def flush_policies():
"""
flush_policies()
Flush all Casper policies. Requires root priviledges.
"""
shell_tools.run("jamf flushPolicyHistory")
def flush_ad_cache():
"""
flush_ad_cache()
Flush the local AD cache
"""
shell_tools.run("dscacheutil -flushcache")
def flush_policies():
"""
flush_policies()
Flush all Casper policies. Requires root priviledges.
"""
shell_tools.run("jamf flushPolicyHistory")
def configure(username):
"""
configure(ad_account)
Basic jamf enrollment
"""
shell_tools.run("jamf recon -realname '%s'" % username)
def configure(username):
"""
configure(ad_account)
Basic jamf enrollment
"""
shell_tools.run("jamf recon -realname '%s'" % username)
def verify_hd_name():
"""
verify_hd_name()
Verify that the disk is named "Macintosh HD," otherwise rename it
"""
if get_hd_name() != "Macintosh HD":
shell_tools.run("diskutil rename / \"Macintosh\ HD\"")
def launchctl_load(name_of_daemon):
"""
load_launch_daemon(name_of_daemon)
Loads the launch daemon
"""
shell_tools.run("launchctl load -w %s/%s" %
(sys_tools.get_sys_path('launchdaemons'), name_of_daemon))
def launchctl_unload(name_of_daemon):
"""
unload_launch_daemon(name_of_daemon)
Unloads the name of daemon
"""
sleep(secs=3)
shell_tools.run("launchctl unload -w %s/%s" %
(sys_tools.get_sys_path('launchdaemons'), name_of_daemon))
def set_machine_name(hostname):
"""
set_hostname(hostname)
Sets the machine's hostname
"""
shell_tools.run("scutil --set ComputerName %s" % hostname)
shell_tools.run("scutil --set LocalHostName %s" % hostname)
def launchctl_load(name_of_daemon):
"""
load_launch_daemon(name_of_daemon)
Loads the launch daemon
"""
shell_tools.run(
"launchctl load -w %s/%s" %
(sys_tools.get_sys_path('launchdaemons'), name_of_daemon)
)
def create_mobile_account(ad_account):
"""
create_mobile_account()
Create a mobile managed AD account for the ad_account
"""
managed_app = "/System/Library/CoreServices/ManagedClient.app/"
unix_cma = "Contents/Resources/createmobileaccount"
shell_tools.run("%s%s -n %s" % (managed_app, unix_cma, ad_account))
make_admin(ad_account)
def launchctl_unload(name_of_daemon):
"""
unload_launch_daemon(name_of_daemon)
Unloads the name of daemon
"""
sleep(secs=3)
shell_tools.run(
"launchctl unload -w %s/%s" %
(sys_tools.get_sys_path('launchdaemons'), name_of_daemon)
)
def trigger_policy(policy):
"""
trigger_policy(policy)
Trigger a casper policy by passing the policy name
"""
return shell_tools.run("jamf policy -trigger %s" % (policy))["success"]
def is_active():
"""
is_active()
Returns whether or not the JunosPulse interface is enabled
"""
return shell_tools.run('route get facebook.com | grep utn')['success']
def get_os_version():
"""
get_os_version()
Returns the operating system version
"""
return shell_tools.run("sw_vers -productVersion")["stdout"]
def configure_time():
"""
configure_time()
Sync and enable to point to time_server variable
"""
# Turn the time setting off to force use ntpdate to sync
time_server = "time.apple.com"
time_commands = [
"systemsetup -setusingnetworktime off",
"ntpdate %s" % time_server,
"systemsetup -setusingnetworktime on",
"systemsetup -setnetworktimeserver %s" % time_server,
]
for command in time_commands:
shell_tools.run(command)
def status():
"""
status()
Returns whether or not filevault is active
"""
return shell_tools.run("fdesetup isactive")["success"]
def get_computer_name():
"""
get_hostname()
Returns the machine's hostname
"""
return shell_tools.run("scutil --get ComputerName")["stdout"]
def make_admin(username):
"""
make_admin()
Add user to the admin group
"""
