├── JSSAddress.sh
├── README.md
├── FreeHDSpace.sh
├── startuptime.sh
├── HDSMARTStatus.sh
├── HDVolumeNameCheck.sh
├── SSHsetupCheck.sh
├── wwwservice.sh
├── remoteloginstatus.sh
├── nfsservice.sh
├── remotemanagementstatus.sh
├── ftpservice.sh
├── remoteappleevents.sh
├── GatekeeperStatus.sh
├── autologin.sh
├── filesharestatus.sh
├── firewallstealthstatus.sh
├── xprotectupdate.sh
├── bluetoothdiscover.sh
├── internetsharing.sh
├── PowerSchedule.sh
├── firewallstatus.py
├── PowerSetting.sh
├── appupdate.py
├── efipassword.sh
├── bluetoothstatus.py
├── guestaccount.py
├── autoupdate.py
├── fv2loginforward.py
├── fastuserswitching.py
├── screensaverpwcheck.py
├── prereleaseos.py
├── updateinstallation.py
├── donotupdatejamf.py
├── safaridownload.py
├── smartcard.sh
├── LastImagedTime.sh
├── LastUpdateTime.sh
├── CheckCasperMGTAccount.sh
├── recoverypartversion.sh
├── NonDefaultAdminActs.sh
├── AdobeUpdateServerLocation.sh
├── VerifyMDMEnrollment.sh
├── javaversion.sh
├── LastStartupTime.sh
├── localaccounts.sh
├── AdobeFlashPlayer.sh
├── VerifyMDMAddress.sh
├── HDBootVolName.sh
├── LastAdminPWChange.sh
├── BootcampDetect.sh
├── RemoveLocalAdmins.sh
└── UpdateWarning.sh
/JSSAddress.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to determine the JSS address on a target mac
4 |
5 | result=$( defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url )
6 |
7 | echo "${result}"
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Extension-Attributes
2 | ====================
3 |
4 | These are the various extension attributes I use in JAMF's Casper Suite.
5 |
6 | They're pretty simple to use and mainly for reporting and/or for use with Casper smart groups.
--------------------------------------------------------------------------------
/FreeHDSpace.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to report the utilised space on the / mount point
4 |
5 | # Author : contact@richard-purves.com
6 | # Version 1.0 : 1-11-2013 - Initial Version
7 |
8 | echo "`df / | grep "/" | awk '{print $8}'`"
9 |
--------------------------------------------------------------------------------
/startuptime.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to determine the last startup time
4 |
5 | lastBootRaw=$(sysctl kern.boottime | awk '{print $5}' | sed 's/,$//')
6 | lastBootFormat=$(date -jf "%s" "$lastBootRaw" +"%Y-%m-%d %T")
7 |
8 | echo "$lastBootFormat"
--------------------------------------------------------------------------------
/HDSMARTStatus.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to report the SMART status on disk0
4 |
5 | # Author : contact@richard-purves.com
6 | # Version 1.0 : 1-11-2013 - Initial Version
7 |
8 | echo "`diskutil info disk0 | grep SMART | awk '{print $3}'`"
9 |
--------------------------------------------------------------------------------
/HDVolumeNameCheck.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to report the Volume Name on disk0
4 |
5 | # Author : contact@richard-purves.com
6 | # Version 1.0 : 3-11-2013 - Initial Version
7 |
8 | echo "`diskutil info / | grep "Volume Name" | cut -c 30-`"
9 |
--------------------------------------------------------------------------------
/SSHsetupCheck.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to determine if the ssh script has been run or not.
