Category : Shell Script

How to Uninstall NoMAD

Here is a simple script to uninstall NoMAD:

# /bin/bash
# Rui Qiu
# Remove NoMad and use direct AD Bind

loggedInUser=`/bin/ls -l /dev/console | /usr/bin/awk ‘{ print $3 }’`

pkill “NoMAD”
sudo rm -rf /Applications/NoMAD.app
sudo rm -rf “/Library/Managed Preferences/com.trusourcelabs.NoMAD.plist”
sudo rm -rf “/Library/Managed Preferences/$loggedInUser/com.trusourcelabs.NoMAD.plist”
sudo rm -rf “/Users/$loggedInUser/Library/LaunchAgents/com.trusourcelabs.NoMAD.plist”

 

And you can use this to search files:

mdfind -name “NoMAD”


Extract a JSON value from a BASH script

find the simple bash script for extracting JSON value from this GitHub:

https://gist.github.com/cjus/1047794

function jsonValue() {
KEY=$1
num=$2
awk -F”[,:}]” ‘{for(i=1;i<=NF;i++){if($i~/’$KEY’\042/){print $(i+1)}}}’ | tr -d ‘”‘ | sed -n ${num}p
}


Casper MalwareBytes Package

Here are my two scripts for install and scan with MalwareBytes on Casper.

First one is to download, install and register MBBR:

#/bin/sh

# MBBR Scanner
# Ray Qiu
# Feb 2, 2017
# Download Installer
cd /tmp
curl -LOk http://xxx.com/tools/mbbr-mac.zip
sudo unzip -o mbbr-mac.zip

# Install
sudo installer -pkg “/tmp/mbbr-mac.pkg” -target /
# Registeration
MBBR_LICENSE=’xxx’
MPATH=’/usr/local/bin’
cd $MPATH
./mbbr register -key:$MBBR_LICENSE

 

Second one is to update Malwarebytes Database, rename existing log to old.log, and then scan the mac.

Once it is done with the scanning, casper will check if the log file has any viruses entry inside, and then email to specific mailbox for result.

 

#!/bin/bash

# Ray Qiu
# Feb 8, 2017

HOST=$(hostname)
count=0

# Rename old log file
MBBRPATH=’/usr/local/bin’
cd $MBBRPATH
MACHINEID=$(./mbbr register | sed -nE ‘s/Machine ID:[[:space:]]*([0-9A-Z]*)/\1/p’)
INFILE=”${MBBRPATH}/mbbr-logs/${MACHINEID}log.txt”
[ -f $INFILE ] && mv $INFILE $MBBRPATH/mbbr-logs/Old.log

# Start Scanning
./mbbr update
SCANRESULTS=$(./mbbr scan -remove -noreboot -stdout:detail)

# Check Result
egrep -iq ‘[-0-9 :]*(OSX|Trojan)\.|[-0-9 :]*Adware\.|[-0-9 :]*PUP\.’ $INFILE
if [ $? -eq 0 ] ; then
count=$((count+1))
fi

echo $count

if [ $count -eq 0 ] ; then
RESULT=”Casper MBBR Scanner: No Virus Found on $HOST”
else
RESULT=”Casper MBBR Scanner: Virus Found on $HOST”
fi

echo $RESULT

mail -s “$RESULT” [email protected] [email protected] < $INFILE

 


ESET Mac SCCM Custom Installer Package

We have ESET 5 for Mac in our environment, we can use ESET Remote Install on all the macs, but since we have SCCM and planning to use it manage macs, I decided to create a custom ESET install package for our environment, so SCCM can just push it.

Here is the script, I use it as post flight file.

#!/bin/sh

# Rui Qiu’s ESET Script

# Find the absolute script current path
path=$( cd “$( dirname “${BASH_SOURCE[0]}” )” && pwd )

# Copy config file and installer to the tmp folder
cp $path/esets_setup.sh /tmp
cp $path/esets_remote_install.pkg /tmp

# Run Installer

/usr/sbin/installer -dumplog -verbose -pkg /tmp/esets_remote_install.pkg -target /
exit 0

You can find my ESET Mac repository here:

https://github.com/ruiqiu/eset_mac_sccm


Mac Deployment One Click Script

We don’t have Casper in our environment, so everything is still quite manual when deploying a mac. One day I was so tired of endless click to join a mac to AD. then I start working on mac deployment.

The main script for macs to join AD is from Vaughn Miller, https://github.com/vmiller/vmiller_scripts/tree/master/Interactive_AD_Bind

For my script, you can download from here:

https://github.com/ruiqiu/mac_deployment

What does this one click script do:

  1. Run as root (if not, will prompt you to do so) (Q);
  2. Ask you for computer name, username, and password to join AD (john.sh);
  3. Enable mobile account (john.sh);
  4. Add domain groups to local admin group (john1.sh);
  5. Install Mac SCCM client (Q);
  6. Install ESET Anti-virus software  (Q);
  7. Ask for reboot (Q)

Some Q & A

  • What is the file Q?
    Q is an Unix Executable File, there’s no file extension for it, but when you double click, it will run.
  • How to create Unix Executable File on Mac?
    Open your terminal and type, chmod +x file_name
  • What does path=$( cd “$( dirname “${BASH_SOURCE[0]}” )” && pwd ) mean?
    Find the absolute path of the current script is running location. You may think path = pwd should work, but it didn’t.
    I also tried using path = ‘dirname $0’, not working neither
  • When running a shell script inside an unix executable file, can I just use sudo sh path/join.sh?
    I tried and it failed. because if there are some spaces in the path, it will said file does not exist. using ${path} can include the spaces inside the path.
  • What if there are some spaces in my network admin group? For example, “AD\* Admin HD”?
    In this case, we need to use AD\\*\ Admin\ HD ( add “\” before the space, and if there is an actual “\”, use double “\\”. and if you have more than one admin group needs to add, use “,” to combine.