├── Extension_Attributes
    ├── JDK_Status.sh
    ├── Firewall_Status.sh
    ├── Password_Age.sh
    └── Disk_Encryption.py
├── Install_Scripts
    ├── Java_11_Install.sh
    ├── Virtualbox_Install.sh
    ├── Slack_Install.sh
    ├── Chrome_Install.sh
    ├── Java_8_Install.sh
    └── Virtualbox_Update.sh
├── Management_Scripts
    ├── Add_To_Dock.sh
    ├── Remove_Guest_Network.sh
    ├── Remove_From_Dock.sh
    ├── Chrome_Ext_Removal.sh
    ├── Disable_SS.sh
    ├── Local_Password_Reminder.sh
    ├── Set_IdleTime.sh
    └── chrome_update.sh
├── README.md
└── AWS_Download
    └── S3_Download.sh


/Extension_Attributes/JDK_Status.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | ## Checks if JDK is installed.
 3 | 
 4 | files=$(ls /Library/Java/JavaVirtualMachines/*.jdk 2> /dev/null | wc -l)
 5 | if [ "$files" != "0" ]
 6 | then
 7 |     echo "<result>Installed</result>"
 8 | else
 9 |     echo "<result>Not Installed</result>"
10 | fi
11 | 


--------------------------------------------------------------------------------
/Extension_Attributes/Firewall_Status.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | ## Checks for Firewall Status.
 3 | 
 4 | #fwstatus=$( defaults read /Library/Preferences/com.apple.alf globalstate )
 5 | fws=("/usr/libexec/ApplicationFirewall/socketfilterfw --getblockall")
 6 | 
 7 | #if [[ $fwstatus = 0 ]];
 8 | #then
 9 | #	echo "<result>Off</result>"
10 | #else
11 | #	echo "<result>On</result>"
12 | #fi
13 | 
14 | if [[ $fws = *"Block all DISABLED!"* ]]; then
15 |     echo "<result>Off</result>"
16 | else
17 |     echo "<result>On</result>"
18 | fi


--------------------------------------------------------------------------------
/Install_Scripts/Java_11_Install.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ## Java 11 Installation Script
 3 | ## Jason Satti
 4 | 
 5 | ## Download URL
 6 | JAVA_DOWNLOAD="https://download.java.net/java/GA/jdk11/9/GPL/openjdk-11.0.2_osx-x64_bin.tar.gz"
 7 | 
 8 | ## Name of the file that will be downloaded
 9 | JAVA=$(echo $JAVA_DOWNLOAD | cut -f9 -d'/')
10 | 
11 | ## Download the latest version of Google Chrome into /tmp/
12 | curl -s $JAVA_DOWNLOAD -o /tmp/$JAVA
13 | 
14 | ## Copy contents of the Google Chrome DMG file to /Applications/
15 | tar -xf /tmp/$JAVA -C /Library/Java/JavaVirtualMachines/
16 | 
17 | ## Remove the DMG
18 | rm -f /tmp/$JAVA
19 | 


--------------------------------------------------------------------------------
/Extension_Attributes/Password_Age.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | ## Returns the Age of the Macbook's local password in Days.
 3 | 
 4 | LOGGED_IN_USER=`/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys;\
 5 |  username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0];\
 6 | username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'`
 7 | 
 8 | passwordDateTime=$( dscl . read /Users/$LOGGED_IN_USER accountPolicyData | sed 1,2d | /usr/bin/xpath\
 9 | "/plist/dict/real[preceding-sibling::key='passwordLastSetTime'][1]/text()" 2> /dev/null | sed -e 's/\.[0-9]*//g' )
10 | ((passwordAgeDays = ($(date +%s) - $passwordDateTime) / 86400 ))
11 | 
12 | echo "<result>$passwordAgeDays</result>"
13 | 


