Jamf Connect Monitor v2.4.0

Jamf Connect Monitor v2.4.0

🚀 Major Release: Webhook Platforms, Elevation Tracking & Enhanced Monitoring

✨ Highlights

• Webhook Platform Selection - Native Slack and Microsoft Teams message formatting
• Legitimate Elevation Tracking - Complete audit trail of Jamf Connect elevations
• MonitorJamfConnectOnly - Event-driven monitoring for resource optimization
• Enhanced Forensics - Comprehensive investigation guide and evidence preservation
• SMTP Improvements - Fixed authentication and From Address configuration

📦 Download

• Package: JamfConnectMonitor-2.4.0.pkg (36K)
• Checksum: See JamfConnectMonitor-2.4.0.pkg.sha256
• Schema: jamf_connect_monitor_schema.json for Configuration Profile

🎯 New Features

Webhook Platform Selection

• Configure WebhookType as "slack" or "teams" in Configuration Profile
• Automatic platform detection based on webhook URL
• Platform-specific formatting for optimal display
• Professional templates for each platform

Legitimate Elevation Tracking

• Separate audit log for all Jamf Connect elevations
• Track who elevated, when, why, and for how long
• New elevation-report command for compliance reporting
• Statistics: total, daily, per-user, and per-reason counts
• Real-time tracking of currently elevated users

MonitorJamfConnectOnly Setting

• Only check for violations after Jamf Connect elevation detected
• Reduces unnecessary monitoring cycles
• Optimizes CPU and log usage
• Default: true (event-driven mode)

Enhanced Forensics Support

• New forensics investigation guide
• Preserves accounts for security investigation
• Complete command reference for user activity analysis
• Best practices for evidence preservation

🔧 Improvements

• Fixed SMTP From Address extraction from Configuration Profile
• Enhanced SMTP authentication parsing
• Auto-configuration for all SMTP providers
• Better error handling throughout
• Complete code and documentation synchronization

🐛 Bug Fixes

• Fixed Configuration Profile boolean parsing
• Fixed version auto-detection in Extension Attribute
• Fixed SMTP credential extraction
• Added macOS UI cache issue documentation and workarounds

📋 Installation

# Install package
sudo installer -pkg JamfConnectMonitor-2.4.0.pkg -target /

# Verify installation
sudo /usr/local/bin/jamf_connect_monitor.sh status

# Test elevation tracking
sudo /usr/local/bin/jamf_connect_monitor.sh elevation-report

⚙️ Configuration

Key settings in Configuration Profile:

{
  "WebhookType": "teams",              // or "slack"
  "MonitorJamfConnectOnly": true,      // event-driven mode
  "RemoveAdminPrivileges": true,       // removes admin only, preserves account
  "SMTPFromAddress": "required@email"  // now required for email
}

📊 Upgrade Notes

• Seamless upgrade from any v2.x version
• Configuration preserved during upgrade
• Extension Attribute script must be updated in Jamf Pro
• Daemon automatically restarted

🧪 Tested With

• macOS 12.x, 13.x, 14.x, 15.x
• Jamf Connect 2.x
• Jamf Pro 10.x, 11.x
• Slack and Microsoft Teams
• Multiple SMTP providers

📚 Documentation

• Installation Guide
• Configuration Guide - NEW comprehensive settings reference
• Forensics Guide - NEW investigation procedures
• Troubleshooting - Updated with UI cache fixes
• CLI Reference - Enhanced daemon monitoring

🙏 Thank You

Thanks to all users who provided feedback and testing for this release!

---

Created with ❤️ by MacJediWizard

For support: https://github.com/MacJediWizard/Jamf-Connect-Monitor/issues

Jamf Connect Monitor v2.0.1 - Production Ready Release

🔧 Production-Ready Release: All Critical Fixes Verified

This release addresses critical production issues identified during enterprise deployment, with all fixes verified working in enterprise environments.

