Pull TeamID and BundleID from KextPolicy in scripts

This type of thing is usually done interactively, but when I’m piping output that doesn’t work. So here’s a quick one-liner in bash for pulling the TeamID and BundleID from kexts out of the KextPolicy sqlite database:

sqlite3 /var/db/SystemPolicyConfiguration/KextPolicy "SELECT * from kext_policy;" ".exit"

Approve Or Deny GSuite Access For Devices

The Google Directory integration with GSuite allows you to manage which devices have access to GSuite. This allows you to control access based on a variety of factors.

Below, you’ll find a Google Cloud Function that is meant to respond to a webhook. This function takes an action to set a device into ‘approve’ or ‘deny’ as a state within Google Directory. Before using the function you’ll want to set CustomerID, ResourceID, and EMAIL_ACCOUNT for your GSuite account before using.

Once you have all that, you can upload mobiledevice.py in your Google Cloud Console.

#
# Google Cloud Function meant to respond to a webhook
# Takes an action to set a device into approve or deny state
# Set CustomerID, ResourceID, and EMAIL_ACCOUNT for your GSuite account before using
#

from google.oauth2 import service_account
import googleapiclient.discovery

SCOPES = ['https://www.googleapis.com/auth/admin.directory.device.mobile']
SERVICE_ACCOUNT_FILE = 'auth.json'
EMAIL_ACCOUNT = ''


def get_credential():
credentials = service_account.Credentials.from_service_account_file(SERVICE_ACCOUNT_FILE, scopes=SCOPES)
delegated_credentials = credentials.with_subject(EMAIL_ACCOUNT)
# admin = googleapiclient.discovery.build('admin', 'directory_v1', credentials=credentials)
admin = googleapiclient.discovery.build('admin', 'directory_v1', credentials=delegated_credentials)
return admin


def get_mobiledevice_list(admin, customerId):
results = admin.mobiledevices().list(customerId=customerId).execute()
mobiledevices = results.get('mobiledevices', [])
print('mobile devices name and resourceId')
for mobiledevice in mobiledevices:
print(u'{0} ({1})'.format(mobiledevice['name'], mobiledevice['resourceId']))
return results


def action_mobiledevice(admin, customerId, resourceId, actionName): # actionName: "approve", "block",etc body = dict(action=actionName)
results = admin.mobiledevices().action(customerId=customerId, resourceId=resourceId, body=body).execute()
return results


def main():
admin = get_credential()
customerId = ''
resourceId = ''
action = "approve"
#action = "block"

mobiledevice_list = get_mobiledevice_list(admin, customerId)
print(mobiledevice_list)

action_mobiledevice(admin, customerId, resourceId, action)
print ("Approved successfully")


if __name__ == '__main__':
main()

This is likely to evolve, given that you’ll likely want to migrate your settings into a database as part of your build process, but the general logic is here for now. Happy Googleatinging!

Manage the Look of Launchpad

You can control the number of columns and rows in LaunchPad. To do so, edit the com.apple.doc defaults domain with the key springboard-rows for the number of rows to display and springboard-columns to control the number of columns displayed. So to set the number of rows LaunchPad will show per screen, send the write verb into defaults for com.apple.dock along with the springboard-rows and an -int of 4:

defaults write com.apple.dock springboard-rows -int 4

Likewise, to set columns to 8:

defaults write com.apple.dock springboard-columns -int 8

Then just killall for Dock:

killall Dock

In some cases you will also need to send a resetlaunchpad boolean into com.apple.dock (for TRUE) along with a killall for Dock (or reboot):

defaults write com.apple.dock resetlaunchpad -bool TRUE; killall Dock

Get Your CustomerID From G Suite

There are a few ways to grab your CustomerID from G Suite. This is important when configuring SSO or when interfacing with G Suite programmatically (through their lovely API).

The first and easiest way is to look at the web interface. This isn’t the most intuitive. To find the key, open Google Admin and then browse to Security in the menu in the upper left-hand corner, clicking on Dashboard.

Click on Single Sign On and then scroll down until you see EntityID. The EntityID is going to be everything after the = such as C034minsz9330 as follows

You can also find it by visiting the GooglePlay at https://play.google.com/work/adminsettings?pli=1 where it’s listed as Organization ID.

I don’t think this key can be changed. Once you have the key, you can communicate with the Google API Gateway. For example:

curl 'https://www.googleapis.com/admin/directory/v1/customers/$CUSTOMERKEY' \
--header 'Authorization: Bearer [$ACCESSTOKEN]' \
--header 'Accept: application/json' \
--compressed

Setup Google Cloud Functions

Google Cloud Functions provide a streamlined method for running a simple micro-service leveraging custom functions as well as SDKs for any Google service that can be imported into your script. Currently, node.js is the only non-beta language you can build scripts in.

Permissions

Before you setup Google Cloud Functions in your G Suite domain, first provide the account of a developer with the appropriate permissions, identified in the attached screen. 

Enable The SDKs You Need

G Suite has a number of features exposed to their API by importing SDKs into projects. As an example, the Admin SDK provides us with endpoints and classes that make developing micro services to perform actions in the G Suite admin portal easier. In this section we’ll import that SDK, although the tasks for importing other SDKs is similar. 

To get started, open the Google Cloud Platform using the button in the upper left hand corner and click on APIs and Services (the names of these buttons change over time).

TheClick on the Enable APIs and Services button in the dashboard.

Under Credentials, provide the appropriate credentials for the app you’re importing the SDK into.

Search for Admin SDK in the search dialog.

Click Admin SDK, made by Google.

Click Enable.

Once enabled, you’ll need to create a service account for your function to communicate with.

Setup A Service Account

Service accounts give you a JWT, useful to authenticate from a Google Cloud Function back to an instance of the GSuite Admin portal endpoints. To setup a Service account, go to “IAM & admin” using the button in the upper left hand corner. 

Click on Services Accounts.

Provide a project name and a location (if your organization uses locations, otherwise leave that set to No Organization.

Create Your Google Cloud Function

The Google Cloud Function is the microservice that you can then call. This might be sending some json from an app to perform a task from an app, or sending a webhook to the function to perform an action. To get started with functions, click Cloud Function at the bottom of the Google Cloud Platform dashboard.

If functions aren’t enabled, click Enable Billing.

If necessary, click UPGRADE.

The function api will also need to be enabled; if so, click Enable API.

Once all of this is done, you should have a button that says Create function. Click that and then you’ll be able to provide settings for the function.

Settings include the following:

  • Name: How the function is called in the admin panel. 
  • Memory allocated: How much memory the function can consume.
  • Trigger: Most will use HTTP for our purposes.
  • URL: The URL you use to call the function. 
  • Source: The code (typically node.js) that is run.

Note: The package.json allows for us to leverage this function in a multi-tenant fashion. 

Once enabled, you can hit the endpoint. If there’s no header parameters you need to send, that could be as simple as:

curl https://us-central1-alpine-canto-231018.cloudfunctions.net/test-function

Obtain A List Of Devices or Apps In ZuluDesk Using Bash

The curl command can be used to authenticate to an API using a variety of authentication types such as Bearer, OAuth, Token, and of course Basic. To authenticate to the ZuluDesk API, first create an API token. This is done by logging into ZuluDesk, clicking Organization, then Settings, then API, an then clicking on the Add API Key button.

Once you have your API key, your header will look as follows:

GET /users HTTP/1.1 User-Agent: curl/7.24.0 X-Server-Protocol-Version: 2 Authorization: Basic YOURTOKENHERExxx000111222== Content-Length: 0

The curl command can do this would be as follows, simply converting these into separate values in the -H or header. The URL provided will do a GET against devices, displaying a list of devices in json:

curl -S -i -k -H "Content-Length: 0" "User-Agent: curl/7.24.0" X-Server-Protocol-Version: 2" "Authorization: Basic YOURAPITOKENxx000111222==" https://apiv6.zuludesk.com/devices/

Once you have the “serialNumber” you can programmatically perform a number of other tasks using a POST. Another example would be obtaining a list of apps, done using the /apps/ endpoint.

curl -S -i -k -H "Content-Length: 0" "User-Agent: curl/7.24.0" X-Server-Protocol-Version: 2" "Authorization: Basic YOURAPITOKENxx000111222" https://apiv6.zuludesk.com/apps/

You can also run a POST in the same fashion. In the following we’ll do that, sending a simple delete command to the group 505

curl -X DELETE -S -i -k -H "Content-Length: 0" "User-Agent: curl/7.24.0" X-Server-Protocol-Version: 2" "Authorization: Basic YOURAPITOKENxx000111222" https://apiv6.zuludesk.com/users/groups/:505

Overall, the ZuluDesk API is pretty easy to use and follow with just some basic curl commands.

Convert a SQL Dump to Excel

The attached script can be used to migrate data out of a sqldump and into csv and xls for further analysis or ETL’ing. The name of each table is used to create a separate csv file (e.g. table1.csv) and an xls representation of each table is put into a workbook in a spreadsheet.

The script requires Python 3.7. So if you’re on a Mac you might need to install that. Here, we use Homebrew to do so:

brew install python3

Then you’d need to install the specific mods:

python3 -m pip install pandas

python3 -m pip install openpyxl

The command is then run as follows:

python3 sqlcsvxlsexport.py <sql dump file> <target directory>

The script is accessible here: