LaunchD

<code><code><?xml version=”1.0″ encoding=”UTF-8″?><!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”><plist version=”1.0″><dict> <key>GroupName</key> <string>wheel</string> <key>InitGroups</key> <true/> <key>Label</key> <string>com.edms.rsync.job</string> <key>ProgramArguments</key> <array> <string>/Library/Scripts/eDMS/edmsrsyncclient.sh</string> </array> <key>StartCalendarInterval</key> <dict> <key>Hour</key> <integer>16</integer> <key>Minute</key> <integer>45</integer> </dict> <key>UserName</key> <string>root</string></dict></plist></code>

great application: http://www.soma-zone.com/LaunchControl/

Unified Logging in macOS

With the introduction of “Unified Logging” in macOS 10.12 Sierra, one can use the log command to view system log messages in a terminal. For example

sudo log stream

or

sudo log stream –process `pgrep -f /usr/local/bin/myprogram` –info –debug

or

log show –predicate ‘process == “myprogram”‘ –last 1h –info –debug

——–++++++
sudo log stream –info –predicate ‘ eventMessage contains “password”‘ –last 15m > /Users/promin/Desktop/loggs/

——— This will pull incorrect password attempts ———-
sudo log show –info –predicate ‘ eventMessage contains “incorrect password attempt”‘ –last 15m > /Users/promin/Desktop/loggs/lol.txt

log show –info –predicate ‘ eventMessage contains “login”‘ –last 3d > /Users/promin/Desktop/loggs

log show –info –predicate ‘ eventMessage contains “sudo”‘ –last 3d > /Users/promin/Desktop/loggs

———— LINKS

https://www.dssw.co.uk/blog/2017-03-02-view-power-manager-unified-logs-on-macos/

unlocking user’s screen saver as admin

https://apple.stackexchange.com/questions/258055/10-12-sierra-unlock-screensaver-by-admin-via-security-authorizationdb

 

I admin a bunch of Macs, and depend on unlocking user’s screen saver as admin. I’ve always done this editing /etc/pam.d/screensaver

This no longer works. I need to do it via security authorizationdb.

I can do it with this command:

security authorizationdb write system.login.screensaver "authenticate-session-owner-or-admin"


https://discussions.apple.com/thread/7086700?start=0&tstart=0