4 |
5 | test=$( dseditgroup -o read -t group com.apple.access_ssh | awk '/dsAttrTypeStandard:GroupMembership/{y=1;next}y' | xargs )
6 |
7 | echo "$test"
8 |
--------------------------------------------------------------------------------
/wwwservice.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check for HTTP server status
4 |
5 | check=$( pgrep -o -l httpd | awk '{ print $2 }' )
6 |
7 | if [ "$check" = "httpd" ];
8 | then
9 | echo "Enabled"
10 | else
11 | echo "Disabled"
12 | fi
13 |
--------------------------------------------------------------------------------
/remoteloginstatus.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check for remote login status
4 |
5 | check=$( systemsetup -getremotelogin )
6 |
7 | if [ "$check" = "Remote Login: On" ];
8 | then
9 | echo "Enabled"
10 | else
11 | echo "Disabled"
12 | fi
13 |
--------------------------------------------------------------------------------
/nfsservice.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check for NFS server status
4 |
5 | check=$( launchctl list | grep nfs | awk '{ print $3 }' )
6 |
7 | if [ "$check" = "com.apple.nfsd" ];
8 | then
9 | echo "Enabled"
10 | else
11 | echo "Disabled"
12 | fi
13 |
--------------------------------------------------------------------------------
/remotemanagementstatus.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check for Remote Management status
4 |
5 | check=$( pgrep -l ARDAgent | awk '{ print $2 }' )
6 |
7 | if [ "$check" = "ARDAgent" ];
8 | then
9 | echo "Enabled"
10 | else
11 | echo "Disabled"
12 | fi
13 |
--------------------------------------------------------------------------------
/ftpservice.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check for FTP server status
4 |
5 | check=$( launchctl list | grep ftp | awk '{ print $3 }' )
6 |
7 | if [ "$check" = "com.apple.servermgrd.ftp" ];
8 | then
9 | echo "Enabled"
10 | else
11 | echo "Disabled"
12 | fi
13 |
--------------------------------------------------------------------------------
/remoteappleevents.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check for Apple Remote Events status
4 |
5 | check=$( systemsetup -getremoteappleevents )
6 |
7 | if [ "$check" = "Remote Apple Events: Off" ];
8 | then
9 | echo "Disabled"
10 | else
11 | echo "Enabled"
12 | fi
13 |
--------------------------------------------------------------------------------
/GatekeeperStatus.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check Gatekeeper status on a mac
4 |
5 | gatekeeper_status=$( spctl --status | grep "assessments" | cut -c13- )
6 |
7 | if [ $gatekeeper_status = "disabled" ]; then
8 | echo "Disabled"
9 | else
10 | echo "Enabled"
11 | fi
12 |
--------------------------------------------------------------------------------
/autologin.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check for Automatic Logins
4 |
5 | check=$( defaults read /Library/Preferences/com.apple.loginwindow.plist | grep autoLoginUser )
6 |
7 | if [ "$check" != "" ];
8 | then
9 | echo "Enabled"
10 | else
11 | echo "Disabled"
12 | fi
13 |
--------------------------------------------------------------------------------
/filesharestatus.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check for File Sharing status
4 |
5 | check=$( launchctl list | grep AppleFileServer | awk '{ print $3 }' )
6 |
7 | if [ "$check" = "com.apple.AppleFileServer" ];
8 | then
9 | echo "Enabled"
10 | else
11 | echo "Disabled"
12 | fi
13 |
--------------------------------------------------------------------------------
/firewallstealthstatus.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check for Firewall Stealth status
4 |
5 | check=$( /usr/libexec/ApplicationFirewall/socketfilterfw --getstealthmode )
6 |
7 | if [ "$check" = "Stealth mode enabled" ];
8 | then
9 | echo "Enabled"
10 | else
11 | echo "Disabled"
12 | fi
13 |
--------------------------------------------------------------------------------
/xprotectupdate.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to determine the last xprotect update
4 |
5 | date=$( ls -lT /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist | awk '{ print $6,$7,$8,$9 }' )
6 |
7 | format=$( date -j -f "%d %b %H:%M:%S %Y" "$date" +"%Y-%m-%d %T" )
8 |
9 | echo "$format"
10 |
--------------------------------------------------------------------------------
/bluetoothdiscover.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check for Bluetooth Discoverability
4 |
5 | check=$( system_profiler SPBluetoothDataType | grep -i discoverable | awk '{ print $1 $2 }' )
6 |
7 | if [ "$check" = "" ];
8 | then
9 | echo "Missing Bluetooth Device"
10 | else
11 | echo "$check"
12 | fi
13 |
--------------------------------------------------------------------------------
/internetsharing.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check for Internet Sharing status
4 |
5 | check=$( /usr/libexec/PlistBuddy -c "print :NAT:Enabled:" /Library/Preferences/SystemConfiguration/com.apple.nat.plist )
6 |
7 | if [ "$check" = "1" ];
8 | then
9 | echo "Enabled"
10 | else
11 | echo "Disabled"
12 | fi
13 |
--------------------------------------------------------------------------------
/PowerSchedule.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to check pmset schedule.
