Question

Bash History Extension Attribute Script

10 years ago
October 30, 2014
1 reply
0 views

+10

rcurran
Contributor
66 replies

Hi folks,

I'd like to be able to tell at some point if folks are going in and making calls to the jamf binary on their system.

I'm not great at script, so this may not be pretty, but I figured something like this would work

#!/bin/bash

jamfsnoop=$(less /Users/*/.bash_history | grep -i jamf);

echo "<result>$jamfsnoop</result>"

But it doesn't seem to turn up any results when performing a recon.

Any tips?

+10

rcurran
Author
Contributor
66 replies
10 years ago
October 30, 2014

Scratch that ! Just needed to run another recon :)

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Reply

Related topics

Code42 Incydr Extension Attributes for Deployment and Agent Healthicon

Recovery Partition not being reported?icon

Wrong recovery partition versionicon

Help- Stolen iMacicon

Outlook Auto Download Settingsicon

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings