diff --git a/Jamf Environment Test.app.zip b/Jamf Environment Test.app.zip new file mode 100644 index 0000000..1cd725e Binary files /dev/null and b/Jamf Environment Test.app.zip differ diff --git a/Jamf Environment Test.sh b/Jamf Environment Test.sh old mode 100644 new mode 100755 index 87b102c..8809c06 --- a/Jamf Environment Test.sh +++ b/Jamf Environment Test.sh @@ -1,7 +1,7 @@ #!/bin/bash #################################################################################################### # -# Copyright (c) 2021, Jamf, LLC. All rights reserved. +# Copyright (c) 2023, Jamf, LLC. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: @@ -30,7 +30,18 @@ # written by Daniel MacLaughlin and Oliver Lindsey, March 2020 # https://github.com/jamf/Jamf-Environment-Test -#Version 1.5 (Nov 2021) with thanks to @scheblein for his changes +# Version 1.5 (Nov 2021) with thanks to @scheblein for his changes +# Version 1.6 (Mar 2023) with thanks to @charliwest for his changes +# - includes pythom framework 3.9.6 and python module pacparser for pac file parsing +# - additional logging messages to help troubleshoot +# - approx run time: +# without a proxy and all open 2 mins, with +# with a false proxy server and everything blocked 20 mins +# +# Version 1.6.1 (Mar 2023) with thanks to @cipineda for his feedback +# - added head -1 to fdesetup task on line 1049 +# - changed Sub Table header from Red to green + ######################################################################################### # General Information @@ -187,30 +198,52 @@ APPLE_URL_ARRAY=( "vpp.itunes.apple.com,443,TCP" #Apple School Manager and Apple Business Manager - "school.apple.com,443,TCP,Apple School Manager and Apple Business Manager" + "business.apple.com,443,TCP,Apple Business Manager and Apple School Manager" + "business.apple.com,80,TCP" + "school.apple.com,443,TCP" "school.apple.com,80,TCP" - "ws.school.apple.com,443,TCP" + "appleid.cdn-apple.com,443,TCP" + "idmsa.apple.com,443,TCP" + "itunes.apple.com,80,TCP" + "itunes.apple.com,443,TCP" + "silverbullet.itunes.apple.com,80,TCP" + "silverbullet.itunes.apple.com,443,TCP" + "s.mzstatic.com,443,TCP" + "api.ent.apple.com,443,TCP" + "api.edu.apple.com,443,TCP" + "statici.icloud.com,443,TCP" + "api.vertexsmb.com,443,TCP" + "www.apple.com,443,TCP" + + # Apple Business Essentials device management + "axm-adm-enroll.apple.com,443,TCP,Apple Business Essentials device management" + "axm-adm-mdm.apple.com,443,TCP" + "axm-adm-scep.apple.com,443,TCP" + "axm-app.apple.com,443,TCP" + "api.apple-mapkit.com,443,TCP" + "icons.axm-usercontent-apple.com,443,TCP" + + # Classroom and Schoolwork + "s.mzstatic.com,443,TCP,Classroom and Schoolwork" + "play.itunes.apple.com,443,TCP" "ws-ee-maidsvc.icloud.com,443,TCP" - "ws-ee-maidsvc.icloud.com,80,TCP" - "business.apple.com,443,TCP" - "business.apple.com,80,TCP" - "ws.business.apple.com,443,TCP" - #"isu.apple.com,443,TCP" Last checked November 2021 unreachable - #"isu.apple.com,80,TCP" Last