Bash History Extension Attribute Script

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-30-2014 09:06 AM
Hi folks,
I'd like to be able to tell at some point if folks are going in and making calls to the jamf binary on their system.
I'm not great at script, so this may not be pretty, but I figured something like this would work
#!/bin/bash
jamfsnoop=$(less /Users/*/.bash_history | grep -i jamf);
echo "<result>$jamfsnoop</result>"
But it doesn't seem to turn up any results when performing a recon.
Any tips?
1 REPLY 1

Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-30-2014 09:16 AM
Scratch that ! Just needed to run another recon :)
