gitea_admin/Alte_Skripte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Aktuelle Sammlung

Browse Source
This commit is contained in:
Andreas Vogel
2026-02-16 15:05:15 +01:00
commit ccc473650e
583 changed files with 103019 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.DS_Store
Vendored
BIN
View File
Binary file not shown.
2.0.sh
+53
View File
@@ -0,0 +1,53 @@
#!/bin/bash
##########################################################################
# Script : Change FW-PW
# Autor : Andreas Vogel
# Copyright : macenterprise gmbh, 2021
##########################################################################
unset setpassword_fv
unset rotatepassword_fv
############################################# Variablen #########################################################################
Status=$(fdesetup status | cut -d ' ' -f 3)
echo $Status
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
APASS=$(osascript -e 'text returned of (display dialog "Enter the login password" with hidden answer default answer "" buttons {"OK"} default button 1)')
############################################# Funktion #########################################################################
setpassword_fv () {
expect <<EOF
spawn fdesetup enable
expect "Enter the user name:"
send "$user\r"
expect "Enter the password for user '$user':"
send "$APASS\r"
expect EOF
EOF
}
rotatepassword_fv () {
expect <<EOF
spawn fdesetup changerecovery -personal
expect "Enter the user name:"
send "$user\r"
expect "Enter the password for user '$user':"
send "$APASS\r"
expect EOF
EOF
}
############################################# Ausführung #############################################################################
if [ $Status == "Off." ]
then
echo "FileVault is disabled and will now be enabled"
setpassword_fv
jamf recon
else
echo "FileVault is active. The key is changed"
rotatepassword_fv
jamf recon
fi
20191106074424486.pdf
BIN
View File
Binary file not shown.
3.0.sh
+97
View File
@@ -0,0 +1,97 @@
#!/bin/bash
##########################################################################
# Script : Change FW-PW
# Autor : Andreas Vogel
# Copyright : NEXT Enterprise gmbh, 2021
##########################################################################
unset setpassword_fv
unset rotatepassword_fv
unset adduser_fv
############################################# Jamf Hepler Messanger #############################################################
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
jamf="/usr/local/bin/jamf"
ErrorIcon=""
Error="An unexpected error has occurred. The encryption does not work properly. Please contact Mac support."
MessageIcon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/ToolbarCustomizeIcon.icns"
Message="The Filevault setting must be updated. Please enter your current Windows password in the next window."
############################################# Variablen #########################################################################
Status=$(fdesetup status | cut -d ' ' -f 3)
echo $Status
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
adminName="ladmin"
adminPass=""
############################################# Funktion #########################################################################
enable_fv () {
expect <<EOF
spawn fdesetup enable
expect "Enter the user name:"
send "$adminName\r"
expect "Enter the password for user $user:"
send "$adminPass\r"
expect EOF
EOF
}
rotatepassword_fv () {
expect <<EOF
spawn fdesetup changerecovery -personal
expect "Enter the user name:"
send "$adminName\r"
expect "Enter the password for user $user:"
send "$adminPass\r"
expect EOF
EOF
}
adduser_fv () {
expect <<EOF
spawn fdesetup add -usertoadd $user
expect "Enter the primary user name:"
send $adminName\r
expect "Enter the password for the user $adminName:"
send $adminPass\r
expect "Enter the password for the added user $user:"
send $APASS\r
expect
EOF
}
############################################# Ausführung #############################################################################
if [[ $Status == "Off." ]]
then
HELPER=$("$jamfHelper" -windowType utility -icon "$MessageIcon" -title "Error" -description "$Message" -button1 "OK" -defaultButton 1)
echo "Exit Code: FileVault is disabled and will now be enabled."
APASS=$(osascript -e 'text returned of (display dialog "Please enter your current Windows password" with hidden answer default answer "" buttons {"OK"} default button 1)')
if enable_fv
then
sleep 30
if adduser_fv
then
jamf recon
else
printf HELPER=$("$jamfHelper" -windowType utility -icon "$ErrorIcon" -title "Error" -description "$Error" -button1 "OK" -defaultButton 1)
echo "Exit Code: FileVault 2 wurde aktiviert. User konnte nicht hinzugefügt werden."
fi
else
printf HELPER=$("$jamfHelper" -windowType utility -icon "$ErrorIcon" -title "Error" -description "$Error" -button1 "OK" -defaultButton 1)
echo "Exit Code: FileVault 2 konnte nicht aktiviert werden."
fi
else
rotatepassword_fv
jamf recon
echo "FileVault is active. The key is changed"
fi
3_CIS.sh
Executable
+310
View File
@@ -0,0 +1,310 @@
#!/bin/bash
##########################################################################
# Shellscript : Security Remediation
# Autor : Andreas Vogel, NEXT Enterprise gmbh, 2021
##########################################################################
plistlocation="/Library/Application Support/SecurityScoring/org_security_score.plist"
currentUser="$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");')"
currentUserID="$(/usr/bin/id -u $currentUser)"
hardwareUUID="$(/usr/sbin/system_profiler SPHardwareDataType | grep "Hardware UUID" | awk -F ": " '{print $2}' | xargs)"
logFile="/Library/Application Support/SecurityScoring/remediation.log"
echo "$(date -u)" "Beginning remediation" >> "$logFile"
if [[ ! -e $plistlocation ]]; then
echo "No scoring file present"
exit 0
fi
set -x
###################### 2.1.1 Turn off Bluetooth, if no paired devices exist ###############################################################
Audit2_1_1="$(defaults read "$plistlocation" OrgScore2_1_1)"
if [ "$Audit2_1_1" = "1" ]; then
echo "$(date -u)" "Checking 2.1.1" | tee -a "$logFile"
connectable="$( system_profiler SPBluetoothDataType | grep -c "Paired: Yes" )"
if [ "$connectable" -gt 0 ]; then
echo "$(date -u)" "2.1.1 passed" | tee -a "$logFile"
else
defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -bool false
killall -HUP bluetoothd
echo "$(date -u)" "2.1.1 remediated" | tee -a "$logFile"
fi
fi
###################### 2.2.1 Enable "Set time and date automatically" #####################################################################
Audit2_1_3="$(defaults read "$plistlocation" OrgScore2_1_3)"
if [ "$Audit2_1_3" = "1" ]; then
sudo -u "$currentUser" defaults write ~/Library/Preferences/ByHost/com.apple.controlcenter.plist Bluetooth -int 18
# sudo -u "$currentUser" defaults write ~/Library/Preferences/ByHost/com.apple.controlcenter.plist Bluetooth -int 24 # to disable
echo "$(date -u)" "2.1.3 remediated" | tee -a "$logFile"
fi
###################### 2.2.2 Ensure time set is within appropriate limits #################################################################
Audit2_2_2="$(defaults read "$plistlocation" OrgScore2_2_2)"
if [ "$Audit2_2_2" = "1" ]; then
systemsetup -setusingnetworktime off 2>&1
systemsetup -setusingnetworktime on 2>&1
# timeServer="$(systemsetup -getnetworktimeserver | awk '{print $4}')"
# ntpdate -sv "$timeServer"
echo "$(date -u)" "2.2.2 enforced" | tee -a "$logFile"
fi
###################### 2.4.5 Disable Remote Login ##########################################################################################
# 2.4.5 Disable Remote Login
# Requires full disk access
# Verify organizational score
Audit2_4_5="$(defaults read "$plistlocation" OrgScore2_4_5)"
# If organizational score is 1 or true, check status of client
# If client fails, then remediate
if [ "$Audit2_4_5" = "1" ]; then
/usr/sbin/systemsetup -f -setremotelogin off
echo "$(date -u)" "2.4.5 remediated" | tee -a "$logFile"
fi
###################### 2.4.10 Disable Content Caching ######################################################################################
#2.4.10 Disable Content Caching
# Verify organizational score
Audit2_4_10="$(defaults read "$plistlocation" OrgScore2_4_10)"
# If organizational score is 1 or true, check status of client
# If client fails, then remediate
if [ "$Audit2_4_10" = "1" ]; then
/usr/bin/AssetCacheManagerUtil deactivate
echo "$(date -u)" "2.4.10 remediated" | tee -a "$logFile"
fi
###################### 2.5.8 Disable sending diagnostic and usage data to App ##############################################################
# 2.5.8 Disable sending diagnostic and usage data to Apple
# Verify Organizational score
Audit2_5_8="$(defaults read "$plistlocation" OrgScore2_5_8)"
# If organizational score is 1 or true, check status of client
# If client fails, then remediate
if [ "$Audit2_5_8" = "1" ]; then
AppleDiagn=$(defaults read /Library/Application\ Support/CrashReporter/DiagnosticMessagesHistory.plist AutoSubmit)
if [ $AppleDiagn == 1 ]; then
defaults write /Library/Application\ Support/CrashReporter/DiagnosticMessagesHistory.plist AutoSubmit -int 0
echo "$(date -u)" "2.5.8 remediated" | tee -a "$logFile"
fi
fi
###################### 2.12 Disable "Wake for network access" #############################################################################
Audit2_12="$(defaults read "$plistlocation" OrgScore2_12)"
if [ "$Audit2_12" = "1" ]; then
pmset -a womp 0
pmset -a powernap 0
echo "$(date -u)" "2.12 remediated" | tee -a "$logFile"
fi
###################### 3.2 Configure Security Auditing Flags ##############################################################################
Audit3_2="$(defaults read "$plistlocation" OrgScore3_2)"
if [ "$Audit3_2" = "1" ]; then
cp /etc/security/audit_control /etc/security/audit_control_old
sed "s/"flags:lo,aa"/"flags:lo,ad,fd,fm,-all"/g" /etc/security/audit_control_old > /etc/security/audit_control
chmod 644 /etc/security/audit_control
chown root:wheel /etc/security/audit_control
echo "$(date -u)" "3.2 remediated" | tee -a "$logFile"
fi
###################### 3.5 Retain install.log for 365 or more days ########################################################################
Audit3_5="$(defaults read "$plistlocation" OrgScore3_5)"
if [ "$Audit3_5" = "1" ]; then
installRetention="$(grep -i ttl /etc/asl/com.apple.install | awk -F'ttl=' '{print $2}')"
if [[ "$installRetention" = "" ]]; then
mv /etc/asl/com.apple.install /etc/asl/com.apple.install.old
sed '$s/$/ ttl=365/' /etc/asl/com.apple.install.old > /etc/asl/com.apple.install
chmod 644 /etc/asl/com.apple.install
chown root:wheel /etc/asl/com.apple.install
echo "$(date -u)" "3.5 remediated" | tee -a "$logfile"
else
if [[ "$installRetention" -lt "365" ]]; then
mv /etc/asl/com.apple.install /etc/asl/com.apple.install.old
sed "s/"ttl=$installRetention"/"ttl=365"/g" /etc/asl/com.apple.install.old > /etc/asl/com.apple.install
chmod 644 /etc/asl/com.apple.install
chown root:wheel /etc/asl/com.apple.install
echo "$(date -u)" "3.5 remediated" | tee -a "$logfile"
fi
fi
fi
###################### 3.6 Ensure firewall is configured to log ###########################################################################
Audit3_6="$(defaults read "$plistlocation" OrgScore3_6)"
if [ "$Audit3_6" = "1" ]; then
/usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on
echo "$(date -u)" "3.6 remediated" | tee -a "$logFile"
fi
###################### 4.2 Enable "Show Wi-Fi status in menu bar" #########################################################################
Audit4_2="$(defaults read "$plistlocation" OrgScore4_2)"
if [ "$Audit4_2" = "1" ]; then
open "/System/Library/CoreServices/Menu Extras/AirPort.menu"
echo "$(date -u)" "4.2 remediated" | tee -a "$logFile"
fi
###################### 4.4 Ensure http server is not running ##############################################################################
Audit4_4="$(defaults read "$plistlocation" OrgScore4_4)"
if [ "$Audit4_4" = "1" ]; then
apachectl stop
defaults write /System/Library/LaunchDaemons/org.apache.httpd Disabled -bool true
echo "$(date -u)" "4.4 remediated" | tee -a "$logFile"
fi
###################### 4.5 Ensure nfs server is not running ###############################################################################
Audit4_5="$(defaults read "$plistlocation" OrgScore4_5)"
if [ "$Audit4_5" = "1" ]; then
nfsd disable
rm -rf /etc/exports
echo "$(date -u)" "4.5 remediated" | tee -a "$logFile"
fi
###################### 5.1.1 Secure Home Folders ##########################################################################################
Audit5_1_1="$(defaults read "$plistlocation" OrgScore5_1_1)"
if [ "$Audit5_1_1" = "1" ]; then
IFS=$'\n'
for userDirs in $( find /Users -mindepth 1 -maxdepth 1 -type d -perm -1 | grep -v "Shared" | grep -v "Guest" ); do
chmod og-rwx "$userDirs"
done
echo "$(date -u)" "5.1.1 enforced" | tee -a "$logFile"
unset IFS
fi
###################### 5.1.2 Check System Wide Applications for appropriate permissions ###################################################
Audit5_1_2="$(defaults read "$plistlocation" OrgScore5_1_2)"
if [ "$Audit5_1_2" = "1" ]; then
IFS=$'\n'
for apps in $( find /Applications -iname "*\.app" -type d -perm -2 ); do
chmod -R o-w "$apps"
done
echo "$(date -u)" "5.1.2 enforced" | tee -a "$logFile"
unset IFS
fi
###################### 5.1.3 Check System folder for world writable files #################################################################
Audit5_1_3="$(defaults read "$plistlocation" OrgScore5_1_3)"
if [ "$Audit5_1_3" = "1" ]; then
IFS=$'\n'
for sysPermissions in $( find /System -type d -perm -2 | grep -v "Public/Drop Box" ); do
chmod -R o-w "$sysPermissions"
done
echo "$(date -u)" "5.1.3 enforced" | tee -a "$logFile"
unset IFS
fi
###################### 5.1.4 Check Library folder for world writable files ################################################################
Audit5_1_4="$(defaults read "$plistlocation" OrgScore5_1_4)"
if [ "$Audit5_1_4" = "1" ]; then
# Exempts Adobe files by default!
# for libPermissions in $( find /Library -type d -perm -2 -ls | grep -v Caches ); do
IFS=$'\n'
for libPermissions in $( find /Library -type d -perm -2 | grep -v Caches | grep -v Adobe | grep -v VMware); do
chmod -R o-w "$libPermissions"
done
echo "$(date -u)" "5.1.4 enforced" | tee -a "$logFile"
unset IFS
fi
###################### 5.3 Reduce the sudo timeout period #################################################################################
Audit5_3="$(defaults read "$plistlocation" OrgScore5_3)"
if [ "$Audit5_3" = "1" ]; then
echo "Defaults timestamp_timeout=0" >> /etc/sudoers
echo "$(date -u)" "5.3 remediated" | tee -a "$logFile"
fi
###################### 5.4 Use a separate timestamp for each user/tty combo ###############################################################
Audit5_4="$(defaults read "$plistlocation" OrgScore5_4)"
if [ "$Audit5_4" = "1" ]; then
sed -i ".old" '/Default !tty_tickets/d' /etc/sudoers
chmod 644 /etc/sudoers
chown root:wheel /etc/sudoers
echo "$(date -u)" "5.4 remediated" | tee -a "$logFile"
fi
###################### 5.6 Ensure login keychain is locked when the computer sleeps #######################################################
# If both 5.5 and 5.6 need to be set, both commands must be run at the same time
Audit5_5="$(defaults read "$plistlocation" OrgScore5_5)"
Audit5_6="$(defaults read "$plistlocation" OrgScore5_6)"
# If organizational score is 1 or true, check status of client
# If client fails, then remediate
if [ "$Audit5_5" = "1" ] && [ "$Audit5_6" = 1 ]; then
echo "$(date -u)" "Checking 5.5 and 5.6" | tee -a "$logFile"
security set-keychain-settings -l -u -t 21600s /Users/"$currentUser"/Library/Keychains/login.keychain
echo "$(date -u)" "5.5 and 5.6 remediated" | tee -a "$logFile"
elif [ "$Audit5_5" = "1" ] && [ "$Audit5_6" = 0 ]; then
echo "$(date -u)" "Checking 5.5" | tee -a "$logFile"
security set-keychain-settings -u -t 21600s /Users/"$currentUser"/Library/Keychains/login.keychain
echo "$(date -u)" "5.5 remediated" | tee -a "$logFile"
elif [ "$Audit5_5" = "0" ] && [ "$Audit5_6" = 1 ]; then
echo "$(date -u)" "Checking 5.6" | tee -a "$logFile"
security set-keychain-settings -l /Users/"$currentUser"/Library/Keychains/login.keychain
echo "$(date -u)" "5.6 remediated" | tee -a "$logFile"
fi
###################### 5.7 Do not enable the "root" account ###############################################################################
Audit5_7="$(defaults read "$plistlocation" OrgScore5_7)"
if [ "$Audit5_7" = "1" ]; then
dscl . -create /Users/root UserShell /usr/bin/false
echo "$(date -u)" "5.7 remediated" | tee -a "$logFile"
fi
###################### 5.10 Ensure system is set to hibernate #############################################################################
Audit5_10="$(defaults read "$plistlocation" OrgScore5_10)"
if [ "$Audit5_10" = "1" ]; then
pmset -a standbydelayhigh 600
pmset -a standbydelaylow 600
pmset -a highstandbythreshold 90
pmset -a destroyfvkeyonstandby 1
echo "$(date -u)" "5.10 remediated" | tee -a "$logFile"
fi
###################### 5.11 Require an administrator password to access system-wide preferences ###########################################
Audit5_11="$(defaults read "$plistlocation" OrgScore5_11)"
if [ "$Audit5_11" = "1" ]; then
security authorizationdb read system.preferences > /tmp/system.preferences.plist
/usr/libexec/PlistBuddy -c "Set :shared false" /tmp/system.preferences.plist
security authorizationdb write system.preferences < /tmp/system.preferences.plist
echo "$(date -u)" "5.11 remediated" | tee -a "$logFile"
fi
###################### 5.12 Disable ability to login to another user's active and locked session ##########################################
Audit5_12="$(defaults read "$plistlocation" OrgScore5_12)"
if [ "$Audit5_12" = "1" ]; then
/usr/bin/security authorizationdb write system.login.screensaver "use-login-window-ui"
echo "$(date -u)" "5.12 remediated" | tee -a "$logFile"
fi
###################### 6.2 Turn on filename extensions ####################################################################################
Audit6_2="$(defaults read "$plistlocation" OrgScore6_2)"
if [ "$Audit6_2" = "1" ]; then
sudo -u "$currentUser" defaults write NSGlobalDomain AppleShowAllExtensions -bool true
pkill -u "$currentUser" Finder
echo "$(date -u)" "6.2 remediated" | tee -a "$logFile"
# defaults write /Users/"$currentUser"/Library/Preferences/.GlobalPreferences.plist AppleShowAllExtensions -bool true
fi
echo "$(date -u)" "Remediation complete" | tee -a "$logFile"
echo "continue"
exit 0
ADE_Status.sh
Executable
+193
View File
@@ -0,0 +1,193 @@
#!/bin/bash
#########################################################################################
# Shellscript : DEP Application Status
# Autor : Andreas Vogel, NEXT Enterprise GmbH
#########################################################################################
loggedInUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/{print $3}')
if [[ -z ${loggedInUser} || ${loggedInUser} == "root" ]]; then
echo "$(/bin/date +%Y-%m-%d\ %H:%M:%S) Info: No user logged in."
exit 0
fi
uid=$(id -u "${loggedInUser}")
iconing="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertNoteIcon.icns"
askforbutton2() {
message=${1}
title="DEP Status"
#button1=${3}
button2="OK"
launchctl asuser "${uid}" /usr/bin/osascript <<-EndOfScript
button returned of ¬
(display dialog "${message}" ¬
buttons {"${button2}"} ¬
default button "${button2}" with icon POSIX file "${iconing}" with title "${title}")
EndOfScript
}
# Prüfen, ob alle Apps installiert sind und das Gerät ausgegeben werden kann.
# 1. Computername
# 2. MS Apps installiert
# 3. Firefox
# 4. McAfee
# 5. Cisco AnyConnect
# 6. Cisco Jabber
# 7. Matrix42
# 8. C&A Fonts ????
# 9. HP Printer
# 10. Zscaler
##################################### Check #####################################
Applikationinfo() {
# 1. ComputerName
#ComputerName="BEM0006"
ComputerName=$(scutil --get ComputerName)
ComputerName_Rule=^[A-Z]{3}[0-9]{4}$
if [[ $ComputerName =~ $ComputerName_Rule ]]
then
ComputerName_Status=$(printf '\xE2\x9C\x85 Computer Name is set')
else
ComputerName_Status=$(printf '\xE2\x9D\x8C Computer Name is wrong')
ComputerName_Missing+=("$ComputerName_Status")
fi
# 2. MS Apps installiert
if [[ -d "/Applications/Microsoft Outlook.app" ]] && [[ -d "/Applications/Microsoft Word.app" ]]
then
MS_App_Status=$(printf '\xE2\x9C\x85 MS Apps OK')
else
MS_App_Status=$(printf '\xE2\x9D\x8C MS Apps Missing!')
MissingSoftware+=("$MS_App_Status")
fi
# 3. Firefox
if [[ -d "/Applications/Firefox.app" ]]
then
Firefox_App_Status=$(printf '\xE2\x9C\x85 Firefox OK')
else
Firefox_App_Status=$(printf '\xE2\x9D\x8C Firefox Missing!')
MissingSoftware+=("$Firefox_App_Status")
fi
# 4. McAfee | inc. Status?
# Status launchctl list | grep com.mcafee.menulet
if [[ -d "/Applications/McAfee Endpoint Security for Mac.app" ]]
then
McAfee_Status=$(printf '\xE2\x9C\x85 McAfee OK')
else
McAfee_Status=$(printf '\xE2\x9D\x8C McAfee Missing!')
MissingSoftware+=("$McAfee_Status")
fi
# 5. Cisco AnyConnect
if [[ -d "/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app" ]]
then
Cisco_AnyConnect_Status=$(printf '\xE2\x9C\x85 Cisco AnyConnect OK')
else
Cisco_AnyConnect_Status=$(printf '\xE2\x9D\x8C Cisco AnyConnect Missing!')
MissingSoftware+=("$Cisco_AnyConnect_Status")
fi
# 6. Cisco Jabber
if [[ -d "/Applications/Cisco Jabber.app" ]]
then
Cisco_Jabber_Status=$(printf '\xE2\x9C\x85 Cisco Jabber OK')
else
Cisco_Jabber_Status=$(printf '\xE2\x9D\x8C Cisco Jabber Missing!')
MissingSoftware+=("$Cisco_Jabber_Status")
fi
# 7. Matrix42 ??????????
if [[ -d "/Library/Application Support/matrix42/Inventory/MX42HelperTool.app" ]]
then
Matrix42_Status=$(printf '\xE2\x9C\x85 Matrix42 OK')
else
Matrix42_Status=$(printf '\xE2\x9D\x8C Matrix42 Missing!')
MissingSoftware+=("$Matrix42_Status")
fi
# 8. C&A Fonts
if [[ -f "/Library/Fonts/CA InfoTypeCY-BoldCon.ttf" ]] && [[ -f "/Library/Fonts/CA InfoTypeOPTU-RegularCon.otf" ]]
then
CundA_Fonts_Status=$(printf '\xE2\x9C\x85 C&A Fonts OK')
else
CundA_Fonts_Status=$(printf '\xE2\x9D\x8C C&A Fonts Missing!')
MissingSoftware+=("$CundA_Fonts_Status")
fi
# 9. HP Printer???
# 10. Zscaler
# Status launchctl list | grep zscaler
if [[ -d "/Applications/Zscaler/Zscaler.app" ]]
then
Zscaler_Status=$(printf '\xE2\x9C\x85 Zscaler OK')
else
Zscaler_Status=$(printf '\xE2\x9D\x8C Zscaler Missing!')
MissingSoftware+=("$Zscaler_Status")
fi
if [[ -z "${MissingSoftware[@]}" ]]
then
Software_Missing_Message="Great, all the necessary software has been installed"
else
Software_Missing_Message="Missing software, can be loaded in SelfService"
fi
if [[ -z "${ComputerName_Missing[@]}" ]]
then
Computername_Missing_Message=""
else
Computername_Missing_Message=$(printf '\xE2\x9D\x8C Attention! Device name is not set correctly. This will not distribute a certificate for VPN and Wlan. Please set the device name correctly.')
fi
}
##################################### Print Info to User ########################
while [[ ${exit} != "OK" ]]; do
Applikationinfo
if [[ $(sw_vers -buildVersion) > "19" ]]; then
exit=$(askforbutton2 "\
\n-----------------------------------------------\
\nStatus:\t${ComputerName_Status}\
\nStatus:\t${MS_App_Status}\
\nStatus:\t${Firefox_App_Status}\
\nStatus:\t${McAfee_Status}\
\nStatus:\t${Cisco_AnyConnect_Status}\
\nStatus:\t${Cisco_Jabber_Status}\
\nStatus:\t${Matrix42_Status}\
\nStatus:\t${CundA_Fonts_Status}\
\nStatus:\t${Zscaler_Status}\
\n-----------------------------------------------\
\n${Computername_Missing_Message}\
\n\
\n${Software_Missing_Message}")
else
exit=$(askforbutton2 "\
\n-----------------------------------------------\
\n\t${ComputerName_Status}\
\nStatus:\t${MS_App_Status}\
\nStatus:\t${Firefox_App_Status}\
\nStatus:\t${McAfee_Status}\
\nStatus:\t${Cisco_AnyConnect_Status}\
\nStatus:\t${Cisco_Jabber_Status}\
\nStatus:\t${Matrix42_Status}\
\nStatus:\t${CundA_Fonts_Status}\
\nStatus:\t${Zscaler_Status}\
\n-----------------------------------------------\
\nMissing software, can be loaded in SelfService")
fi
done
################################### end ########################################
exit 0
API_Inventory_Preeload.sh
Executable
+43
View File
@@ -0,0 +1,43 @@
#!/bin/bash
set -x
serialNumber="C02F82CQMD6T"
assetTag="4215812"
deviceType="Computer"
username=""
# Generate a token
tokenResp=$(curl -k -u "USERNAME:PASSWORD" -X POST "https://jssurl.jamfcloud.com/uapi/auth/tokens" -H "accept: application/json")
# parse the token from the response
token=$(echo $tokenResp | awk -F '[:,{"}]' ' {print $6} ')
# pass the token into a cURL command
curl -X POST "https://jssurl.jamfcloud.com/api/v2/inventory-preload/records" -H "accept: application/json" -H "Authorization: Bearer $token" -H "Content-Type: application/json" -d "{\"serialNumber\": \"$serialNumber\",
\"deviceType\": \"$deviceType\",
\"username\": \"$username\",
\"fullName\": \"\",
\"emailAddress\": \"\",
\"phoneNumber\": \"\",
\"position\": \"\",
\"department\": \"\",
\"building\": \"\",
\"room\": \"\",
\"poNumber\": \"\",
\"poDate\": \"\",
\"warrantyExpiration\": \"\",
\"appleCareId\": \"\",
\"lifeExpectancy\": \"\",
\"purchasePrice\": \"\",
\"purchasingContact\": \"\",
\"purchasingAccount\": \"\",
\"leaseExpiration\": \"\",
\"barCode1\": \"\",
\"barCode2\": \"\",
\"assetTag\": \"$assetTag\",
\"vendor\": \"\",
\"extensionAttributes\": [
{
\"name\": \"\",
\"value\": \"\"
}
]
}"
ARD_C&A.sh
Executable
+71
View File
@@ -0,0 +1,71 @@
#!/bin/bash
##########################################################################
# Shellscript : enable ARD
# Autor : Andreas Vogel, NEXT Enterprise GmbH 2022
##########################################################################
######################### Variablen #####################################################
jamfpro_url="${4}"
if [[ $jamfpro_url = "" ]]; then
echo "ERROR URL variable is empty"
exit 1
fi
Credentials="${5}"
if [[ $Credentials = "" ]]; then
echo "ERROR no Credentials"
exit 1
fi
Admim_Account="${6}"
serial=$(ioreg -c IOPlatformExpertDevice -d 2 | awk -F\" '/IOPlatformSerialNumber/{print $(NF-1)}')
authToken=$(/usr/bin/curl "${jamfpro_url}/api/v1/auth/token" --silent --request POST --header "Authorization: Basic ${Credentials}")
if [[ $(/usr/bin/sw_vers -productVersion | awk -F . '{print $1}') -lt 12 ]]
then
api_token=$(/usr/bin/awk -F \" 'NR==2{print $4}' <<< "$authToken" | /usr/bin/xargs)
else
api_token=$(/usr/bin/plutil -extract token raw -o - - <<< "$authToken")
fi
response=$(curl -X GET "$jamfpro_url/JSSResource/computers/serialnumber/$serial" -H "accept: application/xml" -H "Authorization: Bearer ${api_token}")
id=$(echo $response | /usr/bin/awk -F'<id>|</id>' '{print $2}')
######################### Execute #######################################################
######################### API ###########################################################
curl -X POST "$jamfpro_url/JSSResource/computercommands/command/EnableRemoteDesktop/id/${id}" -H "accept: application/xml" -H "Authorization: Bearer ${api_token}"
######################### Script ########################################################
Computername=$(scutil --get ComputerName)
if [[ "$Computername" =~ "T" ]]
then
echo $Computername
echo "Device is a Test Device"
dscl . create /Users/$Admim_Account IsHidden 0
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -users $Admim_Account -access -on -privs -all -clientopts -setmenuextra -menuextra yes
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -users admin -access -on -privs -all
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -allowAccessFor -specifiedUsers -privs -all
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -restart -agent -menu
else
echo $Computername
echo "Device is Prod"
# set path as a variable
ardutil=/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart
# set the options
sudo $ardutil -activate
sudo $ardutil -configure -access -off -allowAccessFor -allUsers -clientopts -setmenuextra -menuextra yes -clientopts -setreqperm -reqperm yes -restart -agent
fi
Admin.sh
+155
View File
@@ -0,0 +1,155 @@
#!/bin/bash
##########################################################################
# Shellscript : User can get admin rights for a limited time
# Autor : Andreas Vogel, macenterprise gmbh, 2020
##########################################################################
#Description
# User kann über den Self Service Admin-Rechte einholen. Dabei ist die Begründung pflicht.
# Die Begründung wird über das Echo im Jamf Log eingetragen und ist danach einsehbar.
# Wird keine Begründung eingetragen, so werden auch keine Admin Rechte erteilt.
# Sofern alles eingetragen ist, wird ein Daemon geschrieben. Dieses Startet exakt nach einer festgelegten Zeit.
# Die Maximale Zeit kann über die Variable 4 gesetzt werden. Ist keine Zeit gesetzt, so wird die Zeit genommen,
# die im Script festgeschrieben ist. Der Daemon startet ein Script, dass die Admin Rechte entfernt und den Daemon beendet.
# User can obtain admin rights via the Self Service. The justification is mandatory. The reason is entered via the echo in
# the Jamf Log and can then be viewed. If no reason is entered, no admin rights are granted.
# If everything is entered, a daemon is written. This starts exactly after a set time.
# The maximum time can be set via variable 4. If no time is set, the time that is set in the script is used.
# The daemon starts a script that removes the admin rights and ends the daemon.
################################### Variablen ###################################
currentUser=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
################################### Function ###################################
ask () {
osascript <<EOF - 2>/dev/null
tell application "SystemUIServer"
activate
text returned of (display dialog "$1" default answer "")
end tell
EOF
}
MessageBox() {
osascript <<EOT
tell app "System Events"
with timeout of 300 seconds
button returned of (display dialog "A justification is imperative.
Please run it again and provide a reason." buttons {"OK"} default button 1 with title "Error")
end timeout
end tell
EOT
}
Substantiation() {
answer=$(ask 'Please enter a reason why you need admin rights.') || exit
echo $answer
}
CreateAdmin() {
/usr/sbin/dseditgroup -o edit -a $currentUser -t user admin
}
################################### Determine time ###################################
MaxTime="${4}"
if [[ -z "$MaxTime" ]]
then
MaxTime="120"
fi
time=$(/bin/date +%s)
delayint=$(echo "$MaxTime")
defercal=$(($(/bin/date +%s) + delayint))
hour=$(/bin/date -j -f "%s" "$defercal" "+%H")
minute=$(/bin/date -j -f "%s" "$defercal" "+%M")
################################### Daemon ###################################
RemoveAdminDaemon()
{
/bin/cat <<EOB > /Library/LaunchDaemons/de.mac.remove.admin.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>de.mac.admintoremove.sh</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/Library/Application Support/JAMF/de.mac.admintoremove.sh</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>$hour</integer>
<key>Minute</key>
<integer>$minute</integer>
</dict>
</dict>
</plist>
EOB
}
################################### Script ###################################
RemoveAdminScript()
{
read -d '' RemoveAdmin<<"EOF"
#!/bin/bash
#####################################################################################
# Shellscript :
# Autor : Andreas Vogel, macenterprise gmbh,
#####################################################################################
currentUser=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
if [[ $(dscl . read /Groups/admin GroupMembership | grep -o ${currentUser}) ]]
then
echo "${currentUser} is an admin"
/usr/sbin/dseditgroup -o edit -d $currentUser -t user admin
launchctl unload /Library/LaunchDaemons/de.mac.remove.admin.plist
rm /Library/LaunchDaemons/de.mac.remove.admin.plist
rm /Library/Application Support/JAMF/de.mac.admintoremove.sh
fi
EOF
}
################################### Start and Load ###################################
StartandLoad()
{
echo "$RemoveAdmin" > /Library/Application\ Support/JAMF/de.mac.admintoremove.sh
# set ownership on LastWarningDaemon launch daemon
/usr/sbin/chown root:wheel /Library/LaunchDaemons/de.mac.remove.admin.plist
/bin/chmod 644 /Library/LaunchDaemons/de.mac.remove.admin.plist
#load launchd
launchctl load /Library/LaunchDaemons/de.mac.remove.admin.plist
#set ownership for Script
/usr/sbin/chown root:admin "/Library/Application Support/JAMF/de.mac.admintoremove.sh"
/bin/chmod 755 "/Library/Application Support/JAMF/de.mac.admintoremove.sh"
}
################################### Ausführung ###################################
Button1=$(osascript -e 'display dialog "Do you really need admin rights?." with title "Do you need admin rights" buttons {"Yes", "No"} default button 2 ')
Selection=$(echo $Button1 | cut -d : -f 2)
if [[ "$Selection" = "Yes" ]]
then
Substantiation
if [[ -z "$answer" ]]
then
MessageBox
else
RemoveAdminDaemon
RemoveAdminScript
StartandLoad
CreateAdmin
fi
else
echo "möchte nicht"
fi
Autoproxy.sh
+55
View File
@@ -0,0 +1,55 @@
#!/bin/bash
####################################################################################################
#
# More information: https://macmule.com/2014/12/07/how-to-change-the-automatic-proxy-configuration-url-in-system-preferences-via-a-script/
#
# GitRepo: https://github.com/macmule/setAutomaticProxyConfigurationURL
#
# License: http://macmule.com/license/
#
####################################################################################################
# HARDCODED VALUES ARE SET HERE
autoProxyURL=""
# CHECK TO SEE IF A VALUE WAS PASSED FOR $4, AND IF SO, ASSIGN IT
if [ "$4" != "" ] && [ "$autoProxyURL" == "" ]; then
autoProxyURL=" "
fi
# Detects all network hardware & creates services for all installed network hardware
/usr/sbin/networksetup -detectnewhardware
IFS=$'\n'
#Loops through the list of network services
for i in $(networksetup -listallnetworkservices | tail +2 );
do
# Get a list of all services
autoProxyURLLocal=`/usr/sbin/networksetup -getautoproxyurl "$i" | head -1 | cut -c 6-`
# Echo's the name of any matching services & the autoproxyURL's set
echo "$i Proxy set to $autoProxyURLLocal"
# If the value returned of $autoProxyURLLocal does not match the value of $autoProxyURL for the interface $i, change it.
if [[ $autoProxyURLLocal != $autoProxyURL ]]; then
/usr/sbin/networksetup -setautoproxyurl $i $autoProxyURL
echo "Set auto proxy for $i to $autoProxyURL"
fi
# Enable auto proxy once set
/usr/sbin/networksetup -setautoproxystate "$i" off
echo "Turned off auto proxy for $i"
# Enable auto proxy discovery once set
/usr/sbin/networksetup -setproxyautodiscovery "$i" off
echo "Turned off auto proxy discovery for $i"
done
unset IFS
# Echo that we're done
echo "Auto proxy disabled for all interfaces"
BASH_Grundlagen/Bash-Skripting-Guide für Anfänger › Shell › Wiki › ubuntuusers.de.pdf
BIN
View File
Binary file not shown.
BASH_Grundlagen/Grundlagen – BASH .pdf
BIN
View File
Binary file not shown.
BASH_Grundlagen/POSIX-file-permissions.pdf
BIN
View File
Binary file not shown.
BASH_Grundlagen/macOS: Die besten Befehle fürs Terminal | Mac & i.pdf
BIN
View File
Binary file not shown.
Brew-Stew Login Hook Script.sh
+61
View File
@@ -0,0 +1,61 @@
#!/bin/bash
# Run this script via Outset or in Self-Service.
# In case you run this script manually, you must use with sudo.
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
# edit this list if needed
bin_exception=(
jamf
jamfAgent
autopkg
santactl
outset
zentral
)
#### Do not change below, unless you know what you're doing ###
# func to join array, start quote strings
function join { local IFS="$1"; shift; echo "$*\""; }
# join array, wrapp quotes, then use sed create final string
exceptions=$(join , ${bin_exception[@]/#/\"}| sed 's/,/\" -and \! \-name /g' )
loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`
# Add staff to developer group
dseditgroup -o edit -a staff -t group _developer
# use _developer group
groupInScope="_developer"
/bin/chmod u+rwx /usr/local/bin
/bin/chmod g+rwx /usr/local/bin
find /usr/local/bin/ -type l -and ! -name $exceptions -exec chown -R $loggedInUser {} \;
find /usr/local/bin/ -type l -and ! -name $exceptions -exec chgrp -R $groupInScope {} \;
/bin/mkdir -p /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var
/bin/chmod g+rwx /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var
/bin/chmod 755 /usr/local/share/zsh /usr/local/share/zsh/site-functions
/usr/sbin/chown -R $loggedInUser /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var
/usr/bin/chgrp -R $groupInScope /usr/local/Cellar /usr/local/Homebrew /usr/local/Frameworks /usr/local/etc /usr/local/include /usr/local/lib /usr/local/opt /usr/local/sbin /usr/local/share /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var
/bin/mkdir -p /Users/$loggedInUser/Library/Caches/Homebrew
/bin/chmod g+rwx /Users/$loggedInUser/Library/Caches/Homebrew
/usr/sbin/chown -R $loggedInUser /Users/$loggedInUser/Library/Caches/Homebrew
/bin/mkdir -p /Library/Caches/Homebrew
/bin/chmod g+rwx /Library/Caches/Homebrew
/usr/sbin/chown $loggedInUser /Library/Caches/Homebrew
if [[ -d /opt ]]; then
/usr/bin/chgrp -R $groupInScope
/usr/sbin/chown $loggedInUser /opt
/bin/chmod g+rwx /opt
fi
Change_Recovery-Key_with_User.sh
Executable
+47
View File
@@ -0,0 +1,47 @@
#!/bin/bash
##########################################################################
# Script : Change FW-PW
# Autor : Andreas Vogel
# Copyright : macenterprise gmbh, 2020
##########################################################################
############################################# Variablen #########################################################################
Status=$(fdesetup status)
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
APASS=$(osascript -e 'text returned of (display dialog "Enter the login password" with hidden answer default answer "" buttons {"OK"} default button 1)')
############################################# Funktion #########################################################################
setpassword_fv () {
expect <<EOF
spawn fdesetup enable
expect "Enter the user name:"
send "$user\r"
expect "Enter the password for user '$user':"
send "$APASS\r"
expect EOF
EOF
}
rotatepassword_fv () {
expect <<EOF
spawn fdesetup changerecovery -personal
expect "Enter the user name:"
send "$user\r"
expect "Enter the password for user '$user':"
send "$APASS\r"
expect EOF
EOF
}
############################################# Ausführung #############################################################################
if [[ $Status == "Off." ]]
then
setpassword_fv
# jamf recon
else
rotatepassword_fv
# jamf recon
fi
Check_Ticket_ohne_Helper.sh
Executable
+55
View File
@@ -0,0 +1,55 @@
#!/bin/bash
##########################################################################
# Shellscript : Prüft, ob das Ticket das eigene ist.
# Autor : Andreas Vogel, macenterprise gmbh, 13.11.2019
##########################################################################
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
TicketIs=$(klist --list-all | grep DIBA.CORP.INT | cut -d ' ' -f 2)
Diba=@DIBA.CORP.INT
name=$user$Diba
#echo $name
#echo $TicketIs
if [[ ! -z "$TicketIs" ]]
then
if [[ $name == $TicketIs ]]
then
exit 0
else
osascript -e 'display dialog "Das angeforderte Ticket scheint nicht dir zu gehören. Bitte fordere dein Eigenes Ticket an." buttons "OK" default button 1'
kdestroy -p $TicketIs
fi
else
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
PASS=$(osascript -e 'text returned of (display dialog "Bitte das Passwort eingeben" default answer "" with hidden answer)') || exit
FILE=$(cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-f0-9' | head -c 8)
PFILE=/Users/$user/.$FILE
touch $PFILE
echo "$PASS" >> $PFILE
if kinit --password-file="$PFILE" $user@DIBA.CORP.INT
then
osascript -e 'display dialog "Das Ticket wurde erfolgreich angefragt." buttons "OK" default button 1'
rm $PFILE
exit 0
else
osascript -e 'display dialog "Fehler! Das Ticket konnte nicht angelegt werden" buttons "OK" default button 1'
rm $PFILE
exit 1
fi
exit 0
fi
Clear_Reinstall.sh
Executable
+202
View File
@@ -0,0 +1,202 @@
#!/bin/bash
##########################################################################
# Script : Reinstall macOS
# Autor : Andreas Vogel
# Copyright : next enterprise gmbh, 2021
##########################################################################
##### ensure computer does not go to sleep while running this script #####
/usr/bin/caffeinate -dimsu -w $pid &
# caffeinate
##########################################################################
################# required for Silicon Macs ##############################
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
if [[ -f "$jamfHelper" ]]; then
# Jamf Helper localizations - erase lockscreen
jamfHelper_erase_title_en="Erasing macOS"
jamfHelper_erase_desc_en="This computer is now being erased and is locked until rebuilt"
jamfHelper_erase_title_de="macOS Wiederherstellen"
jamfHelper_erase_desc_de="Der Computer wird jetzt zurückgesetzt und neu gestartet"
jamfHelper_erase_button_en="Yes"
jamfHelper_erase_button_de="Ja"
jamfHelper_erase_cancel_button_en="Cancel"
jamfHelper_erase_cancel_button_de="Abbrechen"
# Jamf Helper localizations - free space check
jamfHelper_check_desc_en="The macOS upgrade cannot be installed on a computer with less than 30GB disk space."
jamfHelper_check_desc_de="Die Installation von macOS ist auf einem Computer mit weniger als 30GB freien Festplattenspeicher nicht möglich."
# Jamf Helper icon for confirmation dialog
jamfHelper_confirmation_icon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertStopIcon.icns"
# Grab currently logged in user to set the language for Jamf Helper messages
current_user=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}')
language=$(/usr/libexec/PlistBuddy -c 'print AppleLanguages:0' "/Users/${current_user}/Library/Preferences/.GlobalPreferences.plist")
if [[ $language = de* ]]; then
user_language="de"
else
user_language="en"
fi
jamfHelper_erase_title=jamfHelper_erase_title_${user_language}
jamfHelper_erase_desc=jamfHelper_erase_desc_${user_language}
jamfHelper_check_desc=jamfHelper_check_desc_${user_language}
jamfHelper_erase_button=jamfHelper_erase_button_${user_language}
jamfHelper_erase_cancel_button=jamfHelper_erase_cancel_button_${user_language}
fi
kill_process() {
process="$1"
if /usr/bin/pgrep -a "$process" >/dev/null ; then
/usr/bin/pkill -a "$process" && echo " '$process' ended" || \
echo "'$process' could not be killed"
fi
}
################# required for Silicon Macs ##############################
ask_username() {
/usr/bin/osascript <<EOT
set nameentry to text returned of (display dialog "Please enter an account name to start the reinstallation process" default answer "" buttons {"Enter", "Cancel"} default button 1 with icon 2)
EOT
}
user_not_exist() {
/usr/bin/osascript <<EOT
display dialog "User $account_name does not exist!" buttons {"OK"} default button 1 with icon 2
EOT
}
user_has_no_secure_token() {
/usr/bin/osascript <<EOT
display dialog "User $account_name has no Secure Token! Please login as one of the following users and try again: ${enabled_users}" buttons {"OK"} default button 1 with icon 2
EOT
}
ask_for_password() {
/usr/bin/osascript <<EOT
set nameentry to text returned of (display dialog "Please enter the password for the $account_name account" default answer "" with hidden answer buttons {"Enter", "Cancel"} default button 1 with icon 2)
EOT
}
check_password() {
user="$1"
password="$2"
password_matches=$( /usr/bin/dscl /Search -authonly "$user" "$password" )
if [[ -z "${password_matches}" ]]; then
echo "Success: the password entered is the correct login password for $user."
else
echo "ERROR: The password entered is NOT the login password for $user."
/usr/bin/osascript <<EOT
display dialog "ERROR: The password entered is NOT the login password for $user." buttons {"OK"} default button 1 with icon 2
EOT
exit 1
fi
}
user_details() {
if [[ $use_current_user == "yes" ]]; then
account_name="$current_user"
fi
if [[ $account_name == "" ]]; then
if ! account_name=$(ask_username) ; then
echo "Use cancelled."
exit 1
fi
fi
if ! /usr/bin/id -Gn "$account_name" | grep -q -w staff ; then
echo "$account_name account does not exist or is not a standard user!"
user_not_exist
exit 1
fi
user_has_secure_token=0
enabled_users=""
while read -r line ; do
enabled_users+="$(echo $line | cut -d, -f1) "
if [[ "$account_name" == "$(echo $line | cut -d, -f1)" ]]; then
echo "$account_name has Secure Token"
user_has_secure_token=1
fi
done <<< "$(/usr/bin/fdesetup list)"
if [[ $enabled_users != "" && $user_has_secure_token = 0 ]]; then
echo "$account_name has no Secure Token"
user_has_no_secure_token
exit 1
fi
if ! account_password=$(ask_for_password) ; then
echo "Use cancelled."
exit 1
fi
check_password "$account_name" "$account_password"
}
##########################################################################
check_free_disc() {
free_disk_space=$(df -Pk . | column -t | sed 1d | awk '{print $4}')
if [[ $free_disk_space -ge 30000000 ]]; then
echo "OK - $free_disk_space KB free disk space detected"
else
echo "ERROR - $free_disk_space KB free disk space detected"
"$jamfHelper" -windowType "utility" -description "${!jamfHelper_check_desc}" -alignDescription "left" -icon "$jamfHelper_confirmation_icon" -button1 "Ok" -defaultButton "0" -cancelButton "1"
exit 1
fi
}
install_macos_app=$(find /Applications -type d -name 'Install macOS*')
HELPER=$("$jamfHelper" -windowType "utility" -title "${!jamfHelper_erase_title}" -heading "${!jamfHelper_erase_title}" -description "${!jamfHelper_erase_desc}" -icon "$jamfHelper_erase_icon" -button1 "${!jamfHelper_erase_cancel_button}" -button2 "${!jamfHelper_erase_button}" -defaultButton 1 -cancelButton 1)
echo "Jamf Helper Exit Code: $HELPER"
if [ "$HELPER" == "0" ]
then
arch=$(/usr/bin/arch)
if [ "$arch" == "i386" ]
then
if [ -d "$install_macos_app" ]
then
check_free_disc
user_details
rm -rf "$install_macos_app"
softwareupdate --fetch-full-installer
"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction --stdinpass --user "$account_name" <<< $account_password
else
check_free_disc
user_details
softwareupdate --fetch-full-installer
"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction --stdinpass --user "$account_name" <<< $account_password
fi
else
if [ -d "$install_macos_app" ]
then
check_free_disc
rm -rf "$install_macos_app"
softwareupdate --fetch-full-installer
install_macos_app=$(find /Applications -type d -name 'Install macOS*')
"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction
else
check_free_disc
softwareupdate --fetch-full-installer
install_macos_app=$(find /Applications -type d -name 'Install macOS*')
"$install_macos_app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense --nointeraction
fi
fi
else
exit 0
fi
kill_process "Self Service"
kill_process "jamfHelper"
kill_process "caffeinate"
Clear_reinstall_macOS Kopie.sh
Executable
+39
View File
@@ -0,0 +1,39 @@
#!/bin/bash
##########################################################################
# Shellscript : Reinstall macOS
# Autor : Andreas Vogel, NEXT Enterprise gmbh, 2021
##########################################################################
set -x
##################### Variables ##########################################
Installer=$(find /Applications -type d -name 'Install macOS*')
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
jamf="/usr/local/bin/jamf"
Icon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertStopIcon.icns"
Message="When continuing, the entire system will be deleted and with it all stored data on the device.
The device can then be rolled back into the management system.
If data is not yet saved, please cancel the process and save the data.
If you click OK, the process can no longer be canceled.
Follow the instructions from the confluence for re-installation.
"
#################### Execution ##########################################
HELPER=$("$jamfHelper" -windowType utility -icon "$Icon" -title "Clean reinstallation macOS" -description "$Message" -button1 "OK" -button2 "Cancel" -cancelButton "2" -defaultButton 2)
echo "Jamf Helper Exit Code: $HELPER"
if [ "$HELPER" == "0" ]
then
if [ -d "$Installer" ]
then
rm -rf "$Installer"
softwareupdate --fetch-full-installer
Installer=$(find /Applications -type d -name 'Install macOS*')
"$Installer"/Contents/Resources/startosinstall --eraseinstall --newvolumename "Macintosh HD" --agreetolicense
else
softwareupdate --fetch-full-installer
Installer=$(find /Applications -type d -name 'Install macOS*')
"$Installer"/Contents/Resources/startosinstall --eraseinstall --newvolumename "Macintosh HD" --agreetolicense
fi
else
exit 0
fi
Clear_reinstall_macOS.sh
Executable
+41
View File
@@ -0,0 +1,41 @@
#!/bin/bash
##########################################################################
# Shellscript : Reinstall macOS
# Autor : Andreas Vogel, NEXT Enterprise gmbh, 2021
##########################################################################
# set -x
##################### Variables ##########################################
Installer=$(find /Applications -type d -name 'Install macOS*')
#jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
#jamf="/usr/local/bin/jamf"
#Icon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertStopIcon.icns"
#
#Message="When continuing, the entire system will be deleted and with it all stored data on the device.
#The device can then be rolled back into the management system.
#If data is not yet saved, please cancel the process and save the data.
#If you click OK, the process can no longer be canceled.
#Follow the instructions from the confluence for re-installation.
#"
##################### Execution ##########################################
#HELPER=$("$jamfHelper" -windowType utility -icon "$Icon" -title "Clean reinstallation macOS" -description "$Message" -button1 "OK" -button2 "Cancel" -cancelButton "2" -defaultButton 2)
#echo "Jamf Helper Exit Code: $HELPER"
#if [ "$HELPER" == "0" ]
# then
if [ -d "$Installer" ]
then
rm -rf $Installer
softwareupdate --fetch-full-installer
Installer=$(find /Applications -type d -name 'Install macOS*')
"$Installer"/Contents/Resources/startosinstall --eraseinstall --newvolumename "Macintosh HD Test" --agreetolicense
else
softwareupdate --fetch-full-installer
Installer=$(find /Applications -type d -name 'Install macOS*')
"$Installer"/Contents/Resources/startosinstall --eraseinstall --newvolumename "Macintosh HD Test" --agreetolicense
fi
# else
# exit 0
#fi
ComputerName_set.sh
Executable
+29
View File
@@ -0,0 +1,29 @@
#!/bin/bash
#########################################################################################
# Shellscript : Set Computername
# Autor : Andreas Vogel, nextenterprise gmbh
#########################################################################################
#set -x
######################### Variablen #####################################################
ComputerName=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')
scutil --set ComputerName "$ComputerName"
scutil --set LocalHostName "$ComputerName"
scutil --set HostName "$ComputerName"
scutil --set HostName "$ComputerName"
jamf recon
######################### read Username #################################################
currentUser=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
endUsername=$(dscl . read /Users/$currentUser RecordName | awk {'print $2'})
realname=$(dscl . read /Users/$currentUser RealName | tail -n1)
email=$(dscl . read /Users/$currentUser dsAttrTypeStandard:NetworkUser | awk '{print $2}')
jamf recon -endUsername "$endUsername" -realname "$realname" -email "$email"
exit 0
Create_macOS_iso.sh
Executable
+18
View File
@@ -0,0 +1,18 @@
#!/usr/bin/env bash
sudo hdiutil create -o /tmp/Ventura -size 16g -volname Ventura -layout SPUD -fs HFS+J
sudo hdiutil attach /tmp/Ventura.dmg -noverify -mountpoint /Volumes/Ventura
sudo /Applications/Install\ macOS\ Ventura.app/Contents/Resources/createinstallmedia --volume /Volumes/Ventura --nointeraction
#
#hdiutil detach /Volumes/Ventura/
#hdiutil convert /tmp/Ventura.dmg -format UDTO -o ~/Desktop/Ventura.cdr
#mv ~/Desktop/Ventura.cdr ~/Desktop/Ventura.iso
hdiutil eject -force /Volumes/Install\ macOS\ Ventura
hdiutil convert /tmp/Ventura.dmg -format UDTO -o ~/Downloads/Ventura
mv -v ~/Downloads/Ventura.cdr ~/Downloads/Ventura.iso
sudo rm -fv /tmp/Ventura.dmg
DEP_Notify.sh
+517
View File
@@ -0,0 +1,517 @@
#!/bin/bash
#########################################################################################
# Shellscript : DEP Notify Skript
# Autor : Andreas Vogel, nextenterprise gmbh
# Quelle : https://github.com/jamf/DEPNotify-Starter/blob/master/README.md
#########################################################################################
#########################################################################################
# Testing Mode
#########################################################################################
TESTING_MODE=false
FULLSCREEN=true
#########################################################################################
# General Appearance
# Normale Variablen
#########################################################################################
BANNER_IMAGE_PATH="/Applications/Self Service.app/Contents/Resources/AppIcon.icns"
ORG_NAME="Exasol AG"
BANNER_TITLE="Welcome to the $ORG_NAME"
SUPPORT_CONTACT_DETAILS="ServiceDesk@exasol.com"
MAIN_TEXT='On the Mac, some applications and settings are configured before you start using your new Mac. This process can take 5 to 10 minutes. \n \n If you need additional software or help, visit the Self-Service app in your Applications folder or Dock. \n \n Office applications ( Word, Excel, Outlook and Powerpoint) are available in Self Service.'
INITAL_START_STATUS="Start initial configuration..."
INSTALL_COMPLETE_TEXT="Configuration completed!"
COMPLETE_METHOD_DROPDOWN_ALERT=false
#########################################################################################
COMPLETE_ALERT_TEXT="Your Mac is now done with the initial setup and configuration. Press Exit to get started!"
COMPLETE_MAIN_TEXT='Your Mac is now done with the initial setup and configuration.'
COMPLETE_BUTTON_TEXT="Finished!"
#########################################################################################
# Plist Configuration
#########################################################################################
INFO_PLIST_WRAPPER (){
DEP_NOTIFY_USER_INPUT_PLIST="/Users/$CURRENT_USER/Library/Preferences/menu.nomad.DEPNotifyUserInput.plist"
}
STATUS_TEXT_ALIGN="center" # Status Textausrichtung. Der Statustext unter dem Fortschrittsbalken kann so konfiguriert werden, dass er links, rechts oder mittig ist
HELP_BUBBLE_TITLE="Do you need help?" # Konfiguration der Hilfetaste
HELP_BUBBLE_BODY="This tool was developed by IT to facilitate the onboarding of new employees. \n If you have any problems, please contact $SUPPORT_CONTACT_DETAILS"
#########################################################################################
# Error Screen Text
#########################################################################################
# Wenn der Testmodus falsch ist und Konfigurationsdateien vorhanden sind, wird dieser Text angezeigt
# den Endbenutzer und bitten Sie ihn, sich an die IT zu wenden. Eingeschränkte Fensteroptionen hier als
# Annahme ist, dass sie IT anrufen müssen. Es werden keine Fortsetzungs- oder Beendigungsschaltflächen für angezeigt
# DEP Benachrichtigungsfenster und es wird nicht im Vollbildmodus angezeigt. IT-Mitarbeiter müssen Terminal verwenden
# oder Aktivitätsmonitor zum Beenden von DEP Notify.
ERROR_BANNER_TITLE="Oh there is something wrong!" # Hauptüberschrift, die unter dem Bild angezeigt wird
ERROR_MAIN_TEXT='We are sorry that you are having this inconvenience with your new Mac. \n \n ou should contact IT immediately. We will look at your computer as soon as possible. \n \n'
ERROR_MAIN_TEXT="$ERROR_MAIN_TEXT $SUPPORT_CONTACT_DETAILS"
ERROR_STATUS="Setup failed"
#########################################################################################
# Policy Variable to Modify
# Welche Policies sollen hier ausgefüht werden.
# Die Policies werden dann in dieser Folge abgearbeitet.
#########################################################################################
POLICY_ARRAY=(
"Gerätename wird gesetzt,tests"
)
#########################################################################################
# Caffeinate / No Sleep Configuration
#########################################################################################
# NO_SLEEP=false # Flag-Skript, um den Computer vom Schlafen abzuhalten
#########################################################################################
# Customized Self Service Branding
#########################################################################################
SELF_SERVICE_CUSTOM_BRANDING=true # Set variable to true or false
SELF_SERVICE_APP_NAME="Self Service.app" # Wenn Sie einen anderen Namen als Self Service mit benutzerdefiniertem Branding verwenden
SELF_SERVICE_CUSTOM_WAIT=20 # Anzahl der Sekunden, die auf das benutzerdefinierte Self-Service-Symbol gewartet werden soll (Sekunden)
#########################################################################################
# EULA Variables to Modify #
#########################################################################################
EULA_ENABLED=false # Set variable to true or false. EULA configuration
EULA_STATUS="Waiting for EULA acceptance to be completed" # EULA status bar text
EULA_BUTTON="Read and agree to the EULA" # EULA button text on the main screen
EULA_MAIN_TITLE="Organization End User License Agreement" # EULA Screen Title
EULA_SUBTITLE="Please agree to the following conditions to start the configuration of this Mac" # EULA Subtitle
EULA_FILE_PATH="/Users/Shared/eula.txt" # Path to the EULA file.
#########################################################################################
# Registration Variables to Modify #
#########################################################################################
REGISTRATION_ENABLED=false # Set variable to true or false. Registration window configuration
REGISTRATION_TITLE="Register the Mac under $ORG_NAME" # Registration window title
REGISTRATION_STATUS="Waiting after the computer registration is completed" # Registration status bar text
REGISTRATION_BUTTON="Register your Mac" # Registration window submit or finish button text
REGISTRATION_BEGIN_WORD="Setting" # The text and pick list sections below will write the following lines out for end users
REGISTRATION_MIDDLE_WORD="to"
#########################################################################################
# First Text Field
# Kann alles mögliche dann abfragen.
# Die abarbeitung wird dann in der Funktion "REG_TEXT_LABEL_1_LOGIC" ausgeführt. In diesem
# Fall wird das Asset Tag abgefragt und über den recon aktuallisiert.
#########################################################################################
REG_TEXT_LABEL_1="Asset Tag" # Text Field Label
REG_TEXT_LABEL_1_PLACEHOLDER="81926392" # Place Holder Text
REG_TEXT_LABEL_1_OPTIONAL="false" # Optional flag for making the field an optional input for end user
REG_TEXT_LABEL_1_HELP_TITLE="Asset Tag" # Help Bubble for Input. If title left blank, this will not appear
REG_TEXT_LABEL_1_HELP_TEXT="This field is used to assign an updated asset tag to our asset management system. The asset tag can be found on the bottom of the device."
REG_TEXT_LABEL_1_LOGIC (){
REG_TEXT_LABEL_1_VALUE=$(/usr/bin/defaults read "$DEP_NOTIFY_USER_INPUT_PLIST" "$REG_TEXT_LABEL_1")
if [ "$REG_TEXT_LABEL_1_OPTIONAL" = true ] && [ "$REG_TEXT_LABEL_1_VALUE" = "" ]; then
echo "Status: $REG_TEXT_LABEL_1 was left blank. Skip..." >> "$DEP_NOTIFY_LOG"
echo "$(date "+%a %h %d %H:%M:%S"): $REG_TEXT_LABEL_1 wurde auf optional gesetzt und leer gelassen. Überspringen..." >> "$DEP_NOTIFY_DEBUG"
sleep 5
else
echo "Status: $REGISTRATION_BEGIN_WORD $REG_TEXT_LABEL_1 $REGISTRATION_MIDDLE_WORD $REG_TEXT_LABEL_1_VALUE" >> "$DEP_NOTIFY_LOG"
if [ "$TESTING_MODE" = true ]; then
sleep 10
else
"$JAMF_BINARY" recon -assetTag "$REG_TEXT_LABEL_1_VALUE"
fi
fi
}
#########################################################################################
#########################################################################################
# Core Script Logic - Don't Change Without Major Testing
#########################################################################################
#########################################################################################
# Variables for File Paths
#########################################################################################
JAMF_BINARY="/usr/local/bin/jamf"
FDE_SETUP_BINARY="/usr/bin/fdesetup"
DEP_NOTIFY_APP="/Applications/Utilities/DEPNotify.app"
DEP_NOTIFY_LOG="/var/tmp/depnotify.log"
DEP_NOTIFY_DEBUG="/var/tmp/depnotifyDebug.log"
DEP_NOTIFY_DONE="/var/tmp/com.depnotify.provisioning.done"
#########################################################################################
# Variablen die aus Jamf übergeben werden können.
# !! Wichtig !! egal was oben in den Variablen angegeben ist, wird hierdurch überschrieben.
#########################################################################################
if [ "$4" != "" ]; then TESTING_MODE="$4"; fi
if [ "$5" != "" ]; then FULLSCREEN="$5"; fi
#if [ "$6" != "" ]; then NO_SLEEP="$6"; fi
if [ "$7" != "" ]; then SELF_SERVICE_CUSTOM_BRANDING="$7"; fi
if [ "$8" != "" ]; then COMPLETE_METHOD_DROPDOWN_ALERT="$8"; fi
if [ "$9" != "" ]; then EULA_ENABLED="$9"; fi
if [ "${10}" != "" ]; then REGISTRATION_ENABLED="${10}"; fi
#########################################################################################
# Standard Testing Mode Enhancements
# Nur wenn der Testing Mode "true" ist. Die angelegten Logs werden gelöscht, damit keine
# Error Meldung erfolgt.
#########################################################################################
if [ "$TESTING_MODE" = true ]; then
if [ -f "$DEP_NOTIFY_LOG" ]; then rm "$DEP_NOTIFY_LOG"; fi
if [ -f "$DEP_NOTIFY_DONE" ]; then rm "$DEP_NOTIFY_DONE"; fi
if [ -f "$DEP_NOTIFY_DEBUG" ]; then rm "$DEP_NOTIFY_DEBUG"; fi
# Setting Quit Key set to command + control + x (Testing Mode Only)
echo "Command: QuitKey: x" >> "$DEP_NOTIFY_LOG"
fi
#########################################################################################
# Püfung der Variablen auf true/false
#########################################################################################
if [ "$TESTING_MODE" != true ] && [ "$TESTING_MODE" != false ]; then
echo "$(date "+%a %h %d %H:%M:%S"): Testkonfiguration nicht richtig eingestellt. Derzeit eingestellt auf $TESTING_MODE. Bitte aktualisieren Sie auf true oder false." >> "$DEP_NOTIFY_DEBUG"
exit 1
fi
if [ "$FULLSCREEN" != true ] && [ "$FULLSCREEN" != false ]; then
echo "$(date "+%a %h %d %H:%M:%S"): Die Vollbildkonfiguration ist nicht richtig eingestellt. Derzeit eingestellt auf $FULLSCREEN. Bitte aktualisieren Sie auf true oder false." >> "$DEP_NOTIFY_DEBUG"
exit 1
fi
# if [ "$NO_SLEEP" != true ] && [ "$NO_SLEEP" != false ]; then
# echo "$(date "+%a %h %d %H:%M:%S"): Schlafkonfiguration nicht richtig eingestellt. Derzeit eingestellt auf $NO_SLEEP. Bitte aktualisieren Sie auf true oder false." >> "$DEP_NOTIFY_DEBUG"
# exit 1
# fi
if [ "$SELF_SERVICE_CUSTOM_BRANDING" != true ] && [ "$SELF_SERVICE_CUSTOM_BRANDING" != false ]; then
echo "$(date "+%a %h %d %H:%M:%S"): Self Service Custom Branding-Konfiguration nicht richtig eingestellt. Derzeit eingestellt auf $SELF_SERVICE_CUSTOM_BRANDING. Bitte aktualisieren Sie auf true oder false." >> "$DEP_NOTIFY_DEBUG"
exit 1
fi
if [ "$COMPLETE_METHOD_DROPDOWN_ALERT" != true ] && [ "$COMPLETE_METHOD_DROPDOWN_ALERT" != false ]; then
echo "$(date "+%a %h %d %H:%M:%S"): Abschlusswarnmethode nicht richtig eingestellt. Derzeit eingestellt auf $COMPLETE_METHOD_DROPDOWN_ALERT. Bitte aktualisieren Sie auf true oder false." >> "$DEP_NOTIFY_DEBUG"
exit 1
fi
if [ "$EULA_ENABLED" != true ] && [ "$EULA_ENABLED" != false ]; then
echo "$(date "+%a %h %d %H:%M:%S"): EULA-Konfiguration nicht richtig eingestellt. Derzeit eingestellt auf $EULA_ENABLED. Bitte aktualisieren Sie auf true oder false." >> "$DEP_NOTIFY_DEBUG"
exit 1
fi
if [ "$REGISTRATION_ENABLED" != true ] && [ "$REGISTRATION_ENABLED" != false ]; then
echo "$(date "+%a %h %d %H:%M:%S"): Registrierungskonfiguration nicht richtig eingestellt. Derzeit eingestellt auf $REGISTRATION_ENABLED. Bitte aktualisieren Sie auf true oder false." >> "$DEP_NOTIFY_DEBUG"
exit 1
fi
#########################################################################################
# Püfung vor Ausführung auf:
############################DEP Notify ausführen nach dem Apple Setup Assistant##########
SETUP_ASSISTANT_PROCESS=$(pgrep -l "Setup Assistant")
until [ "$SETUP_ASSISTANT_PROCESS" = "" ]; do
echo "$(date "+%a %h %d %H:%M:%S"): Setup Assistant Still Running. PID $SETUP_ASSISTANT_PROCESS." >> "$DEP_NOTIFY_DEBUG"
sleep 1
SETUP_ASSISTANT_PROCESS=$(pgrep -l "Setup Assistant")
done
############################Überprüfen, ob der Finder ausgeführt wird####################
FINDER_PROCESS=$(pgrep -l "Finder")
until [ "$FINDER_PROCESS" != "" ]; do
echo "$(date "+%a %h %d %H:%M:%S"): Finder process not found. Assuming device is at login screen." >> "$DEP_NOTIFY_DEBUG"
sleep 1
FINDER_PROCESS=$(pgrep -l "Finder")
done
#############################Den aktuellen Benutzer zu greifen###########################
CURRENT_USER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");')
echo "$(date "+%a %h %d %H:%M:%S"): Current user set to $CURRENT_USER." >> "$DEP_NOTIFY_DEBUG"
############################Kill DEPNotify, wenn bereits ausgeführt wurde################
PREVIOUS_DEP_NOTIFY_PROCESS=$(pgrep -l "DEPNotify" | cut -d " " -f1)
until [ "$PREVIOUS_DEP_NOTIFY_PROCESS" = "" ]; do
echo "$(date "+%a %h %d %H:%M:%S"): Stopping the previously-opened instance of DEPNotify." >> "$DEP_NOTIFY_DEBUG"
kill $PREVIOUS_DEP_NOTIFY_PROCESS
PREVIOUS_DEP_NOTIFY_PROCESS=$(pgrep -l "DEPNotify" | cut -d " " -f1)
done
############################Stoppen Sie BigHonkingText, wenn es ausgeführt###############
BIG_HONKING_TEXT_PROCESS=$(pgrep -l "BigHonkingText" | cut -d " " -f1)
until [ "$BIG_HONKING_TEXT_PROCESS" = "" ]; do
echo "$(date "+%a %h %d %H:%M:%S"): Stopping the previously-opened instance of BigHonkingText." >> "$DEP_NOTIFY_DEBUG"
kill $BIG_HONKING_TEXT_PROCESS
BIG_HONKING_TEXT_PROCESS=$(pgrep -l "BigHonkingText" | cut -d " " -f1)
done
#########################################################################################
# Hinzufügen von Prüfung und Warnung, wenn der Testmodus deaktiviert ist und Stücklistendateien vorhanden sind
#########################################################################################
if [[ ( -f "$DEP_NOTIFY_LOG" || -f "$DEP_NOTIFY_DONE" ) && "$TESTING_MODE" = false ]]; then
echo "$(date "+%a %h %d %H:%M:%S"): TESTING_MODE set to false but config files were found in /var/tmp. Letting user know and exiting." >> "$DEP_NOTIFY_DEBUG"
mv "$DEP_NOTIFY_LOG" "/var/tmp/depnotify_old.log"
echo "Command: MainTitle: $ERROR_BANNER_TITLE" >> "$DEP_NOTIFY_LOG"
echo "Command: MainText: $ERROR_MAIN_TEXT" >> "$DEP_NOTIFY_LOG"
echo "Status: $ERROR_STATUS" >> "$DEP_NOTIFY_LOG"
sudo -u "$CURRENT_USER" open -a "$DEP_NOTIFY_APP" --args -path "$DEP_NOTIFY_LOG"
sleep 5
echo "Command: ContinueButton: $COMPLETE_BUTTON_TEXT" >> "$DEP_NOTIFY_LOG"
exit 1
fi
#########################################################################################
#########################################################################################
# Wenn "SELF_SERVICE_CUSTOM_BRANDING" auf "true" gesetzt ist. Laden des aktualisierten
# Brandings. Warten Sie auf das Branding-Image, um es ordnungsgemäß in der Benutzerbibliothek
# anzuzeigen. Anschliessend
#########################################################################################
if [ "$SELF_SERVICE_CUSTOM_BRANDING" = true ]; then
open -a "/Applications/$SELF_SERVICE_APP_NAME" --hide
SELF_SERVICE_COUNTER=0
CUSTOM_BRANDING_PNG="/Users/$CURRENT_USER/Library/Application Support/com.jamfsoftware.selfservice.mac/Documents/Images/brandingimage.png"
until [ -f "$CUSTOM_BRANDING_PNG" ]; do
echo "$(date "+%a %h %d %H:%M:%S"): Waiting for branding image from Jamf Pro." >> "$DEP_NOTIFY_DEBUG"
sleep 1
(( SELF_SERVICE_COUNTER++ ))
if [ $SELF_SERVICE_COUNTER -gt $SELF_SERVICE_CUSTOM_WAIT ];then
CUSTOM_BRANDING_PNG="/Applications/ING Germany Self Service.app/Contents/Resources/AppIcon.icns"
break
fi
done
BANNER_IMAGE_PATH="$CUSTOM_BRANDING_PNG"
SELF_SERVICE_PID=$(pgrep -l "Self Service" | cut -d' ' -f1)
echo "$(date "+%a %h %d %H:%M:%S"): Self Service custom branding icon has been loaded. Killing Self Service PID $SELF_SERVICE_PID." >> "$DEP_NOTIFY_DEBUG"
kill "$SELF_SERVICE_PID"
fi
if [ "$BANNER_IMAGE_PATH" != "" ]; then echo "Command: Image: $BANNER_IMAGE_PATH" >> "$DEP_NOTIFY_LOG"; fi # Festlegen eines benutzerdefinierten Bildes, falls angegeben
if [ "$BANNER_TITLE" != "" ]; then echo "Command: MainTitle: $BANNER_TITLE" >> "$DEP_NOTIFY_LOG"; fi # Festlegen eines benutzerdefinierten Titels, falls angegeben
if [ "$MAIN_TEXT" != "" ]; then echo "Command: MainText: $MAIN_TEXT" >> "$DEP_NOTIFY_LOG"; fi # Festlegen des benutzerdefinierten Haupttextes, falls angegeben
# General Plist Configuration
# Calling function to set the INFO_PLIST_PATH
INFO_PLIST_WRAPPER
# The plist information below
DEP_NOTIFY_CONFIG_PLIST="/Users/$CURRENT_USER/Library/Preferences/menu.nomad.DEPNotify.plist"
# If testing mode is on, this will remove some old configuration files
if [ "$TESTING_MODE" = true ] && [ -f "$DEP_NOTIFY_CONFIG_PLIST" ]; then rm "$DEP_NOTIFY_CONFIG_PLIST"; fi
if [ "$TESTING_MODE" = true ] && [ -f "$DEP_NOTIFY_USER_INPUT_PLIST" ]; then rm "$DEP_NOTIFY_USER_INPUT_PLIST"; fi
# Setting default path to the plist which stores all the user completed info
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" pathToPlistFile "$DEP_NOTIFY_USER_INPUT_PLIST"
# Setting status text alignment
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" statusTextAlignment "$STATUS_TEXT_ALIGN"
# Setting help button
if [ "$HELP_BUBBLE_TITLE" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" helpBubble -array-add "$HELP_BUBBLE_TITLE"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" helpBubble -array-add "$HELP_BUBBLE_BODY"
fi
# EULA Configuration
if [ "$EULA_ENABLED" = true ]; then
DEP_NOTIFY_EULA_DONE="/var/tmp/com.depnotify.agreement.done"
# If testing mode is on, this will remove EULA specific configuration files
if [ "$TESTING_MODE" = true ] && [ -f "$DEP_NOTIFY_EULA_DONE" ]; then rm "$DEP_NOTIFY_EULA_DONE"; fi
# Writing title, subtitle, and EULA txt location to plist
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" EULAMainTitle "$EULA_MAIN_TITLE"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" EULASubTitle "$EULA_SUBTITLE"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" pathToEULA "$EULA_FILE_PATH"
# Setting ownership of EULA file
chown "$CURRENT_USER:staff" "$EULA_FILE_PATH"
chmod 444 "$EULA_FILE_PATH"
fi
# Registration Plist Configuration
if [ "$REGISTRATION_ENABLED" = true ]; then
DEP_NOTIFY_REGISTER_DONE="/var/tmp/com.depnotify.registration.done"
# If testing mode is on, this will remove registration specific configuration files
if [ "$TESTING_MODE" = true ] && [ -f "$DEP_NOTIFY_REGISTER_DONE" ]; then rm "$DEP_NOTIFY_REGISTER_DONE"; fi
# Main Window Text Configuration
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" registrationMainTitle "$REGISTRATION_TITLE"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" registrationButtonLabel "$REGISTRATION_BUTTON"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" registrationPicturePath "$BANNER_IMAGE_PATH"
# First Text Box Configuration
if [ "$REG_TEXT_LABEL_1" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField1Label "$REG_TEXT_LABEL_1"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField1Placeholder "$REG_TEXT_LABEL_1_PLACEHOLDER"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField1IsOptional "$REG_TEXT_LABEL_1_OPTIONAL"
# Code for showing the help box if configured
if [ "$REG_TEXT_LABEL_1_HELP_TITLE" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField1Bubble -array-add "$REG_TEXT_LABEL_1_HELP_TITLE"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField1Bubble -array-add "$REG_TEXT_LABEL_1_HELP_TEXT"
fi
fi
# Second Text Box Configuration
if [ "$REG_TEXT_LABEL_2" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField2Label "$REG_TEXT_LABEL_2"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField2Placeholder "$REG_TEXT_LABEL_2_PLACEHOLDER"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField2IsOptional "$REG_TEXT_LABEL_2_OPTIONAL"
# Code for showing the help box if configured
if [ "$REG_TEXT_LABEL_2_HELP_TITLE" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField2Bubble -array-add "$REG_TEXT_LABEL_2_HELP_TITLE"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" textField2Bubble -array-add "$REG_TEXT_LABEL_2_HELP_TEXT"
fi
fi
# Popup 1
if [ "$REG_POPUP_LABEL_1" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton1Label "$REG_POPUP_LABEL_1"
# Code for showing the help box if configured
if [ "$REG_POPUP_LABEL_1_HELP_TITLE" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu1Bubble -array-add "$REG_POPUP_LABEL_1_HELP_TITLE"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu1Bubble -array-add "$REG_POPUP_LABEL_1_HELP_TEXT"
fi
# Code for adding the items from the array above into the plist
for REG_POPUP_LABEL_1_OPTION in "${REG_POPUP_LABEL_1_OPTIONS[@]}"; do
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton1Content -array-add "$REG_POPUP_LABEL_1_OPTION"
done
fi
# Popup 2
if [ "$REG_POPUP_LABEL_2" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton2Label "$REG_POPUP_LABEL_2"
# Code for showing the help box if configured
if [ "$REG_POPUP_LABEL_2_HELP_TITLE" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu2Bubble -array-add "$REG_POPUP_LABEL_2_HELP_TITLE"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu2Bubble -array-add "$REG_POPUP_LABEL_2_HELP_TEXT"
fi
# Code for adding the items from the array above into the plist
for REG_POPUP_LABEL_2_OPTION in "${REG_POPUP_LABEL_2_OPTIONS[@]}"; do
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton2Content -array-add "$REG_POPUP_LABEL_2_OPTION"
done
fi
# Popup 3
if [ "$REG_POPUP_LABEL_3" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton3Label "$REG_POPUP_LABEL_3"
# Code for showing the help box if configured
if [ "$REG_POPUP_LABEL_3_HELP_TITLE" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu3Bubble -array-add "$REG_POPUP_LABEL_3_HELP_TITLE"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu3Bubble -array-add "$REG_POPUP_LABEL_3_HELP_TEXT"
fi
# Code for adding the items from the array above into the plist
for REG_POPUP_LABEL_3_OPTION in "${REG_POPUP_LABEL_3_OPTIONS[@]}"; do
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton3Content -array-add "$REG_POPUP_LABEL_3_OPTION"
done
fi
# Popup 4
if [ "$REG_POPUP_LABEL_4" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton4Label "$REG_POPUP_LABEL_4"
# Code for showing the help box if configured
if [ "$REG_POPUP_LABEL_4_HELP_TITLE" != "" ]; then
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu4Bubble -array-add "$REG_POPUP_LABEL_4_HELP_TITLE"
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupMenu4Bubble -array-add "$REG_POPUP_LABEL_4_HELP_TEXT"
fi
# Code for adding the items from the array above into the plist
for REG_POPUP_LABEL_4_OPTION in "${REG_POPUP_LABEL_4_OPTIONS[@]}"; do
/usr/bin/defaults write "$DEP_NOTIFY_CONFIG_PLIST" popupButton4Content -array-add "$REG_POPUP_LABEL_4_OPTION"
done
fi
fi
# Changing Ownership of the plist file
chown "$CURRENT_USER":staff "$DEP_NOTIFY_CONFIG_PLIST"
chmod 600 "$DEP_NOTIFY_CONFIG_PLIST"
# Opening the app after initial configuration
if [ "$FULLSCREEN" = true ]; then
sudo -u "$CURRENT_USER" open -a "$DEP_NOTIFY_APP" --args -path "$DEP_NOTIFY_LOG" -fullScreen
elif [ "$FULLSCREEN" = false ]; then
sudo -u "$CURRENT_USER" open -a "$DEP_NOTIFY_APP" --args -path "$DEP_NOTIFY_LOG"
fi
# Grabbing the DEP Notify Process ID for use later
DEP_NOTIFY_PROCESS=$(pgrep -l "DEPNotify" | cut -d " " -f1)
until [ "$DEP_NOTIFY_PROCESS" != "" ]; do
echo "$(date "+%a %h %d %H:%M:%S"): Waiting for DEPNotify to start to gather the process ID." >> "$DEP_NOTIFY_DEBUG"
sleep 1
DEP_NOTIFY_PROCESS=$(pgrep -l "DEPNotify" | cut -d " " -f1)
done
# Using Caffeinate binary to keep the computer awake if enabled
# if [ "$NO_SLEEP" = true ]; then
# echo "$(date "+%a %h %d %H:%M:%S"): Caffeinating DEP Notify process. Process ID: $DEP_NOTIFY_PROCESS" >> "$DEP_NOTIFY_DEBUG"
# caffeinate -disu -w "$DEP_NOTIFY_PROCESS"&
# fi
# Adding an alert prompt to let admins know that the script is in testing mode
if [ "$TESTING_MODE" = true ]; then
echo "Command: Alert: DEP Notify befindet sich in TESTING_MODE. Das Skript führt keine Richtlinien oder andere Befehle aus, die Änderungen an diesem Computer vornehmen." >> "$DEP_NOTIFY_LOG"
fi
# Adding nice text and a brief pause for prettiness
echo "Status: $INITAL_START_STATUS" >> "$DEP_NOTIFY_LOG"
