Merge pull request #138 from root3nl/development

Development

Extension Sample Scripts/mscp_compliance_status.sh

@@ -0,0 +1,112 @@
+#!/bin/bash
+
+# Support App Extension - macOS Security Compliance Project Failed Results Count
+#
+#
+# Copyright 2023 Root3 B.V. All rights reserved.
+# This script is based on a script copyrighted by Jamf Software, LLC (2022).
+# Original project: https://github.com/usnistgov/macos_security 
+#
+# Support App Extension to show the number of issues from a macOS Security
+# Compliance Project Baseline. Result is published to Extension A and triggers
+# a warning in the menu bar icon and extension when there are 1 or more issues.
+#
+# REQUIREMENTS:
+# - An active mSCP baseline
+# - SupportHelper
+#
+# EXAMPLE:
+# Here's an example how to configure the Support App preferences for Extension A
+# - ExtensionTitleA: Compliance
+# - ExtensionSymbolA: lock.fill
+# - ExtensionTypeA: DistributedNotification
+# - ExtensionLinkA: /usr/local/bin/compliance_status.sh
+# - OnAppearAction: /usr/local/bin/compliance_status.sh
+#
+# THE SOFTWARE IS PROVIDED BY ROOT3 B.V. "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
+# EVENT SHALL ROOT3 B.V. BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+# IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+# ---------------------    do not edit below this line    ----------------------
+
+audit=$(ls -l /Library/Preferences | /usr/bin/grep 'org.*.audit.plist' | /usr/bin/awk '{print $NF}')
+EXEMPT_RULES=()
+FAILED_RULES=()
+
+if [[ ! -z "$audit" ]]; then
+
+    count=$(echo "$audit" | /usr/bin/wc -l | /usr/bin/xargs)
+    if [[ "$count" == 1 ]]; then
+
+        # Get the Exemptions
+        exemptfile="/Library/Managed Preferences/${audit}"
+        if [[ ! -e "$exemptfile" ]];then
+            exemptfile="/Library/Preferences/${audit}"
+        fi
+
+        rules=($(/usr/libexec/PlistBuddy -c "print :" "${exemptfile}" | /usr/bin/awk '/Dict/ { print $1 }'))
+
+        for rule in ${rules[*]}; do
+            if [[ $rule == "Dict" ]]; then
+                continue
+            fi
+            EXEMPTIONS=$(/usr/libexec/PlistBuddy -c "print :$rule:exempt" "${exemptfile}" 2>/dev/null)
+            if [[ "$EXEMPTIONS" == "true" ]]; then
+                EXEMPT_RULES+=($rule)
+            fi
+        done
+
+        unset $rules
+
+        # Get the Findings
+        auditfile="/Library/Preferences/${audit}"
+        rules=($(/usr/libexec/PlistBuddy -c "print :" "${auditfile}" | /usr/bin/awk '/Dict/ { print $1 }'))
+
+        for rule in ${rules[*]}; do
+            if [[ $rule == "Dict" ]]; then
+                continue
+            fi
+            FINDING=$(/usr/libexec/PlistBuddy -c "print :$rule:finding" "${auditfile}")
+            if [[ "$FINDING" == "true" ]]; then
+                FAILED_RULES+=($rule)
+            fi
+        done
+        # count items only in Findings
+        count=0
+        for finding in ${FAILED_RULES[@]}; do
+            if [[ ! " ${EXEMPT_RULES[*]} " =~ " ${finding} " ]] ;then
+                ((count=count+1))
+            fi
+        done
+    else
+        count="-2"
+    fi
+else
+    count="-1"
+fi
+
+#### Support App integration ####
+
+# Start spinning indicator
+defaults write /Library/Preferences/nl.root3.support.plist ExtensionLoadingA -bool true
+
+# Show placeholder value while loading
+defaults write /Library/Preferences/nl.root3.support.plist ExtensionValueA -string "KeyPlaceholder"
+
+# Keep loading effect active for 0.5 seconds
+sleep 0.5
+
+# Set compliance status. If there are 1 or more issues, show the issue count and trigger warning in menu bar icon and info item
+if [[ ${count} -gt 0 ]]; then
+    defaults write "/Library/Preferences/nl.root3.support.plist" ExtensionValueA "Your \$LocalModelShortName has ${count} issues"
+    defaults write "/Library/Preferences/nl.root3.support.plist" ExtensionAlertA -bool true
+else
+    defaults write "/Library/Preferences/nl.root3.support.plist" ExtensionValueA "Your \$LocalModelShortName is secure"
+    defaults write "/Library/Preferences/nl.root3.support.plist" ExtensionAlertA -bool false
+fi
+
+# Stop loading effect
+defaults write "/Library/Preferences/nl.root3.support.plist" ExtensionLoadingA -bool false

