrike (security scanner) freaks out when the package installer runs — at Initial Version

Reported by: chrisridd (Chris Ridd) Owned by:
Priority: Normal Milestone:
Component: base Version: 2.8.1
Keywords: Cc:
Port:

Description

Our IT folks use some software called Crowdstrike to protect our Macs.

I don't know if the package installer script has changed recently, or if Crowdstrike's become more sensitive, but installing the MacPorts-2.8.1-13-Ventura.pkg just now caused Crowdstrike to freak out and kill the script.

Maybe there's another way to do what the installer's doing without upsetting Crowdstrike? Or maybe MacPorts can ask Crowdstrike to whitelist this particular script?

I am attaching a screenshot of the Crowdstrike error.

The script it is complaining about is this:

/bin/sh -c if test -n "/usr/bin/dscl" -a -n "/usr/sbin/dseditgroup" ; then if ! /usr/bin/dscl -q . -read "/Groups/macports" > /dev/null 2>&1 ; then if test `id -u` -eq 0; then echo "Creating group \"macports\"" ; /usr/sbin/dseditgroup -q -o create "macports" ; else echo "Not creating group \"macports\" (not root)" ; fi ; fi ; if ! /usr/bin/dscl -q . -list "/Users/macports" > /dev/null 2>&1 ; then if test `id -u` -eq 0; then echo "Creating user \"macports\"" ; NEXTUID=501; while test -n "`/usr/bin/dscl -q /Search -search /Users UniqueID $NEXTUID`"; do let "NEXTUID=NEXTUID+1"; done; /usr/bin/dscl -q . -create "/Users/macports" UniqueID $NEXTUID ; /usr/bin/dscl -q . -delete "/Users/macports" AuthenticationAuthority ; /usr/bin/dscl -q . -delete "/Users/macports" PasswordPolicyOptions ; /usr/bin/dscl -q . -delete "/Users/macports" dsAttrTypeNative:KerberosKeys ; /usr/bin/dscl -q . -delete "/Users/macports" dsAttrTypeNative:ShadowHashData ; /usr/bin/dscl -q . -create "/Users/macports" RealName MacPorts ; /usr/bin/dscl -q . -create "/Users/macports" Password \* ; /usr/bin/dscl -q . -create "/Users/macports" PrimaryGroupID $(/usr/bin/dscl -q . -read "/Groups/macports" PrimaryGroupID | /usr/bin/awk '{print $2}') ; /usr/bin/dscl -q . -create "/Users/macports" NFSHomeDirectory "/opt/local/var/macports/home" ; /usr/bin/dscl -q . -create "/Users/macports" UserShell /usr/bin/false ; else echo "Not creating user \"macports\" (not root)" ; fi ; fi ; if test "$(/usr/bin/dscl -q . -read "/Users/macports" NFSHomeDirectory)" = "NFSHomeDirectory: /var/empty" ; then if test `id -u` -eq 0; then echo "Updating home directory location for user \"macports\"" ; /usr/bin/dscl -q . -create "/Users/macports" NFSHomeDirectory "/opt/local/var/macports/home" ; else echo "Not updating home directory location for user \"macports\" (not root)" ; fi ; fi ; if test "22" -eq 8 -a `id -u` -eq 0; then GID=`/usr/bin/dscl -q . -read "/Groups/macports" PrimaryGroupID | /usr/bin/awk '{print $2}'` ; if test "`/usr/bin/dscl -q . -read "/Users/macports" PrimaryGroupID 2>/dev/null | /usr/bin/awk '{print $2}'`" != "$GID"; then echo "Fixing PrimaryGroupID for user \"macports\"" ; /usr/bin/dscl -q . -create "/Users/macports" PrimaryGroupID $GID ; /usr/bin/dscl -q . -create "/Users/macports" RealName MacPorts ; fi ; fi ; else echo "Can't find /usr/bin/dscl / /usr/sbin/dseditgroup, not creating user \"macports\"" ; fi

Change History (1)

Changed 22 months ago by chrisridd (Chris Ridd)

Attachment: crowdstrike.png added

Screenshot of the Crowdstrike alert

Note: See TracTickets for help on using tickets.