krypted.com

Tiny Deathstars of Foulness

There are two useful commands when scripting operations that involve filenames and paths. The first of these is dirname: dirname can be used to return the directory portion of a path. The second is basename: basename can be used to output the file name portion of a path.

For our first example, let’s say that we have an output of /users/krypted, which we know to be the original short name of my user. To just see just that username, we could use basename to call it:

basename /users/charlesedge

Basename can also be used to trim output. For example, let’s say there was a document called myresume.pdf in my home folder and we wanted to grab that without the file extension. We could run basename using the -s option, followed by the string at the end that we do not want to see to output of (the file extension:

basename -s .pdf /users/charlesedge/myresume.pdf

The dirname command is even more basic. It outputs the directory portion of the file’s path. For example, based on the same string, the following would tell you what directory the user is in:

dirname /users/charlesedge

A great example of when this gets more useful is keying off of currently active data. For example, if we’re scripting a make operation, we can use the which command to get an output that just contains the path to the make binary:

which make

We can then wrap that for expansion and grab just the place that the active make binary is stored:

dirname `which make`

This allows us to key other operations off the path of an object. A couple of notable example of this is home or homeDirectory paths and then breaking up data coming into a script via a positional parameter (e.g. $1).

You can also use variables as well. Let’s say that

homedir=/users/krypted ; dirname $homedir

Finally, keep in mind that dirname is relative, so if you’re calling it for ~/ then you’ll see the output at that relative path.

April 5th, 2017

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , ,

The xxd is a bash command in Linux and macOS that is used to take a hexdump (convert a string to hex), or convert hex back to a string. To use xxd, just call it with a couple of options. Below, we’ll use the -p option to export into plain hexdump, and we’ll quote it and the <<< is to take input rather than a file name to convert (the default behavior), as follows:

xxd -p <<< "hey it's a string"

The output would be a hex string, as follows:

6865792069742773206120737472696e670a

Then use the -r option to revert your hex back to text. Since xxd doesn’t allow for a positional parameter to revert, we’ll simply echo the hex string and pipe it back into xxd, as follows:

echo 6865792069742773206120737472696e670a | xxd -r -p

And the output would be (is):

hey it's a string

Other useful options:

  • -b: Perform a binary dump instead of a hex dump
  • -e: what it looks like when a little endian takes a hex dump
  • -h: get help with the command
  • -len: stop after the defined number of characters
  • -u: use uppercase in the hex, instead of the default lower-case (doesn’t seem to actually work on macOS)
  • -v: grab the version of xxd

April 2nd, 2017

Posted In: Mac OS X, Mac OS X Server, Mac Security, Ubuntu, Unix

Tags: , , , , , ,

<iframe style=”border: none” src=”//html5-player.libsyn.com/embed/episode/id/5219905/height/90/width/640/theme/custom/autonext/no/thumbnail/yes/autoplay/no/preload/no/no_addthis/no/direction/backward/render-playlist/no/custom-color/87A93A/” height=”90″ width=”640″ scrolling=”no”  allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen></iframe>

April 1st, 2017

Posted In: MacAdmins Podcast

Tags: , ,

March 16th, 2017

Posted In: MacAdmins Podcast

Tags: , , , ,

February 23rd, 2017

Posted In: MacAdmins Podcast

Tags: , , ,

If you fire up a connection to Postgres on a Profile Manager server, you can see a list of all the databases and tables on the server, respectively:

sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0
devicemgr_v2m0=# \list
devicemgr_v2m0=# \dt

The list of tables is as follows:

Name | Owner | Encoding | Collate | Ctype | Access privileges
----------------+------------+----------+---------+-------+---------------------------
devicemgr_v2m0 | _devicemgr | UTF8 | C | C |
postgres | _devicemgr | UTF8 | C | C |
template0 | _devicemgr | UTF8 | C | C | =c/_devicemgr +
| | | | | _devicemgr=CTc/_devicemgr
template1 | _devicemgr | UTF8 | C | C | =c/_devicemgr +
| | | | | _devicemgr=CTc/_devicemgr

The list of relations is much more lengthy, but if you parse it then you can then use a string of commands to dump the contents of each table into a stand-alone CSV file:

sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From abstract_asm_library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/abstract_asm_library_items.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From abstract_asm_users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/abstract_asm_users.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From active_locales) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/active_locales.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From app_configurations) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/app_configurations.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From asset_metadata) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/asset_metadata.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From assets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/assets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From assets_localized_data) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/assets_localized_data
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From auto_join_profile_usage) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/auto_join_profile_usage.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From auto_join_profiles) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/auto_join_profiles.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From auto_join_profiles_device_groups) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/auto_join_profiles_device_groups.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From certificates) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/certificates.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From completed_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/completed_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From data_files) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/data_files.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From db_notifications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/db_notifications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From deleted_media) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/deleted_media.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From deleted_objects) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/deleted_objects.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_enrollment_settings) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_enrollment_settings.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_group_memberships) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_group_memberships
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_groups) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_groups.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From device_groups_devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/device_groups_devices.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/devices.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From dm_schema_information) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/dm_schema_information.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From dynamic_attributes_defaults) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/dynamic_attributes_defaults.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From ebooks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/ebooks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From edu_classes) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/edu_classes.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From edu_classes_library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/edu_classes_library_items
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From edu_devices_users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/edu_devices_users.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From enterprise_apps) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/enterprise_apps.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_books) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_books.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_ios_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_ios_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_media) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_media.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_osx_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_osx_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From installed_profiles) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/installed_profiles.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From internal_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/internal_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_assets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_assets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_devices.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_printers) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_printers.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_system_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_system_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From knob_sets_widgets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/knob_sets_widgets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From lab_sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/lab_sessions.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_item_metadata) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/.library_item_metadata.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_item_settings) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_item_settings.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_item_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_item_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_items.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From library_items_assets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/library_items_assets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From mdm_targets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/mdm_targets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From mdm_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/mdm_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From media) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/media.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From network_lab_sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/network_lab_sessions.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From od_library_items) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/od_library_items.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From od_nodes) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/od_nodes.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From od_searches) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/od_searches.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From os_updates) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/os_updates.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From os_updates_devices) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/os_updates_devices.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From owner_lab_sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/owner_lab_sessions.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From preference_panes) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/preference_panes.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From printers) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/printers.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From profiles) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/profiles.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From sessions) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/sessions.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From settings) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/settings.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From system_applications) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/system_applications.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From target_tombstones) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/target_tombstones.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_group_memberships) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_group_memberships.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_groups) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_groups.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_groups_users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_groups_users.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From user_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/user_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From users) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/users.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From vpp_assigned_licenses) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/vpp_assigned_licenses.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From vpp_products) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/vpp_products.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From widgets) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/widgets.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From work_tasks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/work_tasks.csv
sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0 -c "Copy (Select * From xsan_networks) To STDOUT With CSV HEADER DELIMITER ',';" > ~/pmexport/xsan_networks.csv

Now, if you were to just run a select * from devices; from within devicemgr_v2m0, you would get the following:

id | admin_temp_id | created_at | updated_at | updated_at_xid | library_item_type | order_name | mdm_target_type | user_id | last_checkin_time | last_push_time | first_push_time | last_update_info_time | last_auto_sync_profiles | last_auto_sync_media | processing_tasks | hp_singleton_tasks | lp_singleton_tasks | nn_singleton_tasks | singleton_task_type | singleton_uuid | supported_device_type | token | push_magic | push_avg_response_time | push_response_times | vpp_last_invite_requested | vpp_last_invite_delivered | pending_checkin_token | checkin_token_valid_at | active_checkin_token | DeviceName | ProductName | OSVersion | SerialNumber | udid | identifier | is_dep_device | is_multi_user | pending_user_id | supported_asset_types | mdm_acl | IMEI | MEID | IsSupervised | BluetoothMAC | EthernetMAC | WiFiMAC | DeviceID | airplay_password | color | assigned_dep_profile_uuid | dep_profile_uuid | dep_profile | activation_lock_bypass_code | mdm_activation_lock_bypass_code | last_mdm_refresh_ttl_days

These can then read into an array and dealt with as needed. For example, you can link lists of users and groups or use this as a separate form of backup. Another way to get this data, that would be a bit more future-proofed, would be to read all items in the schema for public on the desired database, and then build an array of name items and a loop. But this is a good start.

February 21st, 2017

Posted In: Mac OS X Server

Tags: , , , , , , ,

My latest Inc.com piece is up. This one focuses on perfecting your sales pitch. It starts as follows:

It’s hard to make a sale if you have a lousy sales pitch. Delivering fresh pitches that allow your product or service to stand out from the others is job number one in sales.

So how do you incite interest rather than yawns? Here are six simple tips.

You can find the rest of the article here: http://www.inc.com/charles-edge/how-to-pitch-your-product-in-6-easy-steps.html.

February 16th, 2017

Posted In: Articles and Books

Tags: , , , ,

February 10th, 2017

Posted In: MacAdmins Podcast

Tags: , , ,

When you’re regression testing, you frequently just don’t want any delays for scripts unless you intentionally sleep your scripts. By default Safari has an internal delay that I’d totally forgotten about. So if your GUI scripts (yes, I know, yuck) are taking too long to run, check this out and see if it helps:

defaults write com.apple.Safari WebKitInitialTimedLayoutDelay 0

With a script I was recently working on, this made the thing take about an hour less. Might help for your stuffs, might not.