4 | # This will quickly show if the energy saver policy has been correctly set.
5 |
6 | # Author contact@richard-purves.com
7 | # Version 1.0 : 16-01-2013 - Initial Version
8 |
9 | pmsetting=$( pmset -g sched | tail +2 )
10 |
11 | echo ""$pmsetting""
12 |
13 | exit 0
14 |
--------------------------------------------------------------------------------
/firewallstatus.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # EA to check for Firewall status
4 |
5 | import CoreFoundation
6 |
7 | domain = 'com.apple.alf'
8 | key = 'globalstate'
9 |
10 | key_value = CoreFoundation.CFPreferencesCopyAppValue(key, domain)
11 |
12 | if key_value == 0:
13 | print "Disabled"
14 | else:
15 | print "Enabled"
16 |
--------------------------------------------------------------------------------
/PowerSetting.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to check pmset settings.
4 | # This will quickly show if the energy saver policy has been correctly set per policy.
5 |
6 | # Author contact@richard-purves.com
7 | # Version 1.0 : 18-01-2013 - Initial Version
8 |
9 | pmsetting=$( pmset -g | grep displaysleep )
10 |
11 | echo ""$pmsetting""
12 |
13 | exit 0
14 |
--------------------------------------------------------------------------------
/appupdate.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # EA to check for auto app update setting
4 |
5 | import CoreFoundation
6 |
7 | domain = 'com.apple.commerce'
8 | key = 'AutoUpdate'
9 |
10 | key_value = CoreFoundation.CFPreferencesCopyAppValue(key, domain)
11 |
12 | if key_value == 1:
13 | print "Enabled"
14 | else:
15 | print "Disabled"
16 |
--------------------------------------------------------------------------------
/efipassword.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to check for EFI Password status
4 |
5 | check=$( /usr/sbin/firmwarepasswd -mode )
6 |
7 | if [ "$check" = "Mode: none" ]; then
8 | echo "Disabled"
9 | elif [ "$check" = "Mode: command" ]; then
10 | echo "Command"
11 | elif [ "$check" = "Mode: full" ]; then
12 | echo "Full"
13 | fi
14 |
--------------------------------------------------------------------------------
/bluetoothstatus.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # EA to check for Bluetooth Status
4 |
5 | import CoreFoundation
6 |
7 | domain = 'com.apple.Bluetooth'
8 | key = 'ControllerPowerState'
9 |
10 | key_value = CoreFoundation.CFPreferencesCopyAppValue(key, domain)
11 |
12 | if key_value == 0:
13 | print "Disabled"
14 | else:
15 | print "Enabled"
16 |
--------------------------------------------------------------------------------
/guestaccount.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # EA to check for Guest user account status
4 |
5 | import CoreFoundation
6 |
7 | domain = 'com.apple.loginwindow'
8 | key = 'GuestEnabled'
9 |
10 | key_value = CoreFoundation.CFPreferencesCopyAppValue(key, domain)
11 |
12 | if key_value == 1:
13 | print "Enabled"
14 | else:
15 | print "Disabled"
16 |
--------------------------------------------------------------------------------
/autoupdate.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # EA to check for auto update setting
4 |
5 | import CoreFoundation
6 |
7 | domain = 'com.apple.SoftwareUpdate'
8 | key = 'AutomaticCheckEnabled'
9 |
10 | key_value = CoreFoundation.CFPreferencesCopyAppValue(key, domain)
11 |
12 | if key_value == 1:
13 | print "Enabled"
14 | else:
15 | print "Disabled"
16 |
--------------------------------------------------------------------------------
/fv2loginforward.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # EA to check for FV2 login forwarding
4 |
5 | import CoreFoundation
6 |
7 | domain = 'com.apple.loginwindow'
8 | key = 'DisableFDEAutoLogin'
9 |
