14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Sample Script Repository
  3. Mac

Category filter

Script to check the code signature of an app installed on Mac

Jump To

Generally, users depend on the Mac App Store or other trusted sources for installing applications on their devices. Yet there can be instances, either due to the application not being available from trusted sources or because the App Store is inaccessible, when users download them from third-party sources. But third-party sources are often prone to distributing corrupt or malicious software. In such security-challenging cases, it becomes necessary for the IT admin to confirm the authenticity of the apps installed on the company devices. Retrieving the code signature of applications installed helps verify the signed authority and hash type of an application and check whether these apps have been tampered with or not.

IT admins can use a script to display the code signature of an installed application. The Execute Custom Script action from Hexnode streamlines the process by letting you run the customized script directly from the UEM console. If the app is found to have been tampered with, the admin or the user can consider uninstalling or replacing it.

Scripting language – Bash

File extension – .sh

Disclaimer:

The sample script provided below is adapted from a third-party open-source site.

Check code signature of an app

Here, the codesign command uses the -dv parameter to display information about the app’s code signature, where the IT admins has to specify the path to the application. The --verbose parameter is used to produce a verbose output.

E.g., To display all information about Calendar.app‘s code signature:

codesign -dv --verbose=4 /Applications/Calendar.app

The output displays hash type, hash, authority entries and other relevant information of the application.

If you only wish to see whether the app is valid and whether its signing requirements have been satisfied, run the command:

For example, when we run the command codesign -v --verbose /System/Applications/Clock.app for a valid Clock app, it shows:

/System/Applications/Clock.app: valid on disk
/System/Applications/Clock.app: satisfies its Designated Requirement

If the Clock app’s contents have been modified, i.e., modified files or unrecognized components were added to the app package, you will receive an output indicating the modification or presence of the invalid file.

E.g., If an invalid file, say “maliciousfile.sh”, has been added to the Safari application, running the command codesign -v --verbose /System/Applications/Safari.app gives you the output:

/System/Applications/Safari.app: a sealed resource is missing or invalid
file added: /System/Applications/Safari.app/Contents/ASDF/maliciousfile.sh

Notes:

  • It is recommended to manually validate the script execution on a system before executing the action in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Sample Script Repository