--------------------------------------------------------------------------------
/Install_Scripts/Virtualbox_Install.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ## VirtualBox Installation Script
 3 | ## Jason Satti
 4 | 
 5 | ## Get the link for latest Virtualbox download
 6 | VIRTUALBOX_DOWNLOAD=$(curl -s -L https://www.virtualbox.org/wiki/Downloads |\
 7 | grep "OS X hosts" | awk '{print $3}' | cut -f2 -d'"')
 8 | 
 9 | ## Name of the DMG file that will be downloaded
10 | VIRTUALBOX_DMG=$(echo $VIRTUALBOX_DOWNLOAD | cut -f6 -d"/")
11 | 
12 | ## Download the latest version of Virtualbox
13 | curl -s $VIRTUALBOX_DOWNLOAD -o /tmp/$VIRTUALBOX_DMG
14 | 
15 | ## Mount the DMG
16 | sudo hdiutil attach $VIRTUALBOX_DMG
17 | 
18 | ## Install the PKG
19 | sudo installer -package /Volumes/VirtualBox/VirtualBox.pkg -target /
20 | 
21 | ## Unmount the DMG
22 | sudo hdiutil detach /Volumes/VirtualBox
23 | 
24 | ## Remove the DMG
25 | sudo rm /tmp/$VIRTUALBOX_DMG
26 | 


--------------------------------------------------------------------------------
/Install_Scripts/Slack_Install.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ## Slack Installation Script
 3 | ## Jason Satti
 4 | 
 5 | ## Get the link for latest Slack download
 6 | DOWNLOAD_URL="https://slack.com/ssb/download-osx"
 7 | SLACK_DOWNLOAD=$(curl "$DOWNLOAD_URL" -s -L -I -o /dev/null -w '%{url_effective}')
 8 | 
 9 | ## Name of the DMG file that will be downloaded
10 | SLACK_DMG=$(echo $SLACK_DOWNLOAD | cut -f5 -d'/')
11 | 
12 | ## Download the latest version of Slack into /tmp/
13 | curl -s $SLACK_DOWNLOAD -o /tmp/$SLACK_DMG
14 | 
15 | ## Mount the DMG
16 | hdiutil attach /tmp/$SLACK_DMG -nobrowse
17 | 
18 | ## Copy contents of the Slack DMG file to /Applications/
19 | cp -pPR /Volumes/Slack*/Slack.app /Applications
20 | 
21 | ## Get the Volume Name
22 | SLACK_VOLUME=$(diskutil list | grep Slack | awk '{ print $3 }')
23 | 
24 | ## Unmount the Volume
25 | diskutil eject $SLACK_VOLUME
26 | 
27 | ## Remove the DMG
28 | rm -f /tmp/$SLACK_DMG
29 | 


--------------------------------------------------------------------------------
/Management_Scripts/Add_To_Dock.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | # Jason Satti
 3 | 
 4 | # Get the logged in user
 5 | LOGGED_IN_USER=$(/usr/bin/python -c 'from SystemConfiguration import\
 6 |  SCDynamicStoreCopyConsoleUser;import sys; username = \
 7 |  (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0];username\
 8 |  = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write\
 9 |  (username + "\n");')
10 | 
11 | # Path of apps to add to dock
12 | APPS_TO_ADD=(
13 | "/Applications/Visual Studio Code.app"
14 | )
15 | 
16 | # Add apps to dock
17 | for APP_TO_ADD in "${APPS_TO_ADD[@]}"; do
18 |     sudo -u "$LOGGED_IN_USER" defaults write com.apple.dock persistent-apps -array-add "<dict><key>tile-data</key><dict><key>file-data</key><dict><key>_CFURLString</key><string>$APP_TO_ADD</string><key>_CFURLStringType</key><integer>0</integer></dict></dict></dict>"
19 | done
20 | 
21 | # Restart dock
22 | killall Dock
23 | 