checked November 2021 unreachable + "ws.school.apple.com,443,TCP" + "pg-bootstrap.itunes.apple.com,443,TCP" + "cls-iosclient.itunes.apple.com,443,TCP" + "cls-ingest.itunes.apple.com,443,TCP" #Software updates "appldnld.apple.com,80,TCP,Software Updates Hosts" "configuration.apple.com,443,TCP" + "gdmf.apple.com,443,TCP" "gg.apple.com,80,TCP" "gg.apple.com,443,TCP" - "gnf-mdn.apple.com,443,TCP" - "gnf-mr.apple.com,443,TCP" "gs.apple.com,80,TCP" "gs.apple.com,443,TCP" "ig.apple.com,443,TCP" "mesu.apple.com,80,TCP" "mesu.apple.com,443,TCP" - "ns.itunes.apple.com,443,TCP" +# "ns.itunes.apple.com,443,TCP" Despite being listed on Apple's document netcat fails to connect to this url "oscdn.apple.com,80,TCP" "oscdn.apple.com,443,TCP" "osrecovery.apple.com,80,TCP" @@ -220,37 +253,41 @@ APPLE_URL_ARRAY=( "swdist.apple.com,443,TCP" "swdownload.apple.com,80,TCP" "swdownload.apple.com,443,TCP" - #"swpost.apple.com,80,TCP" Last checked November 2021 unreachable "swscan.apple.com,443,TCP" "updates-http.cdn-apple.com,80,TCP" "updates.cdn-apple.com,443,TCP" "xp.apple.com,443,TCP" #App Store - "itunes.apple.com,443,TCP,Apple App Store Hosts" - "itunes.apple.com,80,TCP" + "itunes.apple.com,80,TCP,Apple App Store Hosts" + "itunes.apple.com,443,TCP" + "silverbullet.itunes.apple.com,80,TCP" + "silverbullet.itunes.apple.com,443,TCP" "apps.apple.com,443,TCP" "api.apps.apple.com,443,TCP" "s.mzstatic.com,443,TCP" "apps.mzstatic.com,443,TCP" "ppq.apple.com,443,TCP" - "ns.itunes.apple.com,443,TCP" - "init.itunes.apple.com,443,TCP" - "affiliate.itunes.apple.com,443,TCP" - "analytics.itunes.apple.com,443,TCP" #Carrier updates - "appldnld.apple.com.edgesuite.net,80,TCP,Carrier updates" + "appldnld.apple.com,80,TCP,Carrier updates" + "appldnld.apple.com.edgesuite.net,80,TCP" + "itunes.com,80,TCP" + "itunes.apple.com,443,TCP" + "updates-http.cdn-apple.com,80,TCP" + "updates.cdn-apple.com,443,TCP" #Content Caching "lcdn-registration.apple.com,443,TCP,Content Caching" - "suconfig.apple.com,443,TCP" + "suconfig.apple.com,80,TCP" "xp-cdn.apple.com,443,TCP" "lcdn-locator.apple.com,443,TCP" "serverstatus.apple.com,443,TCP" - #Apple Developer - "register.appattest.apple.com,443,TCP,Apple Developer" + #App features + "api.apple-cloudkit.com,443,TCP,App features" + "data-development.appattest.apple.com,443,TCP" + "register.appattest.apple.com,443,TCP" "data.appattest.apple.com,443,TCP" "register-development.appattest.apple.com,443,TCP" "data-development.appattest.apple.com,443,TCP" @@ -292,6 +329,32 @@ APPLE_URL_ARRAY=( "setup.apple-cloudkit.com,443,TCP" "cdn.apple-livephotoskit.com,443,TCP" "idmsaapz-mdn.apzones.com,443,TCP" + "appleid.cdn-apple.com,443,TCP" + "service.gc.apple.com,443,TCP" + "developer.icloud.com,443,TCP" + "developer.icloud.com.cn,443,TCP" + "api.icloud.apple.com,443,TCP" + "cdn.icloud-content.com,443,TCP" + "publish.iwork.apple.com,443,TCP" + "mask.icloud.com,443,UDP" + "mask-h2.icloud.com,443,UDP" + "mask-api.icloud.com,443,UDP" + + #Siri