sleep 5
# Setting the status bar
# Counter is for making the determinate look nice. Starts at one and adds
# more based on EULA, register, or other options.
ADDITIONAL_OPTIONS_COUNTER=1
if [ "$EULA_ENABLED" = true ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
if [ "$REGISTRATION_ENABLED" = true ]; then ((ADDITIONAL_OPTIONS_COUNTER++))
if [ "$REG_TEXT_LABEL_1" != "" ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
if [ "$REG_TEXT_LABEL_2" != "" ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
if [ "$REG_POPUP_LABEL_1" != "" ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
if [ "$REG_POPUP_LABEL_2" != "" ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
if [ "$REG_POPUP_LABEL_3" != "" ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
if [ "$REG_POPUP_LABEL_4" != "" ]; then ((ADDITIONAL_OPTIONS_COUNTER++)); fi
fi
# Checking policy array and adding the count from the additional options above.
ARRAY_LENGTH="$((${#POLICY_ARRAY[@]}+ADDITIONAL_OPTIONS_COUNTER))"
echo "Command: Determinate: $ARRAY_LENGTH" >> "$DEP_NOTIFY_LOG"
# EULA Window Display Logic
if [ "$EULA_ENABLED" = true ]; then
echo "Status: $EULA_STATUS" >> "$DEP_NOTIFY_LOG"
echo "Command: ContinueButtonEULA: $EULA_BUTTON" >> "$DEP_NOTIFY_LOG"
while [ ! -f "$DEP_NOTIFY_EULA_DONE" ]; do
echo "$(date "+%a %h %d %H:%M:%S"): Waiting for user to accept EULA." >> "$DEP_NOTIFY_DEBUG"
sleep 1
done
fi
# Registration Window Display Logic
if [ "$REGISTRATION_ENABLED" = true ]; then
echo "Status: $REGISTRATION_STATUS" >> "$DEP_NOTIFY_LOG"
echo "Command: ContinueButtonRegister: $REGISTRATION_BUTTON" >> "$DEP_NOTIFY_LOG"
while [ ! -f "$DEP_NOTIFY_REGISTER_DONE" ]; do
echo "$(date "+%a %h %d %H:%M:%S"): Waiting for user to complete registration." >> "$DEP_NOTIFY_DEBUG"
sleep 1
done
# Running Logic For Each Registration Box
if [ "$REG_TEXT_LABEL_1" != "" ]; then REG_TEXT_LABEL_1_LOGIC; fi
if [ "$REG_TEXT_LABEL_2" != "" ]; then REG_TEXT_LABEL_2_LOGIC; fi
if [ "$REG_POPUP_LABEL_1" != "" ]; then REG_POPUP_LABEL_1_LOGIC; fi
if [ "$REG_POPUP_LABEL_2" != "" ]; then REG_POPUP_LABEL_2_LOGIC; fi
if [ "$REG_POPUP_LABEL_3" != "" ]; then REG_POPUP_LABEL_3_LOGIC; fi
if [ "$REG_POPUP_LABEL_4" != "" ]; then REG_POPUP_LABEL_4_LOGIC; fi
fi
# Loop to run policies
for POLICY in "${POLICY_ARRAY[@]}"; do
echo "Status: $(echo "$POLICY" | cut -d ',' -f1)" >> "$DEP_NOTIFY_LOG"
if [ "$TESTING_MODE" = true ]; then
sleep 2
elif [ "$TESTING_MODE" = false ]; then
"$JAMF_BINARY" policy "-event" "$(echo "$POLICY" | cut -d ',' -f2)"
fi
done
# Nice completion text
echo "Status: $INSTALL_COMPLETE_TEXT" >> "$DEP_NOTIFY_LOG"
######################################################################################################
if [ "$COMPLETE_METHOD_DROPDOWN_ALERT" = true ]
then
echo "Command: Quit: $COMPLETE_ALERT_TEXT" >> "$DEP_NOTIFY_LOG"
else
echo "Command: MainText: $COMPLETE_MAIN_TEXT" >> "$DEP_NOTIFY_LOG"
echo "Command: ContinueButton: $COMPLETE_BUTTON_TEXT" >> "$DEP_NOTIFY_LOG"
fi
exit 0
DEP_info_fenster.sh
Executable
+29
View File
@@ -0,0 +1,29 @@
#!/bin/bash
CURRENT_USER=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");')
DEP_NOTIFY_APP="/Applications/Utilities/DEPNotify.app"
DEP_NOTIFY_LOG="/var/tmp/depnotify.log"
BANNER_IMAGE_PATH="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertStopIcon.icns"
BANNER_TITLE="Hilfe kommt"
MAIN_TEXT="Das ist ein Test"
COMPLETE_BUTTON_TEXT="OK"
#BANNER_IMAGE_PATH="$4"
#BANNER_TITLE="$5"
#MAIN_TEXT="$6"
#COMPLETE_BUTTON_TEXT="$7"
if [ -f "$DEP_NOTIFY_LOG" ]; then
rm "$DEP_NOTIFY_LOG"
fi
echo "Command: Image: $BANNER_IMAGE_PATH" >> "$DEP_NOTIFY_LOG"
echo "Command: MainTitle: $BANNER_TITLE" >> "$DEP_NOTIFY_LOG"
echo "Command: MainText: $MAIN_TEXT" >> "$DEP_NOTIFY_LOG"
echo "Command: ContinueButton: $COMPLETE_BUTTON_TEXT" >> "$DEP_NOTIFY_LOG"
sudo -u "$CURRENT_USER" open -a "$DEP_NOTIFY_APP" --args -path "$DEP_NOTIFY_LOG"
Daemon_NoMAD/Check_Ticket_ohne_Helper.sh
+55
View File
@@ -0,0 +1,55 @@
#!/bin/bash
##########################################################################
# Shellscript : Prüft, ob das Ticket das eigene ist.
# Autor : Andreas Vogel, macenterprise gmbh, 13.11.2019
##########################################################################
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
TicketIs=$(klist --list-all | grep DIBA.CORP.INT | cut -d ' ' -f 2)
Diba=@DIBA.CORP.INT
name=$user$Diba
#echo $name
#echo $TicketIs
if [[ ! -z "$TicketIs" ]]
then
if [[ $name == $TicketIs ]]
then
exit 0
else
osascript -e 'display dialog "Das angeforderte Ticket scheint nicht dir zu gehören. Bitte fordere dein Eigenes Ticket an." buttons "OK" default button 1'
kdestroy -p $TicketIs
fi
else
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
PASS=$(osascript -e 'text returned of (display dialog "Bitte das Passwort eingeben" default answer "" with hidden answer)') || exit
FILE=$(cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-f0-9' | head -c 8)
PFILE=/Users/$user/.$FILE
touch $PFILE
echo "$PASS" >> $PFILE
if kinit --password-file="$PFILE" $user@DIBA.CORP.INT
then
osascript -e 'display dialog "Das Ticket wurde erfolgreich angefragt." buttons "OK" default button 1'
rm $PFILE
exit 0
else
osascript -e 'display dialog "Fehler! Das Ticket konnte nicht angelegt werden" buttons "OK" default button 1'
rm $PFILE
exit 1
fi
exit 0
fi
Daemon_NoMAD/Daemon.sh
+29
View File
@@ -0,0 +1,29 @@
#!/bin/bash
# Erstellung XML
read -d '' launchDaemons <<"EOF"
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>de.ing.tgt.plist</string>
<key>ProgramArguments</key>
<array>
<string>bash</string>
<string>/Users/90022300/Desktop/Untitled 6.sh</string>
</array>
<key>StartInterval</key>
<integer>10</integer>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
EOF
# XML schreiben
sudo echo "$launchDaemons" > /Library/LaunchDaemons/de.ing.tgt.plist
# Rechte setzen
sudo chmod 644 /Library/LaunchDaemons/de.ing.tgt.plist
sudo chown root:wheel /Library/LaunchDaemons/de.ing.tgt.plist
Daemon_NoMAD/Untitled 3.sh
+42
View File
@@ -0,0 +1,42 @@
#!/bin/bash
##########################################################################
# Shellscript : Prüft, ob das Ticket das eigene ist.
# Autor : Andreas Vogel, macenterprise gmbh, 13.11.2019
##########################################################################
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
TicketIs=$(klist --list-all | grep DIBA.CORP.INT | cut -d ' ' -f 2)
Diba=@DIBA.CORP.INT
name=$user$Diba
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
jamf="/usr/local/bin/jamf"
Icon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/ToolbarDeleteIcon.icns"
Message="Das Angeforderte Ticket: $Ticket scheint nicht dir zu gehören.
Das Ticket wurde entfernt und ein SecurityLog wurde erstellt.
"
if [[ ! -z "$TicketIs" ]]
then
if [[ $name == $TicketIs ]]
then
exit 0
else
HELPER=$("$jamfHelper" -windowType utility -icon "$Icon" -title "Wrong Ticket" -description "$Message" -button1 "OK" -defaultButton 1)
kdestroy -p $TicketIs
fi
else
exit 0
fi
Daemon_NoMAD/com.trusourcelabs.NoMAD.plist
+54
View File
@@ -0,0 +1,54 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ADDomain</key>
<string>diba.corp.int</string>
<key>DontShowWelcome</key>
<true/>
<key>FirstRunDone</key>
<true/>
<key>HideAbout</key>
<true/>
<key>HideGetSoftware</key>
<true/>
<key>HideHelp</key>
<true/>
<key>HideLockScreen</key>
<true/>
<key>HidePrefs</key>
<true/>
<key>HideQuit</key>
<true/>
<key>HideRenew</key>
<true/>
<key>HideSignOut</key>
<true/>
<key>KerberosRealm</key>
<string>DIBA.CORP.INT</string>
<key>LastPasswordWarning</key>
<real>691200</real>
<key>LocalPasswordSync</key>
<true/>
<key>LoginItem</key>
<true/>
<key>PersistExpiration</key>
<true/>
<key>SelfServicePath</key>
<string></string>
<key>ShowHome</key>
<false/>
<key>SignInWindowOnLaunch</key>
<false/>
<key>SignedIn</key>
<true/>
<key>UseKeychain</key>
<true/>
<key>UseKeychainPrompt</key>
<false/>
<key>UserShortName</key>
<string></string>
<key>UserSwitch</key>
<false/>
</dict>
</plist>
Daemon_NoMAD/com.trusourcelabs.NoMAD_ori.plist
BIN
View File
Binary file not shown.
Daemon_NoMAD/de.ing.Check_Kerberos 2.sh
+163
View File
@@ -0,0 +1,163 @@
#!/bin/bash
##########################################################################
# Shellscript : Check Ticket und Launch Daemon
# Quelle :
# Autor : Andreas Vogel, NEXT Enterprise gmbh
##########################################################################
# Erstellung XML
read -d '' launchDaemons <<"EOF"
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Enabled</key>
<true/>
<key>KeepAlive</key>
<dict>
<key>Crashed</key>
<true/>
<key>SuccessfulExit</key>
<true/>
</dict>
<key>Label</key>
<string>de.ing.Ticket_check</string>
<key>LaunchEvents</key>
<dict>
<key></key>
<dict/>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Library/Application\ Support/JAMF/ING/check_ticket.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>10</integer>
<key>StartOnMount</key>
<false/>
</dict>
</plist>
EOF
# XML schreiben
sudo echo "$launchDaemons" > /Library/LaunchDaemons/de.ing.check_ticket.plist
# Rechte setzen
sudo chmod 644 /Library/LaunchDaemons/de.ing.check_ticket.plist
sudo chown root:wheel /Library/LaunchDaemons/de.ing.check_ticket.plist
# Erstellung startup script
read -d '' startupscript<<"EOF"
#!/bin/bash
##########################################################################
# Shellscript : Prüft, ob das Ticket das eigene ist.
# Autor : Andreas Vogel, macenterprise gmbh, 13.11.2019
##########################################################################
########################### Description ##################################
# Script dient dazu, dass der User sich nicht über das Nomad eine Kerberos Ticket anfragt.
# Das Script wird über einen Daemon gestartet.
# Das Script wird zunächst prüfen, ob das AD erreichbar ist.
# Ist das AD erreichbar wird geprüft, ob eine Ticket bereits vorhanden ist. Ist kein Ticket
# Im TicketViewer hinterlegt, so wird der User nach seinem Passwort gefragt. Der User-Name wird
# über das System ausgelesen. Nach der Eingabe der Passwortes, wird eine Kerberos Ticket angefragt
# und im TicketViewer hinterlegt. Der User hat nur die Möglichkeit sein eigenes Ticket an zu fragen.
# Als nächstes Prüft das Script, ob das hinterlegte Ticket auf dem User, gemäß des Benutzernames
# auch gehört. Gehört das Ticket nicht dem Benutzer, so wird dieses sofort gelöscht und der User
# wird darüber informiert. Nach der Information, wird eine Event über Jamf ausgelöst.
# Dabei wird der Befehl " sudo jamf -event TicketCheck ausgeführt.
# Mit der Ausführung der Policy wird damit eine Log zu dem Gerät erstellt.
# Damit wird die Möglichkeit eines Reporten geschaffen. Somit kann zum Zwecke eines Report
# in Jamf eingesehen werden, wie oft diese Policy ausgeführt worden ist. Über den Log, kann
# eingesehen werden, als welcher Benutzer der User versucht hatte sich ein Ticket zu beziehen.
# Die Prüfung, ob das Ticket dem User auch gehört ist daher notwendig, da der User auch eine Ticket über
# das Termin oder auch über den TocketViwer anfragen kann.
ADBound=$(dsconfigad -show | awk '/Active Directory Domain/{print $NF}')
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
TicketIs=$(klist --list-all | grep DIBA.CORP.INT | cut -d ' ' -f 2)
Domain=@DIBA.CORP.INT
name=$user$Domain
AD_ING="diba.corp.int"
AD_STAT=$(dsconfigad -show | awk '/Active Directory Domain/{print $NF}')
ping -c1 $AD_ING 1>/dev/null 2>/dev/null
SUCCESS=$?
if [[ "$AD_STAT" = "$AD_ING" && $SUCCESS -eq 0 ]]
then
echo "AD da. Prüfung des Tickets"
if [[ ! -z "$TicketIs" ]]
then
if [[ $name == $TicketIs ]]
then
echo "Ticket entspricht dem User."
exit 0
else
echo "Ticket ist falsch"
osascript -e 'display dialog "Das angeforderte Ticket scheint nicht dir zu gehören. Bitte fordere dein eigenes Ticket an." buttons "OK" default button 1'
sudo jamf policy -event TicketReport
kdestroy -p $TicketIs
fi
else
echo "AD ist da aber kein Ticket. Ticket wird angefordert."
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
PASS=$(osascript -e 'text returned of (display dialog "Bitte das Passwort eingeben" default answer "" with hidden answer)') || exit
FILE=$(cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-f0-9' | head -c 8)
PFILE=/Users/$user/.$FILE
touch $PFILE
echo "$PASS" >> $PFILE
if kinit --password-file="$PFILE" $user@DIBA.CORP.INT
then
osascript -e 'display dialog "Das Ticket wurde erfolgreich angefragt." buttons "OK" default button 1'
rm $PFILE
exit 0
else
osascript -e 'display dialog "Fehler! Das Ticket konnte nicht angelegt werden. Überprüfe bitte das Passwort." buttons "OK" default button 1'
rm $PFILE
exit 1
fi
exit 0
fi
else
echo "Ticket ist nicht erforderlich. Dein AD"
exit 0
fi
EOF
# script schreiben
echo "$startupscript" > /Library/Application\ Support/JAMF/ING/check_ticket.sh
# Rechte setzen
/bin/chmod a+x /Library/Application\ Support/JAMF/ING/check_ticket.sh
# LaunchAgent laden
launchctl unload /Library/LaunchDaemons/de.ing.check_ticket.plist
launchctl load /Library/LaunchDaemons/de.ing.check_ticket.plist
exit 0
Daemon_NoMAD/de.ing.Check_Kerberos.sh
+108
View File
@@ -0,0 +1,108 @@
#!/bin/bash
##########################################################################
# Shellscript : Check Ticket und Launch Daemon
# Quelle :
# Autor : Andreas Vogel, macenterprise gmbh
# Copyright : macenterprise 2019
##########################################################################
# Erstellung XML
read -d '' launchDaemons <<"EOF"
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>KeepAlive</key>
<dict>
<key>Crashed</key>
<true/>
<key>SuccessfulExit</key>
<true/>
</dict>
<key>Label</key>
<string>de.ing.Ticket_check</string>
<key>LaunchEvents</key>
<dict>
<key></key>
<dict/>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Library/Application\ Support/JAMF/ING/check_ticket.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>10</integer>
<key>StartOnMount</key>
<false/>
</dict>
</plist>
EOF
# XML schreiben
sudo echo "$launchDaemons" > /Library/LaunchDaemons/de.ing.tgt.plist
# Rechte setzen
sudo chmod 644 /Library/LaunchDaemons/de.ing.tgt.plist
sudo chown root:wheel /Library/LaunchDaemons/de.ing.tgt.plist
# Erstellung startup script
read -d '' startupscript<<"EOF"
#!/bin/sh
##########################################################################
# Shellscript : Check Ticket
# Author : Andreas Vogel, macenterprise gmbh ©2019
# Source :
##########################################################################
#Prüfung
aduser=$(dscl . list /Users | grep -v '_' | sort -ug | tail -n1)
if [ $aduser -gt 10000 ]
then
# user
user=$(dscl . read /Users/$aduser RecordName | awk {'print $2'})
else
echo "kein AD User vorhanden"
exit 1
fi
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
TicketIs=$(klist --list-all | grep DIBA.CORP.INT | cut -d ' ' -f 2)
Diba=@DIBA.CORP.INT
name=$user$Diba
if [[ $name == $TicketIs ]]
then
exit 0
else
osascript -e 'display dialog "Das angeforderte Ticket scheint nicht dir zu gehören. Bitte fordere dein Eigenes Ticket an." buttons "OK" default button 1'
kdestroy -p $TicketIs
fi
exit 0
EOF
# script schreiben
echo "$startupscript" > /Library/Application\ Support/JAMF/ING/check_ticket.sh
# Rechte setzen
/bin/chmod a+x /Library/Application\ Support/JAMF/ING/check_ticket.sh
/bin/chown root:wheel /Library/Application\ Support/JAMF/ING/check_ticket.sh
# LaunchAgent laden
launchctl unload /Library/LaunchDaemons/de.ing.tgt.plist
launchctl load /Library/LaunchDaemons/de.ing.tgt.plist
exit 0
Delete Xcode Test.sh
+79
View File
@@ -0,0 +1,79 @@
#!/bin/bash
##########################################################################
# Shellscript : Delete App
# Autor : Michelle Tembaak, macenterprise gmbh, 28.01.2020
##########################################################################
# Das Scipt prüft, ob veraltete Versionen von einer App installiert sind und löscht diese auf Wunsch.
# Über $4 die gewünschte Versionsnummer angeben
#### Funktionen ####
checkVersion(){
#Listet alle Versionen auf
liste=$(ls -1 /Applications/ | grep $1 )
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
warnungIcon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertStopIcon.icns"
Nachricht="Auf deinem Rechner befindet sich eine alte Version des Programms. Soll diese deinstalliert werden?"
Title="Achtung!"
#Prüft, ob eine veraltete Version vorhanden ist
echo $liste
for i in $liste
do
version="$(defaults read /Applications/$i/Contents/Info.plist CFBundleShortVersionString)"
echo $version
echo $2
if (( $(echo "$version $2" | awk '{print ($1 < $2)}') )); then
Antwort=$("$jamfHelper" -windowType utility -icon "$warnungIcon" -title "$Title" -description "$Nachricht" -button1 "Ja" -button2 "Nein" -cancelButton "2" -defaultButton 2)
echo $Antwort
if [[ $Antwort -eq 0 ]]; then
return 0
break
else
exit 0
fi
else
echo "Nein"
fi
done
}
testFunktion()
{
liste=$(ls -1 /Applications/ | grep $1 )
#Listet alle installierten Versionen auf. Versionen die gelöscht werden sollen, können angeklickt werden.
liste2=$( osascript <<OSA
set ASlist to the paragraphs of "$(printf '%s\n' "${liste[@]}")"
return choose from list ASList with title "Welche Versionen sollen gelöscht werden?" with multiple selections allowed
OSA )
liste3=$(echo $liste2 | tr -d , | cut -d ' ' -f 1- )
echo $liste3
for i in $liste3
do
echo "Ich lösche $i"
sudo rm -r /Applications/$i
done
}
### Durchführung ###
checkVersion "Xcode" "$4"
return=$(echo $?)
echo $return
if [[ $return -eq 0 ]]; then
testFunktion "Xcode"
else
exit 0
fi
Disable Auto Update Office 2016.sh
+31
View File
@@ -0,0 +1,31 @@
#!/bin/sh
# Mai, 2018
# Peter Hasselbach, macenterprise GmbH
# Quelle: https://www.jamf.com/jamf-nation/discussions/15400/office-2016-startup-autoupdate-blocking
#Find Current User
CurrentUser=`/usr/bin/who | awk '/console/{ print $1 }'`
#Set Command Variable for trusted application
register_trusted_cmd="/usr/bin/sudo -u $CurrentUser /System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -R -f -trusted"
#Set Variable for application being run against
application="/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app"
#This runs the combination of variables above that will block the running
#of the autoupdate.app until the user actually clicks on it, or goes
#into the help check for updates menu. Additionally this needs to be
#run for each user on a machine.
$register_trusted_cmd "$application"
#Ungracefully removes Office 2011
/bin/rm -rf /Applications/Microsoft\ Office\ 2011/
#Turns off the FirstRunScreen for each application.
/usr/bin/defaults write /Library/Preferences/com.microsoft.Outlook kSubUIAppCompletedFirstRunSetup1507 -bool true
/usr/bin/defaults write /Library/Preferences/com.microsoft.PowerPoint kSubUIAppCompletedFirstRunSetup1507 -bool true
/usr/bin/defaults write /Library/Preferences/com.microsoft.Excel kSubUIAppCompletedFirstRunSetup1507 -bool true
/usr/bin/defaults write /Library/Preferences/com.microsoft.Word kSubUIAppCompletedFirstRunSetup1507 -bool true
exit 0
Download_and_install_Firefox.sh
Executable
+432
View File
@@ -0,0 +1,432 @@
#!/bin/bash
##########################################################################
# Shellscript : Downloade and install Applikation
# Autor : Andreas Vogel, NEXT Enterprise GmbH
##########################################################################
set -x
##########################################################################
#################### Testing #############################################
app="Firefox.app"
appname=${app%.*}
processpath="/Applications/Firefox.app/Contents/MacOS/firefox"
universallink=yes
type="pkg"
#################### Executing ###########################################
#app="$4"
#appname=${app%.*}
#processpath="$5"
#universallink="$6"
#type="$7"
##########################################################################
#################### Testing #############################################
if [[ $universallink == "no" ]]
then
if [[ $(arch) == "arm64" ]]; then
downloadURL="https://download.mozilla.org/?product=firefox-esr-pkg-latest-ssl&os=osx"
elif [[ $(arch) == "i386" ]]; then
downloadURL="https://download.mozilla.org/?product=firefox-esr-pkg-latest-ssl&os=osx"
fi
else
downloadURL="https://download.mozilla.org/?product=firefox-esr-pkg-latest-ssl&os=osx"
fi
#################### Executing ###########################################
#if [[ $universallink == "no" ]]
#then
# if [[ $(arch) == "arm64" ]]; then
# downloadURL="${8}"
# elif [[ $(arch) == "i386" ]]; then
# downloadURL="${9}"
# fi
#else
# downloadURL="${9}"
#fi
##########################################################################
logandmetadir="/private/var/log/"
logfileproces="Patch Management"
#logfileproces="${10}"
terminateprocess="true"
tempdir=$(/usr/bin/mktemp -d "/private/tmp/tmp.XXXXXX")
log="$logandmetadir$logfileproces.log"
##########################################################################
# free_1="${11}"
#####################################################################################################
waitForProcess () {
## $1 = name of process to check for
## $2 = length of delay (if missing, function to generate random delay between 10 and 60s)
## $3 = true/false if = "true" terminate process, if "false" wait for it to close
processName=$1
fixedDelay=$2
terminate=$3
echo "$(date) | Waiting for other [$processName] processes to end"
while ps aux | grep "$processName" | grep -v grep &>/dev/null; do
if [[ $terminate == "true" ]]; then
echo "$(date) | + [$appname] running, terminating [$processpath]..."
pkill -f "$processName"
return
fi
done
echo "$(date) | No instances of [$processName] found, safe to proceed"
}
#####################################################################################################
downloadApp () {
echo "$(date) | Starting downlading of [$appname]"
waitForProcess "curl -f"
echo "$(date) | Downloading $appname"
cd "$tempdir"
# curl -f -s --connect-timeout 30 --retry 5 --retry-delay 60 -L -J -O "$downloadURL"
/usr/bin/curl "$downloadURL" --silent --location --output "Firefox.pkg"
if [ $? == 0 ]
then
echo "$(date) | Downloaded [$app] to [$tempdir]"
else
echo "$(date) | Failure to download [$downloadURL] to [$tempdir]"
exit 1
fi
tempSearchPath="$tempdir/*"
for f in $tempSearchPath; do
tempfile=$f
done
}
#####################################################################################################
installPKG () {
waitForProcess "$processpath" "300" "$terminateprocess"
echo "$(date) | Installing $appname"
if [[ -d "/Applications/$app" ]]; then
rm -rf "/Applications/$app"
fi
installer -pkg "$tempfile" -target /Applications
if [ "$?" = "0" ]
then
echo "$(date) | $appname Installed"
echo "$(date) | Cleaning Up"
#rm -rf "$tempdir"
echo "$(date) | Application [$appname] succesfully installed"
exit 0
else
echo "$(date) | Failed to install $appname"
#rm -rf "$tempdir"
exit 1
fi
}
#####################################################################################################
installDMG () {
waitForProcess "$processpath" "300" "$terminateprocess"
echo "$(date) | Installing [$appname]"
volume="$tempdir/$appname"
echo "$(date) | Mounting Image"
hdiutil attach -quiet -nobrowse -mountpoint "$volume" "$tempfile"
if [[ -d "/Applications/$app" ]]; then
echo "$(date) | Removing existing files"
rm -rf "/Applications/$app"
fi
echo "$(date) | Copying app files to /Applications/$app"
rsync -a "$volume"/*.app/ "/Applications/$app"
echo "$(date) | Un-mounting [$volume]"
hdiutil detach -quiet "$volume"
if [[ -a "/Applications/$app" ]]
then
echo "$(date) | [$appname] Installed"
echo "$(date) | Cleaning Up"
rm -rf "$tempdir"
echo "$(date) | Fixing up permissions"
sudo chown -R root:wheel "/Applications/$app"
echo "$(date) | Application [$appname] succesfully installed"
exit 0
else
echo "$(date) | Failed to install [$appname]"
rm -rf "$tempdir"
exit 1
fi
}
#####################################################################################################
installPkgInDmg() {
archiveName=$(find "$tempfile" -iname "*.dmg" -maxdepth 1 )
echo $archiveName
echo "Mounting $archiveName"
# always pipe 'Y\n' in case the dmg requires an agreement
if ! dmgmount=$(echo 'Y'$'\n' | hdiutil attach "$archiveName" -nobrowse -readonly | tail -n 1 | cut -c 54- ); then
echo "Error mounting $archiveName"
fi
if [[ ! -e $dmgmount ]]; then
echo "Error mounting $archiveName"
exit 1
fi
echo "Mounted: $dmgmount"
findfiles=$(find "$dmgmount" -iname "*.pkg" )
if [[ $findfiles != "" ]]
then
echo "found pkg in dmg $archiveName"
archiveName="$findfiles"
else
echo "couldn't find pkg in dmg $archiveName"
rm -rf "$tempdir"
exit 1
fi
waitForProcess "$processpath" "300" "$terminateprocess"
echo "$(date) | Installing $appname"
if [[ -d "/Applications/$app" ]]; then
rm -rf "/Applications/$app"
fi
installer -pkg "$archiveName" -target /Applications
if [ "$?" = "0" ]
then
echo "$(date) | $appname Installed"
echo "$(date) | Cleaning Up"
rm -rf "$tempdir"
echo "$(date) | Application [$appname] succesfully installed"
echo "$(date) | Un-mounting [$dmgmount]"
hdiutil detach -quiet "$dmgmount"
exit 0
else
echo "$(date) | Failed to install $appname"
echo "$(date) | Un-mounting [$dmgmount]"
hdiutil detach -quiet "$dmgmount"
rm -rf "$tempdir"
exit 1
fi
}
#####################################################################################################
installZIP () {
waitForProcess "$processpath" "300" "$terminateprocess"
echo "$(date) | Installing $appname"
# Change into temp dir
cd "$tempdir"
if [ "$?" = "0" ]
then
echo "$(date) | Changed current directory to $tempdir"
else
echo "$(date) | failed to change to $tempfile"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
unzip -qq -o "$tempfile"
if [ "$?" = "0" ]
then
echo "$(date) | $tempfile unzipped"
else
echo "$(date) | failed to unzip $tempfile"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
if [[ -a "/Applications/$app" ]]; then
echo "$(date) | Removing old installation at /Applications/$app"
rm -rf "/Applications/$app"
fi
rsync -a "$app/" "/Applications/$app"
if [ "$?" = "0" ]; then
echo "$(date) | $appname moved into /Applications"
else
echo "$(date) | failed to move $appname to /Applications"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
echo "$(date) | Fix up permissions"
sudo chown -R root:wheel "/Applications/$app"
if [ "$?" = "0" ]
then
echo "$(date) | correctly applied permissions to $appname"
else
echo "$(date) | failed to apply permissions to $appname"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
if [ "$?" = "0" ]
then
if [[ -a "/Applications/$app" ]]
then
echo "$(date) | $appname Installed"
echo "$(date) | Cleaning Up"
rm -rf "$tempdir"
echo "$(date) | Fixing up permissions"
sudo chown -R root:wheel "/Applications/$app"
echo "$(date) | Application [$appname] succesfully installed"
exit 0
else
echo "$(date) | Failed to install $appname"
exit 1
fi
else
echo "$(date) | Failed to install $appname"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
}
#####################################################################################################
installFromTBZ () {
waitForProcess "$processpath" "300" "$terminateprocess"
echo "$(date) | Installing $appname"
# Change into temp dir
cd "$tempdir"
if [ "$?" = "0" ]
then
echo "$(date) | Changed current directory to $tempdir"
else
echo "$(date) | failed to change to $tempfile"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
tar -xf "$tempfile"
if [ "$?" = "0" ]
then
echo "$(date) | $tempfile unzipped"
else
echo "$(date) | failed to unzip $tempfile"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
if [[ -a "/Applications/$app" ]]; then
echo "$(date) | Removing old installation at /Applications/$app"
rm -rf "/Applications/$app"
fi
rsync -a "$app/" "/Applications/$app"
if [ "$?" = "0" ]; then
echo "$(date) | $appname moved into /Applications"
else
echo "$(date) | failed to move $appname to /Applications"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
echo "$(date) | Fix up permissions"
sudo chown -R root:wheel "/Applications/$app"
if [ "$?" = "0" ]
then
echo "$(date) | correctly applied permissions to $appname"
else
echo "$(date) | failed to apply permissions to $appname"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
if [ "$?" = "0" ]
then
if [[ -a "/Applications/$app" ]]
then
echo "$(date) | $appname Installed"
echo "$(date) | Cleaning Up"
rm -rf "$tempdir"
echo "$(date) | Fixing up permissions"
sudo chown -R root:wheel "/Applications/$app"
echo "$(date) | Application [$appname] succesfully installed"
exit 0
else
echo "$(date) | Failed to install $appname"
exit 1
fi
else
echo "$(date) | Failed to install $appname"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
}
#####################################################################################################
startLog() {
if [[ ! -d "$logandmetadir" ]]; then
echo "$(date) | Creating [$logandmetadir] to store logs"
mkdir -p "$logandmetadir"
fi
exec &> >(tee -a "$log")
}
############################## start Log #####################################################
startLog
echo ""
echo "##############################################################"
echo "# $(date) | Logging install of [$appname] to [$log]"
echo "##############################################################"
echo ""
############################## downloadApp ###################################################
downloadApp
############################## start Install #################################################
case $type in
pkg)
installPKG
;;
dmg)
installDMG
;;
pkgInDmg)
installPkgInDmg
;;
zip)
installZIP
;;
tbz)
installFromTBZ
;;
*)
echo "Cannot handle type $type"
;;
esac
Download_and_install_TextMate.sh
Executable
+404
View File
@@ -0,0 +1,404 @@
#!/bin/bash
##########################################################################
# Shellscript : Downloade and install TextMate
# Autor : Andreas Vogel, NEXT Enterprise GmbH
##########################################################################
# set -x
##########################################################################
#################### Testing #############################################
app="TextMate.app"
appname=${app%.*}
processpath="/Applications/TextMate.app/Contents/MacOS/TextMate"
#universallink=yes
type="tbz"
##########################################################################
#################### Testing #############################################
downloadURL=$(curl --silent --fail "https://api.github.com/repos/textmate/textmate/releases/latest" \
| awk -F '"' "/browser_download_url/ && /tbz\"/ { print \$4; exit }")
##########################################################################
logandmetadir="/private/var/log/"
logfileproces="Patch Management"
#logfileproces="${10}"
terminateprocess="true"
tempdir=$(/usr/bin/mktemp -d "/private/tmp/tmp.XXXXXX")
log="$logandmetadir$logfileproces.log"
##########################################################################
# free_1="${11}"
#####################################################################################################
waitForProcess () {
## $1 = name of process to check for
## $2 = length of delay (if missing, function to generate random delay between 10 and 60s)
## $3 = true/false if = "true" terminate process, if "false" wait for it to close
processName=$1
fixedDelay=$2
terminate=$3
echo "$(date) | Waiting for other [$processName] processes to end"
while ps aux | grep "$processName" | grep -v grep &>/dev/null; do
if [[ $terminate == "true" ]]; then
echo "$(date) | + [$appname] running, terminating [$processpath]..."
pkill -f "$processName"
return
fi
done
echo "$(date) | No instances of [$processName] found, safe to proceed"
}
#####################################################################################################
downloadApp () {
echo "$(date) | Starting downlading of [$appname]"
waitForProcess "curl -f"
echo "$(date) | Downloading $appname"
cd "$tempdir"
curl -f -s --connect-timeout 30 --retry 5 --retry-delay 60 -L -J -O "$downloadURL"
if [ $? == 0 ]
then
echo "$(date) | Downloaded [$app] to [$tempdir]"
else
echo "$(date) | Failure to download [$downloadURL] to [$tempdir]"
exit 1
fi
tempSearchPath="$tempdir/*"
for f in $tempSearchPath; do
tempfile=$f
done
}
#####################################################################################################
installPKG () {
waitForProcess "$processpath" "300" "$terminateprocess"
echo "$(date) | Installing $appname"
if [[ -d "/Applications/$app" ]]; then
rm -rf "/Applications/$app"
fi
installer -pkg "$tempfile" -target /Applications
if [ "$?" = "0" ]
then
echo "$(date) | $appname Installed"
echo "$(date) | Cleaning Up"
rm -rf "$tempdir"
echo "$(date) | Application [$appname] succesfully installed"
exit 0
else
echo "$(date) | Failed to install $appname"
rm -rf "$tempdir"
exit 1
fi
}
#####################################################################################################
installDMG () {
waitForProcess "$processpath" "300" "$terminateprocess"
echo "$(date) | Installing [$appname]"
volume="$tempdir/$appname"
echo "$(date) | Mounting Image"
hdiutil attach -quiet -nobrowse -mountpoint "$volume" "$tempfile"
if [[ -d "/Applications/$app" ]]; then
echo "$(date) | Removing existing files"
rm -rf "/Applications/$app"
fi
echo "$(date) | Copying app files to /Applications/$app"
rsync -a "$volume"/*.app/ "/Applications/$app"
echo "$(date) | Un-mounting [$volume]"
hdiutil detach -quiet "$volume"
if [[ -a "/Applications/$app" ]]
then
echo "$(date) | [$appname] Installed"
echo "$(date) | Cleaning Up"
rm -rf "$tempdir"
echo "$(date) | Fixing up permissions"
sudo chown -R root:wheel "/Applications/$app"
echo "$(date) | Application [$appname] succesfully installed"
exit 0
else
echo "$(date) | Failed to install [$appname]"
rm -rf "$tempdir"
exit 1
fi
}
#####################################################################################################
installPkgInDmg() {
archiveName=$(find "$tempfile" -iname "*.dmg" -maxdepth 1 )
echo $archiveName
echo "Mounting $archiveName"
# always pipe 'Y\n' in case the dmg requires an agreement
if ! dmgmount=$(echo 'Y'$'\n' | hdiutil attach "$archiveName" -nobrowse -readonly | tail -n 1 | cut -c 54- ); then
echo "Error mounting $archiveName"
fi
if [[ ! -e $dmgmount ]]; then
echo "Error mounting $archiveName"
exit 1
fi
echo "Mounted: $dmgmount"
findfiles=$(find "$dmgmount" -iname "*.pkg" )
if [[ $findfiles != "" ]]
then
echo "found pkg in dmg $archiveName"
archiveName="$findfiles"
else
echo "couldn't find pkg in dmg $archiveName"
rm -rf "$tempdir"
exit 1
fi
waitForProcess "$processpath" "300" "$terminateprocess"
echo "$(date) | Installing $appname"
if [[ -d "/Applications/$app" ]]; then
rm -rf "/Applications/$app"
fi
installer -pkg "$archiveName" -target /Applications
if [ "$?" = "0" ]
then
echo "$(date) | $appname Installed"
echo "$(date) | Cleaning Up"
rm -rf "$tempdir"
echo "$(date) | Application [$appname] succesfully installed"
echo "$(date) | Un-mounting [$dmgmount]"
hdiutil detach -quiet "$dmgmount"
exit 0
else
echo "$(date) | Failed to install $appname"
echo "$(date) | Un-mounting [$dmgmount]"
hdiutil detach -quiet "$dmgmount"
rm -rf "$tempdir"
exit 1
fi
}
#####################################################################################################
installZIP () {
waitForProcess "$processpath" "300" "$terminateprocess"
echo "$(date) | Installing $appname"
# Change into temp dir
cd "$tempdir"
if [ "$?" = "0" ]
then
echo "$(date) | Changed current directory to $tempdir"
else
echo "$(date) | failed to change to $tempfile"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
unzip -qq -o "$tempfile"
if [ "$?" = "0" ]
then
echo "$(date) | $tempfile unzipped"
else
echo "$(date) | failed to unzip $tempfile"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
if [[ -a "/Applications/$app" ]]; then
echo "$(date) | Removing old installation at /Applications/$app"
rm -rf "/Applications/$app"
fi
rsync -a "$app/" "/Applications/$app"
if [ "$?" = "0" ]; then
echo "$(date) | $appname moved into /Applications"
else
echo "$(date) | failed to move $appname to /Applications"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
echo "$(date) | Fix up permissions"
sudo chown -R root:wheel "/Applications/$app"
if [ "$?" = "0" ]
then
echo "$(date) | correctly applied permissions to $appname"
else
echo "$(date) | failed to apply permissions to $appname"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
if [ "$?" = "0" ]
then
if [[ -a "/Applications/$app" ]]
then
echo "$(date) | $appname Installed"
echo "$(date) | Cleaning Up"
rm -rf "$tempdir"
echo "$(date) | Fixing up permissions"
sudo chown -R root:wheel "/Applications/$app"
echo "$(date) | Application [$appname] succesfully installed"
exit 0
else
echo "$(date) | Failed to install $appname"
exit 1
fi
else
echo "$(date) | Failed to install $appname"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
}
#####################################################################################################
installFromTBZ () {
waitForProcess "$processpath" "300" "$terminateprocess"
echo "$(date) | Installing $appname"
# Change into temp dir
cd "$tempdir"
if [ "$?" = "0" ]
then
echo "$(date) | Changed current directory to $tempdir"
else
echo "$(date) | failed to change to $tempfile"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
tar -xf "$tempfile"
if [ "$?" = "0" ]
then
echo "$(date) | $tempfile unzipped"
else
echo "$(date) | failed to unzip $tempfile"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
if [[ -a "/Applications/$app" ]]; then
echo "$(date) | Removing old installation at /Applications/$app"
rm -rf "/Applications/$app"
fi
rsync -a "$app/" "/Applications/$app"
if [ "$?" = "0" ]; then
echo "$(date) | $appname moved into /Applications"
else
echo "$(date) | failed to move $appname to /Applications"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
echo "$(date) | Fix up permissions"
sudo chown -R root:wheel "/Applications/$app"
if [ "$?" = "0" ]
then
echo "$(date) | correctly applied permissions to $appname"
else
echo "$(date) | failed to apply permissions to $appname"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
if [ "$?" = "0" ]
then
if [[ -a "/Applications/$app" ]]
then
echo "$(date) | $appname Installed"
echo "$(date) | Cleaning Up"
rm -rf "$tempdir"
echo "$(date) | Fixing up permissions"
sudo chown -R root:wheel "/Applications/$app"
echo "$(date) | Application [$appname] succesfully installed"
exit 0
else
echo "$(date) | Failed to install $appname"
exit 1
fi
else
echo "$(date) | Failed to install $appname"
if [ -d "$tempdir" ]; then rm -rf $tempdir; fi
exit 1
fi
}
#####################################################################################################
startLog() {
if [[ ! -d "$logandmetadir" ]]; then
echo "$(date) | Creating [$logandmetadir] to store logs"
mkdir -p "$logandmetadir"
fi
exec &> >(tee -a "$log")
}
############################## start Log #####################################################
startLog
echo ""
echo "##############################################################"
echo "# $(date) | Logging install of [$appname] to [$log]"
echo "##############################################################"
echo ""
############################## downloadApp ###################################################
downloadApp
############################## start Install #################################################
case $type in
pkg)
installPKG
;;
dmg)
installDMG
;;
pkgInDmg)
installPkgInDmg
;;
zip)
installZIP
;;
tbz)
installFromTBZ
;;
*)
echo "Cannot handle type $type"
;;
esac
EA_arm_application.sh
Executable
+14
View File
@@ -0,0 +1,14 @@
#!/bin/bash
Application="/Applications/Firefox.app/Contents/MacOS/firefox"
#Application="/Applications/balenaEtcher.app/Contents/MacOS/balenaEtcher"
arch=$(lipo -archs $Application | grep "arm64" | awk '{print $NF}')
if [[ $arch == "arm64" ]]
then
echo "App ist für M1"
else
echo "App ist für intel "
fi
Elizabeth - Berlin.pdf
BIN
View File
Binary file not shown.
