Sharing an Extension Attribute - SAP Privileges.app - Last 5 Reasons

gknacks
New Contributor III

Been looking for an EA to pull the last 5 reasons given by a user for account elevation from /private/var/log/privileges.log for awhile, didn't quite have the bash savvy to get exactly what I wanted.

 

Last night I decided to give ChatGPT a shot. First I gave it a summary of what I wanted and told it to hold so I could give it more specific info. I fed it the documentation link for Extension Attributes in the Jamf Pro Admin guide, then provided a sample privileges.log file. After a bit of messing around with the results given by ChatGPT and prompting it to refine its response further it spit out something workable.

 

Here's the final result in Jamf, along with the Extension Attribute script (in zsh).

 

Screenshot 2023-03-29 at 9.37.55 AM.png

 

 

 

#!/bin/zsh
#
##########################################################
#
# Jamf Pro Extension Attribute
# Last 5 Privileges.app requests.sh
# Version 1.0
# 3.29.2023
#
# This script records the last 5 reasons an end user needs to request local admin rights
# using Privileges.app on macOS from https://github.com/SAP/macOS-enterprise-privileges
# and records the information into Jamf Pro as documented here:
# https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Computer_Extension_Attributes.html.
#
# The purpose of this script is to improve the end user support experience and for future security audits.
# It is not meant to be intrusive or an invasion of privacy. 
# 
# This script was created by Greg Knackstedt (https://github.com/scriptsandthings/) with assistance from ChatGPT.
# Contact information: **bleep**ttyscripts@gmail.com
#
##########################################################
#
# set the path to the log file we want to search
log_file='/private/var/log/privileges.log'

# read each line of the log file
while read -r line; do
    # if the line contains the pattern 'reason:', extract the date and reason
    if [[ "$line" == *reason:* ]]; then
        # extract the date and time from the line using grep
        date=$(echo "$line" | grep -oE '\b[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}\b')
        # extract the reason from the line using sed
        reason=$(echo "$line" | sed 's/.*reason:/reason:/;s/ on MachineID:.*//')
        # append the date and reason to the result output
        result+="${date} ${reason}\n"
    fi
# read from the log file
done < "$log_file"


# read and save the resulting output to the variable $eaResult
# use tail to limit the output to the last 5 matching lines
eaResult=$( echo "$result" | tail -n 5 )

# print the result output to the console
echo "<result>$eaResult</result>"

# Exit the script
exit 0

 

 

 

1 ACCEPTED SOLUTION

gknacks
New Contributor III
4 REPLIES 4

jamf-42
Valued Contributor

This script was created by ChatGPT with assistance from Greg Knackstedt (https://github.com/scriptsandthings/😀

 

or you wrote that grep 😳

gknacks
New Contributor III

IMG_1038.jpeg

gknacks
New Contributor III

All kidding aside, there's no way I wrote that.

Originally it started in bash, but sed kept giving errors so I asked ChatGPT to retry in zsh and avoid using sed.

 

This took about 2.5 hours of back and fourth to get, but the script posted here is 99% the final unedited output of ChatGPT. All it got wrong was how it did the <results> tags for the final echo. I re-did that and the EA was good to go.

yeyo
New Contributor

@gknacks  Thanks for your help with the script,  I have a quick question. Is there anyway to log admin activities  carried out by a user when with elevated account. ?