krypted.com

Tiny Deathstars of Foulness

The videos from the MacADUK sessions are now available on the Internets! Including such great sessions as “What’s New With Managing macOS and iOS” from Marko Jung, “Something something commercial, something something open source” from Graham Gilbert, “Desired State Management Through Automation with Jamf Pro” from John Kitzmiller, “Advanced Mac Software Deployment and Configuration – Just Make it Work” from Tim Sutton, “Securing the Managed Environment – you, me, and everybody” from Pepijn Bruienne, “Munki and Patch. A Comparison” from Ben Toms & James Ridsdale, “Locking down macOS without Locking Up Users (The Sequel)” from Samuel Keeley. Totes fun!

Watch them at https://online-training.amsys.co.uk/courses/macaduk-2017

March 28th, 2017

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , ,

Leave a Comment

There is a new service in macOS, called Tetherator. Tethered-caching is a script that allows you to easily and quickly interact with the tethered-caching service, which has a few kinda’ cool options. This is on a client, and really speeds up all that crazy provisioning stuff you do. It can also check for the presence of a macOS Caching Server and use that as a source for the cache. The tethered-caching script is located at /usr/bin/tethered-caching.

Before you do anything with the service, check the status. That’s done with the -s option (there’s also a -v option to get verbose):

tethered-caching -s

The results before activated should be as follows:

2017-02-28 10:44:45.730 AssetCacheTetheratorUtil[3665:182657] Tetherator is disabled: (no error)
2017-02-28 10:44:45.746 AssetCacheActivatorUtil[3666:182664] Built-in caching server can be activated.
2017-02-28 10:44:45.762 AssetCacheActivatorUtil[3667:182673] Built-in caching server is deactivated: (no error)

Then start the service using the -n option in tethered-caching, along with the IP range to be used:

tethered-caching -n 192.168.1.0

This sets the ListenRanges key in the plist and should result in an activation process that appears as follows:

Starting tethered caching…
2017-02-28 10:47:59.691 AssetCacheActivatorUtil[3848:192902] Built-in caching server can be activated.
2017-02-28 10:47:59.706 AssetCacheActivatorUtil[3849:192910] Built-in caching server is deactivated: (no error)
Filtering the log data using “subsystem == “com.apple.AssetCache” AND messageType == 16″
Timestamp (process)[PID]
2017-02-28 10:48:05.098735-0600 localhost AssetCache[2882]: [com.apple.AssetCache.builtin] Built-in Caching Server activated. Exiting to allow re-launch.
2017-02-28 10:48:05.207493-0600 localhost AssetCache[2882]: [com.apple.AssetCache.builtin] Built-in Caching Server shutting down (0)
2017-02-28 10:48:07.362926-0600 localhost AssetCache[3862]: [com.apple.AssetCache.builtin] Built-in Caching Server version 170 started
2017-03-02 10:45:53.753 AssetCacheTetheratorUtil[29283:2526186] Tetherator enabled.
Started tethered caching. To stop it, press control+c once.

At this point, you’re calling /usr/bin/AssetCacheLocatorUtil to register and then start /usr/libexec/AssetCache/AssetCache via /System/Library/Preferences/Logging/Subsystems/com.apple.AssetCacheServices.plist which defaults read nets:

{Activator = {};
"DEFAULT-OPTIONS" = {
"Default-Privacy-Setting" = Public;
"Enable-Oversize-Messages" = 1;
"Event-Log" = {
Enabled = Inherit;};
Level = {
Enable = Inherit;
Persist = Inherit;};
TTL = {Debug = 0;Default = 10;Info = 10;};};
Daemon = {};
Extensions = {};
Framework = {};
Tetherator = {};}

The AssetCache preferences can be seen by catting /Library/Preferences/com.apple.AssetCache.plist:

