Cross-Platform Compliance: Introducing Linux & macOS Endpoint Scanning

The assumption that compliance scanning is a Windows-only concern ended years ago. According to the 2025 Linux Foundation Enterprise Survey, 96% of public cloud workloads run on Linux. Gartner estimates that macOS now accounts for 23% of enterprise endpoint deployments in technology and professional services sectors. A compliance program that only scans Windows endpoints is, by definition, incomplete.

The Architecture Challenge

Building a cross-platform compliance agent is harder than it sounds. PowerShell scripts that work on Windows do not translate directly to Linux. macOS has its own security model with System Integrity Protection, Gatekeeper, and FileVault. The controls themselves are fundamentally different: checking ufw status on Ubuntu is nothing like checking Windows Firewall rules.

TATER solved this by rewriting the endpoint agent in Go. The resulting binary is a single executable, compiled natively for each target platform with zero runtime dependencies. No Python interpreter, no .NET runtime, no PowerShell Core installation required. The agent runs as a Windows service, a Linux systemd unit, or a macOS launch daemon, all from the same codebase.

20 Linux Security Controls

The initial Linux control set covers the most critical security baselines that map to CIS Distribution Independent Linux Benchmark requirements:

• Network security: Firewall enabled (ufw, firewalld, or iptables), SSH hardening (PermitRootLogin, PasswordAuthentication), kernel IP forwarding disabled
• Data protection: Disk encryption via LUKS, core dumps disabled, /tmp mounted with noexec and nosuid
• Access control: Password policy enforcement, no empty passwords, sudoers NOPASSWD audit, guest account disabled, failed login monitoring
• System integrity: SELinux or AppArmor enabled, auditd running, automatic updates configured, NTP synchronization
• Endpoint hygiene: USB storage restrictions, world-writable directory audit, syslog running, antivirus presence check

"Endpoint compliance is not about the operating system. It is about the security posture. Every device in your fleet, regardless of platform, deserves the same level of scrutiny."

Local Dashboard and Auto-Update

Every TATER agent instance, regardless of platform, runs a local HTTP dashboard on a random loopback port. The dashboard shows compliance rate, pass/fail breakdown, hardware inventory, speed test results, and full scan history. On Windows, it opens in Microsoft Edge app mode for a native application feel.

Auto-update works the same across all platforms: the agent polls the TATER API for version information, downloads the new binary, verifies the SHA-256 hash, and restarts. On Linux, this integrates with systemd for zero-downtime updates. On macOS, the launch daemon handles the restart.