cmdReporter Wiki

Open navigation

Jamf Configuration Profile Schema

Paste the json schema in the "Custom Schema" field when creating a configuration profile in Jamf.


Click the "Properties" tab to edit and configure settings



Full text of the configuration profile schema to paste into Jamf web console.

{
    "title": "cmdReporter Settings",
    "description": "Domain: com.cmdsec.cmdreporter",
    "options": {
        "remove_empty_properties": true
    },
    "properties":
    {
        "AuditLevel":
        {
            "type": "integer",
            "title": "AuditLevel",
            "description": "Log Verbosity Level. Recommended: 1 or 2",
            "enum": [1, 2, 3],
            "enum_titles": [1, 2, 3],
            "default": 1
        },
        "AuditEventLogVerboseMessages":
        {
            "type": "boolean",
            "title": "AuditEventLogVerboseMessages",
            "default": false,
            "description": "Log messages cmdReporter deems non-critical. Recommended: false"
        },
        "AuditEventExcludedUsers":
        {
            "type": "array",
            "description": "Users to exclude from audit logging. Recommended: None",
            "title": "AuditEventExcludedUsers",
            "options":
            {
                "infoText": "Key: AllowedEmailDomains"
            },
            "items":
            {
                "type": "string",
                "title": "Excluded User",
                "options":
                {
                    "inputAttributes":
                    {
                        "placeholder": "dan"
                    }
                }
            }
        },
        "AuditEventExcludedProcesses":
        {
            "type": "array",
            "title": "AuditEventExcludedProcesses",
            "description": "Applications or processes to exclude from logging. Recommended: Only other security software",
            "items":
            {
                "type": "string",
                "title": "Excluded Processes",
                "options":
                {
                    "inputAttributes":
                    {
                        "placeholder": "/Applications/Security Tool.app"
                    }
                }
            }
        },

        "LogRemoteEndpointEnabled":
        {
            "type": "boolean",
            "title": "LogRemoteEndpointEnabled",
            "description": "Master switch for sending logs to remote destinations. Recommended: true",
            "default": true
        },
        "LogRemoteEndpointURL":
        {
            "type": "string",
            "title": "LogRemoteEndpointURL",
            "description": "Full URL with port number where logs will be sent.",
            "options":
            {
                "inputAttributes":
                {
                    "placeholder": "https://company.splunk.server:443/services/collector/raw"
                }
            }
        },
        "LogRemoteEndpointType":
        {
            "type": "string",
            "title": "LogRemoteEndpointType",
            "description": "Switch which configuration is used for remote transmission. LogRemoteEndpoint(value) are additional configurations. Recommended: Splunk",
            "enum": ["Syslog", "REST", "Kafka", "Splunk", "TLS", "AWSKinesis"],
            "enum_titles": ["Syslog", "REST", "Kafka", "Splunk", "TLS", "AWSKinesis"],
            "default": "Splunk"
        },
        "LogRemoteEndpointAWSKinesis":
        {
            "type": "object",
            "title": "LogRemoteEndpointAWSKinesis",
            "description": "Send logs directly to an AWS Kinesis stream",
            "properties":
            {
                "AccessKeyID":
                {
                    "type": "string",
                    "title": "AWS Access Key ID",
                    "description": "(Required) AWS Access Key ID",
                    "options":
                    {
                        "inputAttributes":
                        {
                            "placeholder": "EJNPQUNWGIJWHEPK70DE"
                        }
                    }
                },
                "SecretKey":
                {
                    "type": "string",
                    "title": "AWS Secret Key",
                    "description": "(Required) AWS Secret Key",
                    "options":
                    {
                        "inputAttributes":
                        {
                            "placeholder": "vOQd2pqNMyNR3CetPbrEhzfT..."
                        }
                    }
                },
                "StreamName":
                {
                    "type": "string",
                    "title": "AWS Kinesis Stream Name",
                    "description": "(Required) AWS Kinesis Stream Name (NOT ARN)",
                    "options":
                    {
                        "inputAttributes":
                        {
                            "placeholder": "cmdReporter"
                        }
                    }
                },
                "Region":
                {
                    "type": "string",
                    "title": "Region",
                    "description": "(Required)",
                    "default": "us-east-1"
                }
            }
        },
        "LogRemoteEndpointKafka":
        {
            "type": "object",
            "title": "LogRemoteEndpointKafka",
            "description": "Configure certificate and topic for Apache Kafka",
            "properties":
            {
                "TopicName":
                {
                    "type": "string",
                    "title": "TopicName",
                    "description": "(Required) Kafka topic cmdReporter will publish to",
                    "default": "cmdReporter"
                },
                "TLSServerCertificate":
                {
                    "type": "array",
                    "title": "TLSServerCertificate",
                    "description": "(Required) Common names for server certificate trust chain.",
                    "items":
                    {
                        "type": "string",
                        "title": "Certificate Common Name",
                        "options":
                        {
                            "infoText": "Maps to Kafka setting ssl.ca.location",
                            "inputAttributes":
                            {
                                "placeholder": "Apple Root CA - G2"
                            }
                        }
                    }