10 | key_value = CoreFoundation.CFPreferencesCopyAppValue(key, domain)
11 |
12 | if key_value == True:
13 | print "Enabled"
14 | else:
15 | print "Disabled"
16 |
--------------------------------------------------------------------------------
/fastuserswitching.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # EA to check for Fast User Switching status
4 |
5 | import CoreFoundation
6 |
7 | domain = 'GlobalPreferences'
8 | key = 'MultipleSessionEnabled'
9 |
10 | key_value = CoreFoundation.CFPreferencesCopyAppValue(key, domain)
11 |
12 | if key_value == 1:
13 | print "Enabled"
14 | else:
15 | print "Disabled"
16 |
--------------------------------------------------------------------------------
/screensaverpwcheck.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # EA to check for passwords required on wake
4 |
5 | import CoreFoundation
6 |
7 | domain = 'com.apple.screensaver'
8 | key = 'askForPassword'
9 |
10 | key_value = CoreFoundation.CFPreferencesCopyAppValue(key, domain)
11 |
12 | if key_value == 1:
13 | print "Enabled"
14 | else:
15 | print "Disabled"
16 |
--------------------------------------------------------------------------------
/prereleaseos.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # EA to check for macOS beta disable key
4 |
5 | import CoreFoundation
6 |
7 | domain = 'com.apple.SoftwareUpdate'
8 | key = 'AllowPreReleaseInstallation'
9 |
10 | key_value = CoreFoundation.CFPreferencesCopyAppValue(key, domain)
11 |
12 | if key_value == 1:
13 | print "Enabled"
14 | else:
15 | print "Disabled"
16 |
--------------------------------------------------------------------------------
/updateinstallation.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # EA to check for OS X update installation
4 |
5 | import CoreFoundation
6 |
7 | domain = 'com.apple.commerce'
8 | key = 'AutoUpdateRestartRequired'
9 |
10 | key_value = CoreFoundation.CFPreferencesCopyAppValue(key, domain)
11 |
12 | if key_value == 1:
13 | print "Enabled"
14 | else:
15 | print "Disabled"
16 |
--------------------------------------------------------------------------------
/donotupdatejamf.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # EA to check if the do not update JAMF binary is set
4 |
5 | import CoreFoundation
6 |
7 | domain = 'com.jamfsoftware.jamf'
8 | key = 'do_not_upgrade_jamf'
9 |
10 | key_value = CoreFoundation.CFPreferencesCopyAppValue(key, domain)
11 |
12 | if key_value == 1:
13 | print "Enabled"
14 | else:
15 | print "Disabled"
16 |
--------------------------------------------------------------------------------
/safaridownload.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | # EA to check for Safari's opening "safe" files on download
4 |
5 | import CoreFoundation
6 |
7 | domain = 'com.apple.Safari'
8 | key = 'AutoOpenSafeDownloads'
9 |
10 | key_value = CoreFoundation.CFPreferencesCopyAppValue(key, domain)
11 |
12 | if key_value == 0:
13 | print "Disabled"
14 | else:
15 | print "Enabled"
16 |
--------------------------------------------------------------------------------
/smartcard.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to determine if smartcard access is enabled
4 |
5 | test="Current smartcard login state: enabled (system.login.console enabled, authentication rule enabled)"
6 | check=$( security authorizationdb smartcard status 2>/dev/null | grep -c "^$test" )
7 |
8 | if [ "$check" = 1 ];
9 | then
10 | echo "Enabled"
11 | else
12 | echo "Disabled"
13 | fi
14 |
--------------------------------------------------------------------------------
/LastImagedTime.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to report when the computer was last imaged
4 | # This is reliant on a timestamp file created as part of the firstrun script.