Activated = 0;
CacheLimit = 0;
DataPath = "/Library/Caches/com.apple.AssetCache";
LastConfigData = ;
LastConfigURL = "http://suconfig.apple.com/resource/registration/v1/config.plist";
LastPort = 50775;
ListenRanges = ({first = "192.168.1.1";last = "192.168.1.254";});
ListenRangesOnly = 1;
LocalSubnetsOnly = 0;
PeerLocalSubnetsOnly = 1;
Port = 0;
PublicRanges = automatic;
ReservedVolumeSpace = 2000000000;
SavedCacheDetails = {};
SavedCacheDetailsOrder = ("Mac Software","iOS Software","Apple TV Software",iCloud,Books,"iTunes U",Movies,Music,Other);
SavedCacheDetailsStrings = {All the language keys as arrays - which I cut out to truncate the contents of the plist read};
SavedCacheSize = 0;
ServerGUID = "C5F29418-6158-4D3B-9162-XXX";
Version = 1;

Note that in the above, the LastConfigData key is pulled at activation by curling http://suconfig.apple.com/resource/registration/v1/config.plist. I’ve truncated the key as it’s kinda’ long…

A simple command that will be pretty common is to increase the size of the cache. To do so, you’d just edit that CacheLimit key to be the number that you want the cache to be. In the following example, we’re writing the CacheLimit key into AssetCache.plist at 100 gigs:

defaults write /Library/Preferences/com.apple.AssetCache.plist CacheLimit -int 100000000000

There’s also com.apple.AssetCache.builtin.plist in /Library/LaunchDaemons which starts the builtin AssetCache, AssetCacheC, and CacheDelete service.

Once started, you will have a sqlite3 database called AssetInfo.db at /Library/Caches/com.apple.AssetCache. A basic structure of how data is stored includes the following tables:

  • ZAFFINITY with the following column: Z_PK INTEGER PRIMARY KEY, Z_ENT INTEGER, Z_OPT INTEGER, ZLASTSAVED TIMESTAMP, ZID VARCHAR
  • ZASSET with the following columns: Z_PK INTEGER PRIMARY KEY, Z_ENT INTEGER, Z_OPT INTEGER, ZMD5OFFSET INTEGER, ZTOTALBYTES INTEGER, ZCREATIONDATE TIMESTAMP, ZLASTACCESSED TIMESTAMP, ZCHECKSUM VARCHAR, ZGUID VARCHAR, ZINDEX VARCHAR, ZLASTMODIFIEDSTRING VARCHAR, ZNAMESPACE VARCHAR, ZURI VARCHAR, ZMD5CONTEXT BLOB
  • Z_METADATA with the following columns: Z_VERSION INTEGER PRIMARY KEY, Z_UUID VARCHAR(255), Z_PLIST BLOB
  • Z_MODELCACHE with just the Z_CONTENT column
  • TABLE Z_PRIMARYKEY with the following columns: Z_ENT INTEGER PRIMARY KEY, Z_NAME VARCHAR, Z_SUPER INTEGER, Z_MAX INTEGER

Once enabled, updates will be cached to the computer that the service is enabled on, metadata stored in the previously mentioned database, and then change ports and network ranges when needed.

March 27th, 2017

Posted In: Apple Configurator, Apple TV, Apple Watch, iPhone, JAMF, Mac OS X, Mac OS X Server, Mass Deployment, precache

Tags: , , ,

One Comment

This is the first page of a 5 page piece I just finished writing for MacTech. After the last episode of the MacAdmins podcast though, I wanted to go ahead and get some of the information out there. For a much more detailed analysis, check out MacTech!

Apple has a number of different logging APIs. For the past few releases, Apple has tried to capture everything possible in logs, creating what many administrators and developers might consider to be a lot of chatter. As such, an entirely new interface needed to be developed to categorize and filter messages sent into system logs.

Writing Logs

The logger command is still used to create entries in system logs. However, if you are then using tail to view /var/log/system.log then you will notice that you no longer see your entry being written. This is because as the logs being created in macOS have gotten more complex, the tools to read and write those logs has gotten more complicated as well.