                },
                "TLSClientCertificate":
                {
                    "type": "array",
                    "title": "TLSClientCertificate",
                    "description": "(Optional) common name of client certificate in system keychain.",
                    "options":
                    {
                        "infoText": "Maps to Kafka setting ssl.certificate.location",
                        "inputAttributes":
                        {
                            "placeholder": "server_name.company.com"
                        }
                    }
                },
                "TLSClientPrivateKey":
                {
                    "type": "string",
                    "title": "TLSClientPrivateKey",
                    "description": "(Optional) PEM formatted client private key",
                    "options":
                    {
                        "infoText": "Maps to Kafka setting ssl.key.location",
                        "inputAttributes":
                        {
                            "placeholder": "-----BEGIN CERTIFICATE-----..."
                        }
                    }
                }
            }
        },
        "LogRemoteEndpointREST":
        {
            "type": "object",
            "title": "LogRemoteEndpointREST",
            "description": "REST or Splunk HEC settings. PublicKeyHash applies to both methods.",
            "properties":
            {
                "PublicKeyHash":
                {
                    "type": "string",
                    "title": "PublicKeyHash",
                    "description": "(Required) REST or Splunk HEC API key"
                }
            }
        },
        "LogRemoteEndpointTLS":
        {
            "type": "object",
            "title": "LogRemoteEndpointTLS",
            "description": "",
            "properties":
            {
                "TLSServerCertificate":
                {
                    "type": "array",
                    "title": "TLSServerCertificate",
                    "description": "(Required) Common names for server certificate trust chain.",
                    "items":
                    {
                        "type": "string",
                        "title": "Certificate Common Name",
                        "options":
                        {
                            "inputAttributes":
                            {
                                "placeholder": "Apple Root CA - G2"
                            }
                        }
                    }

                }
            }
        },
        "UnifiedLogPredicates":
        {
            "type": "array",
            "title": "UnifiedLogPredicates",
            "description": "Search terms that will be collected from the unified log systems.",
            "items":
            {
                "type": "string",
                "title": "Predicates",
                "description": "Search terms that will be collected from the unified log systems.",
                "options":
                {
                    "inputAttributes":
                    {
                        "placeholder": "(subsystem == \"com.apple.securityd\")"
                    }
                }
            }
        },
        "LicenseEmail":
        {
            "type": "string",
            "title": "LicenseEmail",
            "description": "(Required)",
            "placeholder": "name@company.com"
        },
        "LicenseExpirationDate":
        {
            "type": "string",
            "title": "LicenseExpirationDate",
            "description": "(Required) Format: 01/20/2020",
            "placeholder": "01/20/2020"
        },
        "LicenseKey":
        {
            "type": "string",
            "title": "LicenseKey",
            "description": "(Required)",
            "placeholder": "asdfh38chdj..."
        },
        "LicenseType":
        {
            "type": "string",
            "title": "LicenseType",
            "enum": ["Trial", "Annual"],
            "enum_titles": ["Trial", "Annual"],
            "default": "Annual",
            "description": "(Required)"
        },
        "LicenseVersion":
        {
            "type": "string",
            "title": "LicenseVersion",
            "description": "(Required) Always leave at 1",
            "default": "1"
        },
        "LogFileMaxNumberBackups":
        {
            "type": "integer",
            "title": "LogFileMaxNumberBackups",
            "description": "Maximum number of archived backups to keep before deleting oldest.",
            "default": "10"
        },
        "LogFileMaxSizeMegaBytes":
        {
            "type": "integer",
            "title": "LogFileMaxSizeMegaBytes",
            "description": "Maximum log file size before rotating.",
            "default": "50"
        },
        "LogFileOwnership":
        {
            "type": "string",
            "title": "LogFileOwnership",
            "description": "User and group ownership of log files",
            "default": "root:wheel"
        },
        "LogFilePermission":
        {
            "type": "string",
            "title": "LogFilePermission",
            "description": "Octal permissions for live and archived log files.",
            "default": "644"
        },
        "SecurityBaseline":
        {
            "type": "string",
            "title": "SecurityBaseline",
            "description": "Name of the security baseline to report on",
            "enum": ["800-53_high","800-53_low","800-53_moderate","cnssi-1253","all_rules"],
            "enum_titles": ["NIST 800-53_high","NIST 800-53_low","NIST 800-53_moderate","cnssi-1253","all_rules"],
            "default": "all_rules"
        },
        "SecurityBaselineReportingInterval":
        {
            "type": "integer",
            "title": "SecurityBaselineReportingInterval",
            "description": "Number of minutes between security baseline reports.",
            "default": "720"
        },
        "ProhibitedApps":
        {
            "type": "object",
            "title": "ProhibitedApps",
            "description": "Configure applications to be blocked from user sessions.",
            "properties":
            {
                "PAExecutableNames":
                {
                    "type": "array",
                    "title": "PAExecutableNames",
                    "description": "Process names to block from launching from a user session.",
                    "items":
                    {
                        "type": "string",
                        "title": "Executable Name",
                        "options":
                        {
                            "inputAttributes":
                            {
                                "placeholder": "fdesetup"
                            }
                        }
                    }

                },
                "PASigningIdentifiers":
                {
                    "type": "array",
                    "title": "PASigningIdentifiers",
                    "description": "Process signing IDs to block from launching from a user session.",
                    "items":
                    {
                        "type": "string",
                        "title": "Executable App Signing ID",
                        "options":
                        {
                            "inputAttributes":
                            {
                                "placeholder": "com.apple.fdesetup"
                            }
                        }
                    }

                },
                "PATeamIdentifiers":
                {
                    "type": "array",
                    "title": "PATeamIdentifiers",
                    "description": "Process team IDs to block from launching from a user session",
                    "items":
                    {
                        "type": "string",
                        "title": "Executable App Signing ID",
                        "options":
                        {
                            "inputAttributes":
                            {
                                "infoText": "This is the team ID for Wireshark as an example.",
                                "placeholder": "7Z6EMTD2C6"
                            }
                        }
                    }
                }
            }
        }
    }
}


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.