From 25a59ec2d5c2754a8a158d94e0cb97919a7e7f29 Mon Sep 17 00:00:00 2001
From: pcmxgti <16561338+pcmxgti@users.noreply.github.com>
Date: Wed, 18 Mar 2020 16:01:31 -0400
Subject: [PATCH] Fix directory permissions on Catalina

This resolves #9, but there should be more thorough research on what
directories in /System should not be modified by the remediation script.
---
 CIS Scripts/3_Security_Remediation.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CIS Scripts/3_Security_Remediation.sh b/CIS Scripts/3_Security_Remediation.sh
index 7642a09..143e270 100755
--- a/CIS Scripts/3_Security_Remediation.sh	
+++ b/CIS Scripts/3_Security_Remediation.sh	
@@ -559,7 +559,7 @@ Audit5_1_3="$(defaults read "$plistlocation" OrgScore5_1_3)"
 # If client fails, then remediate
 if [ "$Audit5_1_3" = "1" ]; then
 	IFS=$'\n'
-	for sysPermissions in $( find /System -type d -perm -2 | grep -v "Public/Drop Box" ); do
+	for sysPermissions in $( find /System -type d -perm -2 \! \( -path '*/private/tmp' -o -path '*/Public/Drop Box' \) ); do
 		chmod -R o-w "$sysPermissions"
 	done
 	echo "$(date -u)" "5.1.3 enforced" | tee -a "$logFile"