Enable Screen Sharing
+10
View File
@@ -0,0 +1,10 @@
# !/bin/bash
# Erstellt von Peter Hasselbach am 12.4.2019
# Quelle: https://www.apfeltalk.de/community/threads/bildschirmfreigabe-aktivieren.447538/
####################################################################################################
ardutil=/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart
sudo $ardutil -activate
sudo $ardutil -configure -allowAccessFor -allUsers -privs -all
Enable_ARD_tokenauth.sh
Executable
+51
View File
@@ -0,0 +1,51 @@
#!/bin/bash
##########################################################################
# Shellscript : enable ARD
# Autor : Andreas Vogel, NEXT Enterprise GmbH 2022
##########################################################################
######################### Variablen #####################################################
jamfpro_url="${4}"
if [[ $jamfpro_url = "" ]]; then
echo "ERROR URL variable is empty"
exit 1
fi
Credentials="${5}"
if [[ $Credentials = "" ]]; then
echo "ERROR no Credentials"
exit 1
fi
Admim_Account="${6}"
serial=$(ioreg -c IOPlatformExpertDevice -d 2 | awk -F\" '/IOPlatformSerialNumber/{print $(NF-1)}')
authToken=$(/usr/bin/curl "${jamfpro_url}/api/v1/auth/token" --silent --request POST --header "Authorization: Basic ${Credentials}")
if [[ $(/usr/bin/sw_vers -productVersion | awk -F . '{print $1}') -lt 12 ]]
then
api_token=$(/usr/bin/awk -F \" 'NR==2{print $4}' <<< "$authToken" | /usr/bin/xargs)
else
api_token=$(/usr/bin/plutil -extract token raw -o - - <<< "$authToken")
fi
response=$(curl -X GET "$jamfpro_url/JSSResource/computers/serialnumber/$serial" -H "accept: application/xml" -H "Authorization: Bearer ${api_token}")
id=$(echo $response | /usr/bin/awk -F'<id>|</id>' '{print $2}')
######################### Execute #######################################################
######################### API ###########################################################
curl -X POST "$jamfpro_url/JSSResource/computercommands/command/EnableRemoteDesktop/id/${id}" -H "accept: application/xml" -H "Authorization: Bearer ${api_token}"
######################### Script ########################################################
#/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -users $Admim_Account -access -on -privs -all -clientopts -setmenuextra -menuextra yes
#/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -users admin -access -on -privs -all
#/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -allowAccessFor -specifiedUsers -privs -all
#/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -restart -agent -menu
# Hide Account
# dscl . create /Users/$Admim_Account IsHidden 1
Enforce_restart_time.sh
+112
View File
@@ -0,0 +1,112 @@
#!/bin/bash
#####################################################################################
# Shellscript : Script stellt sicher, dass das Gerät neugestartet worden ist.
# Autor : Andreas Vogel, macenterprise gmbh, 17.12.2019
#####################################################################################
#################################### Time Today ####################################
today=$(date +%s)
echo "Heute ist der $today"
#################################### Daemond ans Script ####################################
listDaemons="
/Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
/Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
"
listScripts="
LastWarningScript.sh
FiveMinWarningScript.sh
"
################################# Unload or Remove #################################
removeDaemon(){
for d in $listDaemons
do
if [ -f "$d" ]
then
echo $d
sudo launchctl unload $d
sudo rm $d
fi
done
}
removeScrpit(){
for s in $listScripts
do
if [ -f "/Library/Application Support/JAMF/ING/$s" ]
then
echo $s
rm -rf "/Library/Application Support/JAMF/ING/$s"
fi
done
}
#################################### Jamf Helper ####################################
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
jamf="/usr/local/bin/jamf"
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
INGIcon="/Users/$user/Library/Application Support/com.jamfsoftware.selfservice.mac/Documents/Images/brandingimage.png"
EnforceMessage="
Der geplante Neustart für dem $Day um $hour:$minute konnte nicht durchgeführt werden.
Möglicherweise befand sich das Gerät im Ruhemodus. Der Neustart wird nun durchgeführt.
"
################################# Find last Reboot #################################
# Zeit umwandeln
# wird benötigt um die Zeit in ein Gewünschtes Format umzuwandeln
# Es kann umgewandelt werden in Uhrzeit oder Datum
# lastBootFormatMin=$(date -jf "%s" "$lastBootRaw" +"%H:%M:%S")
# lastBootFormatDay=$(date -jf "%s" "$lastBootRaw" +"%d.%m:%y")
# echo "Umgewandelte Zeit ist $lastBootFormatDay $lastBootFormatMin"
########################## wann wurde der Neustart durchgeführt ##########################
# Auslesen, wann der Neustart durchgeführt worden ist
lastBootRaw=$(sysctl kern.boottime | awk '{print $5}' | tr -d ,)
echo "Der Neustart wurde durchgeführt am $lastBootRaw"
########################## wann wurde die Datei erstellt ##########################
# Auslesen, wann die Datei erstellt worden ist
TimeCreate=$(date -r /Users/andreasvogel/Desktop/test +'%s')
echo "Die Datei wurde erstellt am $TimeCreate"
delayint=$(echo "$result" | /usr/bin/sed 's/.$//')
defercal=$(($(/bin/date +%s) + delayint))
########################## Enforce Warning ##########################
EnforceWarning()
{
# shutdown -r +1
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon "$InfoIcon" -title "Warning" -description "$EnforceMessage" -button1 "OK" -defaultButton 1 -timeout 45
}
########################## Ausführung ##########################
if [ $lastBootRaw -lt $TimeCreate ]
then
if [ $today -lt $defercal ]
then
# shutdown -r +2
# EnforceWarning
# removeDaemon
# removeScrpit
# rm -rf /Library/LaunchDaemons/de.ing.EnforceRestat.plist
echo "vor"
else
# removeDaemon
# removeScrpit
# rm -rf /Library/LaunchDaemons/de.ing.EnforceRestat.plist
echo "nach"
fi
fi
Entzug der Admin Rechte.sh
+17
View File
@@ -0,0 +1,17 @@
#!/bin/sh
# Erstellt am 21.11.2017 / Peter Hasselbach
# Edetiert am 12.02.2019 / Andreas Vogel
# Quelle: JAMF Nation
adminUsers=$(dscl . -read Groups/admin GroupMembership | cut -c 18-)
for user in $adminUsers
do
if [ "$user" != "root" ] && [ "$user" != "jamfMA" ] && [ "$user" != "ladmin" ] && [ "$user" != "locadmmac" ] && [ "$user" != "cls_mac" ]
then
dseditgroup -o edit -d $user -t user admin
if [ $? = 0 ]; then echo "Removed user $user from admin group"; fi
else
echo "Admin user $user left alone"
fi
done
FiveMinWarningScript.sh
Executable
+11
View File
@@ -0,0 +1,11 @@
#!/bin/bash
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/ToolbarInfo.icns" -title "Restart in five minutes" -description "Das System wird aufgrund deiner Auswahl in 5 Minuten neu gestartet.
The system will restart in 5 minutes based on your selection.
" -button1 "OK" -defaultButton 1 -timeout 60
launchctl remove de.ing.FiveMinWarningScript.plist
/bin/rm -f /Library/LaunchDaemons/de.ing.FiveMinWarningScript.plist
Give admin rights
+66
View File
@@ -0,0 +1,66 @@
#!/bin/bash
##############
# This script will give a user 30 minutes of Admin level access, from Jamf's self service.
# At the end of the 30 minutes it will then call a jamf policy with a manual trigger.
# Remove the users admin rights and disable the plist file this creates and activites.
# The removal script is 30minAdminjssRemoved.sh
#
# Peter Hasselbach, 12.01.2018
#
# Quelle: JAMF Nation: https://www.jamf.com/jamf-nation/discussions/6990/temporary-admin-using-self-service
# Kyle Brockman
# While working for Univeristy Information Technology Servives
# at the Univeristy of Wisconsin Milwaukee
##############
U=`who |grep console| awk '{print $1}'`
# Message to user they have admin rights for 30 min.
/usr/bin/osascript <<-EOF
tell application "System Events"
activate
display dialog "You now have admin rights to this machine for 30 minutes" buttons {"Let Me at it."} default button 1
end tell
EOF
# Place launchD plist to call JSS policy to remove admin rights.
#####
echo "<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>edu.uwm.uits.brockma9.adminremove</string>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/jamf</string>
<string>policy</string>
<string>-trigger</string>
<string>adminremove</string>
</array>
<key>StartInterval</key>
<integer>1800</integer>
</dict>
</plist>" > /Library/LaunchDaemons/edu.uwm.uits.brockma9.adminremove.plist
#####
#set the permission on the file just made.
chown root:wheel /Library/LaunchDaemons/edu.uwm.uits.brockma9.adminremove.plist
chmod 644 /Library/LaunchDaemons/edu.uwm.uits.brockma9.adminremove.plist
defaults write /Library/LaunchDaemons/edu.uwm.uits.brockma9.adminremove.plist disabled -bool false
# load the removal plist timer.
launchctl load -w /Library/LaunchDaemons/edu.uwm.uits.brockma9.adminremove.plist
# build log files in var/uits
mkdir /var/uits
TIME=`date "+Date:%m-%d-%Y TIME:%H:%M:%S"`
echo $TIME " by " $U >> /var/uits/30minAdmin.txt
echo $U >> /var/uits/userToRemove
# give current logged user admin rights
/usr/sbin/dseditgroup -o edit -a $U -t user admin
exit 0
IBM_Nitify_final.sh
Executable
+167
View File
@@ -0,0 +1,167 @@
#!/bin/bash
##########################################################################
# Script : Patch Policy
# Autor : Andreas Vogel NEXT Enterprise GmbH
# Quelle : https://github.com/IBM/mac-ibm-notifications
##########################################################################
################ Varialen ################################################
CurrentUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}')
Language=$(/usr/libexec/PlistBuddy -c 'print AppleLanguages:0' "/Users/${CurrentUser}/Library/Preferences/.GlobalPreferences.plist")
if [[ $Language = de* ]]; then
UserLanguage="de"
else
UserLanguage="en"
fi
JSSURL="https://macenterprise.jamfcloud.com/JSSResource"
JSSUSER="API_User"
JSSPASSWORD="Nextenterprise#1612"
UDID=$(system_profiler SPHardwareDataType | grep UUID | awk '" " { print $NF }')
xsltFile="/tmp/xsltTemplate.xsl"
xmlFile="/tmp/fileName.xml"
xmlupdates="/tmp/updates.xml"
# Writes out an xslt form
/bin/cat <<EOF > "$xsltFile"
<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="text"/>
<xsl:template match="/">
<xsl:for-each select="computer_management/policies/policy">
<xsl:value-of select="id"/>
<xsl:text> </xsl:text>
<xsl:value-of select="name"/>
<xsl:text> </xsl:text>
<xsl:value-of select="triggers"/>
<xsl:text> </xsl:text>
<xsl:text>&#xa;</xsl:text>
</xsl:for-each>
</xsl:template>
</xsl:stylesheet>
EOF
/usr/bin/curl -u $JSSUSER:$JSSPASSWORD --tlsv1.2 -H "Accept: application/xml" "$JSSURL/computermanagement/udid/$UDID/subset/policies" | xsltproc "$xsltFile" - > $xmlFile
Update_Count=$(grep -c "patch_app_updates" "$xmlFile")
sed '/patch_app_updates/!d' $xmlFile > $xmlupdates
IDs=($(awk '{ print $1 }' $xmlupdates))
##########################################################################
################ Customized Notifier #####################################
##########################################################################
COUNTER=0
################ Message #################################################
if [[ "$Update_Count" -eq 1 ]]; then
Plural_en=" "
Plural_de=" "
elif [[ "$Update_Count" -gt 1 ]]; then
Plural_en="s "
Plural_de="s "
else
echo "no patches found, exiting"
exit 0
fi
Plural=Plural_${UserLanguage}
Notifier_Path="/Applications/IBM Notifier.app/Contents/MacOS/IBM Notifier"
Type_Message="popup"
Icon_Path="/Library/Application Support/Next Enterprise/Next_logo_48x48.png"
Bar_Title_Message_en="Update${!Plural}Available"
Title__Message_en="Software Update${!Plural}Available"
Description_Message_en="You have ${Update_Count} update${!Plural}available in the Self Service."
Button_1_Message_en="Update"
Button_2_Message_en="Cancel"
Bar_Title_Message_de="Update${!Plural}verfügbar"
Title__Message_de="Software Update${!Plural}verfügbar"
Description_Message_de="Es sind ${Update_Count} update${!Plural}im Self Service Verfügung."
Button_1_Message_de="Update"
Button_2_Message_de="Abbrechen"
Bar_Title_Message=Bar_Title_Message_${UserLanguage}
Title_Message=Title__Message_${UserLanguage}
Description_Message=Description_Message_${UserLanguage}
Button_1_Message=Button_1_Message_${UserLanguage}
Button_2_Message=Button_2_Message_${UserLanguage}
################ Progress ################################################
Type_Progress="popup"
ACCESSORYTYPE="progressbar"
Bar_Title_Progress_en="Update"
Title_Progress_en="Updating the old app${!Plural}"
Description_Progress_en="The update process is in progress. Please wait until all updates have been installed. The process is completely automatic. Please do not restart the device while the message is displayed."
ACCESSORYPAYLOAD_en="/percent indeterminate /bottom_message All available updates will be installed....."
Update_Inventory_Message_en="Updating Inventory......"
Update_Steps_en="Step"
Count_Steps_en="of"
Update_Progress_Message_en="Update"
Bar_Title_Progress_de="Update"
Title_Progress_de="Aktualisierung der alten App${!Plural}"
Description_Progress_de="Der Aktualisierungsvorgang ist in Arbeit. Bitte warte, bis alle Updates installiert worden sind. Der Vorgang läuft vollständig automatisch ab. Bitte starte das Gerät während die Meldung angezeigt wird, nicht neu."
ACCESSORYPAYLOAD_de="/percent indeterminate"
Update_Inventory_Message_de="Aktualisierung des Bestandsverzeichnisses....."
Update_Steps_de="Schritt"
Count_Steps_de="von"
Update_Progress_Message_de="Aktuallisiere"
Update_Inventory_Message=Update_Inventory_Message_${UserLanguage}
Bar_Title_Progress=Bar_Title_Progress_${UserLanguage}
Title_Progress=Title_Progress_${UserLanguage}
Description_Progress=Description_Progress_${UserLanguage}
ACCESSORYPAYLOAD=ACCESSORYPAYLOAD_${UserLanguage}
Update_Steps=Update_Steps_${UserLanguage}
Count_Steps=Count_Steps_${UserLanguage}
Update_Progress_Message=Update_Progress_Message_${UserLanguage}
################ Function ################################################
policy_progress() {
pipe_name="pbnota"
# FIFO creation and setup process for updating the progress bar
find /private/tmp -name "$pipe_name" -delete
mkfifo /private/tmp/${pipe_name}
exec 5<> /private/tmp/${pipe_name}
# IBM Notifier Progress Bar configuration
sudo -u "${CurrentUser}" "${Notifier_Path}" \
-type "${Type_Progress}" \
-title "${!Title_Progress}" \
-bar_title "${!Bar_Title_Progress}" \
-subtitle "${!Description_Progress}" \
-icon_path "${Icon_Path}" \
-accessory_view_type "${ACCESSORYTYPE}" \
-always_on_top \
-accessory_view_payload "${!ACCESSORYPAYLOAD}" < /private/tmp/${pipe_name} &
for i in ${IDs[@]}
do
let COUNTER++
PolicyName=$(/usr/bin/curl -u $JSSUSER:$JSSPASSWORD --tlsv1.2 -H "Accept: application/xml" "$JSSURL/policies/id/$i" | xmllint --xpath '/policy/general/name/text()' - 2>/dev/null)
echo "/bottom_message ${!Update_Steps} $COUNTER ${!Count_Steps} $Update_Count ${!Update_Progress_Message}: $PolicyName" >&5
jamf policy -id $i -forceNoRecon
done
}
################ Checking the available updates ##########################
ButtonClicked=$("sudo" "-u" "${CurrentUser}" "${Notifier_Path}" "-type" "${Type_Message}" "-bar_title" "${!Bar_Title_Message}" "-title" "${!Title_Message}" "-subtitle" "${!Description_Message}" "-icon_path" "${Icon_Path}" "-always_on_top" "-main_button_label" "${!Button_1_Message}"; echo $?)
echo $ButtonClicked
if [[ "$ButtonClicked" -eq 0 ]]; then
policy_progress
fi
find /private/tmp -name "$pipe_name" -delete
IBM_Patch_Management_final.sh
Executable
+206
View File
@@ -0,0 +1,206 @@
#!/bin/bash
##########################################################################
# Script : Patch Policy
# Autor : Andreas Vogel NEXT Enterprise GmbH
# Quelle : https://github.com/IBM/mac-ibm-notifications
##########################################################################
################ Clean up ################################################
if [ -f "/tmp/xsltTemplate.xsl" ]; then
rm -rf "/tmp/xsltTemplate.xsl"
fi
if [ -f "/tmp/fileName.xml" ]; then
rm -rf "/tmp/fileName.xml"
fi
if [ -f "/tmp/updates.xml" ]; then
rm -rf "/tmp/updates.xml"
fi
################ Varialen ################################################
CurrentUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}')
RealName=$(dscl . read /Users/$CurrentUser RealName | tail -n1)
Language=$(/usr/libexec/PlistBuddy -c 'print AppleLanguages:0' "/Users/${CurrentUser}/Library/Preferences/.GlobalPreferences.plist")
if [[ $Language = de* ]]; then
UserLanguage="de"
else
UserLanguage="en"
fi
JSSURL="${4}"
User=$(echo "${5}" | base64 --decode)
UDID=$(system_profiler SPHardwareDataType | grep UUID | awk '" " { print $NF }')
xsltFile="/tmp/xsltTemplate.xsl"
xmlFile="/tmp/fileName.xml"
xmlupdates="/tmp/updates.xml"
# Writes out an xslt form
/bin/cat <<EOF > "$xsltFile"
<?xml version="1.0" encoding="ISO-8859-1"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="text"/>
<xsl:template match="/">
<xsl:for-each select="computer_management/policies/policy">
<xsl:value-of select="id"/>
<xsl:text> </xsl:text>
<xsl:value-of select="name"/>
<xsl:text> </xsl:text>
<xsl:value-of select="triggers"/>
<xsl:text> </xsl:text>
<xsl:text>&#xa;</xsl:text>
</xsl:for-each>
</xsl:template>
</xsl:stylesheet>
EOF
/usr/bin/curl -u $User --tlsv1.2 -H "Accept: application/xml" "$JSSURL/computermanagement/udid/$UDID/subset/policies" | xsltproc "$xsltFile" - > $xmlFile
Update_Count=$(grep -c "patch_app_updates" "$xmlFile")
sed '/patch_app_updates/!d' $xmlFile > $xmlupdates
IDs=($(awk '{ print $1 }' $xmlupdates))
##########################################################################
################ Customized Notifier #####################################
##########################################################################
COUNTER=0
Percent=0
Update_Count_Percent=$((Update_Count + 1))
max_counter_read=$((100/Update_Count_Percent))
max_percent=$((max_counter_read * Update_Count_Percent))
max_calculate=$((100 - max_counter_read * Update_Count_Percent))
################ Message #################################################
if [[ "$Update_Count" -eq 1 ]]; then
Plural_en=" "
Plural_de=" "
elif [[ "$Update_Count" -gt 1 ]]; then
Plural_en="s "
Plural_de="s "
else
echo "no patches found, exiting"
exit 0
fi
Plural=Plural_${UserLanguage}
Notifier_Path="/Applications/IBM Notifier.app/Contents/MacOS/IBM Notifier"
Type_Message="popup"
Icon_Path="/Library/Application Support/Next Enterprise/Next_logo_48x48.png"
Bar_Title_Message_en="Update${!Plural}Available"
Title__Message_en="Software Update${!Plural}Available"
Description_Message_en="Hello ${RealName} \n You have ${Update_Count} update${!Plural}available in the Self Service."
Button_1_Message_en="Update"
Button_2_Message_en="Cancel"
Bar_Title_Message_de="Update${!Plural}verfügbar"
Title__Message_de="Software Update${!Plural}verfügbar"
Description_Message_de="Hallo ${RealName} \n Es sind ${Update_Count} update${!Plural}im Self Service Verfügung."
Button_1_Message_de="Update"
Button_2_Message_de="Abbrechen"
Bar_Title_Message=Bar_Title_Message_${UserLanguage}
Title_Message=Title__Message_${UserLanguage}
Description_Message=Description_Message_${UserLanguage}
Button_1_Message=Button_1_Message_${UserLanguage}
Button_2_Message=Button_2_Message_${UserLanguage}
################ Progress ################################################
Type_Progress="popup"
ACCESSORYTYPE="progressbar"
Bar_Title_Progress_en="Update"
Title_Progress_en="Updating the old app${!Plural}"
Description_Progress_en="The update process is in progress. Please wait until all updates have been installed. The process is completely automatic. Please do not restart the device while the message is displayed."
ACCESSORYPAYLOAD_en="/percent 0"
Update_Inventory_Message_en="Updating Inventory......"
Update_Steps_en="Step"
Count_Steps_en="of"
Update_Progress_Message_en="Update"
Bar_Title_Progress_de="Update"
Title_Progress_de="Aktualisierung der alten App${!Plural}"
Description_Progress_de="Der Aktualisierungsvorgang ist in Arbeit. Bitte warte, bis alle Updates installiert worden sind. Der Vorgang läuft vollständig automatisch ab. Bitte starte das Gerät während die Meldung angezeigt wird, nicht neu."
ACCESSORYPAYLOAD_de="/percent 0"
Update_Inventory_Message_de="Aktualisierung des Bestandsverzeichnisses....."
Update_Steps_de="Schritt"
Count_Steps_de="von"
Update_Progress_Message_de="Aktualisiere"
if [[ "$Update_Count" -eq 1 ]]; then
Final_Massage_en="The update has been installed. Thanks for the patience."
Final_Massage_de="Das Update wurde installiert. Danke für die Geduld."
else
Final_Massage_en="All updates have been installed. Thanks for the patience."
Final_Massage_de="Alle Updates wurden installiert. Danke für die Geduld."
fi
Update_Inventory_Message=Update_Inventory_Message_${UserLanguage}
Bar_Title_Progress=Bar_Title_Progress_${UserLanguage}
Title_Progress=Title_Progress_${UserLanguage}
Description_Progress=Description_Progress_${UserLanguage}
ACCESSORYPAYLOAD=ACCESSORYPAYLOAD_${UserLanguage}
Update_Steps=Update_Steps_${UserLanguage}
Count_Steps=Count_Steps_${UserLanguage}
Update_Progress_Message=Update_Progress_Message_${UserLanguage}
Final_Massage=Final_Massage_${UserLanguage}
################ Function ################################################
policy_progress() {
pipe_name="pbnota"
# FIFO creation and setup process for updating the progress bar
find /private/tmp -name "$pipe_name" -delete
mkfifo /private/tmp/${pipe_name}
exec 5<> /private/tmp/${pipe_name}
# IBM Notifier Progress Bar configuration
sudo -u "${CurrentUser}" "${Notifier_Path}" \
-type "${Type_Progress}" \
-title "${!Title_Progress}" \
-bar_title "${!Bar_Title_Progress}" \
-subtitle "${!Description_Progress}" \
-icon_path "${Icon_Path}" \
-accessory_view_type "${ACCESSORYTYPE}" \
-always_on_top \
-accessory_view_payload "${!ACCESSORYPAYLOAD}" < /private/tmp/${pipe_name} &
until [[ "$COUNTER" -ge $Update_Count ]]; do
for i in ${IDs[@]}
do
let COUNTER++
counter_read=$((100/Update_Count_Percent))
Percent=$((Percent + counter_read))
PolicyName=$(/usr/bin/curl -u $User --tlsv1.2 -H "Accept: application/xml" "$JSSURL/policies/id/$i" | xmllint --xpath '/policy/general/name/text()' - 2>/dev/null)
echo "/percent $Percent /bottom_message ${!Update_Steps} $COUNTER ${!Count_Steps} $Update_Count ${!Update_Progress_Message}: $PolicyName" >&5
jamf policy -id $i -forceNoRecon
done
Percent=$((Percent + counter_read + max_calculate))
echo "/percent $Percent /bottom_message ${!Final_Massage} ">&5
done
exec 3>&-
find /private/tmp -name ${pipe_name} -delete
}
################ Checking the available updates ##########################
ButtonClicked=$("sudo" "-u" "${CurrentUser}" "${Notifier_Path}" "-type" "${Type_Message}" "-bar_title" "${!Bar_Title_Message}" "-title" "${!Title_Message}" "-subtitle" "${!Description_Message}" "-icon_path" "${Icon_Path}" "-always_on_top" "-main_button_label" "${!Button_1_Message}"; echo $?)
echo $ButtonClicked
if [[ "$ButtonClicked" -eq 0 ]]; then
policy_progress
fi
ING - DE Xcode select [ 1.0 ]
+1
View File
@@ -0,0 +1 @@
sudo xcode-select -s /Applications/$4.app/Contents/Developer
ING DE - SET ASSET TAG [1.0]
+59
View File
@@ -0,0 +1,59 @@
#!/bin/bash
##########################################################################
# Shellscript : Set Asset Tag
# Author : Andreas Vogel | Jobst Heinermann
# Copyright : © macenterprise gmbh, 2019
# Source : https://www.jamf.com/jamf-nation/discussions/24664/script-to-prompt-for-computer-names
##########################################################################
#Variabeln
loggedInUser=$(stat -f%Su /dev/console)
loggedInUID=$(id -u $loggedInUser)
# Abfrage, dass nicht ROOT angemeldet ist
if [[ "$loggedInUser" != "root" ]] && [[ "$loggedInUser" != "_mbsetup" ]]; then
## Create local script
cat << EOD > /private/tmp/asset_tag.sh
#!/bin/bash
TAG=\$(/usr/bin/osascript -e 'tell application "System Events" to set TAG to text returned of (display dialog "Bitte aktualisiere dein Asset Tag / die Inventarnummer. Diese findest du auf der Unterseite deines MacBooks. Die Nummer beginnt mit 61.... oder 91..." default answer "" buttons {"OK"} default button 1 with icon 2)')
echo "\${TAG}" > /private/tmp/asset_tag.txt
EOD
## Make script executable
/bin/chmod +x /private/tmp/asset_tag.sh
## Run the script as logged in user
/bin/launchctl asuser "$loggedInUID" sudo -iu "$loggedInUser" "/private/tmp/asset_tag.sh"
## Get the new name from the local file
asset_tag=$(cat /tmp/asset_tag.txt)
if [ ! -z "$asset_tag" ]; then
echo "$asset_tag"
## Set Asset Tag
jamf recon -assetTag "$asset_tag"
## Remove local script
rm -f /private/tmp/asset_tag.sh
exit 0
else
echo "No name was found to rename to"
## Remove local script
rm -f /private/tmp/asset_tag.sh
exit 1
fi
else
echo "No-one logged in. Exiting"
exit 0
fi
ING DE - set_asset_tag [ alerter ]
+26
View File
@@ -0,0 +1,26 @@
#!/bin/bash
##########################################################################
# Script : set Asset Tag
# Autor : Andreas Vogel
# Copyright : macenterprise gmbh, 2020
##########################################################################
############################################# Variablen #########################################################################
fGetCurrenUser (){
currentUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'`
# Identify the UID of the logged-in user
currentUserUID=`id -u "$currentUser"`
}
############################################# Ausführung #############################################################################
fGetCurrenUser
asset_tag="$(/bin/launchctl asuser "$currentUserUID" /Library/Application\ Support/JAMF/alerter -reply -message "Bitte das Asset-Tag angeben" -title "Fehlende Information..." -timeout 3000)"
if [ "$asset_tag" == "@CLOSED" ] || [[ "$asset_tag" == "@CONTENTCLICKED" ]] || [[ "$asset_tag" == "@ACTIONCLICKED" ]]
then
echo "keine Angaben"
exit 1
else
jamf recon -assetTag "$asset_tag"
fi
Instal_microsoft_Pro.sh
Executable
+118
View File
@@ -0,0 +1,118 @@
#!/bin/zsh
:<<'ABOUT_THIS_SCRIPT'
-----------------------------------------------------------------------
Written by:William Smith
Professional Services Engineer
Jamf
bill@talkingmoose.net
https://gist.github.com/talkingmoose/a16ca849416ce5ce89316bacd75fc91a
Originally posted: November 19, 2017
Updated: January 20, 2020
Purpose: Downloads and installs the latest available Microsoft
product specified directly on the client. This avoids having to
manually download and store an up-to-date installer on a
distribution server every month.
Instructions: Update the linkID value to one of the corresponding
Microsoft products in the list and optionally update the sha256Checksum
value with a known SHA 256 string. Run the script with elevated
privileges. If using Jamf Pro, consider replacing the linkID and
sha256Checksum values with "$4" and "$5", entering the ID as script
parameters in a policy.
Except where otherwise noted, this work is licensed under
http://creativecommons.org/licenses/by/4.0/
"You say goodbye and I say exit 0."
-----------------------------------------------------------------------
ABOUT_THIS_SCRIPT
# enter the Microsoft fwlink (permalink) product ID
# or leave blank if using a $4 script parameter with Jamf Pro
linkID="2093438" # e.g. "525133" for Office 2019
# 525133 - Office 2019 for Mac SKUless download (aka Office 365)
# 2009112 - Office 2019 for Mac BusinessPro SKUless download (aka Office 365 with Teams)
# 871743 - Office 2016 for Mac SKUless download
# 830196 - AutoUpdate download
# 2069148 - Edge (Consumer Stable)
# 2069439 - Edge (Consumer Beta)
# 2069340 - Edge (Consumer Dev)
# 2069147 - Edge (Consumer Canary)
# 2093438 - Edge (Enterprise Stable)
# 2093294 - Edge (Enterprise Beta)
# 2093292 - Edge (Enterprise Dev)
# 525135 - Excel 2019 SKUless download
# 871750 - Excel 2016 SKUless download
# 869655 - InTune Company Portal download
# 823060 - OneDrive download
# 820886 - OneNote download
# 525137 - Outlook 2019 SKUless download
# 871753 - Outlook 2016 SKUless download
# 525136 - PowerPoint 2019 SKUless download
# 871751 - PowerPoint 2016 SKUless download
# 868963 - Remote Desktop
# 800050 - SharePoint Plugin download
# 832978 - Skype for Business download
# 869428 - Teams
# 525134 - Word 2019 SKUless download
# 871748 - Word 2016 SKUless download
# enter the SHA 256 checksum for the download file
# download the package and run '/usr/bin/shasum -a 256 /path/to/file.pkg'
# this will change with each version
# leave blank to to skip the checksum verification (less secure) or if using a $5 script parameter with Jamf Pro
sha256Checksum="" # e.g. "67b1e8e036c575782b1c9188dd48fa94d9eabcb81947c8632fd4acac7b01644b"
set -x
if [ "$4" != "" ] && [ "$linkID" = "" ]
then
linkID=$4
fi
if [ "$5" != "" ] && [ "$sha256Checksum" = "" ]
then
sha256Checksum=$5
fi
# this is the full fwlink URL
url="https://go.microsoft.com/fwlink/?linkid=$linkID"
# create temporary working directory
echo "Creating working directory '$tempDirectory'"
workDirectory=$( /usr/bin/basename $0 )
tempDirectory=$( /usr/bin/mktemp -d "/private/tmp/$workDirectory.XXXXXX" )
# change directory to temporary working directory
echo "Changing directory to working directory '$tempDirectory'"
cd "$tempDirectory"
# download the installer package and name it for the linkID
echo "Downloading package $linkID.pkg"
/usr/bin/curl --location --silent "$url" -o "$linkID.pkg"
# checksum the download
downloadChecksum=$( /usr/bin/shasum -a 256 "$tempDirectory/$linkID.pkg" | /usr/bin/awk '{ print $1 }' )
echo "Checksum for downloaded package: $downloadChecksum"
# install the package if checksum validates
if [ "$sha256Checksum" = "$downloadChecksum" ] || [ "$sha256Checksum" = "" ]; then
echo "Checksum verified. Installing package $linkID.pkg"
/usr/sbin/installer -pkg "$linkID.pkg" -target /
exitCode=0
else
echo "Checksum failed. Recalculate the SHA 256 checksum and try again. Or download may not be valid."
exitCode=1
fi
# remove the temporary working directory when done
/bin/rm -Rf "$tempDirectory"
echo "Deleting working directory '$tempDirectory' and its contents"
exit $exitCode
Install Xcode Command Line Tools.sh
Executable
+75
View File
@@ -0,0 +1,75 @@
#!/bin/sh
macOSVersionMajor=$(/usr/bin/sw_vers -productVersion | /usr/bin/awk -F. '{print $1}')
macOSVersionMinor=$(/usr/bin/sw_vers -productVersion | /usr/bin/awk -F. '{print $2}')
########## function-ing ##########
# Checks current state of Xcode Command Line Tools installation.
xcode_check () {
xcodeSelectCheck=$(/usr/bin/xcode-select --print-path 2>&1)
if [ "$xcodeSelectCheck" = "/Library/Developer/CommandLineTools" ]; then
xcodeCLI="installed"
else
xcodeCLI="missing"
fi
}
# Exits if Mac is not running macOS 10 or later.
check_macos () {
if [ "$macOSVersionMajor" -lt 10 ]; then
echo "❌ ERROR: This Mac is running an incompatible operating system $(/usr/bin/sw_vers -productVersion)), unable to proceed."
exit 72
fi
}
########## main process ##########
# Exit if Xcode Command Line Tools are already installed.
xcode_check
if [ "$xcodeCLI" = "installed" ]; then
echo "Xcode Command Line Tools already installed, no action required."
exit 0
else
/usr/bin/xcode-select --reset
fi
# Exit if Mac is not running macOS 10.
check_macos
# Get current Xcode Command Line Tools label via softwareupdate.
/usr/bin/touch "/tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress"
if [ "$macOSVersionMajor" -eq 10 ] && [ "$macOSVersionMinor" -lt 15 ]; then
xcodeCommandLineTools=$(/usr/sbin/softwareupdate --list 2>&1 | \
/usr/bin/awk -F"[*] " '/\* Command Line Tools/ {print $NF}' | \
/usr/bin/sed 's/^ *//' | \
/usr/bin/tail -1)
else
xcodeCommandLineTools=$(/usr/sbin/softwareupdate --list 2>&1 | \
/usr/bin/awk -F: '/Label: Command Line Tools for Xcode/ {print $NF}' | \
/usr/bin/sed 's/^ *//' | \
/usr/bin/tail -1)
fi
# Install Xcode Command Line Tools via softwareupdate.
/usr/sbin/softwareupdate --install "$xcodeCommandLineTools"
# Verify successful installation.
xcode_check
if [ "$xcodeCLI" = "missing" ]; then
echo "❌ ERROR: Xcode Command Line Tool install was unsuccessful."
exit 1
else
/bin/rm -f "/tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress"
echo "✅ Installed Xcode Command Line Tools."
fi
exit 0
Install cocoapods-rome
+5
View File
@@ -0,0 +1,5 @@
#Dieses Script installiert cocoapods-rome
#Erstellt am 12.1.2018, Peter Hasselbach, macenterprise GmbH
#Quelle: https://github.com/CocoaPods/Rome
gem install cocoapods-rome
InstallProxifierScript.sh
+51304
View File
File diff suppressed because it is too large Load Diff
Installer_macOS_fetch.sh
+21
View File
@@ -0,0 +1,21 @@
#!/bin/bash
##########################################################################
# Shellscript : Reinstall macOS
# Autor : Andreas Vogel, NEXT Enterprise gmbh, 2021
##########################################################################
set -x
Installer=$(find /Applications -type d -name 'Install macOS*')
echo $Installer
if [ -d "$Installer" ]
then
"$Installer"/Contents/Resources/startosinstall --eraseinstall --newvolumename "Macintosh HD" --agreetolicense
else
softwareupdate --fetch-full-installer
Installer=$(find /Applications -type d -name 'Install macOS*')
"$Installer"/Contents/Resources/startosinstall --eraseinstall --newvolumename "Macintosh HD" --agreetolicense
fi
Intellij IDEA.sh
Executable
+4
View File
@@ -0,0 +1,4 @@
#!/bin/bash
# Andreas Vogel, macenterprise GmbH, 12.11.2018
sudo keytool -import -v -trustcacerts -alias INGSonarQubeServer -file ./sonarqube-devcorpint.crt -keystore /Library/Java/JavaVirtualMachines/zulu-8.jdk/Contents/Home/jre/lib/security/cacerts
Inventar abgleich.