--------------------------------------------------------------------------------
/Management_Scripts/Remove_Guest_Network.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | # remove_guest_network: Verify corp network exists then remove guest network.
 3 | # Used to verify employees stay connected to corp network
 4 | # Jason Satti
 5 | 
 6 | # Set Corp and Guest network SSID names
 7 | CORP_NETWORK="Corp"
 8 | GUEST_NETWORK="Guest"
 9 | 
10 | # Check to see if corp network exists on preffered network list
11 | NETWORK_CHECK="$(networksetup -listpreferredwirelessnetworks en0 |
12 |     grep "${CORP_NETWORK}")"
13 | 
14 | # If corp network does not exist exit script
15 | # Else attempt to remove guest network
16 | if [ "${NETWORK_CHECK}" = "" ]; then
17 |     echo ""${CORP_NETWORK}" SSID Not Found"
18 |     exit 0
19 | else
20 |     echo ""${CORP_NETWORK}" SSID Found, \
21 | Attempting To Remove "${GUEST_NETWORK}" SSID"
22 | fi
23 | 
24 | # Remove guest network
25 | networksetup -removepreferredwirelessnetwork en0 "${GUEST_NETWORK}"
26 | exit 0
27 | 


--------------------------------------------------------------------------------
/Install_Scripts/Chrome_Install.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ## Google Chrome Installation Script
 3 | ## Jason Satti
 4 | 
 5 | ## Link to download the latest Google Chrome
 6 | CHROME_DOWNLOAD="https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg"
 7 | 
 8 | ## Name of the DMG file that will be downloaded
 9 | CHROME_DMG=$(echo $CHROME_DOWNLOAD | cut -f8 -d'/')
10 | 
11 | ## Download the latest version of Google Chrome into /tmp/
12 | curl -s $CHROME_DOWNLOAD -o /tmp/$CHROME_DMG
13 | 
14 | ## Mount the DMG
15 | hdiutil attach /tmp/$CHROME_DMG -nobrowse
16 | 
17 | ## Copy contents of the Google Chrome DMG file to /Applications/
18 | cp -pPR /Volumes/Google\ Chrome/Google\ Chrome.app /Applications/
19 | 
20 | ## Get the Volume Name
21 | CHROME_VOLUME=$(hdiutil info | grep "/Volumes/Google Chrome" | awk '{ print $1 }')
22 | 
23 | ## Unmount the Volume
24 | hdiutil detach $CHROME_VOLUME
25 | 
26 | ## Remove the DMG
27 | rm -f /tmp/$CHROME_DMG
28 | 


--------------------------------------------------------------------------------
/Management_Scripts/Remove_From_Dock.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | # Jason Satti
 3 | 
 4 | # Get the logged in user
 5 | LOGGED_IN_USER=$(/usr/bin/python -c 'from SystemConfiguration import\
 6 |  SCDynamicStoreCopyConsoleUser;import sys; username = \
 7 |  (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0];username\
 8 |  = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write\
 9 |  (username + "\n");')
10 | 
11 | # Name of apps to remove from dock
12 | APPS_TO_REMOVE=(
13 | "Visual Studio Code"
14 | "Chrome"
15 | )
16 | 
17 | # Remove apps from dock
18 |     for APP_TO_REMOVE in "${APPS_TO_REMOVE[@]}"; do
19 |         DLOC=$(defaults read com.apple.dock persistent-apps | grep file-label | awk "/$APP_TO_REMOVE/  {printf NR}")
20 |         DLOC=$[$DLOC-1]
21 |         sudo -u $LOGGED_IN_USER /usr/libexec/PlistBuddy -c "Delete persistent-apps:$DLOC" ~/Library/Preferences/com.apple.dock.plist
22 | done
23 | 
24 | # Restart dock
25 | killall Dock
26 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | MacOS tools and scripts
 2 | ===========
 3 | This repo contains the tools and scripts that I create to manage macOS client devices and external APIs.
 4 | 
 5 | Purpose
 6 | -------
 7 | The purpose of this repo is to allow centralized access and version control of scripts I've created.
 8 | 
 9 | ## Requirements
10 | * A fleet of Mac machines to manage
11 | * JAMF or any other device management system
12 | 
13 | ## Repo Layout
14 | * AWS_Download - Contains scripts to download files from an AWS S3 bucket.
15 | * Extension_Attributes - Contains scripts to monitor macOS device security states.
16 | * Install_Scripts - Contains scripts for installing applications.
17 | * Management_Scripts - Contains scripts to manage macOS devices.
18 | * Onelogin_Password_Age - Contains scripts to manage Onelogin user account passwords.
19 | * Sync_Jamf_Scripts - Contains scripts to locally download all scripts in a Jamf instance.
20 | * Deprovision_Slack_User - Contains scripts to deprovision a user in a Slack workspace.
21 | 
22 | ## Contact
23 | Find me in #MacAdmins - Jason Satti
24 | 