5 |
6 | # Author : contact@richard-purves.com
7 | # Version 1.0 : 09-08-2013 - Initial Version
8 |
9 | if [ -z /usr/lastimaged ] ;
10 | then
11 | echo "Not Available"
12 | else
13 | echo "`cat /usr/lastimaged`"
14 | fi
15 |
--------------------------------------------------------------------------------
/LastUpdateTime.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to report when the computer was last updated
4 | # This is reliant on a timestamp file created as part of the update process
5 |
6 | # Author : contact@richard-purves.com
7 | # Version 1.0 : 12-08-2013 - Initial Version
8 |
9 | if [ -z /usr/lastupdated ] ;
10 | then
11 | echo "Not Available"
12 | else
13 | echo "`cat /usr/lastupdated`"
14 | fi
15 |
--------------------------------------------------------------------------------
/CheckCasperMGTAccount.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to detect if the Casper remote management account is present
4 |
5 | # Modified from https://jamfnation.jamfsoftware.com/discussion.html?id=6520
6 |
7 | groupmember=$( dscl /Local/Default read /Groups/admin GroupMembership | tr ' ' '\n' | grep -c 'managementaccount' | tr '\n' ' ' )
8 |
9 | if [ $groupmember == 1 ] ;
10 | then
11 | echo "Present"
12 | else
13 | echo "Missing"
14 | fi
15 |
--------------------------------------------------------------------------------
/recoverypartversion.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to determine the recovery partition version
4 |
5 | recoverypart=$( diskutil list | grep "Recovery HD" | awk '{ print $7 }' )
6 |
7 | mkdir /Volumes/Recovery\ HD
8 | mount -t hfs -o nobrowse /dev/$recoverypart /Volumes/Recovery\ HD 2>/dev/null
9 |
10 | version=$( defaults read /Volumes/Recovery\ HD/System/Library/CoreServices/SystemVersion.plist ProductVersion )
11 |
12 | diskutil unmount $recoverypart > /dev/null
13 |
14 | echo "$version"
15 |
--------------------------------------------------------------------------------
/NonDefaultAdminActs.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to detect non default admin accounts
4 |
5 | # Lovingly stolen from https://jamfnation.jamfsoftware.com/discussion.html?id=6520
6 |
7 | groupmember=`dscl /Local/Default read /Groups/admin GroupMembership | tr ' ' '\n' | grep -Ev 'root|admin|GroupMembership:|admin' | tr '\n' ' '`
8 |
9 | if [ "$groupmember" == "" ] ;
10 | then
11 | echo "Default admin account"
12 | else
13 | echo "$groupmember"
14 | fi
15 |
16 | exit 0
17 |
--------------------------------------------------------------------------------
/AdobeUpdateServerLocation.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # Report the address of the configured Adobe Update Server for CS/CC.
4 |
5 | # Author: contact@richard-purves.com
6 |
7 | updaterConfigFile="/Library/Application Support/Adobe/AAMUpdater/1.0/AdobeUpdater.Overrides"
8 |
9 | if [ -f "$updaterConfigFile" ]; then
10 | result=`/bin/cat "$updaterConfigFile" | grep -m 1 "Domain" | sed -e 's/<[^>]*>//g' | cut -f 1,2,3 -d'/' | awk '{print $1}'`
11 | echo "$result"
12 | else
13 | echo "No Adobe Update Server Set"
14 | fi
15 |
--------------------------------------------------------------------------------
/VerifyMDMEnrollment.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # Script to check if the Casper MDM profile has been installed.
4 | # This is needed to make sure that our computers are able to receive configuration profiles.
5 |
6 | # Author : contact@richard-purves.com
7 | # Version: 1.0 - Inital Version
8 |
9 | mdmEnrollmentProfileID="00000000-0000-0000-A000-4A414D460003"
10 | enrolled=`/usr/bin/profiles -C | /usr/bin/grep "$mdmEnrollmentProfileID"`
11 |
12 | if [ "$enrolled" != "" ]; then
13 | echo "Enrolled"
14 | else
15 | echo "Not Enrolled"
16 | fi
17 |
--------------------------------------------------------------------------------
/javaversion.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to show Java version
4 |
5 | pluginpath="/Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/"
6 |
7 | if [ -d "$pluginpath" ];
8 | then
9 | javaVendor=$( /usr/bin/defaults read "${pluginpath}/Contents/Info" CFBundleIdentifier )
10 | version=$( /usr/bin/defaults read "${pluginpath}/Contents/Info" CFBundleShortVersionString )
11 |
12 | if [ "$javaVendor" = "com.oracle.java.JavaAppletPlugin" ];
13 | then
14 | echo "Oracle $version"
15 | else
16 | echo "Apple $version"
17 | fi
18 | else
19 | echo "No Java Detected"
20 | fi
21 |
--------------------------------------------------------------------------------
/LastStartupTime.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to interrogate computer on the last time it started up
4 | # Author: contact@richard-purves.com
5 | # Version 1.0 : 9-1-2013 - Initial Version
6 | # Version 2.0 : 26-1-2015 - Ripped off mm2270 on https://jamfnation.jamfsoftware.com/discussion.html?id=13122
7 | # This variant is superior to my version as it allows use of the JSS EA date reporting rather than text field.
8 | # Now you can far more easily use smart groups to keep track of this. Thanks Mikey!
