From f6742e0ac3d328216aab43839dee507f8e7b7fc2 Mon Sep 17 00:00:00 2001 From: Thomas Sachs Date: Mon, 8 Oct 2018 20:33:20 +0200 Subject: [PATCH 1/5] updated fvsetup.sh to comply with shellcheck --- scripts/macos/fvsetup.sh | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/scripts/macos/fvsetup.sh b/scripts/macos/fvsetup.sh index d69e37372..4bcd13ea2 100755 --- a/scripts/macos/fvsetup.sh +++ b/scripts/macos/fvsetup.sh @@ -1,9 +1,9 @@ -#!/bin/bash +#!/usr/bin/env bash -# This script will enable filevault if not enabled, and add the users specified in fvusers.plist to filevault -# It is meant to be used by system admins and should be run as root +# This script will enable FileVault if not enabled, and add the users specified in fvusers.plist to FileVault. +# It is meant to be used by system admins and should be run with root permissions. # fvusers.plist is a sample plist file. All passwords mentioned in the plist should be cleartext. -# For security purpose, make sure the plist file is deleted and users change their password post filevault configuration. +# For security purpose, make sure the plist file is deleted and users change their password post FileVault configuration. set -e @@ -11,19 +11,19 @@ STATUS_STR="FileVault is On." ENABLED_MSG="Please reboot to complete the process" USERADD_MSG="User added to filevault" enabled=1 -fvStatus=`fdesetup status` +fvStatus=$(fdesetup status) -if [[ $STATUS_STR != $fvStatus ]]; then - fdesetup enable -inputplist < fvusers.plist - enabled=0 +if [[ "$STATUS_STR" != "$fvStatus" ]]; then + fdesetup enable -inputplist < fvusers.plist + enabled=0 else - fdesetup add -inputplist < fvusers.plist + fdesetup add -inputplist < fvusers.plist fi retcode=$? -echo "status: "$retcode -if [[ $retcode -eq 0 ]]; then - msg=$([ "$enabled" == 0 ] && echo "$ENABLED_MSG" || echo "$USERADD_MSG") - echo $msg +echo "status: $retcode" +if [[ "$retcode" -eq 0 ]]; then + msg=$([ "$enabled" == 0 ] && echo "$ENABLED_MSG" || echo "$USERADD_MSG") + echo "$msg" else - echo "Error occurred" -fi \ No newline at end of file + echo "Error occurred" +fi From 68a02e9d10931ca28cd38c88107b6aa528deae05 Mon Sep 17 00:00:00 2001 From: Thomas Sachs Date: Mon, 8 Oct 2018 20:39:33 +0200 Subject: [PATCH 2/5] updated hide_mac_app.sh to comply with shellcheck --- scripts/macos/hide_mac_app.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/macos/hide_mac_app.sh b/scripts/macos/hide_mac_app.sh index 770275619..0ecdff336 100755 --- a/scripts/macos/hide_mac_app.sh +++ b/scripts/macos/hide_mac_app.sh @@ -1,6 +1,6 @@ -#!/bin/bash -if [ $UID != 0 ]; then - (>&2 echo "Error: $0 must be run as root") +#!/usr/bin/env bash +if [[ "$UID" -ne 0 ]]; then + (>&2 echo "Error: $0 must be run with root permissions.") exit 1 fi defaults write /Library/LaunchAgents/com.jumpcloud.jcagent-tray Disabled -bool true From 35ed6f7afe83f1981d70a6a1e9bf6e53211cb01d Mon Sep 17 00:00:00 2001 From: Thomas Sachs Date: Mon, 8 Oct 2018 20:43:05 +0200 Subject: [PATCH 3/5] changed install_agent.sh file mode from non executeable to executable and added bash environment --- scripts/macos/install_agent.sh | 2 ++ 1 file changed, 2 insertions(+) mode change 100644 => 100755 scripts/macos/install_agent.sh diff --git a/scripts/macos/install_agent.sh b/scripts/macos/install_agent.sh old mode 100644 new mode 100755 index 7529cca97..112b8da7f --- a/scripts/macos/install_agent.sh +++ b/scripts/macos/install_agent.sh @@ -1,3 +1,5 @@ +#!