General Information
Preference Documentation
Log Data Documentation
- Log Data Examples
- Interesting Types of Events
  - SSH Logins and Activity
Related Tech and Configurations
- macOS
Compliance
- cmdReporter and US Govt Standards Details
  - How cmdReporter Meets CMMC, DFARS, and NIST 800-171 Requirements
  - NIST 800-53r4 (high) controls met by using cmdReporter
- Security Baseline Reporting Preferences
  - Security Benchmark Reporting Logs

Installing cmdReporter

Daniel Griggs

Modified on: Thu, 28 May, 2020 at 3:32 PM

Required Installation Steps

Install provided cmdReporter configuration profile
Install cmdReporter installer package
There is no step 3

Files changed

/etc/security/  
└── audit_control
    └── Line 8
-        └── policy:cnt,argv            (Original)
+        └── policy:cnt,argv,arge       (Modified)

Files Added

/Applications/
└── cmdReporter.app

/usr/local/bin/
└── cmdReporter (symlink)

/Library/LaunchDaemons/
└── com.cmdsec.cmdreporter.plist

/Library/LaunchAgents/
└── com.cmdsec.cmdreporterhelper.plist

/var/cmdreporter/        # Supporting files and offline log spool location
└── remoteEndpointLogger

/var/log/
└── cmdReporter.log

Files Locked

These files are locked from modification after cmdReporter installation.

/etc/security/
├── audit_class
├── audit_control
├── audit_event
├── audit_user
└── audit_warn