9 |
10 | lastBootRaw=$(sysctl kern.boottime | awk '{print $5}' | sed 's/,$//')
11 | lastBootFormat=$(date -jf "%s" "$lastBootRaw" +"%Y-%m-%d %T")
12 |
13 | echo "$lastBootFormat"
14 |
--------------------------------------------------------------------------------
/localaccounts.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to detect all local accounts on a system that aren't the local admin
4 |
5 | OIFS=$IFS
6 | IFS=$'\t\n'
7 |
8 | accounts=( $(dscl . -list /Users) )
9 |
10 | for (( a=0; a < ${#accounts[@]}; a++ ));
11 | do
12 |
13 | if [[ ${accounts[$a]} != "admin" ]];
14 | then
15 | AccountUID=($( dscl . -read /Users/${accounts[$a]} | grep UniqueID | awk '{print $2}' ))
16 | if [[ $AccountUID -gt 500 ]] && [[ $AccountUID -lt 1000 ]];
17 | then
18 | report=$report${accounts[$a]}" "
19 | fi
20 | fi
21 | done
22 |
23 | IFS=$OIFS
24 |
25 | if [[ $report = "" ]];
26 | then
27 | echo "None Detected"
28 | else
29 | echo "$report"
30 | fi
31 |
--------------------------------------------------------------------------------
/AdobeFlashPlayer.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # Script to find if Adobe Flash Player is installed and report it's version number to an extension attribute.
4 |
5 | # Author : contact@richard-purves.com
6 | # Version 1.0 : 14-12-2012 - Initial Version
7 |
8 | # Use default read to get the version number from the expected location.
9 |
10 | FlashVersion=$( /usr/bin/defaults read /Library/Internet\ Plug-Ins/Flash\ Player.plugin/Contents/Info CFBundleShortVersionString )
11 |
12 | # Read the version number, then report it.
13 | # Report "Not Installed" as it isn't present.
14 |
15 | if [[ $FlashVersion != "" ]] ;
16 | then
17 | echo "${FlashVersion}"
18 | else
19 | echo "Not Installed"
20 | fi
21 |
--------------------------------------------------------------------------------
/VerifyMDMAddress.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to read MDM profile address into an Extension Attribute
4 | # This is needed to make sure that our computers are pointing to the correct URL
5 |
6 | # Author : contact@richard-purves.com
7 | # Version: 1.0 - Inital Version
8 |
9 | # Read the current computer profile and grep for the organisation name
10 |
11 | CurrentJSSURL=$( profiles -C -v | grep -m1 "organization:" | cut -d " " -f 4 )
12 |
13 | # Check to see if a MDM cert is present
14 |
15 | if [ -z $CurrentJSSURL ];
16 | then
17 | echo "No MDM Certificate"
18 | exit 0
19 | fi
20 |
21 | # Since a cert is present, report it's address. Leave the checking to a smart group.
22 |
23 | echo "$CurrentJSSURL"
24 |
25 | exit 0
26 |
--------------------------------------------------------------------------------
/HDBootVolName.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to find the name of the current boot volume
4 |
5 | # Author : contact@richard-purves.com
6 | # Version : 1.0 - Initial Version
7 | # Version : 1.0 - Changed from reporting only to fixing
8 |
9 | # Grab the current boot volume name (sanity check just in case smart group is inaccurate)
10 |
11 | BootVolume=$( diskutil info / | grep "Volume Name" | cut -c 30- )
12 |
13 | # Check and rename if necessary
14 |
15 | if [ "$VolumeName" != "Macintosh HD" ];
16 | then
17 | diskutil renameVolume "$BootVolume" "Macintosh HD"
18 | fi
19 |
20 | # Grab the current boot volume name again and report to the JSS.
21 |
22 | BootVolume=$( diskutil info / | grep "Volume Name" | cut -c 30- )
23 |
24 | echo "$BootVolume"
25 |
26 | exit 0
27 |
--------------------------------------------------------------------------------
/LastAdminPWChange.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Script to report the last time the local account had it's password changed.
4 |
5 | # Author : contact@richard-purves.com
6 | # Version: 1.0 - Initial Version
7 |
8 | # In order this will read the admin account record
9 | # grep the last password set time field plus the line after it.
10 | # delete the first line to remove the xml header field
11 | # remove all spaces
12 | # strip off the and tags
13 | # replace the T and Z characters with spaces to make things readable.