--------------------------------------------------------------------------------
/AWS_Download/S3_Download.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ## Download Amazon s3 Bucket file
 3 | ## Jason Satti
 4 | 
 5 | ## Location of file locally
 6 | LOCAL_PATH="path where you want the file to be downloaded"
 7 | 
 8 | ## Location of file on AWS s3 bucket
 9 | AWS_PATH="path of the file on the aws s3 bucket"
10 | 
11 | ## AWS bucket you want to download from
12 | AWS_BUCKET="name of the bucket you want to download from"
13 | 
14 | ## Setting the resource
15 | RESOURCE="/${AWS_BUCKET}/${AWS_PATH}"
16 | 
17 | ## Signature info
18 | CONTENT_TYPE="application/x-apple-diskimage"
19 | DATE=`TZ=GMT date -R`
20 | STRING_TO_SIGN="GET\n\n${CONTENT_TYPE}\n${DATE}\n${RESOURCE}"
21 | 
22 | ## AWS key, secret and signature
23 | S3_KEY="XXXXXXXXXXXXXXXXXX"
24 | S3_SECRET="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
25 | SIGNATURE=`echo -en ${STRING_TO_SIGN} | openssl sha1 -hmac ${S3_SECRET}\
26 | -binary | base64`
27 | 
28 | ## Download File
29 | curl -H "Host: ${AWS_BUCKET}.s3.amazonaws.com" \
30 | -H "Date: ${DATE}" \
31 | -H "Content-Type: ${CONTENT_TYPE}" \
32 | -H "Authorization: AWS ${S3_KEY}:${SIGNATURE}" \
33 | https://${AWS_BUCKET}.s3.amazonaws.com/${AWS_PATH} -o $LOCAL_PATH
34 | 


--------------------------------------------------------------------------------
/Install_Scripts/Java_8_Install.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ## Java 8 Installation Script
 3 | ## Jason Satti
 4 | 
 5 | ## Get the link for latest Java download
 6 | JAVA_DOWNLOAD=$(curl -s https://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html\
 7 | | grep "8u202-macosx-x64.dmg" | awk '{print $9}' | cut -f5 -d '"' | grep "8u202")
 8 | 
 9 | ## Name of the DMG file that will be downloaded
10 | JAVA_DMG=$(echo $JAVA_DOWNLOAD | cut -f9 -d'/')
11 | 
12 | ## Version number of Java 8 that we will download
13 | JAVA_VER=$(echo $JAVA_DMG | cut -f2 -d'-' | cut -f2 -d'u')
14 | 
15 | ## Download the latest version of Java
16 | curl -s -v -j -k -L -H "Cookie: oraclelicense=accept-securebackup-cookie"\
17 | $JAVA_DOWNLOAD -o /tmp/$JAVA_DMG
18 | 
19 | ## Mount the DMG
20 | sudo hdiutil attach /tmp/$JAVA_DMG -nobrowse
21 | 
22 | ## Install the PKG
23 | sudo installer -pkg "/Volumes/Java 8 Update $JAVA_VER/Java 8 Update\
24 | $JAVA_VER.app/Contents/Resources/JavaAppletPlugin.pkg" -target /
25 | 
26 | ## Get the Volume Name
27 | JAVA_VOLUME=$(hdiutil info | grep "/Volumes/Java" | awk '{ print $3 " " $4 " " $5 " " $6}')
28 | 
29 | ## Unmount the DMG
30 | sudo hdiutil detach "$JAVA_VOLUME"
31 | 
32 | ## Remove the DMG
33 | rm -f /tmp/$JAVA_DMG
34 | 