🚨 Critical Production Fixes

✅ ACL Clearing for Script Execution

• Fixed: Extension Attribute script execution failures due to macOS Extended Attributes
• Solution: Automatic xattr -c clearing in postinstall script
• Result: Eliminates "Permission denied" errors during Extension Attribute execution

✅ Configuration Profile Integration

• Fixed: Company names showing "Your Company" fallback instead of actual configured names
• Solution: Standardized Configuration Profile reading methods across all components
• Result: Displays actual configured company names in all Extension Attribute data

✅ Auto-Version Detection

• Fixed: Manual version management requiring updates for each release
• Solution: Future-proof auto-detection system reading from main script VERSION variable
• Result: Works automatically with v2.0.2, v2.1.0, v3.0.0+ without updates

🛠️ New Production Tools

tools/verify_monitoring.sh

Comprehensive verification script for enterprise deployment validation:

• Tests all critical components and permissions
• Validates ACL clearing and Configuration Profile integration
• Provides detailed diagnostic output for troubleshooting
• Usage: sudo ./tools/verify_monitoring.sh

Enhanced Uninstall Script

Complete system removal with enterprise features:

• Comprehensive component removal with configuration backup
• Log archiving with timestamped directories
• Silent operation: sudo ./uninstall_script.sh --force
• Verification mode: sudo ./uninstall_script.sh verify

🚀 Enterprise Features

• Configuration Profile Management - Centralized webhook/email settings via Jamf Pro
• Real-time Monitoring - Immediate violation detection capabilities
• Enhanced Notifications - Professional templates with company branding
• Smart Group Automation - Future-proof criteria for all v2.x+ versions
• Zero Maintenance - Auto-version detection requires no manual updates

📦 What's Included

• JamfConnectMonitor-2.0.1.pkg - Main installation package with all production fixes
• jamf_connect_monitor_schema.json - Configuration Profile schema for Jamf Pro
• SHA256 Checksum - Package integrity verification
• Enterprise Deployment Guide - Complete Jamf Pro setup instructions

🔧 Installation & Upgrade

New Installation

1. Download JamfConnectMonitor-2.0.1.pkg
2. Upload to Jamf Pro and deploy via policy
3. Deploy Configuration Profile using included JSON Schema
4. CRITICAL: Update Extension Attribute script in Jamf Pro for v2.0.1 features
5. Create Smart Groups with flexible criteria: Extension Attribute like "Version: 2."
6. Verify with: sudo ./tools/verify_monitoring.sh

Upgrade from v2.0.0

1. Upload v2.0.1 package - seamless upgrade with automatic fixes
2. CRITICAL: Update Extension Attribute script in Jamf Pro (enables proper version display)
3. Deploy to existing systems - automatic ACL clearing and enhanced parsing
4. Verify fixes applied: sudo ./tools/verify_monitoring.sh

Upgrade from v1.x

• Automatic migration preserving all configurations
• Enhanced functionality without breaking changes
• Deploy Configuration Profile to enable centralized management

📋 Post-Installation Verification

Run the verification script to confirm all components working:

sudo ./tools/verify_monitoring.sh

Expected output includes:

• ✅ Main script installed: Version 2.0.1
• ✅ Permissions correct: -rwxr-xr-x (no @ symbols)
• ✅ Extension Attribute runs successfully
• ✅ Company name: [Your Actual Company Name] (from Configuration Profile)

🎯 Enterprise Deployment

• Jamf Pro Integration - Enhanced Extension Attribute with auto-version detection
• Smart Group Compatibility - Flexible criteria work with all future v2.x versions
• Configuration Profiles - Centralized management via Jamf Pro Application & Custom Settings
• Production Verification - Built-in tools for deployment confidence

📖 Documentation

Complete guides available in the [docs/](https://github.com/MacJediWizard/jamf-connect-monitor/tree/main/docs) directory:

• [Installation Guide](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/installation-guide.md)
• [Jamf Pro Deployment Guide](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/jamf-pro-deployment.md)
• [Configuration Profile Guide](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/configuration-profiles.md)
• [Troubleshooting Guide](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/troubleshooting.md)

🆘 Support

• Issues: [GitHub Issues](https://github.com/MacJediWizard/jamf-connect-monitor/issues)
• Discussions: [GitHub Discussions](https://github.com/MacJediWizard/jamf-connect-monitor/discussions)
• Production Support: Use tools/verify_monitoring.sh for immediate diagnostics

Jamf Connect Monitor v2.0.0

🚀 Jamf Connect Monitor v2.0.0 - FINAL RELEASE

Configuration Profile Management & Real-time Monitoring

✅ FIXED: Package creation now works correctly (resolves issue from previous v2.0.0)
✅ Resolved: Extension Attribute and Uninstall scripts now have correct executable permissions after installation

