構成プロファイルの例
以下の例を参考にして、Compliance Reporter 用の PLIST ファイルまたは .mobileconfig ファイルを作成してください。Compliance Reporter は、ローカルにインストールすることも、Jamf Pro を介して展開することもできます。
PLIST ファイル
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AuditLevel</key>
<integer>1</integer>
<key>LogFileMaxNumberBackups</key>
<integer>10</integer>
<key>LogFileLocation</key>
<string>/var/log/JamfComplianceReporter.log</string>
<key>LogFileMaxSizeMegaBytes</key>
<integer>10</integer>
<key>FileEventUseFuzzyMatch</key>
<false/>
<key>FileEventInclusionPaths</key>
<array>
<string>/Users/.*</string>
</array>
<key>FileEventExclusionPaths</key>
<array>
<string>/Users/.*/Library/.*</string>
</array>
<key>LogFilePermission</key>
<string>640</string>
<key>LogFileOwnership</key>
<string>root:wheel</string>
<key>AuditEventLogVerboseMessages</key>
<false/>
<key>AuditEventExcludedUsers</key>
<array>
<string>_spotlight</string>
<string>_windowserver</string>
</array>
<key>AuditEventExcludedProcesses</key>
<array>
<string>/usr/bin/log</string>
<string>/usr/sbin/syslogd</string>
</array>
<key>LogRemoteEndpointEnabled</key>
<true/>
<key>LogRemoteEndpointURL</key>
<string>server.company.com:PORT</string>
<key>LogRemoteEndpointType</key>
<string></string>
<key>LogRemoteEndpointKafka</key>
<dict>
<key>TLSServerCertificate</key>
<string></string>
<key>TLSClientPrivateKey</key>
<string></string>
<key>TLSClientCertificate</key>
<string></string>
<key>TopicName</key>
<string>compliancereporter</string>
</dict>
<key>LogRemoteEndpointREST</key>
<dict>
<key>PublicKeyHash</key>
<string>e838SOLK9Yu+brDTxM4s0HatE2UdoEmRSBtNDU=</string>
</dict>
<key>LogRemoteEndpointTLS</key>
<dict>
<key>TLSServerCertificate</key>
<string></string>
</dict>
<key>SyslogFormatEnabled</key>
<false/>
</dict>
</plist>
Splunk HTTPS イベントコレクタの構成プロファイル
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.jamf.compliancereporter</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>AuditEventExcludedProcesses</key>
<array>
<string>/usr/sbin/mDNSResponder</string>
<string>/usr/sbin/syslogd</string>
<string>/Applications/splunk/bin/splunk-optimize</string>
</array>
<key>AuditEventExcludedUsers</key>
<array>
<string>_spotlight</string>
<string>_windowserver</string>
</array>
<key>AuditEventLogVerboseMessages</key>
<false/>
<key>AuditLevel</key>
<integer>1</integer>
<key>FileEventExclusionPaths</key>
<array>
<string>/Applications/splunk.*</string>
</array>
<key>FileEventInclusionPaths</key>
<array>
<string>/usr/lib/pam/.*</string>
<string>/Library/Launch.*</string>
<string>/Library/StartupItems/.*</string>
<string>/Library/Extensions/.*</string>
<string>/Library/Preferences/.*</string>
<string>/Library/PrivilegedHelperTools/.*</string>
<string>/private/etc/.*</string>
</array>
<key>LicenseEmail</key>
<string>example@mycompany.com</string>
<key>LicenseExpirationDate</key>
<string>dd/mm/yyyy</string>
<key>LicenseKey</key>
<string>35c...</string>
<key>LicenseType</key>
<string>Trial</string>
<key>LicenseVersion</key>
<string>1</string>
<key>LogFileMaxNumberBackups</key>
<integer>10</integer>
<key>LogFileMaxSizeMegaBytes</key>
<string>50</string>
<key>LogFileOwnership</key>
<string>root:wheel</string>
<key>LogFilePermission</key>
<string>644</string>
<key>LogRemoteEndpointEnabled</key>
<true/>
<key>LogRemoteEndpointREST</key>
<dict>
<key>PublicKeyHash</key>
<string>7E1DDE57-CEA3-4872-A477-CD2D6B640AFB</string>
</dict>
<key>LogRemoteEndpointType</key>
<string>Splunk</string>
<key>LogRemoteEndpointURL</key>
<string>https://splunk.company.com:8088/services/collector/raw</string>
<key>UnifiedLogPredicates</key>
<array>
<string>(subsystem == "com.apple.AccountPolicy")</string>
</array>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Custom</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
<key>PayloadOrganization</key>
<string>Jamf inc</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Splunk HEC Compliance Reporter Preferences</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
