cmdReporter Wiki

Open navigation

Uninstalling cmdReporter

The following script will uninstall cmdReporter and return the /etc/security/audit_control file to it's original state.


GUI_USER=$(who | grep console | grep -v '_mbsetupuser' | awk '{print $1}')
GUI_UID=$(id -u "$GUI_USER")

# LaunchDaemon
/bin/launchctl unload "/Library/LaunchDaemons/com.cmdsec.cmdReporter.plist"
/bin/rm "/Library/LaunchDaemons/com.cmdsec.cmdReporter.plist"

/bin/launchctl bootout "gui/$GUI_UID" "/Library/LaunchAgents/com.cmdsec.cmdReporterHelper.plist"
/bin/rm "/Library/LaunchAgents/com.cmdsec.cmdReporterHelper.plist"

# Double check proc killed
/usr/bin/killall cmdReporter
/usr/bin/killall cmdReporterHelper

# Binary
/bin/rm /usr/local/bin/cmdReporter
/bin/rm /usr/local/bin/cmdReporterHelper
/bin/rm -r /Applications/

# Logs
/bin/rm -f /var/log/cmdReporter.*

# Restore audit_control file
if [[ -e /etc/security/audit_control.backup ]]; then
  # Change audit control file back to values before cmdReporter install
  /bin/rm /etc/security/audit_control
  /bin/mv /etc/security/audit_control.backup /etc/security/audit_control

  # Reload the audit config
  /usr/sbin/audit -s

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.