🆕 Major Features

• Configuration Profile Support - Centralized webhook/email management via Jamf Pro
• Real-time Monitoring - Immediate violation detection capabilities
• Enhanced Notifications - Professional security report templates
• JSON Schema Integration - Easy Application & Custom Settings deployment
• Advanced Jamf Pro Integration - Enhanced Extension Attributes and Smart Groups

📦 Release Assets

• JamfConnectMonitor-2.0.0.pkg (28K) - Ready for Jamf Pro deployment
• jamf_connect_monitor_schema.json - Configuration Profile JSON Schema
• JamfConnectMonitor-2.0.0.pkg.sha256 - Package integrity verification

🚀 Ready for Production Deployment

Complete documentation available in docs/ directory.

Enterprise-grade security monitoring with Configuration Profile management!

Jamf Connect Monitor v1.0.2

Jamf Connect Monitor v1.0.2

🐛 Critical Bug Fixes Release

This release addresses several critical issues discovered during production testing, ensuring seamless deployment and operation across all environments.

🔧 What's Fixed

LaunchDaemon Integration

• Fixed: LaunchDaemon filename mismatch causing installation failures
• Changed: com.company.jamfconnectmonitor.plist → com.macjediwizard.jamfconnectmonitor.plist
• Impact: Eliminates PKInstaller error code 112 during package installation

Extension Attribute Reliability

• Fixed: EA script permissions (now executable by default)
• Fixed: Jamf Connect elevation detection for nested configuration values
• Fixed: Daemon status detection using correct identifier
• Fixed: Boolean comparison logic for elevation status
• Impact: Extension Attribute works immediately without manual intervention

Production Environment Compatibility

• Enhanced: Real-world Jamf Connect configuration detection
• Tested: Full compatibility with Okta integration and admin elevation
• Verified: Works with TemporaryUserPermissions nested configurations

✅ Testing Verification

Comprehensive testing completed on:

• ✅ Package installation and deployment
• ✅ LaunchDaemon automatic execution
• ✅ Extension Attribute functionality
• ✅ Real Jamf Connect elevation scenarios
• ✅ CLI command interface
• ✅ Automated violation detection
• ✅ Complete uninstall process

📦 Installation

Manual Installation

curl -LO https://github.com/MacJediWizard/jamf-connect-monitor/releases/download/v1.0.2/JamfConnectMonitor-1.0.2.pkg
sudo installer -pkg JamfConnectMonitor-1.0.2.pkg -target /

Jamf Pro Deployment

1. Upload JamfConnectMonitor-1.0.2.pkg to Jamf Pro
2. Create Extension Attribute using provided script
3. Deploy via policy (see deployment instructions)

🎯 Key Features

• Real-time Monitoring: Continuous Jamf Connect elevation event detection
• Automated Remediation: Instant removal of unauthorized admin accounts
• Jamf Pro Integration: Complete Extension Attribute and Smart Group support
• Comprehensive Logging: Detailed audit trails for compliance
• Zero Touch Deployment: Silent installation with automatic configuration

📋 Package Contents

• Main Package: JamfConnectMonitor-1.0.2.pkg (20KB)
• Verification: JamfConnectMonitor-1.0.2.pkg.sha256
• Deployment Guide: Jamf_Pro_Deployment_Instructions.txt
• Uninstaller: uninstall_script.sh

🔍 System Requirements

• macOS 10.14 (Mojave) or later
• Jamf Connect 2.33.0+ with privilege elevation enabled
• Jamf Pro 10.27+ (recommended for full integration)

📖 Documentation

• [Installation Guide](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/installation-guide.md)
• [Jamf Pro Deployment](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/jamf-pro-deployment.md)
• [CLI Reference](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/cli-reference.md)
• [Troubleshooting Guide](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/troubleshooting.md)

🚨 Upgrade Notice

v1.0.1 users should upgrade immediately - this release fixes critical installation issues that prevent proper deployment.