<key>PayloadOrganization</key>
<string>Jamf inc</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Sumo Logic REST HTTP の構成プロファイル
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.jamf.compliancereporter</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>AuditLevel</key>
<integer>1</integer>
<key>AuditEventLogVerboseMessages</key>
<false/>
<key>AuditEventExcludedProcesses</key>
<array>
<string>/Applications/splunk/bin/splunk</string>
<string>/Applications/splunk/bin/splunkd</string>
<string>/Applications/splunk/bin/splunk-optimize</string>
<string>/usr/sbin/mDNSResponder</string>
</array>
<key>FileEventExclusionPaths</key>
<array>
<string>/private/etc/cups/.*</string>
</array>
<key>FileEventInclusionPaths</key>
<array>
<string>/usr/lib/pam/.*</string>
<string>/Library/LaunchDaemons/.*</string>
<string>/Library/LaunchAgents/.*</string>
<string>/Library/StartupItems/.*</string>
<string>/Library/Extensions/.*</string>
<string>/private/etc/.*</string>
<string>/private/var/.*</string>
</array>
<key>UnifiedLogPredicates</key>
<array>
<string></string>
</array>
<!-- Remote endpoint logging master switch -->
<key>LogRemoteEndpointEnabled</key>
<true/>
<key>LogRemoteEndpointURL</key>
<string>https://endpoint4.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV2OEAFVGi2WoEGbB048Hi63VjN_DJVhV...</string>
<key>LogRemoteEndpointType</key>
<string>REST</string>
<key>LogRemoteEndpointREST</key>
<dict>
<key>PublicKeyHash</key>
<string></string>
</dict>
<key>LicenseEmail</key>
<string>example@mycompany.com</string>
<key>LicenseExpirationDate</key>
<string>mm/dd/yyyy</string>
<key>LicenseKey</key>
<string>6466...</string>
<key>LicenseType</key>
<string>Trial</string>
<key>LicenseVersion</key>
<string>1</string>
<key>LogFileMaxNumberBackups</key>
<integer>10</integer>
<key>LogFileMaxSizeMegaBytes</key>
<string>100</string>
<key>LogFileOwnership</key>
<string>root:wheel</string>
<key>LogFilePermission</key>
<string>644</string>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Custom</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
<key>PayloadOrganization</key>
<string>Jamf inc</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>Example Compliance Reporter Preferences</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
<key>PayloadOrganization</key>
<string>Jamf inc</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Privacy Preferences Policy Control (プライバシー環境設定ポリシーコントロール) の構成プロファイル
Compliance Reporter は、ファイル監視の大部分において、構成されたプライバシー環境設定ポリシーコントロール payload を必要としませんが、Host Intrusion Detection (HID) には必要とします。
詳しくは、Compliance Reporter ドキュメント の Host Intrusion Detection をご参照ください。
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>JamfComplianceReporter-PPPC</string>
<key>PayloadDisplayName</key>
<string>JamfComplianceReporter-PPPC</string>
<key>PayloadIdentifier</key>
<string>com.jamf.compliance-reporter.pppc</string>
<key>PayloadOrganization</key>
<string>Jamf Compliance Reporter</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>3b7f1c8e-a301-4784-bb79-1fa85d02899f</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.jamf.reporter" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.jamf.reporter</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
<key>SystemPolicySysAdminFiles</key>
<array>
<dict>
<key>Allowed</key>
<true/>
<key>CodeRequirement</key>
<string>anchor apple generic and identifier "com.jamf.reporter" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "483DWKW443")</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.jamf.reporter</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>JamfComplianceReporter-PPPC</string>
<key>PayloadDisplayName</key>
<string>JamfComplianceReporter-PPPC</string>
<key>PayloadIdentifier</key>
<string>com.jamf.compliance-reporter.pppc</string>
<key>PayloadOrganization</key>
<string>Jamf Compliance Reporter</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>3b7f1c8e-a301-4784-bb79-1fa85d02899f</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>