dscl_base = "dscl . -append /Local/Default/Groups"
admin_commands = [
"/admin GroupMembership",
"/staff GroupMembership",
"/_lpadmin GroupMembership",
]
for command in admin_commands:
shell_tools.run("%s%s %s" % (dscl_base, command, username))
def trigger_policy(policy):
"""
trigger_policy(policy)
Trigger a casper policy by passing the policy name
"""
return shell_tools.run("jamf policy -trigger %s" % (policy))["success"]
def is_active():
"""
is_active()
Returns whether or not the JunosPulse interface is enabled
"""
return shell_tools.run('route get facebook.com | grep utn')['success']
def uninstall_junos(save_config=False):
"""
uninstall_junos(save_config=False)
Uninstall JunosPulse, optionally save the configuration files
"""
uninstall_path = "/Library/Application Support/Juniper Networks/Junos Pulse"
"Uninstall.app/Contents/Resources/uninstall.sh"
# Do not continue if uninstall script doesnt exists
assert not os.path.exists(uninstall_path), "Error: Junos does not exist"
uninstall_base_command = "sh %s" % uninstall_path
if not save_config:
uninstall_base_command = uninstall_base_command + " 0"
shell_tools.run(uninstall_base_command)
def get_total_memory():
"""
get_total_memory()
Returns the total memory in GBs
"""
total_memory = shell_tools.run('sysctl -a | grep hw.memsize')['stdout']
return (int(total_memory.split('=')[-1]) / (1024 * 3))
def uninstall_junos(save_config=False):
"""
uninstall_junos(save_config=False)
Uninstall JunosPulse, optionally save the configuration files
"""
uninstall_path = "/Library/Application Support/Juniper Networks/Junos Pulse"
"Uninstall.app/Contents/Resources/uninstall.sh"
# Do not continue if uninstall script doesnt exists
assert not os.path.exists(uninstall_path), "Error: Junos does not exist"
uninstall_base_command = "sh %s" % uninstall_path
if not save_config:
uninstall_base_command = uninstall_base_command + " 0"
shell_tools.run(uninstall_base_command)
def create_local_account(user, full_name, password, admin=False, hidden=False):
"""
create_local_account(user, full_name, password, admin=False)
Creates a local account on the computer. If admin is True, This
account will be able to administer the computer
hiddden=True will only work if the "hide500users" is set to true in the
loginwindow plist
"""
dscl_command = "dscl ."
home_dir = "/Users/%s" % user
uids = shell_tools.run(
"%s -list /Users UniqueID | awk \\'{print $2}\\'" % (dscl_command),
sanitize=False
)["stdout"].split()
next_id = map(int, uids)
next_id.sort()
next_id = next_id[-1]
# UIDs less than 500 are hidden, set it equal to 500 to be incremented
if next_id < 500:
if not hidden:
next_id = 500
# Increment by 1 for the next free UID
user_id = next_id + 1
# Create it manually as not to rely on casper
create_user_commands = [
"create %s" % home_dir,
"create %s UserShell /bin/bash" % home_dir,
"create %s RealName \\'%s\\'" % (home_dir, full_name),
"create %s UniqueID %s" % (home_dir, user_id),
"create %s PrimaryGroupID 1000" % home_dir,
"create %s NFSHomeDirectory%s" % (home_dir, home_dir),
"passwd %s \\'%s\\'" % (home_dir, password),
]
if admin:
create_user_commands.append(
"append /Groups/admin GroupMembership %s" % user
)
for command in create_user_commands:
shell_tools.run("%s %s" % (dscl_command, command))
def import_junos_configuration(config_file):
"""
import_junos_configuration(config)
Imports the junos config_file
"""
jam_path = "/Applications/Junos Pulse.app/Contents/Plugins/JamUI/jamCommand"
# Import the selected junos configuration file
import_config = shell_tools.run('%s -importFile %s' %
(jam_path, config_file))