--------------------------------------------------------------------------------
/Management_Scripts/Chrome_Ext_Removal.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ## Remove an extenstion for Chrome that is installed on a device
 3 | ## Jason Satti
 4 | 
 5 | ## List of extentions to check in all Chrome user profiles
 6 | EXTENSIONS=("mdanidgdpmkimeiiojknlnekblgmpdll")
 7 | 
 8 | ## Get the logged in user
 9 | LOGGED_IN_USER=$(/usr/bin/python -c 'from SystemConfiguration import\
10 |  SCDynamicStoreCopyConsoleUser;import sys; username = \
11 |  (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0];username\
12 |  = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write\
13 | (username + "\n");')
14 | 
15 | IFS=$'\n' ## This cmd allows for the bash shell to recognize the whitespace in a
16 | ## string and not require a line split
17 | 
18 | ## Chrome Directory
19 | DIRECTORY="/Users/$LOGGED_IN_USER/Library/Application Support/Google/Chrome"
20 | 
21 | ## Get a list of all Chrome profiles on the device
22 | PROFILES=$(ls "$DIRECTORY" | grep "Profile " )
23 | 
24 | ## Check Default Profile and ALL User Profiles
25 | for PRF in $PROFILES; do
26 |     for EXT in "${EXTENSIONS[@]}"; do
27 |         if [[ ( -d "$DIRECTORY/Default/Extensions/$EXT" ) ||\
28 |             ( -d "$DIRECTORY/$PRF/Extensions/$EXT" )]]; then
29 |             rm -rf "$DIRECTORY/Default/Extensions/$EXT"
30 |             rm -rf "$DIRECTORY/$PRF/Extensions/$EXT"
31 |         fi
32 |     done;
33 | done;
34 | 


--------------------------------------------------------------------------------
/Management_Scripts/Disable_SS.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ## Disable Screensaver for 1 hour
 3 | ## Jason Satti
 4 | 
 5 | ## Get the logged in user
 6 | LOGGED_IN_USER=$(/usr/bin/python -c 'from SystemConfiguration import\
 7 |  SCDynamicStoreCopyConsoleUser;import sys; username = \
 8 |  (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0];username\
 9 |  = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write\
10 | (username + "\n");')
11 | 
12 | LOG_PATH="/Users/$LOGGED_IN_USER/.jamf" ## Directory where log is stored
13 | mkdir -p "$LOG_PATH" ## Ensure logging directory exists
14 | RUN_LOG="$LOG_PATH/ss_disable.log" ## Where to store log of policy usage amount
15 | DEFAULT_TIME=$((60 * 60 * 1)) ## The preferred Disable Time is 1 hour.
16 | 
17 | ## Message for user when they disable the screensaver
18 | MSG_TITLE='Screensaver Disabled for 1 Hour'
19 | 
20 | ## Kill all previous caffeinate processes
21 | killall caffeinate
22 | 
23 | ## Set veriables for policy usage tracking
24 | USAGE_COUNT=0
25 | 
26 | ## If the log file exists, retrieve current counter
27 | if [ -f $RUN_LOG ]; then
28 |     USAGE_COUNT=$(head -1 $RUN_LOG)
29 | fi
30 | 
31 | ## Send User a Notification via Yo Notificaation
32 | ## https://github.com/sheagcraig/yo
33 | sudo -u $LOGGED_IN_USER /usr/local/bin/yo_scheduler -t "$MSG_TITLE"
34 | 
35 | ## Update Usage Count and Log results of latest run
36 | ((USAGE_COUNT++))
37 | echo $USAGE_COUNT > $RUN_LOG
38 | 
39 | ## Disable Screensaver for 1 hour
40 | sudo -u $LOGGED_IN_USER caffeinate -d -t "$DEFAULT_TIME" &
41 | 