Let’s take a simple log entry. Below, we’ll write the string “Hello Logs” into the system log. To do so, use the –i option to put the process id of the logger process and –s to write to the system log, as well as to stderr. To make the entry easier we’ll tag it with –t followed by the string of the tag. And finally, we’ll quote the entry we want written into the log. This is basically the simplest form of an entry:

logger -is -t krypted "Hello Logs"

Once written, use the log command to read your spiffy new entries. This isn’t terribly different than how things worked previously. If you’re a developer, you will need to note that all of the legacy APIs you might be using, which include asl_log_message, NSLog, and syslog, have been redirected to the new Unified Logging system, provided you build software for 10.12 (you can still build as before for 10.11, iOS 9, tvOS 10, and watchOS 3 and below). These are replaced with the os_log, os_log_info, os_log_debug, os_log_error, os_log_fault, and os_log_create APIs (which correspond to various levels of logs that are written).

Reading Logs

Logs are now stored in the tracev3 formatted files in /var/db/diagnostics, which is a compressed binary format. As with all binary files, you’ll need new tools to read the files. Console has been updated with a new hierarchical capability and the ability to watch activities, subsystems, etc.

The log command provides another means of reading those spiffy new logs. To get started, first check out the man page:

man log

That “Hello Logs” string we used earlier is part of a message that you can easily view using the ‘log show’ command. In the below example, we’ll just run a scan of the last 3 minutes, using the –last option, and then providing a –predicate. We’ll explain those a bit later, but think of it as query parameters – here, we’ll specify to look for “Hello Logs” in eventMessage:

log show --predicate 'eventMessage contains "Hello Logs"' --last 3m

Filtering the log data using “eventMessage CONTAINS “Hello Logs”” shows us that our entry appears as follows:

Timestamp                       Thread     Type        Activity             PID

2017-03-23 23:51:05.236542-0500 0x4b83bb   Default     0x0                  88294  logger: Hello Logs

——————————————————————————————————————–

Log      – Default:          1, Info:                0, Debug:             0, Error:          0, Fault:          0

Activity – Create:           0, Transition:          0, Actions:           0

March 26th, 2017

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , ,

Leave a Comment

The next release of iOS (10.3), macOS (10.12.4), and tvOS (10.2) bring us a host of new management features. These include DEP configuration, remote wipe, single app mode, conference room mode, and remote reboot for Apple TVs. The next evolution of iOS brings us sounds in lost mode, the ability to prevent users from connecting to unmanaged wireless networks (just make sure to push that policy after sending down the actual managed wireless networks – or eek), the option to remotely shut down and reboot devices,

The Mac options includes some of the above but also restricting the feature to unlock macOS devices with Touch ID, restrict documents and desktop syncing with Apple’s iCloud service. Shared iPad environments also get new passcode policies.

Jamf Pro 9.98 has also comes with Symantec PKI integration and lots, and lots, and lots of resolutions to product issues. For more, see https://www.jamf.com/blog/are-you-ready-for-apples-next-release/. For a full run-down of profile options and MDM commands: http://docs.jamf.com/9.98/casper-suite/release-notes/What’s_New_in_This_Release.html.

Keeping with Apple’s evolving standards, Managed Preferences and Provisioning Profiles are being deprecated: http://docs.jamf.com/9.98/casper-suite/release-notes/Deprecations_and_Removals.html (which isn’t to say you can’t still deploy these kinds of things using your own scripts, etc).

Finally, if you have a problem in your environment and want to see if it’s been fixed, for a list of defects and product improvements – see http://docs.jamf.com/9.98/casper-suite/release-notes/Bug_Fixes_and_Enhancements.html

March 23rd, 2017

Posted In: JAMF, Mac OS X, Mac OS X Server

Tags: , , , ,

Leave a Comment

You search for items in macOS using compound conditions in a number of ways. One way is with awk. Here, we’re going to grab the output of a simple ls command. That gets piped into an awk statement. Then we’re going to look at the expression to evaluate. Basically, we’re going to say anything that contains com. as well as apple and .plist. Because it’s ls, we’re looking for names of files that match those patterns. Each pattern is listed in brackets. And then there’s the {print} to lay out the action of printing to the files that match the pattern to the screen:

ls |awk '/[com.][apple][.plist]/ {print}'

Note: I know you’re not supposed to use ls in scripts. Don’t care. If it were dates and such, I’d of used stat…