+4
View File
@@ -0,0 +1,4 @@
#!/bin/bash
# Andreas Vogel 04.02.2019 macenterprise GmbH
sudo jamf recon
Jamf_Connect_Share.xml
+40
View File
@@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>HomeMount</key>
<dict>
<key>Groups</key>
<array/>
<key>Mount</key>
<false/>
<key>Options</key>
<array/>
</dict>
<key>PayloadDisplayName</key>
<string>Jamf Connect Shares</string>
<key>PayloadType</key>
<string>com.jamf.connect.shares</string>
<key>Shares</key>
<array>
<dict>
<key>AutoMount</key>
<true/>
<key>ConnectedOnly</key>
<true/>
<key>Groups</key>
<array/>
<key>LocalMount</key>
<string></string>
<key>Name</key>
<string>PROD</string>
<key>Options</key>
<array/>
<key>URL</key>
<string>smb://klncf733/anwendungen/DEAL</string>
</dict>
</array>
<key>Version</key>
<string>1</string>
</dict>
</plist>
Jobst Skripte/Neuer Ordner/supportinfo.sh
Executable
+222
View File
@@ -0,0 +1,222 @@
#!/bin/bash
################################################################################
# title: show support infos to user
# author: Lennart Schwind, ING/WPS - Apple Developer Workplace
# V 1.0: 28.09.2020 - initial version
# V 1.1: 09.11.2020 - modified get IP command
################################################################################
#
################################### variables ##################################
#get logged in user
loggedInUser=$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; \
import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = \
[username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");')
if [[ ${loggedInUser} == "" ]]; then
loggedInUser=$(ls -l /dev/console | awk '/ / { print $3 }')
if [[ -z ${loggedInUser} || ${loggedInUser} == "root" ]]; then
echo "$(/bin/date +%Y-%m-%d\ %H:%M:%S) Info: No user logged in."
exit 0
fi
fi
uid=$(id -u "${loggedInUser}")
#icons for use with applescript display dialog
iconing="/Library/Application Support/JAMF/ING/ok-1976099_640.png"
serial=$(system_profiler SPHardwareDataType | grep 'Serial Number (system)' | awk '{print $NF}')
lastreboot=$(date -jf "%s" "$(sysctl kern.boottime | awk -F'[= |,]' '{print $6}')" +"%d.%m.%Y %T")
location=$(cat /var/db/.loc)
macos=$(sw_vers -productVersion)
################################### functions ##################################
#Function to use applescript "display dialog" to display message to user and check which button (2 buttons) was clicked
askforbutton2() {
message=${1}
title=${2}
button1=${3}
button2=${4}
launchctl asuser "${uid}" /usr/bin/osascript <<-EndOfScript
button returned of ¬
(display dialog "${message}" ¬
buttons {"${button1}", "${button2}"} ¬
default button "${button1}" with icon POSIX file "${iconing}" with title "${title}")
EndOfScript
}
getvpnstatusandip() {
if [[ -f "/Library/Application Support/Checkpoint/Endpoint Connect/trac" ]]; then
vpn=$(/Library/Application\ Support/Checkpoint/Endpoint\ Connect/trac info | awk '/ Connected/{print $2}')
elif [[ -f "/Library/Application Support/Checkpoint/Endpoint Connect/command_line" ]]; then
vpn=$(/Library/Application\ Support/Checkpoint/Endpoint\ Connect/command_line info | awk '/ Connected/{print $2}')
fi
if [[ -n ${vpn} ]]; then
vpnstatus=$(printf '\xE2\x9C\x85 connected')
else
vpnstatus=$(printf '\xE2\x9D\x8C no connection')
fi
if route -n get ad.ing.net; then
ip=$(ifconfig $(route -n get ad.ing.net | awk '/interface/{print $2}') | awk '/inet /{print $2}')
else
ip=$(printf '\xE2\x9D\x8C no connection to ING')
fi
}
getconnectionstatus() {
if nc -z ad.ing.net 389 -G 5; then
AD=$(printf '\xE2\x9C\x85 reachable')
else
AD=$(printf '\xE2\x9D\x8C not reachable')
fi
if nc -z mdmapple.wps.ing.net 8443 -G 5; then
JAMF=$(printf '\xE2\x9C\x85 reachable')
else
JAMF=$(printf '\xE2\x9D\x8C not reachable')
fi
}
checkproxyconfig() {
IFS=$'\n'
hardwareport=($(networksetup -listnetworkserviceorder | grep 'Hardware Port'))
networkservice=($(/usr/sbin/networksetup -listallnetworkservices | tail +2))
interfacecount=${#hardwareport[@]}
for (( j=0; j<${interfacecount}; j++ )); do
sdev=$(echo "${hardwareport[$j]}" | awk -F "(, )|(: )|[)]" '{print $4}')
if [ -n "$sdev" ]; then
if ifconfig "$sdev" 2>/dev/null | grep 'status: active' > /dev/null 2>&1; then
currentservice="${networkservice[$j]}"
fi
fi
done
if [[ $(echo ${macos} | awk -F. '{print $2}') -ge 15 ]]; then
proxyautourl=$(/usr/sbin/networksetup -getautoproxyurl "${currentservice}" | awk '/URL/{print $2}')
proxyautostatus=$(/usr/sbin/networksetup -getautoproxyurl "${currentservice}" | awk '/Enabled/{print $2}')
if [[ ${proxyautourl} == "http://pac.ing.net:8080/NL/proxy.pac" ]]; then
proxyurl=$(printf "\xE2\x9C\x85 correct")
else
proxyurl=$(printf "\xE2\x9D\x8C incorrect: ${proxyautourl}")
fi
if [[ ${proxyautostatus} == "Yes" ]]; then
proxystatus=$(printf "\xE2\x9C\x85 enabled")
else
proxystatus=$(printf "\xE2\x9D\x8C disabled")
fi
else
if [[ -d "/Applications/Preproxy.app" ]]; then
preproxyinstalled=$(printf "\xE2\x9C\x85 installed")
if ps ax | pgrep "[P]reproxyService" || ps ax | pgrep "[p]reproxy";then
preproxystatus=$(printf "\xE2\x9C\x85 running")
else
preproxystatus=$(printf "\xE2\x9D\x8C not running")
fi
preproxyautourl=$(/usr/libexec/PlistBuddy -c "print:ProxyAutoConfigurationURL:" "/Users/${loggedInUser}/Library/Group Containers/4EVWBBD4BP.io.github.hamstergene.preproxy/Library/Preferences/4EVWBBD4BP.io.github.hamstergene.preproxy.plist")
preproxylocalport=$(/usr/libexec/PlistBuddy -c "print:LocalPort:" "/Users/${loggedInUser}/Library/Group Containers/4EVWBBD4BP.io.github.hamstergene.preproxy/Library/Preferences/4EVWBBD4BP.io.github.hamstergene.preproxy.plist")
if [[ ${preproxyautourl} == "http://pac.ing.net:8080/NL/proxy.pac" ]]; then
preproxyurl=$(printf "\xE2\x9C\x85 correct")
else
preproxyurl=$(printf "\xE2\x9D\x8C incorrect: ${preproxyautourl}")
fi
else
preproxyinstalled=$(printf "\xE2\x9D\x8C not found")
preproxystatus=$(printf "\xE2\x9D\x8C not found")
preproxyurl=$(printf "\xE2\x9D\x8C not found")
fi
proxyhttpconfig=$(/usr/sbin/networksetup -getwebproxy "${currentservice}" | awk '/Server/{print $2}')
proxyhttpport=$(/usr/sbin/networksetup -getwebproxy "${currentservice}" | awk '/Port/{print $2}')
proxyhttpstatus=$(/usr/sbin/networksetup -getwebproxy "${currentservice}" | awk '/^Enabled/{print $2}')
proxyhttpsconfig=$(/usr/sbin/networksetup -getsecurewebproxy "${currentservice}" | awk '/Server/{print $2}')
proxyhttpsport=$(/usr/sbin/networksetup -getsecurewebproxy "${currentservice}" | awk '/Port/{print $2}')
proxyhttpsstatus=$(/usr/sbin/networksetup -getsecurewebproxy "${currentservice}" | awk '/^Enabled/{print $2}')
if [[ ${proxyhttpconfig} == "localhost" ]] || [[ ${proxyhttpconfig} == "127.0.0.1" ]]; then
httpproxyurl=$(printf "\xE2\x9C\x85 correct")
else
httpproxyurl=$(printf "\xE2\x9D\x8C incorrect: ${proxyhttpconfig}")
fi
if [[ ${proxyhttpport} == ${preproxylocalport} ]]; then
httpproxyport=$(printf "\xE2\x9C\x85 correct")
else
httpproxyport=$(printf "\xE2\x9D\x8C incorrect: ${proxyhttpport} != ${preproxylocalport}")
fi
if [[ ${proxyhttpstatus} == "Yes" ]]; then
httpproxystatus=$(printf "\xE2\x9C\x85 enabled")
else
httpproxystatus=$(printf "\xE2\x9D\x8C disabled")
fi
if [[ ${proxyhttpsconfig} == "localhost" ]] || [[ ${proxyhttpsconfig} == "127.0.0.1" ]]; then
httpsproxyurl=$(printf "\xE2\x9C\x85 correct")
else
httpsproxyurl=$(printf "\xE2\x9D\x8C incorrect: ${proxyhttpsconfig}")
fi
if [[ ${proxyhttpsport} == ${preproxylocalport} ]]; then
httpsproxyport=$(printf "\xE2\x9C\x85 correct")
else
httpsproxyport=$(printf "\xE2\x9D\x8C incorrect: ${proxyhttpsport} != ${preproxylocalport}")
fi
if [[ ${proxyhttpsstatus} == "Yes" ]]; then
httpsproxystatus=$(printf "\xE2\x9C\x85 enabled")
else
httpsproxystatus=$(printf "\xE2\x9D\x8C disabled")
fi
fi
}
################################### execution ##################################
while [[ ${exit} != "close" ]]; do
getvpnstatusandip
getconnectionstatus
checkproxyconfig
if [[ $(echo ${macos} | awk -F. '{print $2}') -ge 15 ]]; then
exit=$(askforbutton2 "𝗡𝗲𝘁𝘄𝗼𝗿𝗸\
\n----------------------------------------\
\nIP:\t\t\t${ip}\
\nVPN:\t\t${vpnstatus}\
\nING AD:\t\t${AD}\
\nJamf Pro:\t${JAMF}\
\n\
\n𝗗𝗲𝘃𝗶𝗰𝗲\
\n----------------------------------------\
\nHostname:\t$(hostname)\
\nSerial #:\t\t${serial}\
\nmacOS:\t\t${macos}\
\nLast reboot:\t${lastreboot}\
\nLocation:\t\t${location}\
\n\
\n𝗦𝘆𝘀𝘁𝗲𝗺 𝗣𝗿𝗼𝘅𝘆 𝗦𝗲𝘁𝘁𝗶𝗻𝗴𝘀\
\n----------------------------------------\
\nAuto URL:\t${proxyurl}\
\nStatus:\t\t${proxystatus}" "Support Info" "refresh" "close")
else
exit=$(askforbutton2 "𝗡𝗲𝘁𝘄𝗼𝗿𝗸\
\n----------------------------------------\
\nIP:\t\t\t${ip}\
\nVPN:\t\t${vpnstatus}\
\nING AD:\t\t${AD}\
\nJamf Pro:\t${JAMF}\
\n\
\n𝗗𝗲𝘃𝗶𝗰𝗲\
\n----------------------------------------\
\nHostname:\t$(hostname)\
\nSerial #:\t\t${serial}\
\nmacOS:\t\t${macos}\
\nLast reboot:\t${lastreboot}\
\nLocation:\t\t${location}\
\n\
\n𝗣𝗿𝗲𝗣𝗿𝗼𝘅𝘆\
\n----------------------------------------\
\nInstalled:\t\t${preproxyinstalled}\
\nStatus:\t\t${preproxystatus}\
\nAuto URL:\t${preproxyurl}\
\n\
\n𝗦𝘆𝘀𝘁𝗲𝗺 𝗣𝗿𝗼𝘅𝘆 𝗦𝗲𝘁𝘁𝗶𝗻𝗴𝘀\
\n----------------------------------------\
\nHTTP URL:\t${httpproxyurl}\
\nHTTP Port:\t${httpproxyport}\
\nHTTP State:\t${httpproxystatus}\
\n----------------------------------------\
\nHTTPS Proxy:\t${httpsproxyurl}\
\nHTTPS Port:\t${httpsproxyport}\
\nHTTPS State:\t${httpsproxystatus}" "Support Info" "refresh" "close")
fi
done
################################### end ########################################
exit 0
Jobst Skripte/Update Jamf_Pro_Computer_Script_Download.sh
+132
View File
@@ -0,0 +1,132 @@
#!/bin/bash
# This script is designed to use the Jamf Pro API to identify the individual IDs of
# the scripts stored on a Jamf Pro server then do the following:
#
# 1. Download the script as XML
# 2. Identify the script name
# 3. Extract the script contents from the downloaded XML
# 4. Save the script to a specified directory
# If setting up a specific user account with limited rights, here are the required API privileges
# for the account on the Jamf Pro server:
#
# Jamf Pro Server Objects:
#
# Scripts: Read
# If you choose to specify a directory to save the downloaded scripts into,
# please enter the complete directory path into the ScriptDownloadDirectory
# variable below.
ScriptDownloadDirectory="/Users/90022300/Desktop/SKRIPTS"
# If the ScriptDownloadDirectory isn't specified above, a directory will be
# created and the complete directory path displayed by the script.
if [[ -z "$ScriptDownloadDirectory" ]]; then
ScriptDownloadDirectory=$(mktemp -d)
echo "A location to store downloaded scripts has not been specified."
echo "Downloaded scripts will be stored in $ScriptDownloadDirectory."
fi
# If you choose to hardcode API information into the script, set one or more of the following values:
#
# The username for an account on the Jamf Pro server with sufficient API privileges
# The password for the account
# The Jamf Pro URL
# Set the Jamf Pro URL here if you want it hardcoded.
jamfpro_url="https://lions-mac.ing.de:8443"
# Set the username here if you want it hardcoded.
jamfpro_user="90022300"
# Set the password here if you want it hardcoded.
jamfpro_password="'**********"
# If you do not want to hardcode API information into the script, you can also store
# these values in a ~/Library/Preferences/com.github.jamfpro-info.plist file.
#
# To create the file and set the values, run the following commands and substitute
# your own values where appropriate:
#
# To store the Jamf Pro URL in the plist file:
# defaults write com.github.jamfpro-info jamfpro_url https://jamf.pro.server.goes.here:port_number_goes_here
#
# To store the account username in the plist file:
# defaults write com.github.jamfpro-info jamfpro_user account_username_goes_here
#
# To store the account password in the plist file:
# defaults write com.github.jamfpro-info jamfpro_password account_password_goes_here
#
# If the com.github.jamfpro-info.plist file is available, the script will read in the
# relevant information from the plist file.
if [[ -f "$HOME/Library/Preferences/com.github.jamfpro-info.plist" ]]; then
if [[ -z "$jamfpro_url" ]]; then
jamfpro_url=$(defaults read $HOME/Library/Preferences/com.github.jamfpro-info jamfpro_url)
fi
if [[ -z "$jamfpro_user" ]]; then
jamfpro_user=$(defaults read $HOME/Library/Preferences/com.github.jamfpro-info jamfpro_user)
fi
if [[ -z "$jamfpro_password" ]]; then
jamfpro_password=$(defaults read $HOME/Library/Preferences/com.github.jamfpro-info jamfpro_password)
fi
fi
# If the Jamf Pro URL, the account username or the account password aren't available
# otherwise, you will be prompted to enter the requested URL or account credentials.
if [[ -z "$jamfpro_url" ]]; then
read -p "Please enter your Jamf Pro server URL : " jamfpro_url
fi
if [[ -z "$jamfpro_user" ]]; then
read -p "Please enter your Jamf Pro user account : " jamfpro_user
fi
if [[ -z "$jamfpro_password" ]]; then
read -p "Please enter the password for the $jamfpro_user account: " -s jamfpro_password
fi
echo ""
# Remove the trailing slash from the Jamf Pro URL if needed.
jamfpro_url=${jamfpro_url%%/}
# Remove the trailing slash from the ScriptDownloadDirectory variable if needed.
ScriptDownloadDirectory=${ScriptDownloadDirectory%%/}
DownloadScript(){
# Download the script information as raw XML,
# then format it to be readable.
echo "Downloading scripts from $jamfpro_url..."
FormattedScript=$(curl -su "${jamfpro_user}:${jamfpro_password}" -H "Accept: application/xml" "${jamfpro_url}/JSSResource/scripts/id/${ID}" -X GET | xmllint --format - )
# Identify and display the script's name.
DisplayName=$(echo "$FormattedScript" | xpath "/script/name/text()" 2>/dev/null | sed -e 's|:|(colon)|g' -e 's/\//\\/g')
echo "Downloaded script is named: $DisplayName"
## Save the downloaded script
echo "Saving ${DisplayName} file to $ScriptDownloadDirectory."
echo "$FormattedScript" | xpath '/script/script_contents/text()' 2>/dev/null | sed -e 's/&lt;/</g' -e 's/&gt;/>/g' -e 's/&quot;/"/g' -e 's/&amp;/\&/g' > "$ScriptDownloadDirectory/${DisplayName}"
}
Script_id_list=$(curl -su "${jamfpro_user}:${jamfpro_password}" -H "Accept: application/xml" "${jamfpro_url}/JSSResource/scripts" | xpath "//id" 2>/dev/null)
Script_id=$(echo "$Script_id_list" | grep -Eo "[0-9]+")
for ID in ${Script_id}; do
DownloadScript
done
Jobst Skripte/get all scripts.sh
+194
View File
@@ -0,0 +1,194 @@
#!/bin/sh
#Todd Houle
#Feb2016
#This script will build an ugly html page with unused scripts and groups in your JSS
########### EDIT THESE ##################################
JSSURL="https://lions-mac.ing.de:8443"
user="90022300"
pass="'Andy5091067"
############################################################
JSS="$JSSURL/JSSResource"
outFile="/private/tmp/UnUsed.html"
mkdir /tmp/JSSCleanup 2>/dev/null
#Get Scripts
curl -H "Accept: application/xml" -sfku "$user:$pass" "$JSS/scripts" -X GET | xmllint --format - > /private/tmp/JSSCleanup/scripts.xml
#get policies
curl -H "Accept: application/xml" -sfku "$user:$pass" "$JSS/policies" -X GET | xmllint --format - > /private/tmp/JSSCleanup/policies.xml
#get SmartGroups
curl -H "Accept: application/xml" -sfku "$user:$pass" "$JSS/computergroups" -X GET | xmllint --format - > /private/tmp/JSSCleanup/groups.xml
#get Configurations
curl -H "Accept: application/xml" -sfku "$user:$pass" "$JSS/computerconfigurations" -X GET | xmllint --format - > /private/tmp/JSSCleanup/configurations.xml
#empty lists
SCRIPTSUSED=()
GROUPSUSED=()
#used at end to compare scripts used and not
scriptList=`cat /tmp/JSSCleanup/scripts.xml |grep "<id>"| awk -F\> '{print $2}'|awk -F\< '{print $1}'`
scriptListArray=($scriptList)
groupsList=`cat /tmp/JSSCleanup/groups.xml |grep "<id>"| awk -F\> '{print $2}'|awk -F\< '{print $1}'`
groupListArray=($groupsList)
#a comment block.
#: <<EOF
#EOF
#loop through Policies
policyList=`cat /tmp/JSSCleanup/policies.xml |grep -i \<id\>|awk -F\> '{print $2}'|awk -F\< '{print $1}'`
arr=($policyList)
#get all policies from JSS and build a list of scripts used
for thisPolicy in "${arr[@]}"; do
curl -H "Accept: application/xml" -sfku "$user:$pass" "$JSS/policies/id/$thisPolicy" -X GET | xmllint --format - > /private/tmp/JSSCleanup/policy$thisPolicy.xml
scriptsInPol=`xpath /tmp/JSSCleanup/policy$thisPolicy.xml '/policy/scripts'|grep "<id>"| awk -F\> '{print $2}'|awk -F\< '{print $1}'`
scrarr=($scriptsInPol)
for oneScript in "${scrarr[@]}"; do
echo "script ID $oneScript used in policy number $thisPolicy"
#Add scripts from policy to array of scripts in use
if [[ " ${SCRIPTSUSED[@]} " =~ " ${oneScript} " ]]; then
# whatever you want to do when arr contains value
echo "script $oneScript is already listed in use"
else
# whatever you want to do when arr doesn't contain value
echo "adding script $oneScript to SCRIPTSUSED array"
SCRIPTSUSED+=($oneScript)
fi
done
#look for unused smartGroups
smrtGrpInPol=`xpath /tmp/JSSCleanup/policy$thisPolicy.xml '/policy/scope/computer_groups'|grep "<id>"| awk -F\> '{print $2}'|awk -F\< '{print $1}'`
smrtGrpArr=($smrtGrpInPol)
for oneGrp in "${smrtGrpArr[@]}"; do
echo "group ID $oneGrp used in policy number $thisPolicy"
if [[ " ${GROUPSUSED[@]} " =~ " ${oneGrp} " ]]; then
# whatever you want to do when arr contains value
echo "script $oneGrp is already listed in use"
else
# whatever you want to do when arr doesn't contain value
echo "adding grp $oneGrp to GRPUSED array"
GROUPSUSED+=($oneGrp)
fi
done
#look for unused smartgroupsExcludedInPolicies
smrtGrpInPolEx=`xpath /tmp/JSSCleanup/policy$thisPolicy.xml '/policy/scope/exclusions/computer_groups'|grep "<id>"| awk -F\> '{print $2}'|awk -F\< '{print $1}'`
smrtGrpArr2=($smrtGrpInPolEx)
for oneGrp in "${smrtGrpArr2[@]}"; do
echo "group exclusion $oneGrp used in policy number $thisPolicy"
if [[ " ${GROUPSUSED[@]} " =~ " ${oneGrp} " ]]; then
# whatever you want to do when arr contains value
echo "script $oneGrp is already listed in use"
else
# whatever you want to do when arr doesn't contain value
echo "adding grp $oneGrp to GRPUSED array"
GROUPSUSED+=($oneGrp)
fi
done
done
#Get all configurations from JSS
configurationList=`cat /tmp/JSSCleanup/configurations.xml |grep -i \<id\>|awk -F\> '{print $2}'|awk -F\< '{print $1}'`
arrConfig=($configurationList)
for thisConfig in "${arrConfig[@]}"; do
curl -H "Accept: application/xml" -sfku "$user:$pass" "$JSS/computerconfigurations/id/$thisConfig" -X GET | xmllint --format - > /private/tmp/JSSCleanup/config$thisConfig.xml
scriptsInConfig=`xpath /tmp/JSSCleanup/config$thisConfig.xml '/computer_configuration/scripts/script/id'| awk -F\> '{print $2}'|awk -F\< '{print $1}'`
confiArr=($scriptsInConfig)
for oneConScript in "${confiArr[@]}"; do
echo "script ID $oneConScript used in config $thisConfig"
#Add scripts from policy to array of scripts in use
if [[ " ${SCRIPTSUSED[@]} " =~ " ${oneConScript} " ]]; then
# whatever you want to do when arr contains value
echo "script $oneConScript is already listed in use"
else
echo "adding script $oneConScript to SCRIPTSUSED array"
SCRIPTSUSED+=($oneConScript)
fi
done
done
echo "Moving to part two now..."
echo ""
#build array of script id's that are not used in any policies
Array3=()
for i in "${scriptListArray[@]}"; do
skip=
for j in "${SCRIPTSUSED[@]}"; do
[[ $i == $j ]] && { skip=1; break; }
done
[[ -n $skip ]] || Array3+=("$i")
done
declare -p Array3
ArrayGrp=()
for x in "${groupListArray[@]}"; do
skip=
for y in "${GROUPSUSED[@]}"; do
[[ $x == $y ]] && { skip=1; break; }
done
[[ -n $skip ]] || ArrayGrp+=("$x")
done
declare -p ArrayGrp
scriptCount=0
echo "" > $outFile
for unusedScript in "${Array3[@]}"; do
((scriptCount=scriptCount+1))
done
echo "There are $scriptCount unused Scripts in your JSS"
echo "<h2>Unused Scripts: $scriptCount</h2>" >> $outFile
echo "<ul>" >> $outFile
for unusedScript in "${Array3[@]}"; do
scriptName=`grep -A1 "<id>$unusedScript</id>" /tmp/JSSCleanup/scripts.xml |grep "<name>" |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
echo "<li><a target=\"_blank\" href=\"$JSSURL/scripts.html?id=$unusedScript\">Script: $scriptName</a><BR>" >> $outFile
done
echo "</ul>" >> $outFile
grpCount=0
for unusedGroup in "${ArrayGrp[@]}"; do
((grpCount=grpCount+1))
done
echo "There are $grpCount unused Groups in your JSS"
echo "<h2>Unused Groups: $grpCount</h2>" >> $outFile
echo "<ul>" >> $outFile
for unusedgroup in "${ArrayGrp[@]}"; do
groupType=`grep -A2 "<id>$unusedgroup</id>" /tmp/JSSCleanup/groups.xml |grep "<is_smart>" |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
groupName=`grep -A1 "<id>$unusedgroup</id>" /tmp/JSSCleanup/groups.xml |grep "<name>" |awk -F\> '{print $2}'|awk -F\< '{print $1}'`
if [ "$groupType" == "true" ]; then
echo "<li><a target=\"_blank\" href=\"$JSSURL/smartComputerGroups.html?id=$unusedgroup\">Smart Group: $groupName</a><BR>" >> $outFile
else
echo "<li><a target=\"_blank\" href=\"$JSSURL/staticComputerGroups.html?id=$unusedgroup\">Static Group: $groupName</a><BR>" >> $outFile
fi
done
echo "</ul>" >> $outFile
open $outFile
LastWarningScript.sh
Executable
+11
View File
@@ -0,0 +1,11 @@
#!/bin/bash
shutdown -r 23:33
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/ToolbarInfo.icns" -title "Warning" -description "Das System wird in 1 Minute neugestartet. Es erfolgt kein weiterer Hinweis.
The system will restart in 1 minute. There is no further notice." -button1 "OK" -defaultButton 1 -timeout 45
launchctl remove de.ing.LastWarningDaemon.plist
/bin/rm -f /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
Lession9Task3_EA.sh
Executable
+9
View File
@@ -0,0 +1,9 @@
#!/bin/bash
if /bin/launchctl list | egrep httpd > /dev/null
then
echo "<result>Yes</result>"
else
echo "<result>No</result>"
fi
List_Applications.sh
+32
View File
@@ -0,0 +1,32 @@
#!/bin/bash
#fill in variables for your environment
jssurl="https://lions-mac.ing.de:8443"
apiUser=$(osascript -e 'text returned of (display dialog "Benutzernamme" default answer "" buttons {"OK"} default button 1)')
apiPass=$(osascript -e 'text returned of (display dialog "Password" default answer "" buttons {"OK"} default button 1)')
#create temp folder
mkdir /tmp/appinventory
#list all computer IDs
allCompIDs=$(curl -k -u $apiUser:$apiPass $jssurl/JSSResource/computers | xmllint --format - | awk -F'>|<' '/<id>/,/<\/id>/{print $3}' | sort -n)
#get computer name for computer IDs
for compID in ${allCompIDs}; do
computerName=$(curl -k -u $apiUser:$apiPass $jssurl/JSSResource/computers/id/${compID} | xmllint --format - | awk -F'>|<' '/<name>/,/<\/name>/{print $3}' | head -n1)
#get macOS version for all computers
osVersion=$(curl -k -u $apiUser:$apiPass $jssurl/JSSResource/computers/id/${compID} | xmllint --format - | awk -F'>|<' '/<os_version>/,/<\/os_version>/{print $3}')
#get list of applications installed on each computer name and exports to csv per computer with format compName,osVersion,appName,appVersion
curl -k -u $apiUser:$apiPass $jssurl/JSSResource/computers/id/${compID} | xmllint --format - | awk -F'>|<' '/<applications>/,/<\/applications>/{print $3}' | tail -n+4 | tr '\n' ',' | sed -e $'s/,,,/\\\n/g' | sed 's/,\/.*,/,/g' | sed -e '$ d' | sed '1s;^;'"$computerName"','"$osVersion"',;' | sed 's/^/,,/g' | sed 's/,,'"$computerName"'/'"$computerName"'/g' | cut -f4 > /tmp/appinventory/${computerName}.csv
done # < (echo "${allCompIDs}")
#combine individual inventories into one file
cat /tmp/appinventory/*.csv >> /Users/90022300/Desktop/AllMacAppInventory.csv
#remove temp folder
#rm -rf /tmp/appinventory
MS_Teams_Backgrounds.sh
Executable
+27
View File
@@ -0,0 +1,27 @@
#!/bin/sh
##########################################################################
# Shellscript : Set New Teams video backgrounds
# Autor : Andreas Vogel, NEXT Enterprise gmbh, 2021
##########################################################################
##################### Variablen ##########################################
currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')
sourceFiles=/private/tmp/Teams
MSteamsPath=/Users/"$currentUser"/Library/Application Support/Microsoft/Teams/Backgrounds/Uploads/
##################### Check sourceFiles ##################################
if [ ! -d "$sourceFiles" ]; then
echo "Missing source files, script will fail, did not display messsage."
else
echo "Source files found, script will run."
fi
##################### Run ################################################
if [ -d "$MSteamsPath" ]; then
cp /private/tmp/Teams/*.* /Users/"$currentUser"/Library/Application Support/Microsoft/Teams/Backgrounds/Uploads
chown "$currentUser":wheel /Users/"$currentUser"/Library/Application Support/Microsoft/Teams/Backgrounds/Uploads/*.*
else
echo "Path is missing, creating required folders"
mkdir -p /Users/"$currentUser"/Library/Application Support/Microsoft/Teams/Backgrounds/Uploads
cp /private/tmp/Teams/*.* /Users/"$currentUser"/Library/Application Support/Microsoft/Teams/Backgrounds/Uploads
chown "$currentUser":wheel /Users/"$currentUser"/Library/Application Support/Microsoft/Teams/Backgrounds/Uploads/*.*
fi
MigrationEOS.sh
+82
View File
@@ -0,0 +1,82 @@
#!/bin/zsh
#######################
#
# Benjamin Buchheim - b.buchheim@eos-ts.com 13th April 2022
# Michelle Tembaak - m.tembaak.extern@eos-ts.com
# Script is used to rerun the macOS setup assistant due re-MDM-Enrollment
#
########################
#remove quarantine flag
xattr -r -d com.apple.quarantine /Library/Application\ Support/EOS/DEPNotify/DEPNotify.app
# defining Log-Files
DNLOG=/var/tmp/depnotify.log
CountDown=60
rm $DNLOG
touch $DNLOG
# Get the currently logged in user.
currentUser=$(/usr/bin/stat -f "%Su" /dev/console)
#Create help bubble
mv /Library/Application\ Support/EOS/menu.nomad.depnotify.plist /Users/$currentUser/Library/Preferences/
chown "$currentUser":"EOS\Domain Users" /Users/$currentUser/Library/Preferences/menu.nomad.depnotify.plist
# Since this is running as root, run the DEPNotify process as the currently logged in user instead
/usr/bin/sudo -u $currentUser /usr/bin/open -a /Library/Application\ Support/EOS/DEPNotify/DEPNotify.app/Contents/MacOS/DEPNotify --args
# echo "Command: Help: servicedesk@eos-ts.com +49-40-2850-1010 " >> $DNLOG
echo "Command: Image: /Library/Application Support/EOS/DEPNotify/EOS.png" >> $DNLOG
echo "Command: MainTitle: Migrating your Mac" >> $DNLOG
echo "Command: MainText: Please stand by, your mac is getting prepared for the migration.." >> $DNLOG
echo "Status: Cleaning up jamf" >> $DNLOG
sleep 10
echo "Command: Video: /Library/Application Support/EOS/DEPNotify/Enrollment.mp4" >> $DNLOG
# removing Jamf Framework - since the MDM Profile and other profiles need to be removed, this is will do everything in one step
echo "Status: Removing Jamf binary.." >> $DNLOG
/usr/local/jamf/bin/jamf removeFramework
# waiting till jamf removeFramework is completly done
sleep 60
# Preparing ReRun of the Setupassistant
echo "Status: Preparing Systemfiles for migration" >> $DNLOG
rm /var/db/.AppleSetupDone
sleep 10
touch /var/db/.RunLanguageChooserToo
sleep 10
rm /Library/Keychains/apsd.keychain
sleep 10
rm -rf /var/db/ConfigurationProfiles/
sleep 60
echo "Status: Enrolling device to Jamf Cloud" >> $DNLOG
# Ensure that the DEP-Settings are updated
profiles renew -type enrollment
# wait again till sync is completly done
sleep 60
echo "MigrationFromJSS" > "/Library/Application Support/EOS/EnrollmentMethod"
# Restarting
# echo "Command: MainText: All prepared, now we need to restart this Mac. Please continue and click on 'Restart' or wait a few seconds for automatic restart." >> $DNLOG
echo "Command: MainText: All prepared! Your mac needs to get restarted. Please wait for automatic restart." >> $DNLOG
# echo "Command: ContinueButtonRestart: Restart" >> $DNLOG
while [[ $CountDown -ge 0 ]]; do
echo "Status: Automatic restart in $CountDown" >> $DNLOG
echo "Command: MainTitle: Restart in $CountDown" >> $DNLOG
(( CountDown = $CountDown - 1 ))
sleep 1
done
echo "Command: RestartNow: Restarting.." >> $DNLOG && sleep 10
echo "Command: Quit" >> $DNLOG
shutdown -r now -k && exit 0
Networks_AutoProxy_status.sh
Executable
+27
View File
@@ -0,0 +1,27 @@
#!/bin/bash
##########################################################################
# Shellscript : List all Networks and Status for AutoProxy
# Autor : NEXT Enterprise gmbh, 2021
##########################################################################
# set -x
IFS=$'\n'
for i in $(networksetup -listallnetworkservices | tail +2 );
do
status=$(networksetup -getproxyautodiscovery "$i" | awk '{print $NF}' 2>/dev/null )
if [[ "$status" == "Off" ]]; then
DisabledAutoProxy+=("$i")
else
EnabledAutoProxy+=("$i")
fi
done
if [[ -z "${DisabledAutoProxy[@]}" ]]; then
echo "<result>On</result>"
else
echo "<result>Off</result>"
fi
unset IFS
Neuer Ordner mit Objekten/Check_Ticket_ohne_Helper.sh
Executable
+55
View File
@@ -0,0 +1,55 @@
#!/bin/bash
##########################################################################
# Shellscript : Prüft, ob das Ticket das eigene ist.
# Autor : Andreas Vogel, macenterprise gmbh, 13.11.2019
##########################################################################
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
TicketIs=$(klist --list-all | grep DIBA.CORP.INT | cut -d ' ' -f 2)
Diba=@DIBA.CORP.INT
name=$user$Diba
#echo $name
#echo $TicketIs
if [[ ! -z "$TicketIs" ]]
then
if [[ $name == $TicketIs ]]
then
exit 0
else
osascript -e 'display dialog "Das angeforderte Ticket scheint nicht dir zu gehören. Bitte fordere dein Eigenes Ticket an." buttons "OK" default button 1'
kdestroy -p $TicketIs
fi
else
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
PASS=$(osascript -e 'text returned of (display dialog "Bitte das Passwort eingeben" default answer "" with hidden answer)') || exit
FILE=$(cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-f0-9' | head -c 8)
PFILE=/Users/$user/.$FILE
touch $PFILE
echo "$PASS" >> $PFILE
if kinit --password-file="$PFILE" $user@DIBA.CORP.INT
then
osascript -e 'display dialog "Das Ticket wurde erfolgreich angefragt." buttons "OK" default button 1'
rm $PFILE
exit 0
else
osascript -e 'display dialog "Fehler! Das Ticket konnte nicht angelegt werden" buttons "OK" default button 1'
rm $PFILE
exit 1
fi
exit 0
fi
Neuer Ordner mit Objekten/Untitled 3.sh
+791
View File
@@ -0,0 +1,791 @@
#!/bin/bash
## Script Name: Selectable_SoftwareUpdate.sh (v005)
## Script Author: Mike Morales, @mm2270 on JAMFNation
## Last Update: 2016-07-19
##
## Modified by: Aaron Stovall
## Modification Date: 9/7/2016
##
## Notes: Deferral Logic borrowed from the Patchoo script by Lachlan Stewart (aka. @loceee)
## Defer Variables
datafolder="/Library/Application Support/JAMF/PatchDeferral"
prefs="$datafolder/com.swu.deferral"
# users can defer x update prompts
defermode=true
defaultdeferthresold="5"
# defer is the # of times a user can defer updates
deferthreshold=$(defaults read "$prefs" DeferThreshold 2> /dev/null)
if [ "$?" != "0" ]
then
defaults write "$prefs" DeferThreshold -int $defaultdeferthresold
deferthreshold=$defaultdeferthresold
fi
defercount=$(defaults read "$prefs" DeferCount 2> /dev/null)
if [ "$?" != "0" ]
then
defaults write "$prefs" DeferCount -int 0
defercount=0
fi
## Check how many Referrals remain
deferremain=$(( deferthreshold - defercount ))
## Path to cocoaDialog (customize to your own location)
cdPath="/Applications/Utilities/cocoaDialog.app/Contents/MacOS/cocoaDialog"
## Quick sanity check to make sure cocoaDialog is installed in the path specified
if [ ! -e "$cdPath" ]; then
echo "cocoaDialog was not found in the path specified. It may not be installed, or the path is wrong. Exiting..."
exit 1
fi
## Set the installAllAtLogin flag here to 'yes' or leave it blank (equivalent to 'no')
## Function: When the script is run on a Mac that is at the login window, if the flag is set to 'yes',
## it will lock the login window to prevent unintended logins and proceed to install all available updates.
## Once completed, the login window will either be unlocked in the case of no restarts needed,
## or a restart will be done immediately to complete the installations.
installAllAtLogin="yes"
## Set the forceEnableUpdates flag below to 'yes' (or any value) to enable it. This option will change the
## checkbox display to show updates as enabled and non-selectable to the user, meaning they will be forced to
## an "on" state for all. Leaving this value blank will retain the original functionality, allowing the end
## user to select the updates they would like to install.
if [[ "$deferremain" -eq 0 ]]; then
echo "You have 0 deferrals remaining. Updates will be installed now"
forceEnableUpdates="Yes"
else
echo "You have $deferremain deferrals remaining"
forceEnableUpdates=""
fi
## Get minor version of OS X
osVers=$( sw_vers -productVersion | cut -d. -f2 )
## Set appropriate Software Update icon depending on OS version
if [[ "$osVers" -lt 8 ]]; then
swuIcon="/System/Library/CoreServices/Software Update.app/Contents/Resources/Software Update.icns"
else
swuIcon="/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdate.icns"
fi
## Set appropriate Restart icon depending on OS version
if [[ "$osVers" == "9" ]]; then
restartIcon="/System/Library/CoreServices/loginwindow.app/Contents/Resources/Restart.tiff"
else
restartIcon="/System/Library/CoreServices/loginwindow.app/Contents/Resources/Restart.png"
fi
## Start - Check Casper Suite script parameters and assign any that were passed to the script
## PARAMETER 4: Set the Organization/Department/Division name. Used in dialog titles
## Default string of "Managed" is used if no script parameter is passed
if [[ "$4" != "" ]]; then
orgName="$4"
else
orgName="Managed"
fi
## PARAMETER 5: Set to "no" (case insensitive) to show a single progress bar update for all installations.
## Default value of "yes" will be used if no script parameter is passed
if [[ "$5" != "" ]]; then
shopt -s nocasematch
if [[ "$5" == "no" ]]; then
showProgEachUpdate="no"
else
showProgEachUpdate="yes"
fi
shopt -u nocasematch
else
showProgEachUpdate="yes"
fi
## PARAMETER 6: Set the number of minutes until reboot (only used if installations require it)
## Default value of 5 minutes is assigned if no script parameter is passed
## Special note: Only full integers can be used. No decimals.
## If the script detects a non whole integer, it will fall back on the default 5 minute setting.
if [[ "$6" != "" ]]; then
## Run test to make sure we have a non floating point integer
if [[ $(expr "$6" / "$6") == "1" ]]; then
minToRestart="$6"
else
echo "Non integer, or a decimal value was passed. Setting reboot time to default (5 minutes)"
minToRestart="5"
fi
else
minToRestart="5"
fi
## Parameter 7: Set to the full path of an icon or image file for any dialogs that are not using the
## Apple Software Update icon. This could be a company logo icon for example
## Default icon is set in the following manner:
## If no script parameter is passed, or the icon/image can not be found and JAMF Self Service is present on the Mac, its icon will be used
## If Self Service is not found, the Software Update icon will be used
if [[ "$7" != "" ]]; then
if [[ -e "$7" ]]; then
echo "A custom dialog icon was set: $7"
msgIcon="$7"
else
if [[ -e "/Applications/Self Service.app/Contents/Resources/Self Service.icns" ]]; then
## Self Service present. Use a default Self Service icon if the file specified could not be found
msgIcon="/Applications/Self Service.app/Contents/Resources/Self Service.icns"
else
## Icon file not found, and Self Service not present. Set icon to Software Update
msgIcon="$swuIcon"
fi
fi
else
if [[ -e "/Applications/Self Service.app/Contents/Resources/Self Service.icns" ]]; then
## Self Service present. Use a default Self Service icon if no parameter was passed
msgIcon="/Applications/Self Service.app/Contents/Resources/Self Service.icns"
else
## No parameter passed, and Self Service not present. Set icon to Software Update
msgIcon="$swuIcon"
fi
fi
## End - Check Casper Suite script parameters
## Text displayed in dialog prompting for selections. Customize if desired.
## Two versions:
## One,for when reboot *required* updates are found.
## Two,for when only non-reboot updates are found.
if [[ ! -z "$forceEnableUpdates" ]]; then
swuTextReboots="The following Apple Software Updates will be installed on your Mac when you click \"Install\". No Deferrals are available.
◀ = Indicates updates that will REQUIRE a reboot of your Mac to complete.
"
else
swuTextReboots="Select the Apple Software Update items you would like to install now from the list below. You can choose to defer the updates up to 5 times. After 5 deferrals, the updates will be installed automatically.
◀ = Indicates updates that will REQUIRE a reboot of your Mac to complete.
To install all updates that will not require a reboot, click \"Install No Reboot Updates\"
"
fi
if [[ ! -z "$forceEnableUpdates" ]]; then
swuTextNoReboots="The following Apple Software Updates will be installed on your Mac when you click \"Install\". No Deferrals are available.
"
else
swuTextNoReboots="Select the Apple Software Update items you would like to install now from the list below. You can choose to defer the updates up to 5 times. After 5 deferrals, the updates will be installed automatically.
"
fi
################################################## ENV VARIABLES #####################################################
## ##
## These variables are gathered to set up the visual environment of the messaging to match the logged in user's ##
## settings. We gather the settings, then change the root account's settings to match. ##
## ##
######################################################################################################################
## Get current logged in user name
loggedInUser=$( ls -l /dev/console | /usr/bin/awk '{ print $3 }' )
echo "Current user is: $loggedInUser"
## Determine logged in user's home directory path
HomeDir=$( dscl . read /Users/$loggedInUser NFSHomeDirectory | awk '{ print $NF }' )
## Get logged in user's Appearance color settings
AquaColor=$( defaults read "$HomeDir/Library/Preferences/.GlobalPreferences" AppleAquaColorVariant 2> /dev/null )
## If user has not changed their settings, value will be null. Set to default 'Aqua' color
if [[ -z "$AquaColor" ]]; then
AquaColor="1"
else
AquaColor="$AquaColor"
fi
## Get logged in user's Keyboard access settings
KeybdMode=$( defaults read "$HomeDir/Library/Preferences/.GlobalPreferences" AppleKeyboardUIMode 2> /dev/null )
## If user has not changed their settings, value will be null. Set to default 'Text boxes and lists only'
if [[ -z "$KeybdMode" ]]; then
KeybdMode="0"
else
KeybdMode="$KeybdMode"
fi
## Set the root account environment settings to match current logged in user's
defaults write /private/var/root/Library/Preferences/.GlobalPreferences AppleAquaColorVariant -int "${AquaColor}"
defaults write /private/var/root/Library/Preferences/.GlobalPreferences AppleKeyboardUIMode -int "${KeybdMode}"
## Restart cfprefsd so new settings will be recognized
killall cfprefsd
################################# Do not modify below this line ########################################
## Function to run when installations are complete
doneRestart ()
{
doneMSG="The installations have completed, but your Mac needs to reboot to finalize the updates.
Your Mac will automatically reboot in $minToRestart minutes. Begin to save any open work and close applications now.
If you want to restart immediately instead, click the \"Restart Now\" button."
## Display initial message for 30 seconds before starting the progress bar countdown
doneRestartMsg=$( "$cdPath" msgbox --title "$orgName Software Update > Updates Complete" \
--text "Updates installed successfully" --informative-text "$doneMSG" \
--button1 " OK " --button2 "Restart Now" --icon-file "$msgIcon" --posY top --width 450 --timeout 30 --timeout-format " " )
if [ "$doneRestartMsg" == "1" ]; then
echo "User pressed OK. Moving on to reboot timer..."
elif [ "$doneRestartMsg" == "2" ]; then
echo "User pressed Reboot Now. Rebooting immediately..."
/sbin/shutdown -r now
else
echo "The message timed out. Moving on to reboot timer..."
fi
## Sub-function to (re)display the progressbar window. Developed to work around the fact that
## CD responds to Cmd+Q and will quit. The script continues the countdown. The sub-function
## causes the progress bar to reappear. When the countdown is done we quit all CD windows
showProgress ()
{
## Display progress bar
"$cdPath" progressbar --title "" --text " Preparing to restart this Mac..." \
--width 500 --height 90 --icon-file "$restartIcon" --icon-height 48 --icon-width 48 < /tmp/hpipe &
## Send progress through the named pipe
exec 20<> /tmp/hpipe
}
## Close file descriptor 20 if in use, and remove any instance of /tmp/hpipe
exec 20>&-
rm -f /tmp/hpipe
## Create the name pipe input for the progressbar
mkfifo /tmp/hpipe
sleep 0.2
## Run progress bar sub-function
showProgress
echo "100" >&20
timerSeconds=$((minToRestart*60))
startTime=$( date +"%s" )
stopTime=$((startTime+timerSeconds))
secsLeft=$timerSeconds
progLeft="100"
while [[ "$secsLeft" -gt 0 ]]; do
sleep 1
currTime=$( date +"%s" )
progLeft=$((secsLeft*100/timerSeconds))
secsLeft=$((stopTime-currTime))
minRem=$((secsLeft/60))
secRem=$((secsLeft%60))
if [[ $(ps axc | grep "cocoaDialog") == "" ]]; then
showProgress
fi
echo "$progLeft $minRem minutes, $secRem seconds until reboot. Please save any work now." >&20
done
echo "Closing progress bar."
exec 20>&-
rm -f /tmp/hpipe
## Close cocoaDialog. This block is necessary for when multiple runs of the sub-function were called in the script
for process in $(ps axc | awk '/cocoaDialog/{print $1}'); do
/usr/bin/osascript -e 'tell application "cocoaDialog" to quit'
done
## Clean up by deleting the SWUList file in /tmp/
rm /tmp/SWULIST
## Delay 1/2 second, then force reboot
sleep 0.5
shutdown -r now
}
## Function to install selected updates, updating progress bar with information
installUpdates ()
{
if [[ "${restartReq}" == "yes" ]]; then
installMSG="Installations are now running. Please do not shut down your Mac or put it to sleep until the installs finish.
IMPORTANT:
Because you chose some updates that require a restart, we recommend saving any important documents now. Your Mac will reboot soon after the installations are complete."
elif [[ "${restartReq}" == "no" ]] || [[ "${restartReq}" == "" ]]; then
installMSG="Updates are now installing. Please do not shut down your Mac or put it to sleep until the installs finish."
fi
## Sub-function to display both a button-less CD window and a progress bar
## This sub routine gets called by the enclosing function. It can also be called by
## the install process if it does not see 2 instances of CD running
showInstallProgress ()
{
## Display button-less window above progress bar, push to background
"$cdPath" msgbox --title "$orgName Software Update > Installation" --text "Installations in progress" \
--informative-text "${installMSG}" --icon-file "${msgIcon}" --width 450 --height 184 --posY top &
## Display progress bar
echo "Displaying progress bar window."
"$cdPath" progressbar --title "" --text " Preparing to install selected updates..." \
--posX "center" --posY 198 --width 450 --float --icon installer < /tmp/hpipe &
## Send progress through the named pipe
exec 10<> /tmp/hpipe
}
## Close file descriptor 10 if in use, and remove any instance of /tmp/hpipe
exec 10>&-
rm -f /tmp/hpipe
## Create the name pipe input for the progressbar
mkfifo /tmp/hpipe
sleep 0.2
## Run the install progress sub-function (shows button-less CD window and progressbar
showInstallProgress
if [[ "$showProgEachUpdate" == "yes" ]]; then
echo "Showing individual update progress."
## Run softwareupdate in verbose mode for each selected update, parsing output to feed the progressbar
## Set initial index loop value to 0; set initial update count value to 1; set variable for total updates count
i=0;
pkgCnt=1
pkgTotal="${#selectedItems[@]}"
for index in "${selectedItems[@]}"; do
UpdateName="${progSelectedItems[$i]}"
echo "Now installing ${UpdateName}..."
/usr/sbin/softwareupdate --verbose -i "${index}" 2>&1 | while read line; do
## Re-run the sub-function to display the cocoaDialog window and progress
## if we are not seeing 2 items for CD in the process list
if [[ $(ps axc | grep "cocoaDialog" | wc -l | sed 's/^ *//') != "2" ]]; then
killall cocoaDialog
showInstallProgress
fi
pct=$( echo "$line" | awk '/Progress:/{print $NF}' | cut -d% -f1 )
echo "$pct Installing ${pkgCnt} of ${pkgTotal}: ${UpdateName}..." >&10
done
let i+=1
let pkgCnt+=1
done
else
## Show a generic progress bar that progresses through all installs at once from 0-100 %
echo "Parameter 5 was set to \"no\". Showing single progress bar for all updates"
softwareupdate --verbose -i "${SWUItems[@]}" 2>&1 | while read line; do
## if we are not seeing 2 items for CD in the process list
if [[ $(ps axc | grep "cocoaDialog" | wc -l | sed 's/^ *//') != "2" ]]; then
killall cocoaDialog
showInstallProgress
fi
pct=$( echo "$line" | awk '/Progress:/{print $NF}' | cut -d% -f1 )
echo "$pct Installing ${#SWUItems[@]} updates..." >&10
done
fi
echo "Closing progress bar."
exec 10>&-
rm -f /tmp/hpipe
## Close all instances of cocoaDialog
echo "Closing all cocoaDialog windows."
for process in $(ps axc | awk '/cocoaDialog/{print $1}'); do
/usr/bin/osascript -e 'tell application "cocoaDialog" to quit'
done
## If any installed updates required a reboot...
if [[ "${restartReq}" == "yes" ]]; then
## ...then move to the restart phase
## Reset deferral counter
defaults write "$prefs" DeferCount -int 0
doneRestart
## If no installed updates required a reboot, display updates complete message instead
elif [[ "${restartReq}" == "no" ]]; then
echo "Showing updates complete message."
doneMSG="The installations have completed successfully. You can resume working on your Mac."
"$cdPath" msgbox --title "$orgName Software Update > Updates Complete" \
--text "Updates installed successfully" --informative-text "$doneMSG" \
--button1 " OK " --posY top --width 450 --icon-file "$msgIcon"
## Clean up by deleting the SWUList file in /tmp/ before exiting the script
echo "Cleaning up SWU list file."
rm /tmp/SWULIST
## Reset deferral counter
defaults write "$prefs" DeferCount -int 0
exit 0
fi
}
## Function to assess which items were checked, and create new arrays
## used for installations and other functions
assessChecks ()
{
## Check to see if the installNoReboots flag was set by the user
if [[ "$installNoReboots" == "yes" ]]; then
echo "User chose to install all non reboot updates. Creating update(s) array and moving to install phase"
## If flag was set, build update arrays from the noReboots array
for index in "${noReboots[@]}"; do
selectedItems+=( "${SWUItems[$index]}" )
hrSelectedItems+=( "${SWUList[$index]}" )
progSelectedItems+=( "${SWUProg[$index]}" )
done
## Automatically set the restart required flag to "no"
restartReq="no"
## Then move on to install updates function
installUpdates
fi
## If installNoReboots flag was not set, generate array of formatted
## checkbox indexes for parsing based on the selections from the user
i=0;
for state in ${Checks[*]}; do
checkboxstates=$( echo "${i}-${state}" )
let i+=1
## Set up an array we can read through later with the state of each checkbox
checkboxfinal+=( "${checkboxstates[@]}" )
done
for check in "${checkboxfinal[@]}"; do
if [[ "$check" =~ "-1" ]]; then
## First, get the index of the checked item
index=$( echo "$check" | cut -d- -f1 )
## Second, generate 3 new arrays:
## 1) Short names of the updates for the installation
## 2) Names of updates as presented in the dialog (for checking restart status)
## 3) Names of the updates for updating the progress bar
selectedItems+=( "${SWUItems[$index]}" )
hrSelectedItems+=( "${SWUList[$index]}" )
progSelectedItems+=( "${SWUProg[$index]}" )
fi
done
echo "The following updates will be installed: ${progSelectedItems[@]}"
## Determine if any of the checked items require a reboot
restartReq="no"
for item in "${hrSelectedItems[@]}"; do
if [[ $(echo "${item}" | grep "^◀") != "" ]]; then
echo "At least one selected update will require reboot. Setting the restartReq flag to \"yes\""
restartReq="yes"
break
fi
done
echo "Restart required?: ${restartReq}"
## If we have some selected items, move to install phase
if [[ ! -z "${selectedItems[@]}" ]]; then
echo "Updates were selected"
installUpdates
fi
}
## The initial message function
startDialog ()
{
## Generate array of SWUs for dialog
z=0
while read SWU; do
SWUList+=( "$SWU" )
if [[ ! -z "$forceEnableUpdates" ]]; then
checksOnArr+=("$z")
let z=$((z+1))
fi
done < <(echo "${readSWUs}")
## Generate array of SWUs for progress bar
while read item; do
SWUProg+=( "${item}" )
done < <(echo "${progSWUs}")
## Generate array of SWUs for installation
while read swuitem; do
SWUItems+=( "$swuitem" )
done < <(echo "${installSWUs}")
## Generate an array of indexes for any non-reboot updates
for index in "${!SWUList[@]}"; do
if [[ $(echo "${SWUList[$index]}" | grep "^◀") == "" ]]; then
noReboots+=( "$index" )
fi
done
if [[ ! -z "$forceEnableUpdates" ]]; then
button3Label=""
button2Label=""
else
button3Label=" Install No Reboot Updates "
button2Label=" Later ($deferremain Deferrals Remain) "
fi
## Show dialog with selectable options
if [[ ! -z "${noReboots[@]}" ]]; then
echo "There are some non reboot updates available. Showing selection screen to user"
SWUDiag=$( "$cdPath" checkbox --title "$orgName Software Update" --items "${SWUList[@]}" --checked "${checksOnArr[@]}" --disabled "${checksOnArr[@]}" \
--label "$swuTextReboots" --button1 " Install " --button2 "$button2Label" --cancel "button2" --button3 "$button3Label" \
--icon-file "$msgIcon" --icon-height 80 --icon-width 80 --width 500 --posY top )
## Get the button pressed and the options checked
Button=$( echo "$SWUDiag" | awk 'NR==1{print $0}' )
Checks=($( echo "$SWUDiag" | awk 'NR==2{print $0}' ))
## Set up a non array string from the checkboxes returned
ChecksNonArray=$( echo "$SWUDiag" | awk 'NR==2{print $0}' )
## If the "Install" button was clicked
if [[ "$Button" == "1" ]]; then
echo "User clicked the \"Install\" button."
## Check to see if at least one box was checked
if [[ $( echo "${ChecksNonArray}" | grep "1" ) == "" ]]; then
echo "No selections made. Alerting user and returning to selection screen."
"$cdPath" msgbox --title "$orgName Software Update" --text "No selections were made" \
--informative-text "$(echo -e "You didn't select any updates to install.\n\nIf you want to cancel out of this application, click the \"Later\" button in the window instead, or press the Esc key.\n\nThe Software Update window will appear again momentarily.")" \
--button1 " OK " --timeout 10 --timeout-format " " --width 500 --posY top --icon caution
## Because we are restarting the function, first empty all previously built arrays
## Credit to Cem Baykara (@Cem - JAMFNation) for discovering this issue during testing
SWUList=()
SWUProg=()
SWUItems=()
## Now restart this function after the alert message times out
startDialog
else
## "Install" button was clicked and items checked. Run the assess checkbox function
echo "Selections were made. Moving to assessment function..."
assessChecks
fi
elif [[ "$Button" == "3" ]]; then
## "Install No Reboot Updates" button was clicked. Set the installNoReboots flag to "yes" and skip to check assessment
echo "User clicked the \"Install No Reboot Updates\" button."
installNoReboots="yes"
assessChecks
else
echo "User chose to Defer. Exiting..."
deferralCheck
exit 0
fi
else
## No non-reboot updates were available. Display a different dialog to the user
echo "No non-reboot updates found, but other updates available. Showing selection dialog to user"
SWUDiag=$( "$cdPath" checkbox --title "$orgName Software Update" --items "${SWUList[@]}" --checked "${checksOnArr[@]}" --disabled "${checksOnArr[@]}" \
--label "$swuTextNoReboots" --button1 " Install " --button2 "$button2Label" --cancel "button2" \
--icon-file "$swuIcon" --icon-height 80 --icon-width 80 --width 500 --posY top --value-required \
--empty-text "$(echo -e "You must check at least one item before clicking \"Install\".\n\nIf you want to defer, click \"Later\" or press the esc key.")" )
## Get the button pressed and the options checked
Button=$( echo "$SWUDiag" | awk 'NR==1{print $0}' )
Checks=($( echo "$SWUDiag" | awk 'NR==2{print $0}' ))
if [[ "$Button" == "1" ]]; then
## "Install" button was clicked. Run the assess checkbox function
echo "User clicked the \"Install\" button"
assessChecks
else
echo "User chose to Defer from the selection dialog."
deferralCheck
echo "Cleaning up SWU list file. Exiting..."
rm /tmp/SWULIST
exit 0
fi
fi
}
## Function to check the deferral count
deferralCheck ()
{
(( defercount ++ ))
defaults write "$prefs" DeferCount -int $defercount
deferremain=$(( deferthreshold - defercount ))
if $defermode
then
# check to see if they are allowed to defer anymore
deferremain=$(( deferthreshold - defercount ))
if [ $deferremain -eq 0 ] || [ $deferremain -lt 0 ]
then
# if the defercounter has run out, FORCED INSTALLATION! set timeout to 30 minutes
echo "You have no deferrals left"
else
# prompt user with defer option
echo "You have $deferremain deferrals remaining"
fi
else
# if we don't have deferals enabled
echo "Deferrals are not enabled"
fi
}
## Function to lock the login window and install all available updates
startLockScreenAgent ()
{
## Note on this function: To make the script usable outside of a Casper Suite environment,
## we are using the Apple Remote Management LockScreen.app, located inside the AppleVNCServer bundle.
## This bundle and corresponding app is installed by default in all recent versions of OS X
## Set a flag to yes if any updates in the list will require a reboot
while read line; do
if [[ $(echo "$line" | grep "^◀") != "" ]]; then
rebootsPresent="yes"
break
fi
done < <(echo "$readSWUs")
## Define the name and path to the LaunchAgent plist
PLIST="/Library/LaunchAgents/com.LockLoginScreen.plist"
## Define the text for the xml plist file
LAgentCore="<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
<plist version=\"1.0\">
<dict>
<key>Label</key>
<string>com.LockLoginScreen</string>
<key>RunAtLoad</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>LoginWindow</string>
<key>ProgramArguments</key>
<array>
<string>/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/MacOS/LockScreen</string>
<string>-session</string>
<string>256</string>
<string>-msg</string>
<string>Updates are currently being installed on this Mac. It will automatically be restarted or returned to the login window when installations are complete.</string>
</array>
</dict>
</plist>"
## Create the LaunchAgent file
echo "Creating the LockLoginScreen LaunchAgent..."
echo "$LAgentCore" > "$PLIST"
## Set the owner, group and permissions on the LaunchAgent plist
echo "Setting proper ownership and permissions on the LaunchAgent..."
chown root:wheel "$PLIST"
chmod 644 "$PLIST"
## Use SIPS to copy and convert the SWU icon to use as the LockScreen icon
## First, back up the original Lock.jpg image
echo "Backing up Lock.jpg image..."
mv /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg \
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg.bak
## Now, copy and convert the SWU icns file into a new Lock.jpg file
## Note: We are converting it to a png to preserve transparency, but saving it with the .jpg extension so LockScreen.app will recognize it.
## Also resize the image to 400 x 400 pixels so its not so honkin' huge!
echo "Creating SoftwareUpdate icon as png and converting to Lock.jpg..."
sips -s format png "$swuIcon" --out /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg \
--resampleWidth 400 --resampleHeight 400
## Now, kill/restart the loginwindow process to load the LaunchAgent
echo "Ready to lock screen. Restarting loginwindow process..."
kill -9 $(ps axc | awk '/loginwindow/{print $1}')
## Install all available Software Updates
echo "Screen locked. Installing all available Software Updates..."
/usr/sbin/softwareupdate --install --all
if [ "$?" == "0" ]; then
## Delete LaunchAgent and reload the Login Window
echo "Deleting the LaunchAgent..."
rm "$PLIST"
sleep 1
if [[ "$rebootsPresent" == "yes" ]]; then
## Put the original Lock.jpg image back where it was, overwriting the SWU Icon image
echo "The rebootsPresent flag was set to 'yes' Replacing Lock.jpg image and immediately rebooting the Mac..."
mv /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg.bak \
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg
## Kill the LockScreen app and restart immediately
killall LockScreen
/sbin/shutdown -r now
else
## Put the original Lock.jpg image back where it was, overwriting the SWU Icon image
echo "The rebootsPresent flag was not set. Replacing Lock.jpg image and restoring the loginwindow..."
mv /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg.bak \
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg
## Kill/restart the login window process to return to the login window
kill -9 $(ps axc | awk '/loginwindow/{print $1}')
fi
else
echo "There was an error with the installations. Removing the Agent and unlocking the login window..."
rm "$PLIST"
sleep 1
mv /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg.bak \
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg
## Kill/restart the login window process to return to the login window
kill -9 $(ps axc | awk '/loginwindow/{print $1}')
exit 0
fi
}
## The script starts here
## Gather available Software Updates and export to a file
echo "Pulling available Software Updates..."
/usr/sbin/softwareupdate -l > /tmp/SWULIST
echo "Finished pulling available Software Updates into local file"
echo "Checking to see what updates are available..."
## Generate list of readable items and installable items from file
readSWUs=$( cat /tmp/SWULIST | awk -F"," '/recommended/{print $2,$1}' | sed -e 's/[0-9]*K \[recommended\][ *]//g;s/\[restart\] */◀ /g' | sed 's/[ ]//g' )
progSWUs=$( cat /tmp/SWULIST | awk -F"," '/recommended/{print $2,$1}' | sed -e 's/[0-9]*K \[recommended\][ *]//g;s/\[restart\] *//g' | sed 's/[ ]//g' )
installSWUs=$( cat /tmp/SWULIST | grep -v 'recommended' | awk -F'\\* ' '/\*/{print $NF}' )
## First, make sure there's at least one update from Software Update
if [[ -z "$readSWUs" ]]; then
echo "No pending Software Updates found for this Mac. Exiting..."
exit 0
elif [[ ! -z "$readSWUs" ]] && [[ "$loggedInUser" != "root" ]]; then
echo "Software Updates are available, and a user is logged in. Moving to initial dialog..."
startDialog
elif [[ ! -z "$readSWUs" ]] && [[ "$loggedInUser" == "root" ]]; then
if [ "$installAllAtLogin" == "yes" ]; then
echo "SWUs are available, no-one logged in and the installAllAtLogin flag was set. Locking screen and installing all updates..."
startLockScreenAgent
else
echo "SWUs are available, no-one logged in but the installAllAtLogin flag was not set. Exiting..."
exit 0
fi
fi
Neuer Ordner mit Objekten/Zeit_Umwandlungen.sh
+57
View File
@@ -0,0 +1,57 @@
#!/bin/bash
################################# Find last Reboot #################################
########################## wann wurde der Neustart durchgeführt ##########################
# Auslesen, wann der Neustart durchgeführt worden ist
lastBootRaw=$(sysctl kern.boottime | awk '{print $5}' | tr -d ,)
echo "Der Neustart wurde durchgeführt um $lastBootRaw"
# Zeit umwandeln
lastBootFormatMin=$(date -jf "%s" "$lastBootRaw" +"%H:%M:%S")
lastBootFormatDay=$(date -jf "%s" "$lastBootRaw" +"%d.%m:%y")
echo "Umgewandelte Zeit ist $lastBootFormatDay $lastBootFormatMin"
########################## wann wurde die Datei erstellt ##########################
# Auslesen, wann die Datei erstellt worden ist
TimeCreate=$(date -r /Users/andreasvogel/Desktop/test +'%s')
echo $TimeCreate
# Zeit umwandeln
lastTimeMin=$(date -jf "%s" "$TimeCreate" +"%H:%M:%S")
lastTimeDay=$(date -jf "%s" "$TimeCreate" +"%d.%m.%y")
echo "Umgewandelte Zeit ist $lastTimeDay $lastTimeMin"
########################## Info für intern ##########################
# Ausdruck Bedeutung Liefert wahr (0) zurück, wenn ...
# [ var1 eq var2 ] (eq = equal) var1 gleich var2 ist
# [ var1 ne var2 ] (ne = not equal) var1 ungleich var2 ist
# [ var1 lt var2 ] (lt = less than) var1 kleiner als var2 ist
# [ var1 gt var2 ] (gt = greater than) var1 größer als var2 ist
# [ var1 le var2 ] (le = less equal) var1 kleiner oder gleich var2 ist
# [ var1 ge var2 ] (ge = greater equal) var1 größer oder gleich var2 ist
# (( var1 == var2 )) == var1 gleich var2 ist
# (( var1 != var2 )) != var1 ungleich var2 ist
# (( var1 < var2 )) < var1 kleiner als var2 ist
# (( var1 > var2 )) > var1 größer als var2 ist
# (( var1 >= var2 )) >= var1 größer oder gleich var2 ist
# (( var1 <= var2 )) <= var1 kleiner oder gleich var2 ist
# [ "$var1" = "$var2" ] = var1 gleich var2 ist
# [ "$var1" != "$var2" ] != var1 ungleich var2 ist
# [ z "$var" ] z var leer ist
# [ n "$var" ] n var nicht leer ist
########################## Variablen ##########################
if [ $lastBootRaw -lt $TimeCreate ]
then
echo "länger"
else
echo "kürzer"
fi
Neuer Ordner mit Objekten/de.ing.Find_delete_old_JAMF_V2.sh
+19
View File
@@ -0,0 +1,19 @@
#!/bin/bash
############################################################################
# Shellscript : Prüfen ob das Zertifikat noch das alte Zertifikat noch da ist.
# Autor : Andreas Vogel, macenterprise gmbh
# Copyright : macenterprise 2019
############################################################################
# Variable
certificate="Mac-Computer-JAMF-V2"
# Suchen und löschen
if security find-certificate -c $certificate
then
sudo security delete-certificate -c $certificate
else
exit 0
fi
Neuer Ordner mit Objekten/de.ing.Find_old_Jamf_V2.sh
+16
View File
@@ -0,0 +1,16 @@
#!/bin/bash
############################################################################
# Shellscript : Prüfen ob das Zertifikat noch das alte Zertifikat noch da ist.
# Autor : Andreas Vogel, macenterprise gmbh
# Copyright : macenterprise 2019
############################################################################
if security find-certificate -c "Mac-Computer-JAMF-V2"
then
certificate=1
else
certificate=0
fi
echo "<result>$certificate</result>"
Neuer Ordner mit Objekten/de.ing.create_new_ad_user.sh
+82
View File
@@ -0,0 +1,82 @@
#!/bin/bash
##########################################################################
# Shellscript : Script
# Autor : Jobst Heinermann, macenterprise gmbh
# Copyright : macenterprise 2019
##########################################################################
#################################### Function ####################################
ask () {
osascript <<EOF - 2>/dev/null
tell application "SystemUIServer"
activate
text returned of (display dialog "$1" default answer "")
end tell
EOF
}
askhidden () {
osascript <<EOF - 2>/dev/null
tell application "SystemUIServer"
activate
text returned of (display dialog "$1" default answer "" with hidden answer)
end tell
EOF
}
askolddir () {
osascript <<EOF - 2>/dev/null
set strPath to POSIX file "/Users/"
set f to (choose folder with prompt "$1" default location strPath)
set posixF to POSIX path of f
tell application "Finder" to set filesDir to container of f as alias as text
set posixDir to POSIX path of filesDir
posixF
EOF
}
asknewdir () {
osascript <<EOF - 2>/dev/null
tell application "SystemUIServer"
activate
text returned of (display dialog "$1" default answer "")
end tell
EOF
}
DecryptString() {
# Usage: ~$ DecryptString "Encrypted String" "Salt" "Passphrase"
echo "${1}" | /usr/bin/openssl enc -aes256 -d -a -A -S "${2}" -k "${3}"
}
#################################### Variabeln ####################################
#diba.corp.int erreichbar?
AD_ING="diba.corp.int" #AD Domaine
AD_STAT=$(dsconfigad -show | awk '/Active Directory Domain/{print $NF}') #AD Domain auf System
ping -c1 $AD_ING 1>/dev/null 2>/dev/null
SUCCESS=$?
PNUM=$(ask 'Bitte Personalnummer eingeben') || exit #Personalnummer
ADMIN="ladmin" #lokaler Admin
PASS=$(askhidden 'Bitte das Passwort des User eingeben') || exit #User Passwort
APASS=$(DecryptString "$4" "$5" "$6") #Admin Passwort
AGRP="DOMDIBACORP\Domain Users" #User Gruppe im AD
#################################### Variabeln ####################################
if [[ "$AD_STAT" = "$AD_ING" && $SUCCESS -eq 0 ]]
then
osascript -e 'tell application "SystemUIServer" to display dialog "AD ist erreichbar und konfiguriert!" buttons {"OK"} default button "OK"'
if sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n "$PNUM" -p "$PASS" -a "$ADMIN" -U "$APASS"
then
sudo osascript -e 'tell application "SystemUIServer" to display dialog "AD-Benutzer wurde erfolgreich angelegt!" buttons {"OK"} default button "OK"'
else
sudo osascript -e 'tell application "SystemUIServer" to display dialog "AD-Benutzer konnte nicht angelegt werden!" buttons {"OK"} default button "OK"'
fi
else
osascript -e 'tell application "SystemUIServer" to display dialog "AD ist nicht erreichbar !" buttons {"OK"} default button "OK"'
exit 1
fi
exit 0
Neuer Ordner mit Objekten/restart_mit_daemon _erweitert.sh
+446
View File
@@ -0,0 +1,446 @@
#!/bin/bash
#####################################################################################
# Shellscript : User kann entscheiden, wann das Gerät neugestartet wird.
# Autor : Andreas Vogel, macenterprise gmbh, 17.12.2019
#####################################################################################
#################################### Remove und Delete old Daemon ####################################
launchctl remove de.ing.LastWarningDaemon.plist
/bin/rm -f /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
#################################### Jamf Helper ####################################
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
jamf="/usr/local/bin/jamf"
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
INGIcon="/Users/$user/Library/Application Support/com.jamfsoftware.selfservice.mac/Documents/Images/brandingimage.png"
Message="
Auf diesem Gerät wurde ein Sicherheitsupdate installiert.
Dieses erfordert einen Neurtart des Gerätes. Bitte starte den Rechner jetzt neu oder wähle eine der Optionen aus um den Neustart zu verschieben.
A security update has been installed on this device.
This requires a reboot of the device. Please restart the computer now or select one of the options to reschedule the restart.
"
RestartOptions=$("$jamfHelper" -windowType utility -icon "$INGIcon" -title "Please restart" -description "$Message" -button2 "Restart in" -showDelayOptions "120, 300, 900, 1800, 14400, 21600" -button1 "Immediately" -cancelButton 1 -defaultButton 2 -timeout "300" -countdown -alignCountdown "right")
#################################### Variablen Zeit ermitteln ####################################
# Variablen zur weiterverarbeitung
# Diese Variablen werden benötigt, damit ausgewertet werden kann, welche Taste gedrückt worden ist.
# Des Weiteren wird die gewählte Zeit ausgewertet und nach welche Zeit die letzte Warnung in Sekunden
# erfolgen wird.
buttonClicked="${RestartOptions:$i-1}"
result=$RestartOptions
delayint=$(echo "$result" | /usr/bin/sed 's/.$//')
warndelayint=$(expr $delayint - 60)
warndelayfivemin=$(expr $delayint - 300)
# Variablen delayRestart
# Diese Variablen werden für den delayRestart Daemon benutzt.
# Die Variablen sind entsprechen nicht den Variablen für die letzte Meldung.
defercal=$(($(/bin/date +%s) + delayint))
hour=$(/bin/date -j -f "%s" "$defercal" "+%H")
minute=$(/bin/date -j -f "%s" "$defercal" "+%M")
Day=$(/bin/date -j -f "%s" "$defercal" +"%d.%m.%y")
# Variablen für LastWarning Daemon
# Dieses Variablen werden für den Daemon benutz, der eine Minute vor dem geplanten Neustart
# gestartet wird und die Meldung bringt.
warndefercal=$(($(/bin/date +%s) + warndelayint))
warnhour=$(/bin/date -j -f "%s" "$warndefercal" "+%H")
warnminute=$(/bin/date -j -f "%s" "$warndefercal" "+%M")
# Variablen für 5minWarning Daemon
# Dieses Variablen werden für den Daemon benutz, der 5 Minute vor dem geplanten Neustart
# gestartet wird und die Meldung bringt.
warner=$(($(/bin/date +%s) + warndelayfivemin))
behour=$(/bin/date -j -f "%s" "$warner" "+%H")
beminute=$(/bin/date -j -f "%s" "$warner" "+%M")
#################################### Variablen Massage / Icons ####################################
InfoIcon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/ToolbarInfo.icns"
RestartIcon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/Sync.icns"
RestartMessage="Das System wird in 1 Minute neugestartet. Es erfolgt kein weiterer Hinweis.
The system will restart in 1 minute. There is no further notice."
InfoMessage="Das System wird aufgrund deiner Auswahl um $hour:$minute Uhr neu gestartet.
The system will restart at $hour:$minute o'clock based on your selection
"
ShutdownMessage="Das System wird jetzt aufgrund deiner Auswahl neu gestartet.
Das System wird für den Neustart vorbereitet.
The system will restart now based on your selection.
The system is being prepared for a restart.
"
FiveMinShutdownMessage="Das System wird aufgrund deiner Auswahl in 5 Minuten neu gestartet.
The system will restart in 5 minutes based on your selection.