💬 Support

• Issues: [GitHub Issues](https://github.com/MacJediWizard/jamf-connect-monitor/issues)
• Documentation: [Complete guides](https://github.com/MacJediWizard/jamf-connect-monitor/tree/main/docs)

---

Created with ❤️ for the macOS Administrator Community

Jamf Connect Monitor v1.0.1 - Documentation & Package Fixes

GitHub Release v1.0.1 - Complete Information

🏷️ RELEASE CONFIGURATION

Tag version: v1.0.1
Release title: Jamf Connect Monitor v1.0.1 - Documentation & Package Fixes
Target: main branch
Release type: ✅ Latest release (not pre-release)

📝 RELEASE DESCRIPTION

# 🚀 Jamf Connect Monitor v1.0.1 - Documentation & Package Fixes

**A comprehensive monitoring and automated remediation system for Jamf Connect privilege elevation events with enhanced documentation and improved package creation.**

## ✨ **What's New in v1.0.1**

### 📚 **Major Documentation Improvements**
- **NEW: CLI Reference Guide** - Complete command-line interface documentation
- **NEW: Installation Guide** - Comprehensive installation instructions for all deployment methods
- **NEW: Jamf Pro Deployment Guide** - Detailed Jamf Pro integration and deployment procedures
- **Enhanced README** with corrected documentation links and improved structure
- **Complete documentation suite** with consistent MacJediWizard branding

### 🔧 **Bug Fixes & Improvements**
- **Fixed package creation script** path resolution for Extension Attribute inclusion
- **Improved package reliability** with better error handling and component verification
- **Enhanced file structure** with proper build artifact exclusion
- **Corrected terminology** (renamed "API Reference" to "CLI Reference" for accuracy)

### 🎯 **Package Improvements**
- **Verified 20KB package** with all components properly included
- **Enhanced package creation** with robust path fallback logic
- **Improved build process** with better component verification
- **Updated package version** to 1.0.1 with proper versioning

## 📦 **Installation Methods**

### **Option 1: Jamf Pro Deployment (Recommended)**
1. Download `JamfConnectMonitor-1.0.1.pkg`
2. Upload to Jamf Pro
3. Create Extension Attribute using provided script
4. Deploy via policy with optional configuration parameters