Extension Sample Scripts/sap_privileges_change_permissions.zsh

@@ -46,4 +46,4 @@ else
 fi
 
 # Run Support App Extension to report new permission status
-"/usr/local/bin/sap_privileges_status.zsh"
+"/usr/local/bin/user_permissions.zsh"

Jamf Pro Custom Schema/Jamf Pro Custom Schema.json

@@ -120,6 +120,20 @@
         }
       ]
     },
+    "UpdateText": {
+      "title": "Update Text",
+      "description": "Optional text to shown in the macOS Managed Updates popover to tell users about the updates",
+      "type": "string",
+      "options": {
+        "infoText": "Key name: UpdateText"
+      },
+      "links": [
+        {
+          "rel": "Documentation",
+          "href": "https://github.com/root3nl/SupportApp"
+        }
+      ]
+    },
     "CustomColor": {
       "title": "Custom Color",
       "description": "HEX color in RGB format. Example: #8cc63f. Leave empty to use macOS Accent Color",
@@ -148,13 +162,58 @@
         }
       ]
     },
-    "HideFirstRow": {
-      "title": "Hide the first row",
+    "HideFirstRowInfoItems": {
+      "title": "Hide first row Info Items",
+      "description": "Hide the first row with Info Items",
+      "type": "boolean",
+      "options": {
+        "enum_titles": ["Hide", "Show"],
+        "infoText": "Key name: HideFirstRowInfoItems"
+      },
+      "links": [
+        {
+          "rel": "Documentation",
+          "href": "https://github.com/root3nl/SupportApp"
+        }
+      ]
+    },
+    "HideSecondRowInfoItems": {
+      "title": "Hide second row Info Items",
+      "description": "Hide the second row with Info Items",
+      "type": "boolean",
+      "options": {
+        "enum_titles": ["Hide", "Show"],
+        "infoText": "Key name: HideSecondRowInfoItems"
+      },
+      "links": [
+        {
+          "rel": "Documentation",
+          "href": "https://github.com/root3nl/SupportApp"
+        }
+      ]
+    },
+    "HideThirdRowInfoItems": {
+      "title": "Hide third row Info Items",
+      "description": "Hide the third row with Info Items",
+      "type": "boolean",
+      "options": {
+        "enum_titles": ["Hide", "Show"],
+        "infoText": "Key name: HideThirdRowInfoItems"
+      },
+      "links": [
+        {
+          "rel": "Documentation",
+          "href": "https://github.com/root3nl/SupportApp"
+        }
+      ]
+    },
+    "HideFirstRowButtons": {
+      "title": "Hide first row configurable buttons",
       "description": "Hide the first row with configurable items",
       "type": "boolean",
       "options": {
         "enum_titles": ["Hide", "Show"],
-        "infoText": "Key name: HideFirstRow"
+        "infoText": "Key name: HideFirstRowButtons"
       },
       "links": [
         {
@@ -163,13 +222,13 @@
         }
       ]
     },
-    "HideSecondRow": {
-      "title": "Hide the second row",
+    "HideSecondRowButtons": {
+      "title": "Hide second row configurable buttons",
       "description": "Hide the second row with configurable items",
       "type": "boolean",
       "options": {
         "enum_titles": ["Hide", "Show"],
-        "infoText": "Key name: HideSecondRow"
+        "infoText": "Key name: HideSecondRowButtons"
       },
       "links": [
         {
@@ -957,7 +1016,7 @@
       "description": "Path to script script or command to be executed when the Support App is opened by clicking on the menu bar item. The SupportHelper is required for this feature.",
       "type": "string",
       "options": {
-        "infoText": "Key name: OnAppearScript"
+        "infoText": "Key name: OnAppearAction"
       },
       "links": [
         {