Hi folks,
I'd like to be able to tell at some point if folks are going in and making calls to the jamf binary on their system.
I'm not great at script, so this may not be pretty, but I figured something like this would work
#!/bin/bash
jamfsnoop=$(less /Users/*/.bash_history | grep -i jamf);
echo "<result>$jamfsnoop</result>"
But it doesn't seem to turn up any results when performing a recon.
Any tips?
