nxlog deployment security settings

VintageMacGuy
Contributor II

We are rolling out NXLog to our Macs. I have the installer working, but don't have any security info to configure things like PPPC or  System Extensions. I was able to manually tick the box for Full Disk Access, but I am still getting an error message saying that im_maces|in NXLog requires Transparency, Consent, and Control (TCC) approval to connect to Endpoint Security.

If I can find the Bundle ID and Identifier, I should be able to roll that info a PPPC configuration profile which will flip the switch to turn on the Full Disk Access during install, so I don't have to manually do that.

 

Then to clear the error message I am getting above, I likely need a Team Identifier and/or System Extension type for the System Extensions portion of the Configuration Profile in JAMF.

I have checked their website and don't seem to find anything there in the documentation or message boards about  any identifier. Is there a way to find this info out by looking on a system that has the software installed?

11 REPLIES 11

sdagley
Honored Contributor III

@VintageMacGuy The Apparency app (https://mothersruin.com/software/Apparency/) should show you the bundle identifier and signing ID for NXLog

I grabbed a copy of Apparency and installed it. I used the drag and drop method to take the binary of nxlog from /opt/nxlog/bin/ and try to get Apparency to open it up, but got an error message that says this doesn't appear to be a valid MacOS bundle. It says the extension suggests that it is a bundle, but the contents don't appear to be valid and that the info.plist may be damaged.

Thanks for the pointer to this utility - may come in handy.

sdagley
Honored Contributor III

@VintageMacGuy Interesting they're installing a bundle from there as most companies using System Extensions appear to be moving to bundles inside applications installed in /Applications (and I believe that's either an Apple recommendation or soon to be requirement)

Yeah - it's more of a script.

https://nxlog.co/

 

sdagley
Honored Contributor III

@VintageMacGuy If you do a Show Package Contents on the nxlog binary in the Finder does it show any contents?

Yes. The contents of nxlog include:

_CodeSignature/CodeResources
Embedded.provisionfile
MacOS/nxlog

sdagley
Honored Contributor III

Dropping the MacOS/nxlog file onto Apparency _might_ give you the signing ID/Team Identifier, but I'm not sure about the extension type

Thank you! I was able to find the Team Identifier - 6KBH6TBU4P

Waiting for feedback from the developer on the rest.

sdagley
Honored Contributor III

@VintageMacGuy If you're trying to allow nxlog as a System Extension you _should_ be able to simply create a System Extension payload with the System Extension Types popup set to Allowed Team Identifiers and with the Team Identifier field set to 6KBH6TBU4P

Thank you! I am going to give that a try later this afternoon and report back.

rubberchicken
New Contributor

.