"
#################################### Create deamen ####################################
# Daemon wird erstellt, wenn der User eine Längere Zeit als 15 min für den neustart auswählt.
# Diese Daemon wird 5 min vor dem geplanten neustart gestartet und ausgeführt.
# Der Daemon führt nur ein Script aus, der eine Meldung für den Neustart gibt.
FiveMinWarningDaemon()
{
/bin/cat <<EOA > /Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>de.ing.FiveMinWarningScript</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/Library/Application Support/JAMF/ING/de.ing.FiveMinWarningScript.sh</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>$behour</integer>
<key>Minute</key>
<integer>$beminute</integer>
</dict>
</dict>
</plist>
EOA
}
# Daemon wird immer erstellt.
# Diese Daemon wird 1 min vor dem geplanten neustart gestartet und ausgeführt.
# Der Daemon führt das Script "LastWarningScript" aus.
LastWarningDaemon()
{
/bin/cat <<EOB > /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>de.ing.LastWarningDaemon</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/Library/Application Support/JAMF/ING/de.ing.LastWarningScript.sh</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>$warnhour</integer>
<key>Minute</key>
<integer>$warnminute</integer>
</dict>
</dict>
</plist>
EOB
}
# Daemon wird immer erstellt.
# Diese Daemon dient lediglich als Backup, falls der User sein Gerät vor dem geplanten und dem durch den
# Daemon "LastWarningDaemon" verursachten Neustart durchführt.
# Der Daemon führt das Script "LastWarningScript" aus.
EnforceRestatDaemon()
{
/bin/cat <<EOC > /Library/LaunchDaemons/de.ing.EnforceRestat.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>de.ing.EnforceRestatDaemon</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/Library/Application Support/JAMF/ING/de.ing.EnforceRestatScript.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>600</integer>
</dict>
</plist>
EOC
}
#################################### Create Script ####################################
FiveMinWarningScript()
{
/bin/cat <<EOD > /Library/Application\ Support/JAMF/ING/de.ing.FiveMinWarningScript.sh
#!/bin/bash
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon "$InfoIcon" -title "Restart in five minutes" -description "$FiveMinShutdownMessage" -button1 "OK" -defaultButton 1 -timeout 60
launchctl remove de.ing.FiveMinWarningScript.plist
/bin/rm -f /Library/LaunchDaemons/de.ing.FiveMinWarningScript.plist
EOD
}
# Sicherstellung, dass der Neustart eine Minute nach der Meldung erfolgt.
# Bassierend auf der Auswahlt, die der User getroffen hat.
# Neustart wird nicht verzögert. Unaghängig ob der User in der letzten Meldung auf OK klickt oder nicht wird der Neustart
# zu der geplanten Zeit ausgeführt.
# Gemäß der der "man shutdown" kann die Option wie folgt gelegt werden:
# -r The system is rebooted at the specified time.
# The hours and minutes in the second time format may be separated by a colon (``:'') for backward compatibility.
# Anschliessend wird das Script den Daemon wieder löschen. Das Script bleibt erhalten.
# Beim nächsten ausführen der Policy wird das Script überschrieben und die neuen Variablen übernehmen.
LastWarningScript()
{
/bin/cat <<EOE > /Library/Application\ Support/JAMF/ING/de.ing.LastWarningScript.sh
#!/bin/bash
shutdown -r $hour:$minute
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon "$InfoIcon" -title "Warning" -description "$RestartMessage" -button1 "OK" -defaultButton 1 -timeout 45
launchctl remove de.ing.LastWarningDaemon.plist
/bin/rm -f /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
launchctl remove de.ing.EnforceRestat.plist
/bin/rm -f /Library/LaunchDaemons/de.ing.EnforceRestat.plist
EOE
}
EnforceRestatScript()
{
/bin/cat <<EOF > /Library/Application\ Support/JAMF/ING/de.ing.EnforceRestatScript.sh
#!/bin/bash
#####################################################################################
# Shellscript : Script stellt sicher, dass das Gerät neugestartet worden ist.
# Autor : Andreas Vogel, macenterprise gmbh, 17.12.2019
#####################################################################################
#################################### Time Today ####################################
today=$(date +%s)
echo "Heute ist der $today"
#################################### Daemond ans Script ####################################
listDaemons="
/Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
/Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
"
listScripts="
LastWarningScript.sh
FiveMinWarningScript.sh
"
################################# Unload or Remove #################################
removeDaemon(){
for d in $listDaemons
do
if [ -f "$d" ]
then
echo $d
sudo launchctl unload $d
sudo rm $d
fi
done
}
removeScript(){
for s in $listScripts
do
if [ -f "/Library/Application Support/JAMF/ING/$s" ]
then
echo $s
rm -rf "/Library/Application Support/JAMF/ING/$s"
fi
done
}
#################################### Jamf Helper ####################################
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
jamf="/usr/local/bin/jamf"
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
INGIcon="/Users/$user/Library/Application Support/com.jamfsoftware.selfservice.mac/Documents/Images/brandingimage.png"
EnforceMessage="
Der geplante Neustart für dem $Day um $hour:$minute konnte nicht durchgeführt werden.
Möglicherweise befand sich das Gerät im Ruhemodus. Der Neustart wird nun durchgeführt.
"
################################# Find last Reboot #################################
# Zeit umwandeln
# wird benötigt um die Zeit in ein Gewünschtes Format umzuwandeln
# Es kann umgewandelt werden in Uhrzeit oder Datum
# lastBootFormatMin=$(date -jf "%s" "$lastBootRaw" +"%H:%M:%S")
# lastBootFormatDay=$(date -jf "%s" "$lastBootRaw" +"%d.%m:%y")
# echo "Umgewandelte Zeit ist $lastBootFormatDay $lastBootFormatMin"
########################## wann wurde der Neustart durchgeführt ##########################
# Auslesen, wann der Neustart durchgeführt worden ist
lastBootRaw=$(sysctl kern.boottime | awk '{print $5}' | tr -d ,)
lastBootFormatMin=$(date -jf "%s" "$lastBootRaw" +"%H:%M:%S")
echo $lastBootFormatMin
echo "Der Neustart wurde durchgeführt am $lastBootRaw"
########################## wann wurde die Datei erstellt ##########################
# Auslesen, wann die Datei erstellt worden ist
TimeCreate=$(date -r /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist +'%s')
TimeCreateFormatMin=$(date -jf "%s" "$TimeCreate" +"%H:%M:%S")
echo $TimeCreateFormatMin
echo "Die Datei wurde erstellt am $TimeCreate"
delayint=$(echo "$result" | /usr/bin/sed 's/.$//')
defercal=$(($(/bin/date +%s) + delayint))
########################## Enforce Warning ##########################
EnforceWarning()
{
# shutdown -r +1
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon "$InfoIcon" -title "Warning" -description "$EnforceMessage" -button1 "OK" -defaultButton 1 -timeout 45
}
########################## Ausführung ##########################
if [ $lastBootRaw -gt $TimeCreate ]
then
echo "letzter Neustart älter als Datei"
# removeDaemon
# removeScrpit
# rm -rf /Library/LaunchDaemons/de.ing.EnforceRestat.plist
else
if [ $today -lt $TimeCreate ]
then
echo "letzter neustart über 7 stunden her also nestart"
# shutdown -r +2
# EnforceWarning
# removeDaemon
# removeScrpit
# rm -rf /Library/LaunchDaemons/de.ing.EnforceRestat.plist
else
echo "heute ist größer als Datei"
fi
fi
EOF
}
shutdownWarning()
{
# shutdown -r +1
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon "$InfoIcon" -title "Warning" -description "$ShutdownMessage" -button1 "OK" -defaultButton 1 -timeout 45
}
#################################### Load Daemon and Script ####################################
StartandLoadFiveMin()
{
# set ownership on LastWarningDaemon launch daemon
/usr/sbin/chown root:wheel /Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
/bin/chmod 644 /Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
#load launchd
launchctl load /Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
#set ownership for Script
/usr/sbin/chown root:admin "/Library/Application Support/JAMF/ING/de.ing.FiveMinWarningScript.sh"
/bin/chmod 755 "/Library/Application Support/JAMF/ING/de.ing.FiveMinWarningScript.sh"
}
StartandLoadLast()
{
# set ownership on LastWarningDaemon launch daemon
/usr/sbin/chown root:wheel /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
/bin/chmod 644 /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
#load launchd
launchctl load /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
#set ownership for Script
/usr/sbin/chown root:admin "/Library/Application Support/JAMF/ING/de.ing.LastWarningScript.sh"
/bin/chmod 755 "/Library/Application Support/JAMF/ING/de.ing.LastWarningScript.sh"
}
StartandLoadEnforce()
{
# set ownership on LastWarningDaemon launch daemon
/usr/sbin/chown root:wheel /Library/LaunchDaemons/de.ing.EnforceRestat.plist
/bin/chmod 644 /Library/LaunchDaemons/de.ing.EnforceRestat.plist
#load launchd
launchctl load /Library/LaunchDaemons/de.ing.EnforceRestat.plist
#set ownership for Script
/usr/sbin/chown root:admin "/Library/Application Support/JAMF/ING/de.ing.EnforceRestatScript.sh"
/bin/chmod 755 "/Library/Application Support/JAMF/ING/de.ing.EnforceRestatScript.sh"
}
#################################### Ausführung ####################################
if [[ "$buttonClicked" == "2" ]] && [[ ! -z "$delayint" ]] && [[ $delayint -gt 900 ]]
then
echo "option 1 länger als 15 min. 5 min vor dem Start eine Meldung und eine min "
FiveMinWarningDaemon
FiveMinWarningScript
LastWarningDaemon
LastWarningScript
EnforceRestatDaemon
EnforceRestatScript
StartandLoadFiveMin
StartandLoadLast
StartandLoadEnforce
else
if [[ "$buttonClicked" == "2" ]] && [[ ! -z "$delayint" ]]
then
echo "option 2 unter 15 Min. Warnung nur 1 min vor dem Neustart"
LastWarningDaemon
LastWarningScript
EnforceRestatDaemon
EnforceRestatScript
StartandLoadLast
StartandLoadEnforce
elif [ "$buttonClicked" == "1" ]
then
shutdownWarning
fi
fi
Neuer Ordner mit Objekten/script_zum_Enforce_neustart.sh
+69
View File
@@ -0,0 +1,69 @@
#!/bin/bash
################################# Find last Reboot #################################
lastBootRaw=$(sysctl kern.boottime | awk '{print $5}' | tr -d ,)
lastBootFormat=$(date -jf "%s" "$lastBootRaw" +"%m-%d-%Y")
today=$(date +%s)
diffDays=$(( (today - lastBootRaw) ))
################################# Variablen #################################
listDaemons="
/Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
/Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
"
listScripts="
LastWarningScript.sh
FiveMinWarningScript.sh
"
################################# Unload or Remove #################################
removeDaemon(){
for d in $listDaemons
do
if [ -f "$d" ]
then
echo $d
sudo launchctl unload $d
sudo rm $d
fi
done
}
removeScrpit(){
for s in $listScripts
do
if [ -f "/Library/Application Support/JAMF/ING/$s" ]
then
echo $s
rm -rf "/Library/Application Support/JAMF/ING/$s"
fi
done
}
################################# Ausführen #################################
if [ $diffDays -lt 600 ] && [ -f "/Library/LaunchDaemons/de.ing.LastWarningDaemon.plist" ]
then
echo "neustart innerhalb von 10 min "
#removeDaemon
#removeScrpit
# rm -rf /Library/LaunchDaemons/de.ing.EnforceRestat.plist
# shutdown -r +2
else
if [ $diffDays -gt 32400 ]
then
echo "letzter neustart über 7 stunden her also nestart"
#removeDaemon
#removeScrpit
# rm -rf /Library/LaunchDaemons/de.ing.EnforceRestat.plist
# shutdown -r +2
else
echo "neustart wird durch den LastWarningDaemon ausgeführt"
fi
fi
Neuer Ordner/Bildschirmfoto 2019-12-02 um 10.41.56.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 199 KiB

Neuer Ordner/Neuer Ordner 2/20200110103035404 (verschoben) 2.pdf
BIN
View File
Binary file not shown.
Neuer Ordner/Neuer Ordner 2/20200110103035404 (verschoben) 3.pdf
BIN
View File
Binary file not shown.
Neuer Ordner/Neuer Ordner 2/20200110103035404 (verschoben) 4.pdf
BIN
View File
Binary file not shown.
Neuer Ordner/Neuer Ordner 2/20200110103035404 (verschoben).pdf
BIN
View File
Binary file not shown.
Neuer Ordner/Neuer Ordner 2/20200110103035404.pdf
BIN
View File
Binary file not shown.
Neuer Ordner/Neuer Ordner 2/Ausgabe_Junker, Ronny Kopie.pdf
BIN
View File
Binary file not shown.
Neuer Ordner/Neuer Ordner 2/Ausgabe_Radulescu-Stinga, Iulian Daniel Kopie.pdf
BIN
View File
Binary file not shown.
Neuer Ordner/Neuer Ordner 2/Âusgabe_Mac_Book.pdf
BIN
View File
Binary file not shown.
Neuer Ordner/Neuer Ordner mit Objekten/Check_Ticket_ohne_Helper.sh
Executable
+55
View File
@@ -0,0 +1,55 @@
#!/bin/bash
##########################################################################
# Shellscript : Prüft, ob das Ticket das eigene ist.
# Autor : Andreas Vogel, macenterprise gmbh, 13.11.2019
##########################################################################
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
TicketIs=$(klist --list-all | grep DIBA.CORP.INT | cut -d ' ' -f 2)
Diba=@DIBA.CORP.INT
name=$user$Diba
#echo $name
#echo $TicketIs
if [[ ! -z "$TicketIs" ]]
then
if [[ $name == $TicketIs ]]
then
exit 0
else
osascript -e 'display dialog "Das angeforderte Ticket scheint nicht dir zu gehören. Bitte fordere dein Eigenes Ticket an." buttons "OK" default button 1'
kdestroy -p $TicketIs
fi
else
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
PASS=$(osascript -e 'text returned of (display dialog "Bitte das Passwort eingeben" default answer "" with hidden answer)') || exit
FILE=$(cat /dev/urandom | env LC_CTYPE=C tr -cd 'a-f0-9' | head -c 8)
PFILE=/Users/$user/.$FILE
touch $PFILE
echo "$PASS" >> $PFILE
if kinit --password-file="$PFILE" $user@DIBA.CORP.INT
then
osascript -e 'display dialog "Das Ticket wurde erfolgreich angefragt." buttons "OK" default button 1'
rm $PFILE
exit 0
else
osascript -e 'display dialog "Fehler! Das Ticket konnte nicht angelegt werden" buttons "OK" default button 1'
rm $PFILE
exit 1
fi
exit 0
fi
Neuer Ordner/Neuer Ordner mit Objekten/Untitled 3.sh
+791
View File
@@ -0,0 +1,791 @@
#!/bin/bash
## Script Name: Selectable_SoftwareUpdate.sh (v005)
## Script Author: Mike Morales, @mm2270 on JAMFNation
## Last Update: 2016-07-19
##
## Modified by: Aaron Stovall
## Modification Date: 9/7/2016
##
## Notes: Deferral Logic borrowed from the Patchoo script by Lachlan Stewart (aka. @loceee)
## Defer Variables
datafolder="/Library/Application Support/JAMF/PatchDeferral"
prefs="$datafolder/com.swu.deferral"
# users can defer x update prompts
defermode=true
defaultdeferthresold="5"
# defer is the # of times a user can defer updates
deferthreshold=$(defaults read "$prefs" DeferThreshold 2> /dev/null)
if [ "$?" != "0" ]
then
defaults write "$prefs" DeferThreshold -int $defaultdeferthresold
deferthreshold=$defaultdeferthresold
fi
defercount=$(defaults read "$prefs" DeferCount 2> /dev/null)
if [ "$?" != "0" ]
then
defaults write "$prefs" DeferCount -int 0
defercount=0
fi
## Check how many Referrals remain
deferremain=$(( deferthreshold - defercount ))
## Path to cocoaDialog (customize to your own location)
cdPath="/Applications/Utilities/cocoaDialog.app/Contents/MacOS/cocoaDialog"
## Quick sanity check to make sure cocoaDialog is installed in the path specified
if [ ! -e "$cdPath" ]; then
echo "cocoaDialog was not found in the path specified. It may not be installed, or the path is wrong. Exiting..."
exit 1
fi
## Set the installAllAtLogin flag here to 'yes' or leave it blank (equivalent to 'no')
## Function: When the script is run on a Mac that is at the login window, if the flag is set to 'yes',
## it will lock the login window to prevent unintended logins and proceed to install all available updates.
## Once completed, the login window will either be unlocked in the case of no restarts needed,
## or a restart will be done immediately to complete the installations.
installAllAtLogin="yes"
## Set the forceEnableUpdates flag below to 'yes' (or any value) to enable it. This option will change the
## checkbox display to show updates as enabled and non-selectable to the user, meaning they will be forced to
## an "on" state for all. Leaving this value blank will retain the original functionality, allowing the end
## user to select the updates they would like to install.
if [[ "$deferremain" -eq 0 ]]; then
echo "You have 0 deferrals remaining. Updates will be installed now"
forceEnableUpdates="Yes"
else
echo "You have $deferremain deferrals remaining"
forceEnableUpdates=""
fi
## Get minor version of OS X
osVers=$( sw_vers -productVersion | cut -d. -f2 )
## Set appropriate Software Update icon depending on OS version
if [[ "$osVers" -lt 8 ]]; then
swuIcon="/System/Library/CoreServices/Software Update.app/Contents/Resources/Software Update.icns"
else
swuIcon="/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdate.icns"
fi
## Set appropriate Restart icon depending on OS version
if [[ "$osVers" == "9" ]]; then
restartIcon="/System/Library/CoreServices/loginwindow.app/Contents/Resources/Restart.tiff"
else
restartIcon="/System/Library/CoreServices/loginwindow.app/Contents/Resources/Restart.png"
fi
## Start - Check Casper Suite script parameters and assign any that were passed to the script
## PARAMETER 4: Set the Organization/Department/Division name. Used in dialog titles
## Default string of "Managed" is used if no script parameter is passed
if [[ "$4" != "" ]]; then
orgName="$4"
else
orgName="Managed"
fi
## PARAMETER 5: Set to "no" (case insensitive) to show a single progress bar update for all installations.
## Default value of "yes" will be used if no script parameter is passed
if [[ "$5" != "" ]]; then
shopt -s nocasematch
if [[ "$5" == "no" ]]; then
showProgEachUpdate="no"
else
showProgEachUpdate="yes"
fi
shopt -u nocasematch
else
showProgEachUpdate="yes"
fi
## PARAMETER 6: Set the number of minutes until reboot (only used if installations require it)
## Default value of 5 minutes is assigned if no script parameter is passed
## Special note: Only full integers can be used. No decimals.
## If the script detects a non whole integer, it will fall back on the default 5 minute setting.
if [[ "$6" != "" ]]; then
## Run test to make sure we have a non floating point integer
if [[ $(expr "$6" / "$6") == "1" ]]; then
minToRestart="$6"
else
echo "Non integer, or a decimal value was passed. Setting reboot time to default (5 minutes)"
minToRestart="5"
fi
else
minToRestart="5"
fi
## Parameter 7: Set to the full path of an icon or image file for any dialogs that are not using the
## Apple Software Update icon. This could be a company logo icon for example
## Default icon is set in the following manner:
## If no script parameter is passed, or the icon/image can not be found and JAMF Self Service is present on the Mac, its icon will be used
## If Self Service is not found, the Software Update icon will be used
if [[ "$7" != "" ]]; then
if [[ -e "$7" ]]; then
echo "A custom dialog icon was set: $7"
msgIcon="$7"
else
if [[ -e "/Applications/Self Service.app/Contents/Resources/Self Service.icns" ]]; then
## Self Service present. Use a default Self Service icon if the file specified could not be found
msgIcon="/Applications/Self Service.app/Contents/Resources/Self Service.icns"
else
## Icon file not found, and Self Service not present. Set icon to Software Update
msgIcon="$swuIcon"
fi
fi
else
if [[ -e "/Applications/Self Service.app/Contents/Resources/Self Service.icns" ]]; then
## Self Service present. Use a default Self Service icon if no parameter was passed
msgIcon="/Applications/Self Service.app/Contents/Resources/Self Service.icns"
else
## No parameter passed, and Self Service not present. Set icon to Software Update
msgIcon="$swuIcon"
fi
fi
## End - Check Casper Suite script parameters
## Text displayed in dialog prompting for selections. Customize if desired.
## Two versions:
## One,for when reboot *required* updates are found.
## Two,for when only non-reboot updates are found.
if [[ ! -z "$forceEnableUpdates" ]]; then
swuTextReboots="The following Apple Software Updates will be installed on your Mac when you click \"Install\". No Deferrals are available.
= Indicates updates that will REQUIRE a reboot of your Mac to complete.
"
else
swuTextReboots="Select the Apple Software Update items you would like to install now from the list below. You can choose to defer the updates up to 5 times. After 5 deferrals, the updates will be installed automatically.
= Indicates updates that will REQUIRE a reboot of your Mac to complete.
To install all updates that will not require a reboot, click \"Install No Reboot Updates\"
"
fi
if [[ ! -z "$forceEnableUpdates" ]]; then
swuTextNoReboots="The following Apple Software Updates will be installed on your Mac when you click \"Install\". No Deferrals are available.
"
else
swuTextNoReboots="Select the Apple Software Update items you would like to install now from the list below. You can choose to defer the updates up to 5 times. After 5 deferrals, the updates will be installed automatically.
"
fi
################################################## ENV VARIABLES #####################################################
## ##
## These variables are gathered to set up the visual environment of the messaging to match the logged in user's ##
## settings. We gather the settings, then change the root account's settings to match. ##
## ##
######################################################################################################################
## Get current logged in user name
loggedInUser=$( ls -l /dev/console | /usr/bin/awk '{ print $3 }' )
echo "Current user is: $loggedInUser"
## Determine logged in user's home directory path
HomeDir=$( dscl . read /Users/$loggedInUser NFSHomeDirectory | awk '{ print $NF }' )
## Get logged in user's Appearance color settings
AquaColor=$( defaults read "$HomeDir/Library/Preferences/.GlobalPreferences" AppleAquaColorVariant 2> /dev/null )
## If user has not changed their settings, value will be null. Set to default 'Aqua' color
if [[ -z "$AquaColor" ]]; then
AquaColor="1"
else
AquaColor="$AquaColor"
fi
## Get logged in user's Keyboard access settings
KeybdMode=$( defaults read "$HomeDir/Library/Preferences/.GlobalPreferences" AppleKeyboardUIMode 2> /dev/null )
## If user has not changed their settings, value will be null. Set to default 'Text boxes and lists only'
if [[ -z "$KeybdMode" ]]; then
KeybdMode="0"
else
KeybdMode="$KeybdMode"
fi
## Set the root account environment settings to match current logged in user's
defaults write /private/var/root/Library/Preferences/.GlobalPreferences AppleAquaColorVariant -int "${AquaColor}"
defaults write /private/var/root/Library/Preferences/.GlobalPreferences AppleKeyboardUIMode -int "${KeybdMode}"
## Restart cfprefsd so new settings will be recognized
killall cfprefsd
################################# Do not modify below this line ########################################
## Function to run when installations are complete
doneRestart ()
{
doneMSG="The installations have completed, but your Mac needs to reboot to finalize the updates.
Your Mac will automatically reboot in $minToRestart minutes. Begin to save any open work and close applications now.
If you want to restart immediately instead, click the \"Restart Now\" button."
## Display initial message for 30 seconds before starting the progress bar countdown
doneRestartMsg=$( "$cdPath" msgbox --title "$orgName Software Update > Updates Complete" \
--text "Updates installed successfully" --informative-text "$doneMSG" \
--button1 " OK " --button2 "Restart Now" --icon-file "$msgIcon" --posY top --width 450 --timeout 30 --timeout-format " " )
if [ "$doneRestartMsg" == "1" ]; then
echo "User pressed OK. Moving on to reboot timer..."
elif [ "$doneRestartMsg" == "2" ]; then
echo "User pressed Reboot Now. Rebooting immediately..."
/sbin/shutdown -r now
else
echo "The message timed out. Moving on to reboot timer..."
fi
## Sub-function to (re)display the progressbar window. Developed to work around the fact that
## CD responds to Cmd+Q and will quit. The script continues the countdown. The sub-function
## causes the progress bar to reappear. When the countdown is done we quit all CD windows
showProgress ()
{
## Display progress bar
"$cdPath" progressbar --title "" --text " Preparing to restart this Mac..." \
--width 500 --height 90 --icon-file "$restartIcon" --icon-height 48 --icon-width 48 < /tmp/hpipe &
## Send progress through the named pipe
exec 20<> /tmp/hpipe
}
## Close file descriptor 20 if in use, and remove any instance of /tmp/hpipe
exec 20>&-
rm -f /tmp/hpipe
## Create the name pipe input for the progressbar
mkfifo /tmp/hpipe
sleep 0.2
## Run progress bar sub-function
showProgress
echo "100" >&20
timerSeconds=$((minToRestart*60))
startTime=$( date +"%s" )
stopTime=$((startTime+timerSeconds))
secsLeft=$timerSeconds
progLeft="100"
while [[ "$secsLeft" -gt 0 ]]; do
sleep 1
currTime=$( date +"%s" )
progLeft=$((secsLeft*100/timerSeconds))
secsLeft=$((stopTime-currTime))
minRem=$((secsLeft/60))
secRem=$((secsLeft%60))
if [[ $(ps axc | grep "cocoaDialog") == "" ]]; then
showProgress
fi
echo "$progLeft $minRem minutes, $secRem seconds until reboot. Please save any work now." >&20
done
echo "Closing progress bar."
exec 20>&-
rm -f /tmp/hpipe
## Close cocoaDialog. This block is necessary for when multiple runs of the sub-function were called in the script
for process in $(ps axc | awk '/cocoaDialog/{print $1}'); do
/usr/bin/osascript -e 'tell application "cocoaDialog" to quit'
done
## Clean up by deleting the SWUList file in /tmp/
rm /tmp/SWULIST
## Delay 1/2 second, then force reboot
sleep 0.5
shutdown -r now
}
## Function to install selected updates, updating progress bar with information
installUpdates ()
{
if [[ "${restartReq}" == "yes" ]]; then
installMSG="Installations are now running. Please do not shut down your Mac or put it to sleep until the installs finish.
IMPORTANT:
Because you chose some updates that require a restart, we recommend saving any important documents now. Your Mac will reboot soon after the installations are complete."
elif [[ "${restartReq}" == "no" ]] || [[ "${restartReq}" == "" ]]; then
installMSG="Updates are now installing. Please do not shut down your Mac or put it to sleep until the installs finish."
fi
## Sub-function to display both a button-less CD window and a progress bar
## This sub routine gets called by the enclosing function. It can also be called by
## the install process if it does not see 2 instances of CD running
showInstallProgress ()
{
## Display button-less window above progress bar, push to background
"$cdPath" msgbox --title "$orgName Software Update > Installation" --text "Installations in progress" \
--informative-text "${installMSG}" --icon-file "${msgIcon}" --width 450 --height 184 --posY top &
## Display progress bar
echo "Displaying progress bar window."
"$cdPath" progressbar --title "" --text " Preparing to install selected updates..." \
--posX "center" --posY 198 --width 450 --float --icon installer < /tmp/hpipe &
## Send progress through the named pipe
exec 10<> /tmp/hpipe
}
## Close file descriptor 10 if in use, and remove any instance of /tmp/hpipe
exec 10>&-
rm -f /tmp/hpipe
## Create the name pipe input for the progressbar
mkfifo /tmp/hpipe
sleep 0.2
## Run the install progress sub-function (shows button-less CD window and progressbar
showInstallProgress
if [[ "$showProgEachUpdate" == "yes" ]]; then
echo "Showing individual update progress."
## Run softwareupdate in verbose mode for each selected update, parsing output to feed the progressbar
## Set initial index loop value to 0; set initial update count value to 1; set variable for total updates count
i=0;
pkgCnt=1
pkgTotal="${#selectedItems[@]}"
for index in "${selectedItems[@]}"; do
UpdateName="${progSelectedItems[$i]}"
echo "Now installing ${UpdateName}..."
/usr/sbin/softwareupdate --verbose -i "${index}" 2>&1 | while read line; do
## Re-run the sub-function to display the cocoaDialog window and progress
## if we are not seeing 2 items for CD in the process list
if [[ $(ps axc | grep "cocoaDialog" | wc -l | sed 's/^ *//') != "2" ]]; then
killall cocoaDialog
showInstallProgress
fi
pct=$( echo "$line" | awk '/Progress:/{print $NF}' | cut -d% -f1 )
echo "$pct Installing ${pkgCnt} of ${pkgTotal}: ${UpdateName}..." >&10
done
let i+=1
let pkgCnt+=1
done
else
## Show a generic progress bar that progresses through all installs at once from 0-100 %
echo "Parameter 5 was set to \"no\". Showing single progress bar for all updates"
softwareupdate --verbose -i "${SWUItems[@]}" 2>&1 | while read line; do
## if we are not seeing 2 items for CD in the process list
if [[ $(ps axc | grep "cocoaDialog" | wc -l | sed 's/^ *//') != "2" ]]; then
killall cocoaDialog
showInstallProgress
fi
pct=$( echo "$line" | awk '/Progress:/{print $NF}' | cut -d% -f1 )
echo "$pct Installing ${#SWUItems[@]} updates..." >&10
done
fi
echo "Closing progress bar."
exec 10>&-
rm -f /tmp/hpipe
## Close all instances of cocoaDialog
echo "Closing all cocoaDialog windows."
for process in $(ps axc | awk '/cocoaDialog/{print $1}'); do
/usr/bin/osascript -e 'tell application "cocoaDialog" to quit'
done
## If any installed updates required a reboot...
if [[ "${restartReq}" == "yes" ]]; then
## ...then move to the restart phase
## Reset deferral counter
defaults write "$prefs" DeferCount -int 0
doneRestart
## If no installed updates required a reboot, display updates complete message instead
elif [[ "${restartReq}" == "no" ]]; then
echo "Showing updates complete message."
doneMSG="The installations have completed successfully. You can resume working on your Mac."
"$cdPath" msgbox --title "$orgName Software Update > Updates Complete" \
--text "Updates installed successfully" --informative-text "$doneMSG" \
--button1 " OK " --posY top --width 450 --icon-file "$msgIcon"
## Clean up by deleting the SWUList file in /tmp/ before exiting the script
echo "Cleaning up SWU list file."
rm /tmp/SWULIST
## Reset deferral counter
defaults write "$prefs" DeferCount -int 0
exit 0
fi
}
## Function to assess which items were checked, and create new arrays
## used for installations and other functions
assessChecks ()
{
## Check to see if the installNoReboots flag was set by the user
if [[ "$installNoReboots" == "yes" ]]; then
echo "User chose to install all non reboot updates. Creating update(s) array and moving to install phase"
## If flag was set, build update arrays from the noReboots array
for index in "${noReboots[@]}"; do
selectedItems+=( "${SWUItems[$index]}" )
hrSelectedItems+=( "${SWUList[$index]}" )
progSelectedItems+=( "${SWUProg[$index]}" )
done
## Automatically set the restart required flag to "no"
restartReq="no"
## Then move on to install updates function
installUpdates
fi
## If installNoReboots flag was not set, generate array of formatted
## checkbox indexes for parsing based on the selections from the user
i=0;
for state in ${Checks[*]}; do
checkboxstates=$( echo "${i}-${state}" )
let i+=1
## Set up an array we can read through later with the state of each checkbox
checkboxfinal+=( "${checkboxstates[@]}" )
done
for check in "${checkboxfinal[@]}"; do
if [[ "$check" =~ "-1" ]]; then
## First, get the index of the checked item
index=$( echo "$check" | cut -d- -f1 )
## Second, generate 3 new arrays:
## 1) Short names of the updates for the installation
## 2) Names of updates as presented in the dialog (for checking restart status)
## 3) Names of the updates for updating the progress bar
selectedItems+=( "${SWUItems[$index]}" )
hrSelectedItems+=( "${SWUList[$index]}" )
progSelectedItems+=( "${SWUProg[$index]}" )
fi
done
echo "The following updates will be installed: ${progSelectedItems[@]}"
## Determine if any of the checked items require a reboot
restartReq="no"
for item in "${hrSelectedItems[@]}"; do
if [[ $(echo "${item}" | grep "^◀") != "" ]]; then
echo "At least one selected update will require reboot. Setting the restartReq flag to \"yes\""
restartReq="yes"
break
fi
done
echo "Restart required?: ${restartReq}"
## If we have some selected items, move to install phase
if [[ ! -z "${selectedItems[@]}" ]]; then
echo "Updates were selected"
installUpdates
fi
}
## The initial message function
startDialog ()
{
## Generate array of SWUs for dialog
z=0
while read SWU; do
SWUList+=( "$SWU" )
if [[ ! -z "$forceEnableUpdates" ]]; then
checksOnArr+=("$z")
let z=$((z+1))
fi
done < <(echo "${readSWUs}")
## Generate array of SWUs for progress bar
while read item; do
SWUProg+=( "${item}" )
done < <(echo "${progSWUs}")
## Generate array of SWUs for installation
while read swuitem; do
SWUItems+=( "$swuitem" )
done < <(echo "${installSWUs}")
## Generate an array of indexes for any non-reboot updates
for index in "${!SWUList[@]}"; do
if [[ $(echo "${SWUList[$index]}" | grep "^◀") == "" ]]; then
noReboots+=( "$index" )
fi
done
if [[ ! -z "$forceEnableUpdates" ]]; then
button3Label=""
button2Label=""
else
button3Label=" Install No Reboot Updates "
button2Label=" Later ($deferremain Deferrals Remain) "
fi
## Show dialog with selectable options
if [[ ! -z "${noReboots[@]}" ]]; then
echo "There are some non reboot updates available. Showing selection screen to user"
SWUDiag=$( "$cdPath" checkbox --title "$orgName Software Update" --items "${SWUList[@]}" --checked "${checksOnArr[@]}" --disabled "${checksOnArr[@]}" \
--label "$swuTextReboots" --button1 " Install " --button2 "$button2Label" --cancel "button2" --button3 "$button3Label" \
--icon-file "$msgIcon" --icon-height 80 --icon-width 80 --width 500 --posY top )
## Get the button pressed and the options checked
Button=$( echo "$SWUDiag" | awk 'NR==1{print $0}' )
Checks=($( echo "$SWUDiag" | awk 'NR==2{print $0}' ))
## Set up a non array string from the checkboxes returned
ChecksNonArray=$( echo "$SWUDiag" | awk 'NR==2{print $0}' )
## If the "Install" button was clicked
if [[ "$Button" == "1" ]]; then
echo "User clicked the \"Install\" button."
## Check to see if at least one box was checked
if [[ $( echo "${ChecksNonArray}" | grep "1" ) == "" ]]; then
echo "No selections made. Alerting user and returning to selection screen."
"$cdPath" msgbox --title "$orgName Software Update" --text "No selections were made" \
--informative-text "$(echo -e "You didn't select any updates to install.\n\nIf you want to cancel out of this application, click the \"Later\" button in the window instead, or press the Esc key.\n\nThe Software Update window will appear again momentarily.")" \
--button1 " OK " --timeout 10 --timeout-format " " --width 500 --posY top --icon caution
## Because we are restarting the function, first empty all previously built arrays
## Credit to Cem Baykara (@Cem - JAMFNation) for discovering this issue during testing
SWUList=()
SWUProg=()
SWUItems=()
## Now restart this function after the alert message times out
startDialog
else
## "Install" button was clicked and items checked. Run the assess checkbox function
echo "Selections were made. Moving to assessment function..."
assessChecks
fi
elif [[ "$Button" == "3" ]]; then
## "Install No Reboot Updates" button was clicked. Set the installNoReboots flag to "yes" and skip to check assessment
echo "User clicked the \"Install No Reboot Updates\" button."
installNoReboots="yes"
assessChecks
else
echo "User chose to Defer. Exiting..."
deferralCheck
exit 0
fi
else
## No non-reboot updates were available. Display a different dialog to the user
echo "No non-reboot updates found, but other updates available. Showing selection dialog to user"
SWUDiag=$( "$cdPath" checkbox --title "$orgName Software Update" --items "${SWUList[@]}" --checked "${checksOnArr[@]}" --disabled "${checksOnArr[@]}" \
--label "$swuTextNoReboots" --button1 " Install " --button2 "$button2Label" --cancel "button2" \
--icon-file "$swuIcon" --icon-height 80 --icon-width 80 --width 500 --posY top --value-required \
--empty-text "$(echo -e "You must check at least one item before clicking \"Install\".\n\nIf you want to defer, click \"Later\" or press the esc key.")" )
## Get the button pressed and the options checked
Button=$( echo "$SWUDiag" | awk 'NR==1{print $0}' )
Checks=($( echo "$SWUDiag" | awk 'NR==2{print $0}' ))
if [[ "$Button" == "1" ]]; then
## "Install" button was clicked. Run the assess checkbox function
echo "User clicked the \"Install\" button"
assessChecks
else
echo "User chose to Defer from the selection dialog."
deferralCheck
echo "Cleaning up SWU list file. Exiting..."
rm /tmp/SWULIST
exit 0
fi
fi
}
## Function to check the deferral count
deferralCheck ()
{
(( defercount ++ ))
defaults write "$prefs" DeferCount -int $defercount
deferremain=$(( deferthreshold - defercount ))
if $defermode
then
# check to see if they are allowed to defer anymore
deferremain=$(( deferthreshold - defercount ))
if [ $deferremain -eq 0 ] || [ $deferremain -lt 0 ]
then
# if the defercounter has run out, FORCED INSTALLATION! set timeout to 30 minutes
echo "You have no deferrals left"
else
# prompt user with defer option
echo "You have $deferremain deferrals remaining"
fi
else
# if we don't have deferals enabled
echo "Deferrals are not enabled"
fi
}
## Function to lock the login window and install all available updates
startLockScreenAgent ()
{
## Note on this function: To make the script usable outside of a Casper Suite environment,
## we are using the Apple Remote Management LockScreen.app, located inside the AppleVNCServer bundle.
## This bundle and corresponding app is installed by default in all recent versions of OS X
## Set a flag to yes if any updates in the list will require a reboot
while read line; do
if [[ $(echo "$line" | grep "^◀") != "" ]]; then
rebootsPresent="yes"
break
fi
done < <(echo "$readSWUs")
## Define the name and path to the LaunchAgent plist
PLIST="/Library/LaunchAgents/com.LockLoginScreen.plist"
## Define the text for the xml plist file
LAgentCore="<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">
<plist version=\"1.0\">
<dict>
<key>Label</key>
<string>com.LockLoginScreen</string>
<key>RunAtLoad</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>LoginWindow</string>
<key>ProgramArguments</key>
<array>
<string>/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/MacOS/LockScreen</string>
<string>-session</string>
<string>256</string>
<string>-msg</string>
<string>Updates are currently being installed on this Mac. It will automatically be restarted or returned to the login window when installations are complete.</string>
</array>
</dict>
</plist>"
## Create the LaunchAgent file
echo "Creating the LockLoginScreen LaunchAgent..."
echo "$LAgentCore" > "$PLIST"
## Set the owner, group and permissions on the LaunchAgent plist
echo "Setting proper ownership and permissions on the LaunchAgent..."
chown root:wheel "$PLIST"
chmod 644 "$PLIST"
## Use SIPS to copy and convert the SWU icon to use as the LockScreen icon
## First, back up the original Lock.jpg image
echo "Backing up Lock.jpg image..."
mv /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg \
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg.bak
## Now, copy and convert the SWU icns file into a new Lock.jpg file
## Note: We are converting it to a png to preserve transparency, but saving it with the .jpg extension so LockScreen.app will recognize it.
## Also resize the image to 400 x 400 pixels so its not so honkin' huge!
echo "Creating SoftwareUpdate icon as png and converting to Lock.jpg..."
sips -s format png "$swuIcon" --out /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg \
--resampleWidth 400 --resampleHeight 400
## Now, kill/restart the loginwindow process to load the LaunchAgent
echo "Ready to lock screen. Restarting loginwindow process..."
kill -9 $(ps axc | awk '/loginwindow/{print $1}')
## Install all available Software Updates
echo "Screen locked. Installing all available Software Updates..."
/usr/sbin/softwareupdate --install --all
if [ "$?" == "0" ]; then
## Delete LaunchAgent and reload the Login Window
echo "Deleting the LaunchAgent..."
rm "$PLIST"
sleep 1
if [[ "$rebootsPresent" == "yes" ]]; then
## Put the original Lock.jpg image back where it was, overwriting the SWU Icon image
echo "The rebootsPresent flag was set to 'yes' Replacing Lock.jpg image and immediately rebooting the Mac..."
mv /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg.bak \
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg
## Kill the LockScreen app and restart immediately
killall LockScreen
/sbin/shutdown -r now
else
## Put the original Lock.jpg image back where it was, overwriting the SWU Icon image
echo "The rebootsPresent flag was not set. Replacing Lock.jpg image and restoring the loginwindow..."
mv /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg.bak \
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg
## Kill/restart the login window process to return to the login window
kill -9 $(ps axc | awk '/loginwindow/{print $1}')
fi
else
echo "There was an error with the installations. Removing the Agent and unlocking the login window..."
rm "$PLIST"
sleep 1
mv /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg.bak \
/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Support/LockScreen.app/Contents/Resources/Lock.jpg
## Kill/restart the login window process to return to the login window
kill -9 $(ps axc | awk '/loginwindow/{print $1}')
exit 0
fi
}
## The script starts here
## Gather available Software Updates and export to a file
echo "Pulling available Software Updates..."