March 14th, 2017

Posted In: Mac OS X, Mac OS X Server

Tags: , , , ,

One Comment

March 8th, 2017

Posted In: Mac OS X Server, Mac Security, MacAdmins Podcast

Leave a Comment

One of my favorite things about grabbing things with scripts is just how many ways (and sometimes how needfully or needlessly convoluted you can make them) to grab the same pieces of information. For example, something as simple as what hosts you use to resolve names on a Mac. There are a number of ways to grab what DNS server a device is using in macOS. So when you’re running a script you might choose to grab DNS information one way or another, according to what you’re after. Some of this might seem more complicated than it should be. And that’s correct…

resolv.conf

The /etc/resolv.conf file is updated automatically to look at what servers are used to resolve names used for DNS. The easiest way to see theses to simply cat it and grep for nameserver:

cat /etc/resolv.conf | grep nameserver

scutil

The next way we’ll grab DNS information is using scutil. Here, we use the –dns option, which outputs a lot of DNS stuffs, including all the built-in resolvers:

scutil --dns

To just grab the name servers:

scutil --dns | grep nameserver

We can also simplify the output to just the servers with awk:

scutil --dns | grep nameserver | awk '{print$3}'

networksetup

The second way is using networksetup. This command has an option to get a DNS server in (shocker) -getdnsservers. However, you have to list the interface for each. So below we’ll dump all interfaces into an array using -listallhardwareports and then read them in using a for loop and querying the name servers.

interfaces=( "$(networksetup -listallhardwareports | grep Hardware | cut -c 16-900)" )
for i in "${interfaces[@]}"
do
networksetup -getdnsservers $i
done

The one tricky thing in this one is I initially forgot to quote the interfaces as they went into the array, which meant each word of the interface was an item in the array and therefore the -getdnsservers option failed. Once I quoted, it was all happy. The other thing I can point out is I used cut instead of sed because it was easier to quote; however, it seems unlikely the name can be more than 890 characters, so I think it’s fine…

dig

You can also use dig. Here, you’ll query for a name without using an @ option, but omit everything but the line with the server that responded:

dig google.com | grep SERVER:

The output is kinda’ fug:

;; SERVER: 4.2.2.2#53(4.2.2.2)

For simpler output, we’ll use sed to constrain the output to just what’s between the parenthesis:

dig google.com | grep SERVER: | sed 's/^.*(//;s/)$//'

nslookup

nslookup is a tool similar to dig, used for querying names. We’ll basically do the same thing as above, just using awk as it’s just a standard position in a line:

nslookup google.com | grep Server: | awk '{print$2}'

system_profiler

Then there’s system_profiler, the command line interface for System Profiler. Here, we can query the SPNetworkDataType. This is going to produce a lot of output, so we can limit it to just the DNS servers using grep to constrain to just the lines we want and awk for just the columns in those lines, as follows:

system_profiler SPNetworkDataType | grep "Domain Name Servers:" | awk '{print$4}'

hosts

@knapjack added to use hosts. I had to use verbose mode to pull the local name server as follows:

host -v -t ns google.com | grep Received | awk '{print $5}'

ipconfig

Thanks to the lovely Allister (@sacrilicious), we also have ipconfig to add to the list:

/usr/sbin/ipconfig getpacket en0 2> /dev/null | grep name_ | cut -d' ' -f3-

There are tons of ways to find things in macOS. Do you have a way to find a DNS server that I didn’t think of here?

March 6th, 2017

Posted In: bash, Mac OS X, Mac OS X Server, Mac Security, Ubuntu

Tags: , , , , , , ,

According to @johnkitzmiller, you can’t spell function without fun. So let’s have some fun! What’s a function? Think of it as a script inside a script. Define functions at the beginning of the script instead of making repeated calls to the same task within a script. The other nice thing about functions is that the act of compartmentalization makes them simple to insert into a number of different scripts. For example, if you do a lot of curl commands to pull down something in a lot of different scripts, having the grabbing of the data as a function, then the parsing of it into an array as a function and ultimately the writing of it or dealing with an stderr as another might make it simpler to then port it into the next script and the next.