and Search + "guzzoni.apple.com,443,TCP,Siri and Search" + "api.smoot.apple.com,443,TCP" + + #Associated Domains + "app-site-association.cdn-apple.com,443,TCP,Associated Domains" + "app-site-association.cdn-apple.com,443,UDP" + "app-site-association.networking.apple,443,TCP" + "app-site-association.networking.apple,443,UDP" + + #Tap to Pay on iPhone + "pos-device.apple.com,443,TCP,Tap to Pay on iPhone" + "pos-device.apple.com,443,UDP" + "humb.apple.com,443,TCP" +# "phonesubmissions.apple.com,443,TCP" Removed due to not supported on macOS #Additional Content "audiocontentdownload.apple.com,80,TCP,Additional Content" @@ -307,7 +370,7 @@ APPLE_URL_ARRAY=( #Jamf Hosts "jamf.com,443,TCP,Jamf Services" - "www.jamfcloud.com,443,TCP" + "test.jamfcloud.com,443,TCP" "use1-jcdsdownloads.services.jamfcloud.com,443,TCP" "use1-jcds.services.jamfcloud.com,443,TCP" "euc1-jcdsdownloads.services.jamfcloud.com,443,TCP" @@ -334,7 +397,6 @@ APPLE_URL_ARRAY=( "a3bwx220ks5p1x-ats.iot.ap-northeast-1.amazonaws.com,8883,TCP" "prod-apne1-jamf-jpt-configs.s3.amazonaws.com,443,TCP" "a3bwx220ks5p1x-ats.iot.ap-southeast-2.amazonaws.com,443,TCP" - "a3bwx220ks5p1x-ats.iot.ap-southeast-2.amazonaws.com,8883,TCP" "prod-apse2-jamf-jpt-configs.s3.amazonaws.com,443,TCP" ) @@ -343,7 +405,7 @@ NL=$'\n' #Prompt user if they wish to import a file to check additional hosts PROMPT=$(/usr/bin/osascript <> "${REPORT_PATH}" @@ -429,7 +501,7 @@ function GenerateReportHTML () { body { background-color:#444444;font-family:Helvetica,Arial,sans-serif;margin:20px; } h1 { margin-top:1em;margin-bottom:0.2em;color:#9eb8d5 } h2 { margin-top:1em;margin-bottom:0.2em;color:#37bb9a } - h3 { margin-top:0.8em;margin-bottom:0.2em;color:#e8573f } + h3 { margin-top:0.8em;margin-bottom:0.2em;color:#37bb9a } p { margin-top:0.2em;margin-bottom:0.2em;padding: 0 0 0 1px;color:white } .tg { border-collapse:collapse;border-spacing:0;border-color:#9ABAD9;width: 900px; } .tg td { font-family:monospace;font-size:14px;padding:10px 20px;border-style:solid;border-width:0px;overflow:hidden;word-break:normal;border-top-width:1px;border-bottom-width:1px;border-color:#9ABAD9;color:#444;background-color:#EBF5FF; } @@ -459,11 +531,11 @@ function GenerateReportHTML () {

macOS Version: $(/usr/bin/sw_vers -productVersion), $(/usr/bin/awk '/SOFTWARE LICENSE AGREEMENT FOR macOS/' '/System/Library/CoreServices/Setup Assistant.app/Contents/Resources/en.lproj/OSXSoftwareLicense.rtf' | /usr/bin/awk -F 'macOS ' '{print $NF}' | /usr/bin/tr -d '\\') build $(/usr/bin/sw_vers -buildVersion)

Client Network Details

-

Public IP: $(/usr/bin/AssetCacheLocatorUtil 2>&1 | /usr/bin/grep "public IP address is" | awk 'NR==1{print $NF}' | /usr/bin/sed 's/\.$//')

Local IP: $(echo "$sysProfilerNetworkData" | /usr/bin/grep "IPv4 Addresses:" | /usr/bin/awk 'NR==1{print $NF}')

Primary Network Interface: $( echo "$sysProfilerNetworkData" | /usr/bin/grep -B 5 "IPv4 Addresses:" | /usr/bin/grep "Type: " | /usr/bin/awk 'NR==1{print $NF}')