--------------------------------------------------------------------------------
/Install_Scripts/Virtualbox_Update.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ## VirtualBox Update Script
 3 | ## Jason Satti
 4 | 
 5 | ## Get the latest VirtualBox version from their website
 6 | LATEST_VIRTUALBOX_VERSION=$(curl -s https://www.virtualbox.org/wiki/Downloads |\
 7 | grep "platform packages" | awk '{ print $5 }')
 8 | 
 9 | ## Get the current Virtualbox version installed on the device
10 | CURRENT_VIRTUALBOX_VERSION=$(virtualbox --help |\
11 | grep "Oracle VM VirtualBox Manager" | awk '{print $5}')
12 | 
13 | ## Compare the current virtualbox version to the latest version on the website
14 | ## Download and install if the version is not up to date
15 | if [ "$CURRENT_VIRTUALBOX_VERSION" = "$LATEST_VIRTUALBOX_VERSION" ]; then
16 |     echo "Virtualbox up to date."
17 |     exit 0
18 | else
19 |     echo "Virtualbox update available."
20 | fi
21 | 
22 | ## Get the link for latest Virtualbox download
23 | VIRTUALBOX_DOWNLOAD=$(curl -s -L https://www.virtualbox.org/wiki/Downloads |\
24 | grep "OS X hosts" | awk '{print $3}' | cut -f2 -d'"' | cut -f1 -d'"')
25 | 
26 | ## Name of the DMG file that will be downloaded
27 | VIRTUALBOX_DMG=$(echo $VIRTUALBOX_DOWNLOAD | cut -f6 -d"/")
28 | 
29 | ## Download the latest version of Virtualbox
30 | curl -s $VIRTUALBOX_DOWNLOAD -o /tmp/$VIRTUALBOX_DMG
31 | 
32 | ## Mount the DMG
33 | sudo hdiutil attach $VIRTUALBOX_DMG
34 | 
35 | ## Install the PKG
36 | sudo installer -package /Volumes/VirtualBox/VirtualBox.pkg -target /
37 | 
38 | ## Unmount the DMG
39 | sudo hdiutil detach /Volumes/VirtualBox
40 | 
41 | ## Remove the DMG
42 | sudo rm /tmp/$VIRTUALBOX_DMG
43 | 


--------------------------------------------------------------------------------
/Management_Scripts/Local_Password_Reminder.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ## Local Password Change Reminder
 3 | ## Jason Satti
 4 | 
 5 | ## Apple approved way to get the currently logged in user
 6 | LOGGED_IN_USER=`/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys;\
 7 |  username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0];\
 8 | username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'`
 9 | CURRENT_DATE=$(date +%s)
10 | 
11 | ## Get the date that the password was set on in seconds
12 | PW_DATE_FLOAT=$(dscl . read /Users/$LOGGED_IN_USER | grep -A 1 passwordLastSetTime | grep -Eo '[0-9.]+')
13 | PW_DATE_SET=$(echo "$PW_DATE_FLOAT/1" | bc)
14 | 
15 | ## How many seconds has the current password been active
16 | DAYS_SECONDS=$(($CURRENT_DATE-$PW_DATE_SET))
17 | 
18 | ## How many days has the current password been active
19 | DAYS_SET=$(echo "$DAYS_SECONDS/86400"| bc)
20 | 
21 | ## Days left till password will expire
22 | MAX_PW_AGE=182
23 | PW_REMAINING_DAYS=$(($MAX_PW_AGE - $DAYS_SET))
24 | 
25 | ## Exit if Password was recently updated
26 | if [ $PW_REMAINING_DAYS -gt "177" ]; then
27 |     echo "Password was already updated. Exiting script."
28 |     exit 0;
29 | fi
30 | 
31 | ## Notify the user that their password will expire in X day(s)
32 | DIALOG="Macbook Login Password Expiration."
33 | TEXT="Password will expire in $PW_REMAINING_DAYS day(s)."
34 | 
35 | ## We use Yo Notification
36 | ## https://github.com/sheagcraig/yo
37 | yo_scheduler -t "$DIALOG" -s "$TEXT" -o "Postpone" -b "Update" -B "open /System/Library/PreferencePanes/Accounts.prefPane/"
38 | 