14 |
15 | lastdate=$( dscl . read /Users/admin | grep -A1 passwordLastSetTime | sed '1d' | sed 's/ $//g' | sed -e "s/\(.*\)<\/date>/\1/" | tr "|" " " | sed 's/T/\ /' | sed 's/Z/\ /' )
16 |
17 | # Now report to the JSS
18 |
19 | echo "$lastdate"
20 |
--------------------------------------------------------------------------------
/BootcampDetect.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # Script to detect if a Bootcamp partition is present
4 | # Returns "Present" or "Not Present" for clarity.
5 |
6 | # Implemented : contact@richard-purves.com
7 | # Version 1.0 : 18-12-2012 - Initial Version
8 |
9 | # Shamelessly stolen from http://derflounder.wordpress.com/2012/12/17/detecting-boot-camp-partitions-with-casper/
10 |
11 | # Using diskutil list to check for disk partitions reporting as "Microsoft Basic Data"
12 |
13 | BOOTCAMP_DETECT=$( /usr/sbin/diskutil list | grep -c "Microsoft Basic Data" )
14 |
15 | # If Microsoft Basic Data partition is reported by diskutil,
16 | # script reports "Present" else it reports "Not Present"
17 |
18 | if [[ "${BOOTCAMP_DETECT}" == "1" ]]; then
19 | result="Present"
20 | else
21 | result="Not Present"
22 | fi
23 | echo "${result}"
24 |
25 | exit 0
26 |
--------------------------------------------------------------------------------
/RemoveLocalAdmins.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # EA to find non authorised local accounts. This will remove their admin privs but leave the accounts behind.
4 |
5 | # Author : contact@richard-purves.com
6 | # Version : 1.0 - Initial Version
7 |
8 | # Find all users on the computer between UID's 501 - 1000.
9 | # Lower than 501 are system accounts plus ours.
10 | # Greater than 1000 are Active Directory accounts. They may be authorised.
11 |
12 | # I split these lines up for clarity. You could do it all on one line, but it works.
13 |
14 | UserList=$( dscl . list /Users UniqueID )
15 | UserList=$( echo $UserList | awk '$2 >= 501 {print $1}' )
16 | UserList=$( echo $UserList | awk '$2 <= 1000 {print $1}' )
17 |
18 | # Did we find anything? Quit if we did not.
19 |
20 | if [ $UserList = "" ];
21 | then
22 | echo "No local accounts"
23 | exit 0
24 | fi
25 |
26 | # Go through the user folder, find the uid of an account and process
27 | # Let's make sure we exclude the Shared folder ;)
28 |
29 | for Account in "$UserList"
30 | do
31 | /usr/sbin/dseditgroup -o edit -d $Account -t user admin
32 | LocalAct="$LocalAct $Account"
33 | done
34 |
35 | echo "Local accounts : $LocalAct"
36 |
--------------------------------------------------------------------------------
/UpdateWarning.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Extension attribute to warn if updates are required because none have been done for 30 days.
4 | # Change the "updatelimit" variable to define the amount of days a computer can go without updating.
5 |
6 | updatelimit="30"
7 |
8 | # Does lastupdated file exist?
9 | if [ -a /usr/lastupdated ] ;
10 | then
11 |
12 | # Read lastupdated file entry into date and store in variable
13 | lastupdate=$(date -j -f '%a %d %b %Y %T %Z' "`cat /usr/lastupdated`" '+%s')
14 |
15 | # Read current date as total number of seconds
16 | currentepochtime="$(date "+%s")"
17 |
18 | # Work out how many seconds difference there are between them
19 | DIFF=$(expr $currentepochtime - $lastupdate)
20 |
21 | # Convert no. of seconds into minutes, hours and days.
22 | m=`expr $DIFF / 60`
23 | h=`expr $m / 60`
24 | d=`expr $h / 24`
25 |
26 | # Is number of days greater than the update policy threshold?
27 | if [ $d -gt $updatelimit ];
28 | then
29 | echo "Warning"
30 | else
31 | echo "Don't Warn"
32 | fi
33 |
34 | # However ...
35 | else
36 |
37 | # Nope its not there. Return error.
38 | echo "Data Not Available"
39 |
40 | # Close if statement
41 | fi
42 |
43 | # All done!
44 | exit 0
--------------------------------------------------------------------------------