krypted.com

Tiny Deathstars of Foulness

In the following example script, I’m going to pull a list of just the usernames from fdesetup. sudo fdesetup list The output would be as follows:
charlesedge,F4D8B61D-1234-1234-98F4-103470EE1234 emerald,2E1203EA-1234-4E0D-1234-717D27221234 admin,50058FCF-88DF-1234-1234-91FCF28C0488
I’ll then pipe them into sed and use the , as a delimiter, pulling * or everything before it: sudo fdesetup list | sed 's;,.*;;' As follows:
charlesedge emerald admin

August 29th, 2017

Posted In: bash, Mac OS X, Mac OS X Server

Tags: , , ,

Builtin commands are always kinda’ interesting. At first glance, it’s hard to know which commands are builtins. Luckily, there’s a command that I rarely use, called… command. If you run command with the -V flag it will tell you if the command is a builtin: command -V cd
cd is a shell builtin
If you run a command that isn’t a builtin command -V ls
ls is /bin/ls
Some builtins are in /bin (like echo). But not all builtins are in /bin. Some are in /usr/bin (like cd). Information about how to use builtins is built into the help command rather than standalone man pages. So, if you do help followed by the name of a command, you’ll get information about the command, and sometimes how to use the command: help cd
cd: cd [-L|-P] [dir] Change the current directory to DIR. The variable $HOME is the default DIR. The variable CDPATH defines the search path for the directory containing DIR. Alternative directory names in CDPATH are separated by a colon (:). A null directory name is the same as the current directory, i.e. `.’. If DIR begins with a slash (/), then CDPATH is not used. If the directory is not found, and the shell option `cdable_vars’ is set, then try the word as a variable name. If that variable has a value, then cd to the value of that variable. The -P option says to use the physical directory structure instead of following symbolic links; the -L option forces symbolic links to be followed.
There are also commands not in a path, which can be found using the which command: which dsconfigad
/usr/sbin/dsconfigad

May 6th, 2017

Posted In: bash, Mac OS X

Tags: , , , ,

One of my favorite things about grabbing things with scripts is just how many ways (and sometimes how needfully or needlessly convoluted you can make them) to grab the same pieces of information. For example, something as simple as what hosts you use to resolve names on a Mac. There are a number of ways to grab what DNS server a device is using in macOS. So when you’re running a script you might choose to grab DNS information one way or another, according to what you’re after. Some of this might seem more complicated than it should be. And that’s correct…

resolv.conf

The /etc/resolv.conf file is updated automatically to look at what servers are used to resolve names used for DNS. The easiest way to see theses to simply cat it and grep for nameserver: cat /etc/resolv.conf | grep nameserver

scutil

The next way we’ll grab DNS information is using scutil. Here, we use the –dns option, which outputs a lot of DNS stuffs, including all the built-in resolvers: scutil --dns To just grab the name servers: scutil --dns | grep nameserver We can also simplify the output to just the servers with awk: scutil --dns | grep nameserver | awk '{print$3}'

networksetup

The second way is using networksetup. This command has an option to get a DNS server in (shocker) -getdnsservers. However, you have to list the interface for each. So below we’ll dump all interfaces into an array using -listallhardwareports and then read them in using a for loop and querying the name servers. interfaces=( "$(networksetup -listallhardwareports | grep Hardware | cut -c 16-900)" ) for i in "${interfaces[@]}" do networksetup -getdnsservers $i done The one tricky thing in this one is I initially forgot to quote the interfaces as they went into the array, which meant each word of the interface was an item in the array and therefore the -getdnsservers option failed. Once I quoted, it was all happy. The other thing I can point out is I used cut instead of sed because it was easier to quote; however, it seems unlikely the name can be more than 890 characters, so I think it’s fine…

dig

You can also use dig. Here, you’ll query for a name without using an @ option, but omit everything but the line with the server that responded: dig google.com | grep SERVER: The output is kinda’ fug:
;; SERVER: 4.2.2.2#53(4.2.2.2)
For simpler output, we’ll use sed to constrain the output to just what’s between the parenthesis: dig google.com | grep SERVER: | sed 's/^.*(//;s/)$//'

nslookup

nslookup is a tool similar to dig, used for querying names. We’ll basically do the same thing as above, just using awk as it’s just a standard position in a line: nslookup google.com | grep Server: | awk '{print$2}'

system_profiler

Then there’s system_profiler, the command line interface for System Profiler. Here, we can query the SPNetworkDataType. This is going to produce a lot of output, so we can limit it to just the DNS servers using grep to constrain to just the lines we want and awk for just the columns in those lines, as follows: system_profiler SPNetworkDataType | grep "Domain Name Servers:" | awk '{print$4}'

hosts

@knapjack added to use hosts. I had to use verbose mode to pull the local name server as follows: host -v -t ns google.com | grep Received | awk '{print $5}'

ipconfig

Thanks to the lovely Allister (@sacrilicious), we also have ipconfig to add to the list: /usr/sbin/ipconfig getpacket en0 2> /dev/null | grep name_ | cut -d' ' -f3- There are tons of ways to find things in macOS. Do you have a way to find a DNS server that I didn’t think of here?

March 6th, 2017

Posted In: bash, Mac OS X, Mac OS X Server, Mac Security, Ubuntu

Tags: , , , , , , ,

Recently someone asked me about accepting bash inputs. So I decided to take a stab at writing a little about it up. For the initial one we’ll look at accepting text input. Here, we’ll just sandwich a read statement between two echo commands. In the first echo we’ll ask for a name of a variable. Then we’ll read it in with the read command. And in the second echo we’ll write it out. Using the variable involves using the string of the variable (myvariable in this case) with a dollar sign in front of it, as in $myvariable below: echo "Please choose a number: " read myvariable echo "You picked $myvariable" Read also has a number of flags available to it:
  • -a assigns sequential indexes of the array variable
  • -d sets a delimiter to terminate the input
  • -e accepts the line.
  • -n returns after reading a specified number of characters
  • -p prompts without a trailing newline, before attempting to read any input
  • -r doesn’t use a backslash as an escape character
  • -s runs silent, which doesn’t echo text
  • -t: causes read to time out (number of seconds is right after the -t)
  • -u reads input from a file descriptor
Next, we’ll build on that read statement (note the addition of -p) and use a while to force a user to input a y or n and then parse their selection with a basic case statement: while true; do read -p "Do you wish to continue?" yn case $yn in [Yy]* ) echo "Add your action here"; break;; [Nn]* ) exit;; * ) echo "Please answer yes or no.";; esac done Finally, let’s look at positional parameters. Here, you can feed them at the tail end of the script, as words that are separated by spaces after the name of the script. Here, we simply just echo $0, which is the first position (aka – the name of the script you just ran) and $1 and $2 as the next two. #!/bin/bash echo "You Used These" echo '$0 = ' $0 echo '$1 = ' $1 echo '$2 = ' $2 You could also take $3, $4, etc. This is different than writing flags, which requires a bit more scripting. So if you called the script with: /path/to/script/pospar.sh test1 You would see: You Used These $0 = ./pospar.sh $1 = test1 What tips/additions do you have?

February 14th, 2017

Posted In: bash, Unix

Tags: , , , , , ,