Exemples de profil de configuration
Les exemples suivants peuvent être utilisés comme point de départ pour créer un fichier PLIST ou .mobileconfig pour Compliance Reporter à installer en local ou à déployer via Jamf Pro.
Fichier PLIST
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AuditLevel</key>
<integer>1</integer>
<key>LogFileMaxNumberBackups</key>
<integer>10</integer>
<key>LogFileLocation</key>
<string>/var/log/JamfComplianceReporter.log</string>
<key>LogFileMaxSizeMegaBytes</key>
<integer>10</integer>
<key>FileEventUseFuzzyMatch</key>
<false/>
<key>FileEventInclusionPaths</key>
<array>
<string>/Users/.*</string>
</array>
<key>FileEventExclusionPaths</key>
<array>
<string>/Users/.*/Library/.*</string>
</array>
<key>LogFilePermission</key>
<string>640</string>
<key>LogFileOwnership</key>
<string>root:wheel</string>
<key>AuditEventLogVerboseMessages</key>
<false/>
<key>AuditEventExcludedUsers</key>
<array>
<string>_spotlight</string>
<string>_windowserver</string>
</array>
<key>AuditEventExcludedProcesses</key>
<array>
<string>/usr/bin/log</string>
<string>/usr/sbin/syslogd</string>
</array>
<key>LogRemoteEndpointEnabled</key>
<true/>
<key>LogRemoteEndpointURL</key>
<string>server.company.com:PORT</string>
<key>LogRemoteEndpointType</key>
<string></string>
<key>LogRemoteEndpointKafka</key>
<dict>
<key>TLSServerCertificate</key>
<string></string>
<key>TLSClientPrivateKey</key>
<string></string>
<key>TLSClientCertificate</key>
<string></string>
<key>TopicName</key>
<string>compliancereporter</string>
</dict>
<key>LogRemoteEndpointREST</key>
<dict>
<key>PublicKeyHash</key>
<string>e838SOLK9Yu+brDTxM4s0HatE2UdoEmRSBtNDU=</string>
</dict>
<key>LogRemoteEndpointTLS</key>
<dict>
<key>TLSServerCertificate</key>
<string></string>
</dict>
<key>SyslogFormatEnabled</key>
<false/>
</dict>
</plist>Profil de configuration de collecteur d’événements HTTPS Splunk
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.jamf.compliancereporter</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>AuditEventExcludedProcesses</key>
<array>
<string>/usr/sbin/mDNSResponder</string>
<string>/usr/sbin/syslogd</string>
<string>/Applications/splunk/bin/splunk-optimize</string>
</array>
<key>AuditEventExcludedUsers</key>
<array>
<string>_spotlight</string>
<string>_windowserver</string>
</array>
<key>AuditEventLogVerboseMessages</key>
<false/>
<key>AuditLevel</key>
<integer>1</integer>
<key>FileEventExclusionPaths</key>
<array>
<string>/Applications/splunk.*</string>
</array>
<key>FileEventInclusionPaths</key>
<array>
<string>/usr/lib/pam/.*</string>
<string>/Library/Launch.*</string>
<string>/Library/StartupItems/.*</string>
<string>/Library/Extensions/.*</string>
<string>/Library/Preferences/.*</string>
<string>/Library/PrivilegedHelperTools/.*</string>
<string>/private/etc/.*</string>
</array>
<key>LicenseEmail</key>
<string>example@mycompany.com</string>
<key>LicenseExpirationDate</key>
<string>dd/mm/yyyy</string>
<key>LicenseKey</key>
<string>35c...</string>
<key>LicenseType</key>
<string>Trial</string>
<key>LicenseVersion</key>
<string>1</string>
<key>LogFileMaxNumberBackups</key>
<integer>10</integer>
<key>LogFileMaxSizeMegaBytes</key>
<string>50</string>
<key>LogFileOwnership</key>
<string>root:wheel</string>
<key>LogFilePermission</key>
<string>644</string>
<key>LogRemoteEndpointEnabled</key>
<true/>
<key>LogRemoteEndpointREST</key>
<dict>
<key>PublicKeyHash</key>
<string>7E1DDE57-CEA3-4872-A477-CD2D6B640AFB</string>
</dict>
<key>LogRemoteEndpointType</key>
<string>Splunk</string>
<key>LogRemoteEndpointURL</key>
<string>https://splunk.company.com:8088/services/collector/raw</string>
<key>UnifiedLogPredicates</key>
<array>
<string>(subsystem == "com.apple.AccountPolicy")</string>
</array>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Custom</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
<key>PayloadOrganization</key>
<string>Jamf inc</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Splunk HEC Compliance Reporter Preferences</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
<key>PayloadOrganization</key>
<string>Jamf inc</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>Profil de configuration HTTP REST Sumo Logic
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.jamf.compliancereporter</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>AuditLevel</key>
<integer>1</integer>
<key>AuditEventLogVerboseMessages</key>
<false/>
<key>AuditEventExcludedProcesses</key>
<array>
<string>/Applications/splunk/bin/splunk</string>
<string>/Applications/splunk/bin/splunkd</string>
<string>/Applications/splunk/bin/splunk-optimize</string>
<string>/usr/sbin/mDNSResponder</string>
</array>
<key>FileEventExclusionPaths</key>
<array>
<string>/private/etc/cups/.*</string>
</array>
<key>FileEventInclusionPaths</key>
<array>
<string>/usr/lib/pam/.*</string>
<string>/Library/LaunchDaemons/.*</string>
<string>/Library/LaunchAgents/.*</string>
<string>/Library/StartupItems/.*</string>
<string>/Library/Extensions/.*</string>
<string>/private/etc/.*</string>
<string>/private/var/.*</string>
</array>
<key>UnifiedLogPredicates</key>
<array>
<string></string>
</array>
<!-- Remote endpoint logging master switch -->
<key>LogRemoteEndpointEnabled</key>
<true/>
<key>LogRemoteEndpointURL</key>
<string>https://endpoint4.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV2OEAFVGi2WoEGbB048Hi63VjN_DJVhV...</string>
<key>LogRemoteEndpointType</key>
<string>REST</string>
<key>LogRemoteEndpointREST</key>
<dict>
<key>PublicKeyHash</key>
<string></string>
</dict>
<key>LicenseEmail</key>
<string>example@mycompany.com</string>
<key>LicenseExpirationDate</key>
<string>mm/dd/yyyy</string>
<key>LicenseKey</key>
<string>6466...</string>
<key>LicenseType</key>
<string>Trial</string>
<key>LicenseVersion</key>
<string>1</string>
<key>LogFileMaxNumberBackups</key>
<integer>10</integer>
<key>LogFileMaxSizeMegaBytes</key>
<string>100</string>
<key>LogFileOwnership</key>
<string>root:wheel</string>
<key>LogFilePermission</key>
<string>644</string>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Custom</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
<key>PayloadOrganization</key>
<string>Jamf inc</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Example Compliance Reporter Preferences</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
<key>PayloadOrganization</key>
<string>Jamf inc</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>Profil de configuration de contrôle des règles des préférences de confidentialité
Même si Compliance Reporter n’a pas besoin d’une entité configurée de contrôle des règles des préférences de confidentialité pour la majeure partie de la surveillance des fichiers, cette entité est indispensable pour Host Intrusion Detection (HID).
Pour plus d’informations, reportez-vous à la section Host Intrusion Detection dans la documentation de Compliance Reporter.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>JamfComplianceReporter-PPPC</string>
<key>PayloadDisplayName</key>
<string>JamfComplianceReporter-PPPC</string>
<key>PayloadIdentifier</key>
<string>com.jamf.compliance-reporter.pppc</string>
<key>PayloadOrganization</key>
<string>Jamf Compliance Reporter</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>3b7f1c8e-a301-4784-bb79-1fa85d02899f</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.jamf.reporter" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.jamf.reporter</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
<key>SystemPolicySysAdminFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.jamf.reporter" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.jamf.reporter</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>JamfComplianceReporter-PPPC</string>
<key>PayloadDisplayName</key>
<string>JamfComplianceReporter-PPPC</string>
<key>PayloadIdentifier</key>
<string>com.jamf.compliance-reporter.pppc</string>
<key>PayloadOrganization</key>
<string>Jamf Compliance Reporter</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>3b7f1c8e-a301-4784-bb79-1fa85d02899f</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>