/usr/bin/env bash + # Replace YOUR_CONNECT_KEY with your actual key found on the new system aside in the admin console curl -o /tmp/jumpcloud-agent.pkg "https://s3.amazonaws.com/jumpcloud-windows-agent/production/jumpcloud-agent.pkg" From 989f16296be3f084d1174df7cc37d4111ef15ef4 Mon Sep 17 00:00:00 2001 From: Thomas Sachs Date: Mon, 8 Oct 2018 20:51:40 +0200 Subject: [PATCH 4/5] changed install_agent_and_serviceaccount.sh file mode from non executeable to executable and added bash environment and improved formatting --- .../macos/install_agent_and_serviceaccount.sh | 39 +++++++++---------- 1 file changed, 19 insertions(+), 20 deletions(-) mode change 100644 => 100755 scripts/macos/install_agent_and_serviceaccount.sh diff --git a/scripts/macos/install_agent_and_serviceaccount.sh b/scripts/macos/install_agent_and_serviceaccount.sh old mode 100644 new mode 100755 index bc2b32913..d1ee5048c --- a/scripts/macos/install_agent_and_serviceaccount.sh +++ b/scripts/macos/install_agent_and_serviceaccount.sh @@ -1,3 +1,4 @@ +#!/usr/bin/env bash # # Populate the below variables before running the command # @@ -5,37 +6,35 @@ # Enter your connect key within the "" of YOUR_CONNECT_KEY="" with your orgs key found on the new system aside in the admin console YOUR_CONNECT_KEY="" -# Enter the SECURETOKEN_ADMIN_USERNAME within the "" of SECURETOKEN_ADMIN_USERNAME="" +# Enter the SECURETOKEN_ADMIN_USERNAME within the "" of SECURETOKEN_ADMIN_USERNAME="" SECURETOKEN_ADMIN_USERNAME="" -# Enter the SECURETOKEN_ADMIN_PASSWORD within the "" of SECURETOKEN_ADMIN_PASSWORD="" with the credentials of the admin with a secure token +# Enter the SECURETOKEN_ADMIN_PASSWORD within the "" of SECURETOKEN_ADMIN_PASSWORD="" with the credentials of the admin with a secure token SECURETOKEN_ADMIN_PASSWORD="" #--------------------Do not modify below this line-------------------- MacOSMinorVersion=$(sw_vers -productVersion | cut -d '.' -f 2) -MacOSPatchVersion=$(sw_vers -productVersion | cut -d '.' -f 3) -if [[ $MacOSMinorVersion -lt 13 ]]; then - echo "Error: Target system is not on macOS 10.13" - exit 2 +if [[ "$MacOSMinorVersion" -lt 13 ]]; then + echo "Error: Target system is not on macOS 10.13" + exit 2 else - -curl --silent --output /tmp/jumpcloud-agent.pkg "https://s3.amazonaws.com/jumpcloud-windows-agent/production/jumpcloud-agent.pkg" > /dev/null -mkdir -p /opt/jc -cat <<-EOF > /opt/jc/agentBootstrap.json -{ -"publicKickstartUrl": "https://kickstart.jumpcloud.com:443", -"privateKickstartUrl": "https://private-kickstart.jumpcloud.com:443", -"connectKey": "$YOUR_CONNECT_KEY" -} + curl --silent --output /tmp/jumpcloud-agent.pkg "https://s3.amazonaws.com/jumpcloud-windows-agent/production/jumpcloud-agent.pkg" > /dev/null + mkdir -p /opt/jc + cat <<-EOF > /opt/jc/agentBootstrap.json + { + "publicKickstartUrl": "https://kickstart.jumpcloud.com:443", + "privateKickstartUrl": "https://private-kickstart.jumpcloud.com:443", + "connectKey": "$YOUR_CONNECT_KEY" + } EOF - -cat <<-EOF > /var/run/JumpCloud-SecureToken-Creds.txt -$SECURETOKEN_ADMIN_USERNAME;$SECURETOKEN_ADMIN_PASSWORD + cat <<-EOF > /var/run/JumpCloud-SecureToken-Creds.txt + $SECURETOKEN_ADMIN_USERNAME;$SECURETOKEN_ADMIN_PASSWORD EOF -installer -pkg /tmp/jumpcloud-agent.pkg -target / & + installer -pkg /tmp/jumpcloud-agent.pkg -target / & fi -exit 0 \ No newline at end of file + +exit 0 From f2046845cf85b38feb772bd3df9f0e16cc5fad87 Mon Sep 17 00:00:00 2001 From: Thomas Sachs Date: Mon, 8 Oct 2018 21:00:36 +0200 Subject: [PATCH 5/5] changed verify_serviceaccount.sh file mode from non executeable to executable and added bash environment and improved formatting --- scripts/macos/verify_serviceaccount.sh | 36 ++++++++++++++------------ 1 file changed, 19 insertions(+), 17 deletions(-) mode change 100644 => 100755 scripts/macos/verify_serviceaccount.sh diff --git a/scripts/macos/verify_serviceaccount.sh b/scripts/macos/verify_serviceaccount.sh old mode 100644 new mode 100755 index 57fe8218d..3d814ef6e --- a/scripts/macos/verify_serviceaccount.sh +++ b/scripts/macos/verify_serviceaccount.sh @@ -1,34 +1,36 @@ +#!/usr/bin/env bash + MacOSMinorVersion=$(sw_vers -productVersion | cut -d '.' -f 2) MacOSPatchVersion=$(sw_vers -productVersion | cut -d '.' -f 3) -if [[ $MacOSMinorVersion -lt 13 ]]; then - echo "Error: Target system is not on macOS 10.13" - exit 2 -fi +# if [[ "$MacOSMinorVersion" -lt 13 ]]; then +# echo "Error: Target system is not on macOS 10.13" +# exit 2 +# fi JCSA_Username="_jumpcloudserviceaccount" JCSA_FullName="JumpCloud Service Account" sysadmin_name="sysadminctl" -if [[ $MacOSMinorVersion -eq 13 ]]; then - if [[ $MacOSPatchVersion -lt 4 ]]; then - sysadmin_name="/opt/jc/bin/sysadminkludge" - fi +if [[ "$MacOSMinorVersion" -eq 13 ]]; then + if [[ "$MacOSPatchVersion" -lt 4 ]]; then + sysadmin_name="/opt/jc/bin/sysadminkludge" + fi fi result=$($sysadmin_name -secureTokenStatus $JCSA_Username 2>&1 ) -unknown_user=$(echo $result | grep "Unknown user $JCSA_Username") -enabled=$(echo $result | grep "Secure token is ENABLED for user $JCSA_FullName") +unknown_user=$(echo "$result" | grep "Unknown user $JCSA_Username") +enabled=$(echo "$result" | grep "Secure token is ENABLED for user $JCSA_FullName") -if [[ ! -z $unknown_user ]]; then - echo "Error: JumpCloud Service Account not installed" - exit 2 +if [[ ! -z "$unknown_user" ]]; then + echo "Error: JumpCloud Service Account not installed." + exit 2 fi -if [[ -z $enabled ]]; then - echo "Error: JumpCloud Service Account does not have a secure token" - exit 3 +if [[ -z "$enabled" ]]; then + echo "Error: JumpCloud Service Account does not have a secure token." + exit 3 fi -echo "Success: JumpCloud Service Account has been properly created" +echo "Success: JumpCloud Service Account has been properly created." exit 0