• FB8294261: After macOS update, custom system.login.screensaver is getting reverted to macOS default.
• FB8293900: After macOS update, custom logs created in /Library/Logs/ are getting deleted.

A macOS administrative user must perform the steps below. See 000039048 - macOS administrator locked out due to RSA MFA Agent for macOS misconfiguration  if administrator cannot log in to the machine.

Restore MFA Unlock

1. Backup existing system.login.screensaver:

bash$ security authorizationdb read system.login.screensaver > system.login.screensaver.Original_Backup.plist

2. Create a custom plist file named screensaverMechanism.plist.
3. Include the following data:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!--
 ScreensaverMechanism.plist
 RSASIDAuthPlugin
 
 This custom rule is used to enable RSA MFA unlock.
 This rule is added to package under resources.
 Copyright (c) 2020 RSA. All rights reserved.
-->
<plist version="1.0">
<dict>
 <key>class</key>
 <string>rule</string>
 <key>comment</key>
 <string>Verify that the requesting process is running as the session owner.</string>
 <key>rule</key>
 <string>authenticate-session-owner-via-rsa</string>
 <key>timeout</key>
 <integer>12000</integer>
</dict>
</plist>

4. Write the custom screensaver data to system.login.screensaver:

bash$ security authorizationdb write system.login.screensaver < screensaverMechanism.plist

Agent Logs

1. Before starting the macOS update, take a backup of the agent log files from /Library/Logs/RSA MFA Agent.
2. After the macOS update:
   1. Create a directory that is named /Library/Logs/RSA MFA Agent with file permissions drwxrwxrwt and create an online log file:

bash$ chmod 1777 "/Library/Logs/RSA MFA Agent"
bash$ curDate=`date '+%Y-%m-%d %H-%M-%S'`
bash$ onlineLogFile="OnlineAuthentication $curDate-001.log"
bash$ touch "$onlineLogFile"
bash$ chown "_securityagent:wheel" "$onlineLogFile"