cmdReporter Wiki

Home Email Support Client Login
Welcome
Login
  1. cmdReporter Wiki
  2. Solution home
  3. General Information
  4. Getting Started
Open navigation

Uninstalling cmdReporter

Daniel Griggs
Modified on: Wed, 7 Oct, 2020 at 1:03 PM

The following script will uninstall cmdReporter and return the /etc/security/audit_control file to it's original state.

#!/bin/bash

GUI_USER=$(who | grep console | grep -v '_mbsetupuser' | awk '{print $1}')
GUI_UID=$(id -u "$GUI_USER")

# LaunchDaemon
/bin/launchctl unload "/Library/LaunchDaemons/com.cmdsec.cmdReporter.plist"
/bin/rm "/Library/LaunchDaemons/com.cmdsec.cmdReporter.plist"

/bin/launchctl bootout "gui/$GUI_UID" "/Library/LaunchAgents/com.cmdsec.cmdReporterHelper.plist"
/bin/rm "/Library/LaunchAgents/com.cmdsec.cmdReporterHelper.plist"

# Double check proc killed
/usr/bin/killall cmdReporter
/usr/bin/killall cmdReporterHelper

# Binary
/bin/rm /usr/local/bin/cmdReporter
/bin/rm /usr/local/bin/cmdReporterHelper
/bin/rm -r /Applications/cmdReporter.app

# Logs
/bin/rm -f /var/log/cmdReporter.*

# Unlock audit control files
chflags nouchg /etc/security/audit_class
chflags nouchg /etc/security/audit_control
chflags nouchg /etc/security/audit_event
chflags nouchg /etc/security/audit_user
chflags nouchg /etc/security/audit_warn

# Restore audit_control file
if [[ -e /etc/security/audit_control.backup ]]; then
    if [[ -e /etc/security/audit_control.backup ]]; then
        #statements
        # Change audit control file back to values before cmdReporter install
        /bin/rm /etc/security/audit_control
        /bin/cp /etc/security/audit_control.backup /etc/security/audit_control
        /bin/rm -f /etc/security/audit_control.backup
    fi
    # Reload the audit config
    /usr/sbin/audit -s
fi


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.