SilentKnight is proving popular and effective at keeping tabs on the latest macOS security updates, EFI firmware, and ensuring that protection such as SIP is turned on. Several users have asked for a version which they can run from the command line, and I’m delighted to release the first version of silnite, which does just that.

It’s signed, hardened and notarized to run in versions of macOS from El Capitan to Catalina (tested there in beta 4). It offers a range of checks from purely local, in which it reports currently installed versions of security tools including Gatekeeper, MRT, XProtect and TCC, together with key settings such as SIP and FileVault, and the EFI firmware version. At the other extreme, it runs all the checks in SilentKnight, looks up current versions on my GitHub service, and can even download and install waiting updates for you.

It reports to standard output in either of two formats. Its normal text version is similar to that in the report view of SilentKnight:
Mac model iMacPro1,1
EFI version found 220.270.99.0.0 (iBridge: 16.16.6568.0.0,0); expected 220.270.99.0.0
✅ EFI firmware appears up to date.
✅ XProtect 2104 should be 2104
✅ Gatekeeper 173 should be 173
✅ MRT 1.47 should be 1.47
✅ TCC 17.0 should be 17.0
✅ KEXT 14.5.1 should be 14.5.1
✅ System Integrity Protection status: enabled.
✅ XProtect assessments enabled
✅ FileVault is On.
No update available.
macOS Version 10.14.6 (Build 18G84)
XProtect 2019-05-02 04:47:56 +0000 : 2103
Gatekeeper 2019-07-22 16:21:56 +0000 : 173
MRT 2019-07-18 17:16:09 +0000 : 1.47
TCC 2019-06-05 04:49:18 +0000 : 17.0

For those who want to read the output into other tools or a database, you can instead opt for JSONised XML such as:
{
EFIE = "220.270.99.0.0";
EFIV = "220.270.99.0.0 (iBridge: 16.16.6568.0.0,0)";
FileVault = 1;
GateUpdate = "2019-07-22 16:21:56 +0000";
GateVer = 173;
GatekeeperE = 173;
GatekeeperV = 173;
KEXTE = "14.5.1";
KEXTV = "14.5.1";
MRTE = "1.47";
MRTUpdate = "2019-07-18 17:16:09 +0000";
MRTV = "1.47";
MRTVer = "1.47";
MacModel = "iMacPro1,1";
SIP = 1;
TCCE = "17.0";
TCCUpdate = "2019-06-05 04:49:18 +0000";
TCCV = "17.0";
TCCVer = "17.0";
UpdateWaiting = 0;
XPro = 1;
XProtectE = 2104;
XProtectV = 2104;
XproUpdate = "2019-05-02 04:47:56 +0000";
XproVer = 2103;
macOS = "Version 10.14.6 (Build 18G84)";
}

Fields are documented in its readme file, and it uses the same methods as detailed in the SilentKnight Help book.

Version 1 of silnite is now available from here: silnite1
from Downloads above, and from its Product Page.

It is of course completely free, even if you want to install hundreds of copies across your network. If you have any issues or want additional options or features, please don’t hesitate to comment or contact me.