--------------------------------------------------------------------------------
/Extension_Attributes/Disk_Encryption.py:
--------------------------------------------------------------------------------
 1 | # Looks for internal disks that are available for encryption.
 2 | 
 3 | # If no disks are available out put will be:
 4 | # No internal volumes available for encryption.
 5 | 
 6 | # If disks are available, they will be listed as(in this example there are two):
 7 | # Volume Name not encrypted; Volume Name not encrypted.
 8 | 
 9 | #!/usr/bin/python
10 | import subprocess
11 | 
12 | process = subprocess.Popen(['df', '-l'], stdout=subprocess.PIPE, shell=False)
13 | out, err = process.communicate()
14 | df_out = []
15 | out = out.splitlines()[1:]
16 | for disk in out:
17 |     disk.split()
18 |     df_out.append(disk.split('  '))
19 | 
20 | disk_names = []
21 | for disk in df_out:
22 |     disk_names.append(disk[0])
23 | 
24 | diskinfo = {}
25 | for disk in disk_names:
26 |     disk_details = {}
27 |     process = subprocess.Popen(['diskutil', 'info', disk],
28 |                                stdout=subprocess.PIPE, shell=False)
29 |     out, err = process.communicate()
30 |     results = dict(item.split(':')
31 |                    for item in out.split('\n') if len(item) > 1)
32 |     for key, value in results.iteritems():
33 |         disk_details[key.lstrip(' ')] = value.lstrip(' ')
34 |     diskinfo[disk] = disk_details
35 | 
36 | report = '<result>'
37 | for vol, info in diskinfo.iteritems():
38 |     if diskinfo[vol]['Device Location'] == 'Internal':
39 |         if 'Encrypted' in diskinfo[vol]:
40 |             if diskinfo[vol]['Encrypted'] == 'No':
41 |                 report += diskinfo[vol]['Volume Name']+' Not Encrypted; '
42 |     else:
43 |         report += ''
44 | if report == '<result>':
45 |     report += 'No internal volumes available for encryption</result>'
46 | else:
47 |     report += '</result>'
48 | print report
49 | 


--------------------------------------------------------------------------------
/Management_Scripts/Set_IdleTime.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | ## Set Screen Idle Time if it is out of scope
 3 | ## Jason Satti
 4 | 
 5 | VIOLATION_LOG="set_idletime.log" ## Where to store violation count and run dates
 6 | MAX_TIME=$((5 * 60)) ## 5 minutes
 7 | DEFAULT_TIME=$((5 * 60)) ## The preferred Idle Time is 5 minutes.
 8 | 
 9 | ## Message for user when they are out of compliance
10 | MSG_TITLE='Screensaver Policy Violation'
11 | MSG_NOTICE='Screensaver time reset to 5 min.'
12 | MSG_INFO='The maximum allowed time is 5 min.'
13 | 
14 | ## Get the logged in user
15 | LOGGED_IN_USER=$(/usr/bin/python -c 'from SystemConfiguration import\
16 |  SCDynamicStoreCopyConsoleUser;import sys; username = \
17 |  (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0];username\
18 |  = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write\
19 | (username + "\n");')
20 | 
21 | ## The screen saver preferences file
22 | SAVER_PREFS="/Users/$LOGGED_IN_USER/Library/Preferences/ByHost/com.apple.screensaver"
23 | SAVER_SETTING='idleTime' ## the specific setting that we're interested in
24 | 
25 | ## Get the Current Idle Time setting
26 | IDLE_TIME="$(sudo -u $LOGGED_IN_USER /usr/bin/defaults -currentHost read $SAVER_PREFS $SAVER_SETTING)"
27 | 
28 | ## Set veriables for violation tracking
29 | VIOLATION_COUNT=0
30 | LATEST_DATE="$(date +'%F %R')"
31 | 
32 | ## If the log file exists, retrieve current counter
33 | if [ -f $VIOLATION_LOG ]; then
34 |     VIOLATION_COUNT=$(head -1 $VIOLATION_LOG)
35 | fi
36 | 
37 | ## Make sure Idle Time is in allowed range and notify user
38 | ## Yo notifications
39 | ## https://github.com/sheagcraig/yo
40 | if [ "$IDLE_TIME" -le "0" ] || [ "$IDLE_TIME" -gt "$MAX_TIME" ]; then
41 |     sudo -u $LOGGED_IN_USER /usr/bin/defaults -currentHost write "$SAVER_PREFS" "$SAVER_SETTING" -int "$DEFAULT_TIME"
42 |     su -l "$LOGGED_IN_USER" -c "/usr/local/bin/yo_scheduler -t '$MSG_TITLE' -s '$MSG_NOTICE' -n '$MSG_INFO'"
43 |     ((VIOLATION_COUNT++));
44 | fi
45 | 
46 | ## Log results of latest run
47 | echo $VIOLATION_COUNT > $VIOLATION_LOG
48 | echo $LATEST_DATE >> $VIOLATION_LOG
49 | 


--------------------------------------------------------------------------------
/Management_Scripts/chrome_update.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | # Verify Chrome Version
 3 | # Jason Satti
 4 | 
 5 | # Get the latest version of Google Chrome and compare to installed version
 6 | # If up to date just exit, else; install the latest version of Google Chrome
 7 | # Prompt user to restart for update to take affect
 8 | 
 9 | # Get the version of Google Chrome that is installed
10 | chrome_installed=$(/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --version |
11 |     awk '{print $3}')
12 | 
13 | # Get the latest version of Google Chrome
14 | chrome_latest=$(curl -s https://www.whatismybrowser.com/guides/the-latest-version/chrome |
15 |     grep -A1 "Chrome on <strong>macOS</strong>" | tail -n1 | sed -e 's/[A-Za-z</>]*//g' |
16 |     sed -e 's/^[ \t]*//')
17 | 
18 | # If the latest version is downloaded and installed, exit.
19 | if [ "$chrome_installed" == "$chrome_latest" ]; then
20 |     echo "Latest version of Google Chrome is installed."
21 |     exit 0
22 | fi
23 | 
24 | # If Google Chrome is out of date, download and install the latest version
25 | echo "Google Chrome is out of date"
26 | echo "Installed version: $chrome_installed (Latest version: $chrome_latest)"
27 | echo "Updating Chrome"
28 | 
29 | # Link to download the latest Google Chrome
30 | chrome_download="https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg"
31 | 
32 | # Name of the DMG file that will be downloaded
33 | chrome_dmg=$(echo $chrome_download | cut -f8 -d'/')
34 | 
35 | # Download the latest version of Google Chrome into /tmp/
36 | curl -s $chrome_download -o /tmp/"$chrome_dmg"
37 | 
38 | # Mount the DMG
39 | hdiutil attach /tmp/"$chrome_dmg" -nobrowse
40 | 
41 | # Copy contents of the Google Chrome DMG file to /Applications/
42 | cp -pPR /Volumes/Google\ Chrome/Google\ Chrome.app /Applications/
43 | 
44 | # Get the Volume Name
45 | chrome_volume=$(hdiutil info | grep "/Volumes/Google Chrome" | awk '{ print $1 }')
46 | 
47 | # Unmount the Volume
48 | hdiutil detach "$chrome_volume"
49 | 
50 | # Remove the DMG
51 | rm -f /tmp/"$chrome_dmg"
52 | 
53 | # Get the logged in user
54 | logged_in_user=$(/usr/bin/python -c 'from SystemConfiguration import\
55 |  SCDynamicStoreCopyConsoleUser;import sys; username = \
56 |  (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0];username\
57 |  = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write\
58 |  (username + "\n");')
59 | 
60 | # Inform user that restart is required for changes to take affect
61 | su -l "$logged_in_user" -c "/usr/local/bin/yo_scheduler -t 'Google Chrome Updated' --info 'Google Chrome needs to be restarted so the update can take affect.'"
62 | 


--------------------------------------------------------------------------------