### **Option 2: Manual Installation**
```bash
# Download and install
curl -LO https://github.com/MacJediWizard/jamf-connect-monitor/releases/download/v1.0.1/JamfConnectMonitor-1.0.1.pkg
sudo installer -pkg JamfConnectMonitor-1.0.1.pkg -target /

# Verify installation
sudo jamf_connect_monitor.sh status

Option 3: One-Click Deployment

# Download deployment script
curl -LO https://github.com/MacJediWizard/jamf-connect-monitor/releases/download/v1.0.1/deployment_script.sh
sudo chmod +x deployment_script.sh
sudo ./deployment_script.sh interactive

📋 System Requirements

• macOS: 10.14 (Mojave) or later
• Jamf Connect: 2.33.0 or later with privilege elevation enabled
• Jamf Pro: 10.27 or later (recommended for full integration)
• Admin Access: Required for installation

🔧 Configuration Options

Jamf Pro Policy Parameters

• Parameter 4: Slack/Teams webhook URL for notifications
• Parameter 5: Email recipient for violation alerts
• Parameter 6: Monitoring interval in seconds (default: 300)
• Parameter 7: Company name for branding customization

Command Line Management

# Check current status
sudo jamf_connect_monitor.sh status

# Manage approved administrators
sudo jamf_connect_monitor.sh add-admin username
sudo jamf_connect_monitor.sh remove-admin username

# Force immediate violation check
sudo jamf_connect_monitor.sh force-check

📊 What Gets Monitored

• ✅ Jamf Connect Elevation Events - Real-time detection of privilege elevations
• ✅ Admin Group Changes - Monitors additions to local admin group
• ✅ Unauthorized Users - Detects users not on approved whitelist
• ✅ System Integrity - Ensures monitoring service health and configuration

🚨 Violation Response Workflow

When unauthorized admin accounts are detected:

1. 🔍 Detection - Real-time identification using macOS unified logging
2. 📝 Logging - Detailed violation report with timestamps and system context
3. 📢 Notification - Immediate alerts via configured channels (Slack/Email)
4. 🔒 Remediation - Automatic removal of unauthorized admin privileges
5. 📊 Reporting - Updates Jamf Pro Extension Attribute for visibility

🗑️ Complete Uninstallation

Download standalone uninstaller:

curl -LO https://github.com/MacJediWizard/jamf-connect-monitor/releases/download/v1.0.1/uninstall_script.sh
sudo chmod +x uninstall_script.sh

# Interactive uninstall with confirmation
sudo ./uninstall_script.sh

# Silent uninstall for automation
sudo ./uninstall_script.sh --force

# Use included uninstaller (after installation)
sudo /usr/local/share/jamf_connect_monitor/uninstall_script.sh

Features:

• Complete component removal with verification
• Log archival and preservation for audit compliance
• Configuration backup before removal
• Jamf Pro inventory integration

📚 Documentation

Complete Documentation Suite:

• [CLI Reference](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/cli-reference.md) - Command-line interface and operations
• [Installation Guide](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/installation-guide.md) - Complete installation procedures
• [Jamf Pro Deployment](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/jamf-pro-deployment.md) - Enterprise deployment guide
• [Configuration Options](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/configuration.md) - System configuration reference
• [Troubleshooting Guide](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/troubleshooting.md) - Problem resolution procedures
• [Uninstall Guide](https://github.com/MacJediWizard/jamf-connect-monitor/blob/main/docs/uninstall-guide.md) - Complete removal procedures

🔐 Security Features

• 🛡️ Real-time Protection - Continuous monitoring with immediate response
• 📋 Complete Audit Trail - Comprehensive logging for compliance requirements
• 🔐 Secure Configuration - Protected settings with proper file permissions
• ✅ Tamper Resistance - Root-only operation with validation checks
• 🎯 Precision Targeting - Configurable whitelist prevents false positives

⚡ Quick Start

1. Deploy - Upload package to Jamf Pro and create deployment policy
2. Configure - Set webhook/email parameters for notifications (optional)
3. Monitor - Check Extension Attribute "Admin Account Violations" for status
4. Respond - Create Smart Groups for automated violation response
5. Maintain - Review logs and update approved admin lists as staff changes

📈 Performance

• Resource Usage - Minimal system impact (<1% CPU, ~10MB RAM)
• Scalability - Tested with enterprise fleets of 500+ devices
• Reliability - Zero-downtime operation with automatic error recovery
• Efficiency - Optimized monitoring intervals prevent system overload

🆕 Changes from v1.0.0

Added

• Complete CLI reference documentation
• Detailed installation guide for all deployment methods
• Comprehensive Jamf Pro deployment procedures
• Enhanced package creation with improved reliability
• Better error handling and component verification

Fixed

• Package creation script path resolution for Extension Attribute
• README documentation links now point to correct files
• Inconsistent terminology (API → CLI reference)
• Missing MacJediWizard branding in documentation

Improved

• Build process reliability and component inclusion
• Documentation structure and organization
• File structure with proper artifact exclusion
• Professional presentation and consistency

🛠️ For Developers

Contributing

• Fork the repository and create feature branches
• Follow the established code style and documentation standards
• Add tests for new functionality
• Submit pull requests with clear descriptions

Building from Source

git clone https://github.com/MacJediWizard/jamf-connect-monitor.git
cd jamf-connect-monitor/scripts
sudo ./package_creation_script.sh build

🙏 Acknowledgments

• Jamf Community for Extension Attribute patterns and deployment best practices
• Apple System Administrators for unified logging insights and security guidance
• Open Source Contributors for testing, feedback, and improvement suggestions during development

---

🏷️ Version: 1.0.1
📅 Release Date: July 11, 2025
👨‍💻 Author: MacJediWizard
📄 License: MIT License

Made with ❤️ for the macOS Administrator community

## 📁 **RELEASE ASSETS TO UPLOAD**

### **Required Files:**
1. **`JamfConnectMonitor-1.0.1.pkg`** (20KB)
   - Source: `scripts/output/JamfConnectMonitor-1.0.1.pkg`
   - Description: "Main installation package with complete monitoring system"

2. **`JamfConnectMonitor-1.0.1.pkg.sha256`**
   - Source: `scripts/output/JamfConnectMonitor-1.0.1.pkg.sha256`
   - Description: "Package verification checksum"

3. **`Jamf_Pro_Deployment_Instructions.txt`**
   - Source: `scripts/output/Jamf_Pro_Deployment_Instructions.txt`
   - Description: "Complete Jamf Pro setup and deployment guide"

4. **`uninstall_script.sh`**
...