WIFI Interface: $(networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2)

EOF + echo "[step] Computer data for report completed" } function createShareReport () { @@ -487,7 +559,7 @@ EOF #################################################################################################### function CreateProxyTable () { - + echo "[step] Creating proxy table for report" /bin/cat << EOF >> "${REPORT_PATH}"

Proxy Settings

@@ -498,8 +570,8 @@ function CreateProxyTable () { Auto Proxy Config Web Proxy Secure Web Proxy - FTP Proxy Socks Proxy + FTP Proxy Streaming Proxy Gopher Proxy Proxy Bypass Domains @@ -509,11 +581,18 @@ function CreateProxyTable () { ${PROXY_INFO_TABLE_ROWS} EOF + echo "[step] Creating proxy table for report completed" } #### Local macOS Additional Network information ### function CalculateProxyInfoTableRows () { - + echo "[step] Calculating proxy data for report" + + # detemine major OS version as some proxies not support + CURRENT_OS_VERSION=$(/usr/bin/sw_vers -productVersion) + IFS='.' read -r -a VERSION <<< "${CURRENT_OS_VERSION}" + MAJOR_OS_VERSION=${VERSION[0]} + echo "[step] Getting proxy config info..." PROXY_INFO_TABLE_ROWS='' @@ -528,10 +607,16 @@ function CalculateProxyInfoTableRows () { AUTO_PROXY_URL=$(/usr/sbin/networksetup -getautoproxyurl "${INTERFACE_NAME_NO_UNDERSCORE}") WEB_PROXY=$(/usr/sbin/networksetup -getwebproxy "${INTERFACE_NAME_NO_UNDERSCORE}") SECURE_WEB_PROXY=$(/usr/sbin/networksetup -getsecurewebproxy "${INTERFACE_NAME_NO_UNDERSCORE}") - FTP_PROXY=$(/usr/sbin/networksetup -getftpproxy "${INTERFACE_NAME_NO_UNDERSCORE}") SOCKS_PROXY=$(/usr/sbin/networksetup -getsocksfirewallproxy "${INTERFACE_NAME_NO_UNDERSCORE}") - STREAMING_PROXY=$(/usr/sbin/networksetup -getstreamingproxy "${INTERFACE_NAME_NO_UNDERSCORE}") - GOPHER_PROXY=$(/usr/sbin/networksetup -getgopherproxy "${INTERFACE_NAME_NO_UNDERSCORE}") + if [[ ${MAJOR_OS_VERSION} -ge 13 ]]; then + FTP_PROXY="Enabled: No" + STREAMING_PROXY="Enabled: No" + GOPHER_PROXY="Enabled: No" + else + FTP_PROXY=$(/usr/sbin/networksetup getftpproxy "${INTERFACE_NAME_NO_UNDERSCORE}") + STREAMING_PROXY=$(/usr/sbin/networksetup -getstreamingproxy "${INTERFACE_NAME_NO_UNDERSCORE}") + GOPHER_PROXY=$(/usr/sbin/networksetup -getgopherproxy "${INTERFACE_NAME_NO_UNDERSCORE}") + fi PROXY_BYPASS_DOMAINS=$(/usr/sbin/networksetup -getproxybypassdomains "${INTERFACE_NAME_NO_UNDERSCORE}") PROXY_BYPASS_DOMAINS="${PROXY_BYPASS_DOMAINS//$'\n'/
}" # Domain lists can have newlines... convert to html
DNS_SERVERS=$(/usr/sbin/networksetup -getdnsservers "${INTERFACE_NAME_NO_UNDERSCORE}") @@ -612,8 +697,8 @@ function CalculateProxyInfoTableRows () { ${AUTO_PROXY_URL_STATUS} ${WEB_PROXY_STATUS} ${SECURE_WEB_PROXY_STATUS} - ${FTP_PROXY_STATUS} ${SOCKS_PROXY_STATUS} + ${FTP_PROXY_STATUS} ${STREAMING_PROXY_STATUS} ${GOPHER_PROXY_STATUS} ${PROXY_BYPASS_DOMAINS_STATUS} @@ -621,6 +706,7 @@ function CalculateProxyInfoTableRows () { ${SEARCH_DOMAINS_STATUS} " done + echo "[step] Proxy data for report calculated" } @@ -629,7 +715,7 @@ function CalculateProxyInfoTableRows () { #################################################################################################### function getProxyAddress () { - + echo "[step] Collecting local proxy settings" #Set PROXY HOST and PORT variables to be empty before checks PROXY_HOST="" PROXY_PORT="" @@ -647,16 +733,13 @@ function getProxyAddress () { #If Auto Proxy Discovery is Enabled then query and get prosy host and port if [[ ${PROXY_HOST} == "" ]] && [[ ${PROXY_PORT} == "" ]] && [[ ${AUTO_PROXY_DISCOVERY_STATUS} == "1" ]]; then + AUTO_PROXY_DISCOVERY_URL=$(/bin/cat ${PROXY_DATA_LOCATION} | /usr/bin/grep ProxyAutoConfigURLString | /usr/bin/awk '{print $3}') #test URL default is http://wpad/wpad.dat if not resolving then setting to empty - AUTO_PROXY_DISCOVERY_URL_STATUS=$(/usr/bin/curl -Is ${AUTO_PROXY_DISCOVERY_URL} | /usr/bin/head -n 1) - if [[ ${AUTO_PROXY_DISCOVERY_URL_STATUS} == "HTTP/1.1 200 OK" ]]; then - #Pac url is contactable, lets parse it for proxy host and port - AUTO_PROXY_DISCOVERY_URL_CONTENT=$(/usr/bin/curl ${AUTO_PROXY_DISCOVERY_URL}) - #Get Proxy Host - PROXY_HOST=$(echo ${AUTO_PROXY_DISCOVERY_URL}_CONTENT | /usr/bin/grep PROXY | /usr/bin/tail -n 1 | /usr/bin/awk '{print $3}' | /usr/bin/tr -d "';" | /usr/bin/cut -d: -f1) - #Get Proxy Port - PROXY_PORT=$(echo ${AUTO_PROXY_DISCOVERY_URL}_CONTENT | /usr/bin/grep PROXY | /usr/bin/tail -n 1 | /usr/bin/awk '{print $3}' | /usr/bin/tr -d "';" | /usr/bin/cut -d: -f2) + AUTO_PROXY_DISCOVERY_URL_STATUS=$(/usr/bin/curl -Is ${AUTO_PROXY_DISCOVERY_URL} | /usr/bin/head -n 1)H + if [[ "${AUTO_PROXY_DISCOVERY_URL_STATUS}" =~ "200" ]]; then + #Pac url is contactable, lets download it to parse for proxy host and port + /usr/bin/curl --silent "${AUTO_PROXY_DISCOVERY_URL}" --output "${LOCAL_PROXY_PAC_FILE}" else PROXY_HOST="" PROXY_PORT="" @@ -666,16 +749,13 @@ function getProxyAddress () { #If Auto Proxy Configuration is Enabled then query and get prosy host and port if [[ ${PROXY_HOST} == "" ]] && [[ ${PROXY_PORT} == "" ]] && [[ ${AUTO_PROXY_CONFIGURATION_STATUS} == "1" ]]; then - AUTO_PROXY_DISCOVERY_URL=$(/bin/cat ${PROXY_DATA_LOCATION} | /usr/bin/grep ProxyAutoConfigURLString | /usr/bin/awk '{print $3}') #test URL default is http://wpad/wpad.dat if not resolving then setting to empty AUTO_PROXY_DISCOVERY_URL_STATUS=$(/usr/bin/curl -Is ${AUTO_PROXY_DISCOVERY_URL} | /usr/bin/head -n 1) - if [[ ${AUTO_PROXY_DISCOVERY_URL_STATUS} =~ "HTTP" ]]; then - #Pac url is contactable, lets parse it for proxy host and port - #Get Proxy Host - PROXY_HOST=$(/usr/bin/curl ${AUTO_PROXY_DISCOVERY_URL} | /usr/bin/grep 'PROXY' | /usr/bin/tail -n 1 | /usr/bin/awk '{print $3}' | /usr/bin/tr -d "';" | /usr/bin/cut -d: -f1) - #Get Proxy Port - PROXY_PORT=$(/usr/bin/curl ${AUTO_PROXY_DISCOVERY_URL} | /usr/bin/grep 'PROXY' | /usr/bin/tail -n 1 | /usr/bin/awk '{print $3}' | /usr/bin/tr -d "';" | /usr/bin/cut -d: -f2) + if [[ ${AUTO_PROXY_DISCOVERY_URL_STATUS} =~ "200" ]]; then + #Pac url is contactable, lets download it for parsing + /usr/bin/curl --silent "${AUTO_PROXY_DISCOVERY_URL}" --output "${LOCAL_PROXY_PAC_FILE}" + else PROXY_HOST="" PROXY_PORT="" @@ -696,7 +776,26 @@ function getProxyAddress () { PROXY_HOST=$(/bin/cat ${PROXY_DATA_LOCATION} | /usr/bin/grep HTTPProxy | /usr/bin/awk '{print $3}') PROXY_PORT=$(/bin/cat ${PROXY_DATA_LOCATION} | /usr/bin/grep HTTPPort | /usr/bin/awk '{print $3}') fi +} + +#################################################################################################### +# Proxy Parse Function +#################################################################################################### +GetProxyHostFromPac() { + HOSTNAME=${1} + PORT=${2} + # Setting prefix for pacarser + if [[ ${PORT} == 80 ]]; then + PREFIX="http://" + elif [[ ${PORT} == 443 ]]; then + PREFIX="https://" + else + PREFIX="https://" + fi + URL="${PREFIX}${HOSTNAME}" + PARSE_PAC_OUTPUT=$(${PYTHON} -c "import sys; import pacparser; pacparser.init(); pacparser.parse_pac_file(sys.argv[1]); proxy = pacparser.find_proxy(sys.argv[2]); print(proxy)" "${LOCAL_PROXY_PAC_FILE}" "${URL}") + echo "${PARSE_PAC_OUTPUT}" } #################################################################################################### @@ -704,7 +803,7 @@ function getProxyAddress () { #################################################################################################### ### Get HOSTNAME Connection Status ### function CalculateHostInfoTables () { - echo "[step] Checking Apple Hosts..." + echo "[step] Checking URLS" lastCategory="zzzNone" # Some fake category so we recognize that the first host is the start of a new category firstServer="yes" # Flag for the first host so we don't try to close the preceding table -- there won't be one. HOST_TEST_TABLES='' # This is the var we will insert into the HTML @@ -730,7 +829,7 @@ function CalculateHostInfoTables () { HOST_TEST_TABLES+=" HOSTNAMEReverse DNSIP AddressPortProtocolAccessibleSSL Error${NL}" fi # End of table start and end logic. - echo " > Checking connectivity to : ${HOSTNAME} ${PORT} ${PROTOCOL}" + echo " > Checking connectivity to: ${HOSTNAME} ${PORT} ${PROTOCOL}" # Now print the info for this host... #Perform Host nslookup to get reported IP @@ -742,17 +841,24 @@ function CalculateHostInfoTables () { # Using nc, if proxy defined then adding in proxy flag if [[ ${PROTOCOL} == "TCP" ]]; then + if [[ -f "${LOCAL_PROXY_PAC_FILE}" ]]; then + PROXY_PARSE_DATA=$(GetProxyHostFromPac ${HOSTNAME} ${PORT}) + PROXY_HOST=$(echo ${PROXY_PARSE_DATA} | /usr/bin/awk '{print $2}' | /usr/bin/tr -d "';" | /usr/bin/cut -d: -f1) + PROXY_PORT=$(echo ${PROXY_PARSE_DATA} | /usr/bin/awk '{print $2}' | /usr/bin/tr -d "';" | /usr/bin/cut -d: -f2) + fi + #Check if Proxy set if [[ ${PROXY_HOST} == "" ]] && [[ ${PROXY_PORT} == "" ]];then #no proxy set - STATUS=$(/usr/bin/nc -z -G 3 ${HOSTNAME} ${PORT} 2>&1 | /usr/bin/awk '{print $7}') + STATUS=$(/usr/bin/nc -z -G 1 ${HOSTNAME} ${PORT} 2>&1 | /usr/bin/awk '{print $7}') else - STATUS=$(/usr/bin/nc -z -G 3 -x ${PROXY_HOST}:${PROXY_PORT} -X connect ${HOSTNAME} ${PORT} 2>&1 | /usr/bin/awk '{print $7}') + echo " > ${PROXY_HOST}:${PROXY_PORT} to be used for ${HOSTNAME}:${PORT}" + STATUS=$(/usr/bin/nc -z -G 1 -x ${PROXY_HOST}:${PROXY_PORT} -X connect ${HOSTNAME} ${PORT} 2>&1 | /usr/bin/awk '{print $7}') fi elif [[ ${PROTOCOL} == "TCP - non-proxied" ]]; then #for non proxy aware urls we will be using netcat aka nc - STATUS=$(/usr/bin/nc -z -G 3 ${HOSTNAME} ${PORT} 2>&1 | /usr/bin/awk '{print $7}') + STATUS=$(/usr/bin/nc -z -G 1 ${HOSTNAME} ${PORT} 2>&1 | /usr/bin/awk '{print $7}') else # UDP goes direct... not proxied. STATUS=$(/usr/bin/nc -u -z ${HOSTNAME} ${PORT} 2>&1 | /usr/bin/awk '{print $7}') @@ -816,6 +922,7 @@ function CalculateHostInfoTables () { #Create NetworkCheck table function createNetworkCheckTable () { + echo "[step] Adding Network Check Table" /bin/cat << EOF >> "${REPORT_PATH}"

Server Connectivity Tests

@@ -866,7 +973,7 @@ function createAdditionalChecksHTML () { Gatekeeper Status ${GATEKEEPER_STATUS} If GateKeeper is disabled it opens your machine to malicious content - About GateKeeper on your Mac + About GateKeeper on your Mac FileVault Status @@ -904,15 +1011,16 @@ EOF function calculateAdditionalChecks () { #this function is used to populate information into the Addtional Checks Report - + echo "[step] Running additional checks" #apsctl Status + echo "[step] Checking APNS Status" APSCTL_STATUS_CHECK=$(/System/Library/PrivateFrameworks/ApplePushService.framework/apsctl status | /usr/bin/grep "connected to server hostname:") if [[ ${APSCTL_STATUS_CHECK} =~ "courier.push.apple.com" ]]; then APSCTL_STATUS='Connected' else APSCTL_STATUS='Unavailable' fi - + echo "[step] Checking Root user is present" #Root User Status ROOT_USER_CHECK=$(/usr/bin/dscl . -read /Users/root AuthenticationAuthority 2>&1 | /usr/bin/grep -c "No such key") if [[ ${ROOT_USER_CHECK} == "1" ]]; then @@ -921,6 +1029,7 @@ function calculateAdditionalChecks () { ROOT_USER_STATUS='Enabled' fi #SIP Status + echo "[step] Checking SIP status" SIP_STATUS_CHECK=$(/usr/bin/csrutil status | /usr/bin/awk '{print $5}' | /usr/bin/tr -d '.') if [[ ${SIP_STATUS_CHECK} == "enabled" ]]; then SIP_STATUS='Enabled' @@ -928,6 +1037,7 @@ function calculateAdditionalChecks () { SIP_STATUS='Disabled' fi #Gatekeeper + echo "[step] Checking Gatekeeper status" GATEKEEPER_STATUS_CHECK=$(/usr/sbin/spctl --status | /usr/bin/awk '/assessments/ {print $2}') if [[ ${GATEKEEPER_STATUS_CHECK} == "enabled" ]]; then GATEKEEPER_STATUS='Enabled' @@ -936,7 +1046,8 @@ function calculateAdditionalChecks () { fi #FileVault Status - FILEVAULT_STATUS_CHECK=$(/usr/bin/fdesetup status | /usr/bin/awk '{print $3}' | /usr/bin/tr -d .) + echo "[step] Checking Filevault status" + FILEVAULT_STATUS_CHECK=$(/usr/bin/fdesetup status | /usr/bin/awk '{print $3}' | /usr/bin/head -1 | /usr/bin/tr -d .) if [[ ${FILEVAULT_STATUS_CHECK} == "On" ]]; then FILEVAULT_STATUS='Enabled' else @@ -944,6 +1055,7 @@ function calculateAdditionalChecks () { fi #Active Directory Domain + echo "[step] Checking AD Binding status" AD_STATUS_CHECK=$(/usr/sbin/dsconfigad -show | /usr/bin/grep 'Active Directory Domain' | /usr/bin/awk '{print $5}') if [[ -z ${AD_STATUS_CHECK} ]];then AD_STATUS='Not Bound' @@ -952,6 +1064,7 @@ function calculateAdditionalChecks () { fi #Content Cache report + echo "[step] Checking Content Cache settings, this can take some time if there is a proxy present" CONTENT_CACHE_CHECK=$(/usr/bin/AssetCacheLocatorUtil 2>&1 | /usr/bin/grep "guid" | /usr/bin/awk '{print$4}' | /usr/bin/sed -e 's/^\(.*\):.*$/\1/' -e 's/^/,/' | /usr/bin/sort -u | /usr/bin/sed 's/,//') if [[ -z ${CONTENT_CACHE_CHECK} ]];then CONTENT_CACHE_STATUS='None' @@ -960,9 +1073,11 @@ function calculateAdditionalChecks () { fi #Launch Daemons + echo "[step] Checking for LaunchDaemons" LAUNCH_DAEMONS_STATUS=$(/bin/launchctl list | /usr/bin/grep -v com.apple. | /usr/bin/cut -f3 | /usr/bin/sed 's|$|
|g' | /usr/bin/awk NR\>1) #Third-Party System Extensions + echo "[step] Checking for 3rd party Kernel Extensions" KEXT_STATUS=$(/usr/sbin/kextstat | /usr/bin/grep -v com.apple | /usr/bin/awk '{print $6}' | /usr/bin/sed 's|$|
|g' | /usr/bin/awk NR\>1 ) @@ -994,7 +1109,6 @@ CalculateProxyInfoTableRows CreateProxyTable #get active interface proxy details for network query getProxyAddress -echo "[Info] Reported Proxy Host is ${PROXY_HOST}:${PROXY_PORT}" #calculate the network connectivity CalculateHostInfoTables @@ -1009,8 +1123,15 @@ createShareReport #clean up Proxy File /bin/rm ${PROXY_DATA_LOCATION} +if [[ -f "${LOCAL_PROXY_PAC_FILE}" ]]; then + /bin/rm ${LOCAL_PROXY_PAC_FILE} +fi + open -a "Safari" "${REPORT_PATH}" echo '[Done] Environment Checks Complete' echo "[acknowledgement] Host listings provided by Apple, Inc. (Public KB)" -echo "[acknowledgement] Icon plane by Juan Garces from the Noun Project, licensed under Create Commons (cc)" +echo "[acknowledgement] https://github.com/sveinbjornt/Platypus" +echo "[acknowledgement] https://github.com/gregneagle/relocatable-python" +echo "[acknowledgement] https://github.com/manugarg/pacparser" +echo "[acknowledgement] Icon plane by Juan Garces from the Noun Project, licensed under Create Commons (cc)" \ No newline at end of file diff --git a/README.md b/README.md index 2f4db6a..4641b8a 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ This application is designed to run on a macOS device only. It doesn't require any Administrator privledges, will query a collection of urls and display some relevant device information -the output report is a html file that will be automatically opened upon completion of the application run +The output report is a html file that will be automatically opened upon completion of the application run Raw version of the bash script is availble for validation