if not import_config["success"]:
raise Exception("Unable to import config %s" % import_config["stderr"])
# Kill the PulseTray to show the new configuration
shell_tools.run("killall PulseTray")
def import_junos_configuration(config_file):
"""
import_junos_configuration(config)
Imports the junos config_file
"""
jam_path = "/Applications/Junos Pulse.app/Contents/Plugins/JamUI/jamCommand"
# Import the selected junos configuration file
import_config = shell_tools.run(
'%s -importFile %s' % (jam_path, config_file))
if not import_config["success"]:
raise Exception("Unable to import config %s" % import_config["stderr"])
# Kill the PulseTray to show the new configuration
shell_tools.run("killall PulseTray")
def get_used_memory():
"""
get_used_memory()
Returns the machine's used memory in MB
"""
get_top_memory = shell_tools.run(
'top -l 1 | grep PhysMem')['stdout'].split()
return get_top_memory[1]
def get_hd_name():
"""
get_hd_name()
Returns the root hard drive name
"""
hd_name = shell_tools.run(
"diskutil info / | grep Volume | grep Name")["stdout"].split()[2:]
return " ".join(hd_name)
def is_bound_to_ad():
"""
is_bound_to_ad()
Return the machine's AD bind status
"""
# Flush cache first
flush_ad_cache()
# NOTE: Replace an_ad_user with an AD account that will never be deleted
return shell_tools.run("id an_ad_user")['success']
def get_uptime():
"""
get_uptime()
Get system uptime in minutes.
"""
boot_time = int(shell_tools.run(
"sysctl -n kern.boottime")["stdout"].split()[3].strip(',')
)
return (shell_tools.get_unix_time() - boot_time) / 60
def get_hd_name():
"""
get_hd_name()
Returns the root hard drive name
"""
hd_name = shell_tools.run(
"diskutil info / | grep Volume | grep Name"
)["stdout"].split()[2:]
return " ".join(hd_name)
def install_pkg(pkg, base_dir='/'):
"""
install_pkg(pkg, base_dir='/')
Use the installer utility to install packages in root(/) by default
"""
install_cmd = '/usr/sbin/installer -pkg %s -target %s' % (pkg, base_dir)
install_results = shell_tools.run(install_cmd)
if not install_results['success']:
raise Exception(install_results['stderr'], install_results['stdout'])
def bind_to_ad(loaner=False, hostname=None):
"""
bind_to_ad()
Bind the machine to Active Directory
Unbinds if bound, then binds machine to Active Directory
"""
def __bind():
return shell_tools.run("""
dsconfigad -f -a %s -u "%s" -p %s -domain %s -ou %s,%s
""" % (bind_name[:13], config.LDAP_USER, config.LDAP_PASSWORD,
config.BIND_DOMAIN, config.BIND_OU, config.BIND_DC))
# If we're bound to AD...unbind from AD before rebinding
shell_tools.run(
"dsconfigad -f -r -force -u '%s' -p '%s'"
% (config.LDAP_USER, config.LDAP_PASSWORD)
)
# Set the time before binding because process relies on synced time
# between the client and the AD server
sys_tools.configure_time()
bind_name = sys_tools.get_computer_name()
if hostname:
bind_name = hostname
bind = __bind()
if bind['status'] == 70:
sys_tools.log("account_tools-bind_to_ad", "Restarting opendirectoryd")
shell_tools.run("killall opendirectoryd")
sys_tools.sleep(secs=3)
bind = __bind()
if not bind['success']:
sys_tools.log("account_tools-bind_to_ad", "Unable to bind to AD")
raise Exception("Unable to bind to Active Directory")
# Set additional AD settings
bind_settings = [
"dsconfigad -mobile enable",
"dsconfigad -mobileconfirm disable",
]
for setting in bind_settings:
shell_tools.run("%s" % setting)
def __bind():
return shell_tools.run("""
dsconfigad -f -a %s -u "%s" -p %s -domain %s -ou %s,%s
""" % (bind_name[:13], config.LDAP_USER, config.LDAP_PASSWORD,
config.BIND_DOMAIN, config.BIND_OU, config.BIND_DC))