If not, to undo:

defaults delete com.apple.Safari WebKitInitialTimedLayoutDelay

Enjoy.

February 1st, 2017

Posted In: Mac OS X Server, Mac Security

Tags: , , , , , , , ,

The “What’s New in macOS” page for Sierra (10.12) lays out a little known change that a colleague at Jamf was working on the other day (hat tip to Brock):

Starting in macOS 10.12, you can no longer provide external code or data alongside your code-signed app in a zip archive or unsigned disk image. An app distributed outside the Mac App Store runs from a randomized path when it is launched and so cannot access such external resources. To provide secure execution, code sign your disk image itself using the codesign tool, or distribute your app through the Mac App Store. For more information, see the updated revision to macOS Code Signing In Depth.

This is further explained in the equally misnamed “OS X Code Signing In Depth“:

If using a disk image to ship an app, users should drag the app from the image to its desired installation location (usually /Applications) before launching it. This also applies to apps installed via ZIP or other archive formats or apps downloaded to the Downloads directory: ask the user to drag the app to /Applications and launch it from there.

This practice avoids an attack where a validly signed app launched from a disk image, ZIP archive, or ISO (CD/DVD) image can load malicious code or content from untrusted locations on the same image or archive. Starting with macOS Sierra, running a newly-downloaded app from a disk image, archive, or the Downloads directory will cause Gatekeeper to isolate that app at a unspecified read-only location in the filesystem. This will prevent the app from accessing code or content using relative paths.

The gist is, if an app isn’t signed via the Mac App Store, Gatekeeper is going to limit the ability of the app to launch via “Gatekeeper Path Randomization.” Basically, treat an app from a mounted drive as if it were coming from a Safari download. There are a few ways to distribute app bundles or binaries that do not violate this. One is to sign a disk image that contains such an app:

spctl -a -t open --context context:primary-signature -v /Volumes/MyApp/MyApp.dmg

If spctl runs properly, you should see the following:

/Volumes/MyApp/MyAppImage.dmg: accepted source=mydeveloperid

In the above spctl command, we use the following options:

  • -a assesses the file you indicate (basically required for this operation)
  • -t allows me to specify a type of execution to allow, in this case it’s ‘open’
  • –context
  • -v run verbosely so I can build error correction into any scripts
  • –status while I don’t use status, I could do a second operation to validate that the first worked and use the status option to check it
  • –remove I also don’t use remove, but I could undo what I just did by doing so (or just deleting the dmg

For more on managing Gatekeeper from the command line, see http://krypted.com/mac-security/manage-gatekeeper-from-the-command-line-in-mountain-lion/.

Another method is to remove the lsquarantine attribute, which is automagically applied, using xattr as follows:

xattr -r -d com.apple.quarantine /Volumes/MyApp/MyAppImage.app

The options in the above use of the xattr command:

  • -r run recursively so we catch binaries inside the app bundle
  • -d delete the com.apple.quarantine bit

Xattr has a lot of different uses; you can programmatically manage Finder tags with it, http://krypted.com/mac-os-x/command-line-finder-tags/. To see the full xattr dump on a given file, use the -l option as follows:

xattr -l com.apple.quarantine MyAppImage.dmg

The output is as follows:

xattr: No such file: com.apple.quarantine
MyAppImage.dmg: com.apple.metadata:kMDItemDownloadedDate:
00000000 62 70 6C 69 73 74 30 30 A1 01 33 41 BE 31 0B A5 |bplist00..3A.1..|
00000010 70 D4 56 08 0A 00 00 00 00 00 00 01 01 00 00 00 |p.V………….|
00000020 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 |…………….|
00000030 00 00 00 00 13 |…..|
00000035
MyAppImage.dmg: com.apple.metadata:kMDItemWhereFroms:
00000000 62 70 6C 69 73 74 30 30 A1 01 5F 10 22 63 69 64 |bplist00.._.”cid|
00000010 3A 69 6D 61 67 65 30 30 31 2E 70 6E 67 40 30 31 |:myappimage.dmg@01|
00000020 44 32 36 46 46 44 2E 35 37 31 30 37 30 46 30 08 |D26FFD.571070F0.|
00000030 0A 00 00 00 00 00 00 01 01 00 00 00 00 00 00 00 |…………….|
00000040 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |…………….|
00000050 2F |/|
00000051

This could be helpful when troubleshooting and/or scripting (or just way too much informations!).

Finally, if you’re an application developer, check out new API for App Translocation in the 10.12 SDK for <Security/SecTranslocate.h>  I guess one way to think of this is… Apple doesn’t want you running software this way any more. And traditionally they lock things down further, not less, so probably best to find alternatives to running apps out of images, from a strategy standpoint.

January 25th, 2017

Posted In: Mac OS X, Mac Security

Tags: , , , , ,

« Previous PageNext Page »