Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Disable Terminal in macOS

LuluMom said:
I'd like to try Santa but, full disclosure, I think configuring is beyond my technical abilities!
Click to expand...
I’ve just tested on Monterey 12.5.1 (21G83):
1. Download the latest Santa release from https://github.com/google/santa/releases
At the moment santa-2022.8.dmg https://github.com/google/santa/releases/download/2022.8/santa-2022.8.dmg
(you can scan the dmg on https://www.virustotal.com)
2. Open the dmg and install santa-2022.8.pkg
3. Grant permission in System Preferences – Security and Privacy for the Santa extension (See https://support.apple.com/en-us/HT210999 for more details)
4. Open Terminal, check if santactl is running with
Code: 
santactl status
If it returns an error, try restarting your Mac.

Create a new rule to block Terminal
Code: 
sudo santactl rule --block --path /System/Applications/Utilities/Terminal.app

Check the rule for Terminal
Code: 
santactl fileinfo /System/Applications/Utilities/Terminal.app

Close Terminal and any user that tries to start it will be displayed this message.
Santa_Terminal.jpg

An admin user can remove the rule and re-enable Terminal by running from Script Editor (Applications/Utilities/Script Editor.app)
Code: 
do shell script "/usr/local/bin/santactl rule --remove --path /System/Applications/Utilities/Terminal.app" with administrator privileges
 
@bogdanw These are fantastic directions. Thank you! Unfortunately, I cannot get beyond the error message (have restarted multiple times). This is the message I am getting:

An error occurred communicating with the daemon, is it running?
 
  • Like
Reactions: LuluMom
bogdanw said:
Try to disable SIP.
From Apple:
“To disable SIP, do the following:
Restart your computer in Recovery mode.
Launch Terminal from the Utilities menu.
Run the command csrutil disable.
Restart your computer.”
https://developer.apple.com/documen...ling_and_enabling_system_integrity_protection

You can re-enable SIP after setting the rule for Terminal.
Click to expand...
thanks for the write up

But reenabling SIP resets everything and santa no longer blocks terminal because of apples crappy insistence on snapshots.

Any alternative ways to block it?
 
Giving com.google.santa.daemon Full Disk Access in System Settings – Privacy & Security - Full Disk Access should now take care of the message “An error occurred communicating with the daemon, is it running?”

Tested in Ventura 13.5 (22G74) with SIP enabled, Santa version v2023.6
com.google.santa.daemon.jpg
 
  • Like
Reactions: tabulrasa
bogdanw said:
Giving com.google.santa.daemon Full Disk Access in System Settings – Privacy & Security - Full Disk Access should now take care of the message “An error occurred communicating with the daemon, is it running?”

Tested in Ventura 13.5 (22G74) with SIP enabled, Santa version v2023.6
Click to expand...

Is there a way to block scripteditor too? I get errors about some sort of certificates
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back