Functions are simple to define. Just use (yes, you guessed it) the function command. So let’s look at the most basic function. Here, we’ll wrap a simple echo line inside curly brackets. So the syntax is function followed by the name of the function, followed by a curly bracket to introduce it. Then, I like to put a curly bracket on a line at the end of the function. Then I have a line where I just call the function. Note, there’s no special indicator, like a $ in front of the name of it or anything like that (unless you maybe variabalized it):

#!/bin/bash
function hellokitzy {
echo "Hello Kitzy"
}
hellokitzy

OK, so when you call it, it says hellokitzy. Obviously it could have nested if/thens, whiles, cases, etc. Now, let’s have two functions. In this example, we’ll basically just split the single echo statement into two; then call them in separate lines:

#!/bin/bash
function hello {
echo "Hello"
}
function kitzy {
echo "Kitzy"
}
hello
kitzy

As with shell scripts, you can also push a positional parameter into the function. Here, we pass a positional parameter into the script and it echos a hello to that parameter. You know, making our scripts a bit more personal and all… Then we call the function twice. In the first instance, we just pass the same parameter, but in the second, we actually replace it. We do this to show that the function overwrites the $1 inside that function, but if we did another call to the function we’d just get the original $1 as it doesn’t persist outside of the function:

#!/bin/bash
function term {
exit
}
function hello {
echo "Hello" $1
}
hello $1
hello all
echo "bye"
term

When run with a parameter of Kitzy, the above would simply output:

Hello Kitzy
Hello all
bye

That’s just for positional parameters that you’re feeding into a script though. If you have a variable (let’s call it a) and you update it in a function, then it will be the updated variable after the function. So in the following example, a echos out as two in the end:

#!/bin/bash
a=1
function quit {
a=2
exit
}
echo $a

Overall, functions are easy to use and make your code more modular. The only things that get a little complicated is that unless you know functions, you aren’t sure what’s going on in the beginning and when you are editing variables throughout the script you wanna’ make sure you know what changed things and when.

OK, now you – have fun with functions, and feel free to use the comments to post some you wrote!

February 28th, 2017

Posted In: Mac OS X, Mac OS X Server, Mac Security, Unix

Tags: , , , ,

If you fire up a connection to Postgres on a Profile Manager server, you can see a list of all the databases and tables on the server, respectively:

sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0
devicemgr_v2m0=# \list
devicemgr_v2m0=# \dt

The list of tables is as follows:

Name | Owner | Encoding | Collate | Ctype | Access privileges
----------------+------------+----------+---------+-------+---------------------------
devicemgr_v2m0 | _devicemgr | UTF8 | C | C |
postgres | _devicemgr | UTF8 | C | C |
template0 | _devicemgr | UTF8 | C | C | =c/_devicemgr +
| | | | | _devicemgr=CTc/_devicemgr
template1 | _devicemgr | UTF8 | C | C | =c/_devicemgr +
| | | | | _devicemgr=CTc/_devicemgr

The list of relations is much more lengthy, but if you parse it then you can then use a string of commands to dump the contents of each table into a stand-alone CSV file:

sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From abstract_asm_library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/abstract_asm_library_items.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From abstract_asm_users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/abstract_asm_users.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From active_locales) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/active_locales.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From app_configurations) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/app_configurations.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From asset_metadata) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/asset_metadata.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From assets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/assets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From assets_localized_data) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/assets_localized_data
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From auto_join_profile_usage) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/auto_join_profile_usage.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From auto_join_profiles) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/auto_join_profiles.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From auto_join_profiles_device_groups) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/auto_join_profiles_device_groups.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From certificates) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/certificates.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From completed_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/completed_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From data_files) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/data_files.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From db_notifications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/db_notifications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From deleted_media) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/deleted_media.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From deleted_objects) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/deleted_objects.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_enrollment_settings) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_enrollment_settings.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_group_memberships) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_group_memberships
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_groups) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_groups.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_groups_devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_groups_devices.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/devices.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From dm_schema_information) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/dm_schema_information.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From dynamic_attributes_defaults) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/dynamic_attributes_defaults.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From ebooks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/ebooks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From edu_classes) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/edu_classes.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From edu_classes_library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/edu_classes_library_items
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From edu_devices_users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/edu_devices_users.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From enterprise_apps) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/enterprise_apps.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_books) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_books.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_ios_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_ios_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_media) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_media.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_osx_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_osx_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_profiles) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_profiles.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From internal_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/internal_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_assets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_assets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_devices.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_printers) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_printers.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_system_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_system_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_widgets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_widgets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From lab_sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/lab_sessions.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_item_metadata) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/.library_item_metadata.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_item_settings) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_item_settings.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_item_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_item_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_items.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_items_assets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_items_assets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From mdm_targets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/mdm_targets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From mdm_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/mdm_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From media) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/media.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From network_lab_sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/network_lab_sessions.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From od_library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/od_library_items.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From od_nodes) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/od_nodes.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From od_searches) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/od_searches.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From os_updates) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/os_updates.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From os_updates_devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/os_updates_devices.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From owner_lab_sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/owner_lab_sessions.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From preference_panes) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/preference_panes.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From printers) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/printers.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From profiles) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/profiles.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/sessions.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From settings) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/settings.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From system_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/system_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From target_tombstones) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/target_tombstones.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_group_memberships) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_group_memberships.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_groups) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_groups.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_groups_users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_groups_users.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/users.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From vpp_assigned_licenses) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/vpp_assigned_licenses.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From vpp_products) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/vpp_products.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From widgets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/widgets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From work_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/work_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From xsan_networks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/xsan_networks.csv

Now, if you were to just run a select * from devices; from within devicemgr_v2m0, you would get the following:

id | admin_temp_id | created_at | updated_at | updated_at_xid | library_item_type | order_name | mdm_target_type | user_id | last_checkin_time | last_push_time | first_push_time | last_update_info_time | last_auto_sync_profiles | last_auto_sync_media | processing_tasks | hp_singleton_tasks | lp_singleton_tasks | nn_singleton_tasks | singleton_task_type | singleton_uuid | supported_device_type | token | push_magic | push_avg_response_time | push_response_times | vpp_last_invite_requested | vpp_last_invite_delivered | pending_checkin_token | checkin_token_valid_at | active_checkin_token | DeviceName | ProductName | OSVersion | SerialNumber | udid | identifier | is_dep_device | is_multi_user | pending_user_id | supported_asset_types | mdm_acl | IMEI | MEID | IsSupervised | BluetoothMAC | EthernetMAC | WiFiMAC | DeviceID | airplay_password | color | assigned_dep_profile_uuid | dep_profile_uuid | dep_profile | activation_lock_bypass_code | mdm_activation_lock_bypass_code | last_mdm_refresh_ttl_days

These can then read into an array and dealt with as needed. For example, you can link lists of users and groups or use this as a separate form of backup. Another way to get this data, that would be a bit more future-proofed, would be to read all items in the schema for public on the desired database, and then build an array of name items and a loop. But this is a good start.

February 21st, 2017

Posted In: Mac OS X Server

Tags: , , , , , , ,

You can quickly and easily back up your Filewave databases using the fwcontrol command to stop a Filewave server (thus preserving the integrity of the data you are backing up) and then backing up the database using the /fwxserver directory.

To get started, we’ll first down the server. This is done using the fwcontrol command along with the server option and the stop verb, as follows:

sudo fwcontrol server stop

Now that there won’t be data trying to commit into the database, let’s make a backup of the database directory using the cp command:

cp -rp /fwxserver/DB ~/Desktop/Databasebak

To start the database, use the decontrol command with the server option and the start verb, as follows:

fwcontrol server start

Note, if you will be moving to a new Filewave server, you would want to lock clients during this transition, so before restarting your server, use the sqlite3 command to set the status to 1 in the user table:

sqlite3 /fwxserver/DB/server.sqlite 'update user set status = 1;'

February 15th, 2017

Posted In: Mac OS X, Mac OS X Server, Mac Security, Network Infrastructure

Tags: ,

Next Page »