/usr/sbin/softwareupdate -l > /tmp/SWULIST
echo "Finished pulling available Software Updates into local file"
echo "Checking to see what updates are available..."
## Generate list of readable items and installable items from file
readSWUs=$( cat /tmp/SWULIST | awk -F"," '/recommended/{print $2,$1}' | sed -e 's/[0-9]*K \[recommended\][ *]//g;s/\[restart\] */◀ /g' | sed 's/[ ]//g' )
progSWUs=$( cat /tmp/SWULIST | awk -F"," '/recommended/{print $2,$1}' | sed -e 's/[0-9]*K \[recommended\][ *]//g;s/\[restart\] *//g' | sed 's/[ ]//g' )
installSWUs=$( cat /tmp/SWULIST | grep -v 'recommended' | awk -F'\\* ' '/\*/{print $NF}' )
## First, make sure there's at least one update from Software Update
if [[ -z "$readSWUs" ]]; then
echo "No pending Software Updates found for this Mac. Exiting..."
exit 0
elif [[ ! -z "$readSWUs" ]] && [[ "$loggedInUser" != "root" ]]; then
echo "Software Updates are available, and a user is logged in. Moving to initial dialog..."
startDialog
elif [[ ! -z "$readSWUs" ]] && [[ "$loggedInUser" == "root" ]]; then
if [ "$installAllAtLogin" == "yes" ]; then
echo "SWUs are available, no-one logged in and the installAllAtLogin flag was set. Locking screen and installing all updates..."
startLockScreenAgent
else
echo "SWUs are available, no-one logged in but the installAllAtLogin flag was not set. Exiting..."
exit 0
fi
fi
Neuer Ordner/Neuer Ordner mit Objekten/Zeit_Umwandlungen.sh
+57
View File
@@ -0,0 +1,57 @@
#!/bin/bash
################################# Find last Reboot #################################
########################## wann wurde der Neustart durchgeführt ##########################
# Auslesen, wann der Neustart durchgeführt worden ist
lastBootRaw=$(sysctl kern.boottime | awk '{print $5}' | tr -d ,)
echo "Der Neustart wurde durchgeführt um $lastBootRaw"
# Zeit umwandeln
lastBootFormatMin=$(date -jf "%s" "$lastBootRaw" +"%H:%M:%S")
lastBootFormatDay=$(date -jf "%s" "$lastBootRaw" +"%d.%m:%y")
echo "Umgewandelte Zeit ist $lastBootFormatDay $lastBootFormatMin"
########################## wann wurde die Datei erstellt ##########################
# Auslesen, wann die Datei erstellt worden ist
TimeCreate=$(date -r /Users/andreasvogel/Desktop/test +'%s')
echo $TimeCreate
# Zeit umwandeln
lastTimeMin=$(date -jf "%s" "$TimeCreate" +"%H:%M:%S")
lastTimeDay=$(date -jf "%s" "$TimeCreate" +"%d.%m.%y")
echo "Umgewandelte Zeit ist $lastTimeDay $lastTimeMin"
########################## Info für intern ##########################
# Ausdruck Bedeutung Liefert wahr (0) zurück, wenn ...
# [ var1 eq var2 ] (eq = equal) var1 gleich var2 ist
# [ var1 ne var2 ] (ne = not equal) var1 ungleich var2 ist
# [ var1 lt var2 ] (lt = less than) var1 kleiner als var2 ist
# [ var1 gt var2 ] (gt = greater than) var1 größer als var2 ist
# [ var1 le var2 ] (le = less equal) var1 kleiner oder gleich var2 ist
# [ var1 ge var2 ] (ge = greater equal) var1 größer oder gleich var2 ist
# (( var1 == var2 )) == var1 gleich var2 ist
# (( var1 != var2 )) != var1 ungleich var2 ist
# (( var1 < var2 )) < var1 kleiner als var2 ist
# (( var1 > var2 )) > var1 größer als var2 ist
# (( var1 >= var2 )) >= var1 größer oder gleich var2 ist
# (( var1 <= var2 )) <= var1 kleiner oder gleich var2 ist
# [ "$var1" = "$var2" ] = var1 gleich var2 ist
# [ "$var1" != "$var2" ] != var1 ungleich var2 ist
# [ z "$var" ] z var leer ist
# [ n "$var" ] n var nicht leer ist
########################## Variablen ##########################
if [ $lastBootRaw -lt $TimeCreate ]
then
echo "länger"
else
echo "kürzer"
fi
Neuer Ordner/Neuer Ordner mit Objekten/de.ing.Find_delete_old_JAMF_V2.sh
+19
View File
@@ -0,0 +1,19 @@
#!/bin/bash
############################################################################
# Shellscript : Prüfen ob das Zertifikat noch das alte Zertifikat noch da ist.
# Autor : Andreas Vogel, macenterprise gmbh
# Copyright : macenterprise 2019
############################################################################
# Variable
certificate="Mac-Computer-JAMF-V2"
# Suchen und löschen
if security find-certificate -c $certificate
then
sudo security delete-certificate -c $certificate
else
exit 0
fi
Neuer Ordner/Neuer Ordner mit Objekten/de.ing.Find_old_Jamf_V2.sh
+16
View File
@@ -0,0 +1,16 @@
#!/bin/bash
############################################################################
# Shellscript : Prüfen ob das Zertifikat noch das alte Zertifikat noch da ist.
# Autor : Andreas Vogel, macenterprise gmbh
# Copyright : macenterprise 2019
############################################################################
if security find-certificate -c "Mac-Computer-JAMF-V2"
then
certificate=1
else
certificate=0
fi
echo "<result>$certificate</result>"
Neuer Ordner/Neuer Ordner mit Objekten/de.ing.create_new_ad_user.sh
+82
View File
@@ -0,0 +1,82 @@
#!/bin/bash
##########################################################################
# Shellscript : Script
# Autor : Jobst Heinermann, macenterprise gmbh
# Copyright : macenterprise 2019
##########################################################################
#################################### Function ####################################
ask () {
osascript <<EOF - 2>/dev/null
tell application "SystemUIServer"
activate
text returned of (display dialog "$1" default answer "")
end tell
EOF
}
askhidden () {
osascript <<EOF - 2>/dev/null
tell application "SystemUIServer"
activate
text returned of (display dialog "$1" default answer "" with hidden answer)
end tell
EOF
}
askolddir () {
osascript <<EOF - 2>/dev/null
set strPath to POSIX file "/Users/"
set f to (choose folder with prompt "$1" default location strPath)
set posixF to POSIX path of f
tell application "Finder" to set filesDir to container of f as alias as text
set posixDir to POSIX path of filesDir
posixF
EOF
}
asknewdir () {
osascript <<EOF - 2>/dev/null
tell application "SystemUIServer"
activate
text returned of (display dialog "$1" default answer "")
end tell
EOF
}
DecryptString() {
# Usage: ~$ DecryptString "Encrypted String" "Salt" "Passphrase"
echo "${1}" | /usr/bin/openssl enc -aes256 -d -a -A -S "${2}" -k "${3}"
}
#################################### Variabeln ####################################
#diba.corp.int erreichbar?
AD_ING="diba.corp.int" #AD Domaine
AD_STAT=$(dsconfigad -show | awk '/Active Directory Domain/{print $NF}') #AD Domain auf System
ping -c1 $AD_ING 1>/dev/null 2>/dev/null
SUCCESS=$?
PNUM=$(ask 'Bitte Personalnummer eingeben') || exit #Personalnummer
ADMIN="ladmin" #lokaler Admin
PASS=$(askhidden 'Bitte das Passwort des User eingeben') || exit #User Passwort
APASS=$(DecryptString "$4" "$5" "$6") #Admin Passwort
AGRP="DOMDIBACORP\Domain Users" #User Gruppe im AD
#################################### Variabeln ####################################
if [[ "$AD_STAT" = "$AD_ING" && $SUCCESS -eq 0 ]]
then
osascript -e 'tell application "SystemUIServer" to display dialog "AD ist erreichbar und konfiguriert!" buttons {"OK"} default button "OK"'
if sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n "$PNUM" -p "$PASS" -a "$ADMIN" -U "$APASS"
then
sudo osascript -e 'tell application "SystemUIServer" to display dialog "AD-Benutzer wurde erfolgreich angelegt!" buttons {"OK"} default button "OK"'
else
sudo osascript -e 'tell application "SystemUIServer" to display dialog "AD-Benutzer konnte nicht angelegt werden!" buttons {"OK"} default button "OK"'
fi
else
osascript -e 'tell application "SystemUIServer" to display dialog "AD ist nicht erreichbar !" buttons {"OK"} default button "OK"'
exit 1
fi
exit 0
Neuer Ordner/Neuer Ordner mit Objekten/restart_mit_daemon _erweitert.sh
+446
View File
@@ -0,0 +1,446 @@
#!/bin/bash
#####################################################################################
# Shellscript : User kann entscheiden, wann das Gerät neugestartet wird.
# Autor : Andreas Vogel, macenterprise gmbh, 17.12.2019
#####################################################################################
#################################### Remove und Delete old Daemon ####################################
launchctl remove de.ing.LastWarningDaemon.plist
/bin/rm -f /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
#################################### Jamf Helper ####################################
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
jamf="/usr/local/bin/jamf"
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
INGIcon="/Users/$user/Library/Application Support/com.jamfsoftware.selfservice.mac/Documents/Images/brandingimage.png"
Message="
Auf diesem Gerät wurde ein Sicherheitsupdate installiert.
Dieses erfordert einen Neurtart des Gerätes. Bitte starte den Rechner jetzt neu oder wähle eine der Optionen aus um den Neustart zu verschieben.
A security update has been installed on this device.
This requires a reboot of the device. Please restart the computer now or select one of the options to reschedule the restart.
"
RestartOptions=$("$jamfHelper" -windowType utility -icon "$INGIcon" -title "Please restart" -description "$Message" -button2 "Restart in" -showDelayOptions "120, 300, 900, 1800, 14400, 21600" -button1 "Immediately" -cancelButton 1 -defaultButton 2 -timeout "300" -countdown -alignCountdown "right")
#################################### Variablen Zeit ermitteln ####################################
# Variablen zur weiterverarbeitung
# Diese Variablen werden benötigt, damit ausgewertet werden kann, welche Taste gedrückt worden ist.
# Des Weiteren wird die gewählte Zeit ausgewertet und nach welche Zeit die letzte Warnung in Sekunden
# erfolgen wird.
buttonClicked="${RestartOptions:$i-1}"
result=$RestartOptions
delayint=$(echo "$result" | /usr/bin/sed 's/.$//')
warndelayint=$(expr $delayint - 60)
warndelayfivemin=$(expr $delayint - 300)
# Variablen delayRestart
# Diese Variablen werden für den delayRestart Daemon benutzt.
# Die Variablen sind entsprechen nicht den Variablen für die letzte Meldung.
defercal=$(($(/bin/date +%s) + delayint))
hour=$(/bin/date -j -f "%s" "$defercal" "+%H")
minute=$(/bin/date -j -f "%s" "$defercal" "+%M")
Day=$(/bin/date -j -f "%s" "$defercal" +"%d.%m.%y")
# Variablen für LastWarning Daemon
# Dieses Variablen werden für den Daemon benutz, der eine Minute vor dem geplanten Neustart
# gestartet wird und die Meldung bringt.
warndefercal=$(($(/bin/date +%s) + warndelayint))
warnhour=$(/bin/date -j -f "%s" "$warndefercal" "+%H")
warnminute=$(/bin/date -j -f "%s" "$warndefercal" "+%M")
# Variablen für 5minWarning Daemon
# Dieses Variablen werden für den Daemon benutz, der 5 Minute vor dem geplanten Neustart
# gestartet wird und die Meldung bringt.
warner=$(($(/bin/date +%s) + warndelayfivemin))
behour=$(/bin/date -j -f "%s" "$warner" "+%H")
beminute=$(/bin/date -j -f "%s" "$warner" "+%M")
#################################### Variablen Massage / Icons ####################################
InfoIcon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/ToolbarInfo.icns"
RestartIcon="/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/Sync.icns"
RestartMessage="Das System wird in 1 Minute neugestartet. Es erfolgt kein weiterer Hinweis.
The system will restart in 1 minute. There is no further notice."
InfoMessage="Das System wird aufgrund deiner Auswahl um $hour:$minute Uhr neu gestartet.
The system will restart at $hour:$minute o'clock based on your selection
"
ShutdownMessage="Das System wird jetzt aufgrund deiner Auswahl neu gestartet.
Das System wird für den Neustart vorbereitet.
The system will restart now based on your selection.
The system is being prepared for a restart.
"
FiveMinShutdownMessage="Das System wird aufgrund deiner Auswahl in 5 Minuten neu gestartet.
The system will restart in 5 minutes based on your selection.
"
#################################### Create deamen ####################################
# Daemon wird erstellt, wenn der User eine Längere Zeit als 15 min für den neustart auswählt.
# Diese Daemon wird 5 min vor dem geplanten neustart gestartet und ausgeführt.
# Der Daemon führt nur ein Script aus, der eine Meldung für den Neustart gibt.
FiveMinWarningDaemon()
{
/bin/cat <<EOA > /Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>de.ing.FiveMinWarningScript</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/Library/Application Support/JAMF/ING/de.ing.FiveMinWarningScript.sh</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>$behour</integer>
<key>Minute</key>
<integer>$beminute</integer>
</dict>
</dict>
</plist>
EOA
}
# Daemon wird immer erstellt.
# Diese Daemon wird 1 min vor dem geplanten neustart gestartet und ausgeführt.
# Der Daemon führt das Script "LastWarningScript" aus.
LastWarningDaemon()
{
/bin/cat <<EOB > /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>de.ing.LastWarningDaemon</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/Library/Application Support/JAMF/ING/de.ing.LastWarningScript.sh</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>$warnhour</integer>
<key>Minute</key>
<integer>$warnminute</integer>
</dict>
</dict>
</plist>
EOB
}
# Daemon wird immer erstellt.
# Diese Daemon dient lediglich als Backup, falls der User sein Gerät vor dem geplanten und dem durch den
# Daemon "LastWarningDaemon" verursachten Neustart durchführt.
# Der Daemon führt das Script "LastWarningScript" aus.
EnforceRestatDaemon()
{
/bin/cat <<EOC > /Library/LaunchDaemons/de.ing.EnforceRestat.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>de.ing.EnforceRestatDaemon</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/Library/Application Support/JAMF/ING/de.ing.EnforceRestatScript.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>600</integer>
</dict>
</plist>
EOC
}
#################################### Create Script ####################################
FiveMinWarningScript()
{
/bin/cat <<EOD > /Library/Application\ Support/JAMF/ING/de.ing.FiveMinWarningScript.sh
#!/bin/bash
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon "$InfoIcon" -title "Restart in five minutes" -description "$FiveMinShutdownMessage" -button1 "OK" -defaultButton 1 -timeout 60
launchctl remove de.ing.FiveMinWarningScript.plist
/bin/rm -f /Library/LaunchDaemons/de.ing.FiveMinWarningScript.plist
EOD
}
# Sicherstellung, dass der Neustart eine Minute nach der Meldung erfolgt.
# Bassierend auf der Auswahlt, die der User getroffen hat.
# Neustart wird nicht verzögert. Unaghängig ob der User in der letzten Meldung auf OK klickt oder nicht wird der Neustart
# zu der geplanten Zeit ausgeführt.
# Gemäß der der "man shutdown" kann die Option wie folgt gelegt werden:
# -r The system is rebooted at the specified time.
# The hours and minutes in the second time format may be separated by a colon (``:'') for backward compatibility.
# Anschliessend wird das Script den Daemon wieder löschen. Das Script bleibt erhalten.
# Beim nächsten ausführen der Policy wird das Script überschrieben und die neuen Variablen übernehmen.
LastWarningScript()
{
/bin/cat <<EOE > /Library/Application\ Support/JAMF/ING/de.ing.LastWarningScript.sh
#!/bin/bash
shutdown -r $hour:$minute
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon "$InfoIcon" -title "Warning" -description "$RestartMessage" -button1 "OK" -defaultButton 1 -timeout 45
launchctl remove de.ing.LastWarningDaemon.plist
/bin/rm -f /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
launchctl remove de.ing.EnforceRestat.plist
/bin/rm -f /Library/LaunchDaemons/de.ing.EnforceRestat.plist
EOE
}
EnforceRestatScript()
{
/bin/cat <<EOF > /Library/Application\ Support/JAMF/ING/de.ing.EnforceRestatScript.sh
#!/bin/bash
#####################################################################################
# Shellscript : Script stellt sicher, dass das Gerät neugestartet worden ist.
# Autor : Andreas Vogel, macenterprise gmbh, 17.12.2019
#####################################################################################
#################################### Time Today ####################################
today=$(date +%s)
echo "Heute ist der $today"
#################################### Daemond ans Script ####################################
listDaemons="
/Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
/Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
"
listScripts="
LastWarningScript.sh
FiveMinWarningScript.sh
"
################################# Unload or Remove #################################
removeDaemon(){
for d in $listDaemons
do
if [ -f "$d" ]
then
echo $d
sudo launchctl unload $d
sudo rm $d
fi
done
}
removeScript(){
for s in $listScripts
do
if [ -f "/Library/Application Support/JAMF/ING/$s" ]
then
echo $s
rm -rf "/Library/Application Support/JAMF/ING/$s"
fi
done
}
#################################### Jamf Helper ####################################
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
jamf="/usr/local/bin/jamf"
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
INGIcon="/Users/$user/Library/Application Support/com.jamfsoftware.selfservice.mac/Documents/Images/brandingimage.png"
EnforceMessage="
Der geplante Neustart für dem $Day um $hour:$minute konnte nicht durchgeführt werden.
Möglicherweise befand sich das Gerät im Ruhemodus. Der Neustart wird nun durchgeführt.
"
################################# Find last Reboot #################################
# Zeit umwandeln
# wird benötigt um die Zeit in ein Gewünschtes Format umzuwandeln
# Es kann umgewandelt werden in Uhrzeit oder Datum
# lastBootFormatMin=$(date -jf "%s" "$lastBootRaw" +"%H:%M:%S")
# lastBootFormatDay=$(date -jf "%s" "$lastBootRaw" +"%d.%m:%y")
# echo "Umgewandelte Zeit ist $lastBootFormatDay $lastBootFormatMin"
########################## wann wurde der Neustart durchgeführt ##########################
# Auslesen, wann der Neustart durchgeführt worden ist
lastBootRaw=$(sysctl kern.boottime | awk '{print $5}' | tr -d ,)
lastBootFormatMin=$(date -jf "%s" "$lastBootRaw" +"%H:%M:%S")
echo $lastBootFormatMin
echo "Der Neustart wurde durchgeführt am $lastBootRaw"
########################## wann wurde die Datei erstellt ##########################
# Auslesen, wann die Datei erstellt worden ist
TimeCreate=$(date -r /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist +'%s')
TimeCreateFormatMin=$(date -jf "%s" "$TimeCreate" +"%H:%M:%S")
echo $TimeCreateFormatMin
echo "Die Datei wurde erstellt am $TimeCreate"
delayint=$(echo "$result" | /usr/bin/sed 's/.$//')
defercal=$(($(/bin/date +%s) + delayint))
########################## Enforce Warning ##########################
EnforceWarning()
{
# shutdown -r +1
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon "$InfoIcon" -title "Warning" -description "$EnforceMessage" -button1 "OK" -defaultButton 1 -timeout 45
}
########################## Ausführung ##########################
if [ $lastBootRaw -gt $TimeCreate ]
then
echo "letzter Neustart älter als Datei"
# removeDaemon
# removeScrpit
# rm -rf /Library/LaunchDaemons/de.ing.EnforceRestat.plist
else
if [ $today -lt $TimeCreate ]
then
echo "letzter neustart über 7 stunden her also nestart"
# shutdown -r +2
# EnforceWarning
# removeDaemon
# removeScrpit
# rm -rf /Library/LaunchDaemons/de.ing.EnforceRestat.plist
else
echo "heute ist größer als Datei"
fi
fi
EOF
}
shutdownWarning()
{
# shutdown -r +1
/Library/Application\ Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -icon "$InfoIcon" -title "Warning" -description "$ShutdownMessage" -button1 "OK" -defaultButton 1 -timeout 45
}
#################################### Load Daemon and Script ####################################
StartandLoadFiveMin()
{
# set ownership on LastWarningDaemon launch daemon
/usr/sbin/chown root:wheel /Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
/bin/chmod 644 /Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
#load launchd
launchctl load /Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
#set ownership for Script
/usr/sbin/chown root:admin "/Library/Application Support/JAMF/ING/de.ing.FiveMinWarningScript.sh"
/bin/chmod 755 "/Library/Application Support/JAMF/ING/de.ing.FiveMinWarningScript.sh"
}
StartandLoadLast()
{
# set ownership on LastWarningDaemon launch daemon
/usr/sbin/chown root:wheel /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
/bin/chmod 644 /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
#load launchd
launchctl load /Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
#set ownership for Script
/usr/sbin/chown root:admin "/Library/Application Support/JAMF/ING/de.ing.LastWarningScript.sh"
/bin/chmod 755 "/Library/Application Support/JAMF/ING/de.ing.LastWarningScript.sh"
}
StartandLoadEnforce()
{
# set ownership on LastWarningDaemon launch daemon
/usr/sbin/chown root:wheel /Library/LaunchDaemons/de.ing.EnforceRestat.plist
/bin/chmod 644 /Library/LaunchDaemons/de.ing.EnforceRestat.plist
#load launchd
launchctl load /Library/LaunchDaemons/de.ing.EnforceRestat.plist
#set ownership for Script
/usr/sbin/chown root:admin "/Library/Application Support/JAMF/ING/de.ing.EnforceRestatScript.sh"
/bin/chmod 755 "/Library/Application Support/JAMF/ING/de.ing.EnforceRestatScript.sh"
}
#################################### Ausführung ####################################
if [[ "$buttonClicked" == "2" ]] && [[ ! -z "$delayint" ]] && [[ $delayint -gt 900 ]]
then
echo "option 1 länger als 15 min. 5 min vor dem Start eine Meldung und eine min "
FiveMinWarningDaemon
FiveMinWarningScript
LastWarningDaemon
LastWarningScript
EnforceRestatDaemon
EnforceRestatScript
StartandLoadFiveMin
StartandLoadLast
StartandLoadEnforce
else
if [[ "$buttonClicked" == "2" ]] && [[ ! -z "$delayint" ]]
then
echo "option 2 unter 15 Min. Warnung nur 1 min vor dem Neustart"
LastWarningDaemon
LastWarningScript
EnforceRestatDaemon
EnforceRestatScript
StartandLoadLast
StartandLoadEnforce
elif [ "$buttonClicked" == "1" ]
then
shutdownWarning
fi
fi
Neuer Ordner/Neuer Ordner mit Objekten/script_zum_Enforce_neustart.sh
+69
View File
@@ -0,0 +1,69 @@
#!/bin/bash
################################# Find last Reboot #################################
lastBootRaw=$(sysctl kern.boottime | awk '{print $5}' | tr -d ,)
lastBootFormat=$(date -jf "%s" "$lastBootRaw" +"%m-%d-%Y")
today=$(date +%s)
diffDays=$(( (today - lastBootRaw) ))
################################# Variablen #################################
listDaemons="
/Library/LaunchDaemons/de.ing.FiveMinWarningDaemon.plist
/Library/LaunchDaemons/de.ing.LastWarningDaemon.plist
"
listScripts="
LastWarningScript.sh
FiveMinWarningScript.sh
"
################################# Unload or Remove #################################
removeDaemon(){
for d in $listDaemons
do
if [ -f "$d" ]
then
echo $d
sudo launchctl unload $d
sudo rm $d
fi
done
}
removeScrpit(){
for s in $listScripts
do
if [ -f "/Library/Application Support/JAMF/ING/$s" ]
then
echo $s
rm -rf "/Library/Application Support/JAMF/ING/$s"
fi
done
}
################################# Ausführen #################################
if [ $diffDays -lt 600 ] && [ -f "/Library/LaunchDaemons/de.ing.LastWarningDaemon.plist" ]
then
echo "neustart innerhalb von 10 min "
#removeDaemon
#removeScrpit
# rm -rf /Library/LaunchDaemons/de.ing.EnforceRestat.plist
# shutdown -r +2
else
if [ $diffDays -gt 32400 ]
then
echo "letzter neustart über 7 stunden her also nestart"
#removeDaemon
#removeScrpit
# rm -rf /Library/LaunchDaemons/de.ing.EnforceRestat.plist
# shutdown -r +2
else
echo "neustart wird durch den LastWarningDaemon ausgeführt"
fi
fi
Neuer Ordner/Neustart.pdf
BIN
View File
Binary file not shown.
Neuer Ordner/Neustart.umd3
BIN
View File
Binary file not shown.
Neuer Ordner/Ohne Titel.umd3
BIN
View File
Binary file not shown.
Neuer Ordner/test.umd3
BIN
View File
Binary file not shown.
Neuer Ordner/update.pdf
BIN
View File
Binary file not shown.
Neuer Ordner/update.umd3
BIN
View File
Binary file not shown.
NoMAD Local Sync
+14
View File
@@ -0,0 +1,14 @@
#!/bin/bash
##########################################################################
# Shellscript : enable local password sync NoMAD
# Author : jobst heinermann, macenterprise gmbh 2019
# Source : https://nomad.menu/help/local-password-sync/
##########################################################################
# Variabeln
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
# <key> LocalPasswordSync 1 setzen
defaults write /Users/$user/Library/Preferences/com.trusourcelabs.NoMAD.plist LocalPasswordSync 1
NoMAD.mobileconfig
+83
View File
@@ -0,0 +1,83 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.trusourcelabs.NoMAD</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>ADDomain</key>
<string>diba.corp.int</string>
<key>DontShowWelcome</key>
<true/>
<key>HideAbout</key>
<true/>
<key>HideGetSoftware</key>
<true/>
<key>HideHelp</key>
<true/>
<key>HideLockScreen</key>
<true/>
<key>HidePrefs</key>
<true/>
<key>HideRenew</key>
<true/>
<key>HideSignOut</key>
<true/>
<key>KerberosRealm</key>
<string>DIBA.CORP.INT</string>
<key>LoginItem</key>
<true/>
<key>PersistExpiration</key>
<true/>
<key>SelfServicePath</key>
<string></string>
<key>SignInWindowOnLaunch</key>
<true/>
<key>UseKeychainPrompt</key>
<true/>
<key>UserSwitch</key>
<true/>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadDisplayName</key>
<string>NoMAD</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.54F6727B-4B87-4AE5-8C55-D8495B34C4F0.com.trusourcelabs.NoMAD.D4B98FCB-01B4-4D18-87EF-DB0F94318D85</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>D4B98FCB-01B4-4D18-87EF-DB0F94318D85</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>NoMAD</string>
<key>PayloadIdentifier</key>
<string>com.github.erikberglund.ProfileCreator.54F6727B-4B87-4AE5-8C55-D8495B34C4F0</string>
<key>PayloadOrganization</key>
<string>ING</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>54F6727B-4B87-4AE5-8C55-D8495B34C4F0</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Notification.sh
+202
View File
@@ -0,0 +1,202 @@
#!/bin/bash
##########################################################################
# Shellscript : Notification.
# Autor : Andreas Vogel, macenterprise gmbh, 2019
##########################################################################
######################################################################################################################################################
#Variablen
#
#
# BundleID="${1}" -> Wird aus dem System übergeben.
# DeferralType="${2}" -> Wird aus dem System übergeben.
# DeferralValue="${3}" -> Wird aus dem System übergeben.
# AppName="${4}" -> Gibt an, welche Application betroffen ist. -> Pflicht
# AppQuitRequired="${5}" -> Gibt an, ob die App vor dem Update geschlossen werden muss -> Pflicht
# ProcessName="${6}" -> Hier muss der exakte Name des Prozesses angegeben werden -> Pflicht
# RebootRequired="${7}" -> Gibt an, ob ein Neustart erforderlich ist ja / nein -> Pflicht
# RunPolicy="${8}" -> Gibt an, welche Policy ausgeführt werden soll. Diese wird über die Policy-ID ausgeführt -> Pflicht
# Frei Variable="${9}" -> Diese Variable ist frei
# DeferralPlist="${10}" -> Gibt an, wie oft das Update verschoben werden kann -> Optional
# TimeOutinSec="${11}" -> Gibt an, wie lange die Nachricht angezeigt wird -> Optional
######################################################################################################################################################
# Die Notification kann im beliebigen Intervall ausgeführt werden.
# Die Möglichkeit, wie oft die Meldung verschoben werden kann, bis das Update erzwungen wird, kann dynamisch angepasst werden.
# Ist keine Anpassung erfolgt, so wird die Möglichkeit auf 3 beschränkt.
# Nach maximal möglichen Verschiebungen, wird das Update erzwungen und. Der User wird drauf hingewiesen.
# Die Dauer der Meldung, kann in Sekunden bestimmt werden. ist nicht bestimmt worden, so wird der Standard auf 900 sec. gesetzt.
# Der Text ist immer gleich. Über die Variable muss der Name der App angegeben werden.
# Es muss festgelegt werden, ob ein Neustart erforderlich ist oder nicht.
# set -x
setDeferral (){
BundleID="${1}"
DeferralType="${2}"
DeferralValue="${3}"
DeferralPlist="${4}"
if [[ "$DeferralType" == "date" ]]; then
DeferralDate="$(/usr/libexec/PlistBuddy -c "print :$BundleID:date" "$DeferralPlist" 2>/dev/null)"
# Set deferral date
if [[ -n "$DeferralDate" ]] && [[ ! "$DeferralDate" =~ "File Doesn't Exist" ]]; then
# /usr/libexec/PlistBuddy -c "set :$BundleID:date '07/04/2019 11:21:51 +0000'" "$DeferralPlist"
/usr/libexec/PlistBuddy -c "set :$BundleID:date $DeferralValue" "$DeferralPlist" 2>/dev/null
else
# /usr/libexec/PlistBuddy -c "add :$BundleID:date date '07/04/2019 11:21:51 +0000'" "$DeferralPlist"
/usr/libexec/PlistBuddy -c "add :$BundleID:date date $DeferralValue" "$DeferralPlist" 2>/dev/null
fi
elif [[ "$DeferralType" == "count" ]]; then
DeferralCount="$(/usr/libexec/PlistBuddy -c "print :$BundleID:count" "$DeferralPlist" 2>/dev/null)"
# Set deferral count
if [[ -n "$DeferralCount" ]] && [[ ! "$DeferralCount" =~ "File Doesn't Exist" ]]; then
/usr/libexec/PlistBuddy -c "set :$BundleID:count $DeferralValue" "$DeferralPlist" 2>/dev/null
else
/usr/libexec/PlistBuddy -c "add :$BundleID:count integer $DeferralValue" "$DeferralPlist" 2>/dev/null
fi
else
echo "Falscher Stundungstyp verwendet"
exit 14
fi
}
######################################################################################################################################################
AppName="${4}"
DeferralPlist="/Library/Application Support/JAMF/ING/com.custom.$AppName.plist"
BundleID="de.ing.$AppName"
DeferralType="count"
######################################################################################################################################################
# Setzen der Tage bzw. die Anzahl der Versuche, die das Update verschieben können.
DeferralValue="${10}"
# Wenn nicht in $10 gesetzt ist, wird hier der Standard gesetzt. Dieser kann den in $4 geändert werden.
if [[ -z "$DeferralValue" ]]; then
DeferralValue=3
fi
######################################################################################################################################################
# Liest den Wert aus der Plist aus. Dieser wird dann in der StandardUpdatePrompt Ausgabe mit angegeben.
CurrentDeferralValue="$(/usr/libexec/PlistBuddy -c "print :$BundleID:count" "$DeferralPlist" 2>/dev/null)"
# Richten Sie den Verzögerungswert ein, falls er noch nicht vorhanden ist
if [[ -z "$CurrentDeferralValue" ]] || [[ "$CurrentDeferralValue" =~ "File Doesn't Exist" ]]; then
setDeferral "$BundleID" "$DeferralType" "$DeferralValue" "$DeferralPlist"
CurrentDeferralValue="$(/usr/libexec/PlistBuddy -c "print :$BundleID:count" "$DeferralPlist" 2>/dev/null)"
fi
jamfHelper="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
jamf="/usr/local/bin/jamf"
######################################################################################################################################################
# Gibt die Zeit in Sekunden, wie lange das Fenster bleiden soll
TimeOutinSec="${11}"
# Falls kein Wert ind $5 gesetzt worden ist, wird dieser hier bestimmt und als Standard genutzt.
if [[ -z "$DeferralValue" ]]; then
TimeOutinSec="900"
fi
######################################################################################################################################################
# Neistart erforderlich?
######################################################################################################################################################
RebootRequired="${7}"
if [ "$RebootRequired" == "ja" ]; then
RebootMessage="Nach den Update wird der Rechner neu gestartet."
Reboot="shutdown -r now"
fi
######################################################################################################################################################
# Muss die App vor dem Update beendet werden?
######################################################################################################################################################
AppQuitRequired="${5}"
ProcessName="${6}"
tell () {
killall "$ProcessName"
}
if [ "$AppQuitRequired" == "ja" ]; then
QuitApp=tell
fi
######################################################################################################################################################
AppName="${4}"
# Standard Update Message
StandardUpdatePrompt="Für $AppName ist ein Update verfügbar.
Klicken Sie auf Fortsetzen, um mit der Installation zu beginnen.
Wenn Sie den Vorgang zu diesem Zeitpunkt nicht starten können,
können Sie den Vorgang um einen Tag verschieben.
Tage bis zur erzwungenen Installation: $CurrentDeferralValue Tage
Sie können jederzeit die Installation über den ING Germany Self Service durchführen.
Nach Ablauf der Frist wird ein Update aus Sicherheitsgründen erzwungen !
$RebootMessage
"
# Erzwungene Aktualisierungsnachricht
ForcedUpdatePrompt="Für Ihren Rechner ist ein $AppName Update notwendig.
Sie haben die Aktualisierung bereits so oft wie möglich verschoben.
Bitte speichern Sie Ihre Arbeit jetzt und klicken Sie auf Aktualisieren.
Das Update wird ansonsten automatisch durchgeführt.
$RebootMessage
"
# INGIcon
user=$(stat -f '%u %Su' /dev/console | cut -d ' ' -f 2)
INGIcon="/Users/$user/Library/Application Support/com.jamfsoftware.selfservice.mac/Documents/Images/brandingimage.png"
## Functions ##
RunPolicy="${8}"
updateGUI (){
rm -rf "$DeferralPlist"
$QuitApp
jamf policy -id $RunPolicy
$Reboot
}
# Jemand ist angemeldet. Aufforderung, falls Updates NUR dann neu gestartet werden müssen, wenn der Update-Timer nicht Null erreicht hat
if [[ "$CurrentDeferralValue" -gt 0 ]]; then
# Reduzieren Sie den Timer um 1. Das Skript wird am nächsten Tag erneut ausgeführt
let CurrTimer=$CurrentDeferralValue-1
setDeferral "$BundleID" "$DeferralType" "$CurrTimer" "$DeferralPlist"
HELPER=$("$jamfHelper" -windowType utility -icon "$INGIcon" -title "ING Germany Notification" -description "$StandardUpdatePrompt" -button1 "Fortsetzen" -button2 "Verschieben" -cancelButton "2" -defaultButton 2 -timeout "$TimeOutinSec")
echo "Jamf Helper Exit Code: $HELPER"
# Wenn sie auf "Aktualisieren" klicken, werden sie zum Einstellungsbereich für Software-Updates weitergeleitet
if [ "$HELPER" == "0" ]; then
updateGUI
fi
exit 0
else
HELPER=$("$jamfHelper" -windowType utility -icon "$INGIcon" -title "ING Germany Notification" -description "$ForcedUpdatePrompt" -button1 "Update" -defaultButton 1 -timeout "$TimeOutinSec" -countdown -alignCountdown "right")
echo "Jamf Helper Exit Code: $HELPER"
# Wenn sie auf Updates installieren klicken, führen Sie die Updates aus
# Offenbar hat jemand versucht, jamfHelper zu beenden, oder der jamfHelper-Bildschirm hat eine Zeitüberschreitung
# Der Timer ist bereits 0, die Updates werden automatisch ausgeführt, der Endbenutzer wurde gewarnt!
if [[ "$HELPER" == "0" ]] || [[ "$HELPER" == "239" ]]; then
updateGUI
fi
fi
exit 0
Notifier_Updates.sh
Executable
+87
View File
@@ -0,0 +1,87 @@
#!/bin/bash
##########################################################################
# Script : Patch Policy
# Quelle : https://github.com/IBM/mac-ibm-notifications
##########################################################################
set -x
CurrentUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}')
Language=$(/usr/libexec/PlistBuddy -c 'print AppleLanguages:0' "/Users/${CurrentUser}/Library/Preferences/.GlobalPreferences.plist")
if [[ $Language = de* ]]; then
UserLanguage="de"
else
UserLanguage="en"
fi
################ Check Inventory #########################################
# jamf recon 2&> /dev/null
################ Varialen ################################################
#JSSURL="$4"
#JSSUSER="$5"
#JSSPASSWORD="$6"
#JSS_Category="19"
JSSURL="https://macenterprise.jamfcloud.com/JSSResource"
JSSUSER="API_User"
JSSPASSWORD="Nextenterprise#1612"
FilePath="/Library/Application Support/Updates/patch.xml"
UDID=$(system_profiler SPHardwareDataType | grep UUID | awk '" " { print $NF }')
if [[ ! -e "$FilePath" ]]; then
echo "Making working directory at $FilePath"
mkdir -p "$FilePath"
fi
################ Checking the available updates ##########################
# Check whether updates are available for the device.
Request=$(/usr/bin/curl -u $JSSUSER:$JSSPASSWORD --tlsv1.2 -H "Accept: application/xml" "$JSSURL/computermanagement/udid/$UDID/subset/policies" -X GET > "$FilePath")
Update_Count=$(grep -c "patch_app_updates" "${FilePath}")
# Update_Count="3"
if [[ "$Update_Count" -eq 1 ]]; then
Plural_en=" "
Plural_de=" "
elif [[ "$Update_Count" -gt 1 ]]; then
Plural_en="s "
Plural_de="s "
else
echo "no patches found, exiting"
# exit 0
fi
################ Customized Notifier #####################################
Plural=Plural_${UserLanguage}
Notifier_Path="/Applications/IBM Notifier.app/Contents/MacOS/IBM Notifier"
Type="popup"
Icon_Path="/Library/Application Support/Next Enterprise/Next_logo_48x48.png"
Bar_Title_en="Update${!Plural}Available"
Title_en="Software Update${!Plural}Available"
Description_en="You have ${Update_Count} update${!Plural}available in the Self Service."
Button_1_en="Cancel"
Button_2_en="Update"
Bar_Title_de="Update${!Plural}verfügbar"
Title_de="Software Update${!Plural}verfügbar"
Description_de="Es sind ${Update_Count} update${!Plural}im Self Service Verfügung."
Button_1_de="Abbrechen"
Button_2_de="Update"
Bar_Title=Bar_Title_${UserLanguage}
Title=Title_${UserLanguage}
Description=Description_${UserLanguage}
Button_1=Button_1_${UserLanguage}
Button_2=Button_2_${UserLanguage}
ButtonClicked=$("sudo" "-u" "${CurrentUser}" "${Notifier_Path}" "-type" "${Type}" "-bar_title" "${!Bar_Title}" "-title" "${!Title}" "-subtitle" "${!Description}" "-icon_path" "${Icon_Path}" "-always_on_top" "-main_button_label" "${!Button_1}" "-secondary_button_label" "${!Button_2}"; echo $?)
if [[ "$ButtonClicked" -eq 2 ]]; then
jamf policy -event patch_app_updates
exit 0
# open "jamfselfservice://content?action=category&id=${JSS_Category}"
fi

Some files were not shown because too many files have changed in this diff Show More