-
Notifications
You must be signed in to change notification settings - Fork 1
/
jamf-self-heal
178 lines (164 loc) · 4.67 KB
/
jamf-self-heal
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
#!/bin/bash
#############
# Local daemon to fix jamf install if required...
# 1. Verify the network status.
# 2. Check the local Jamf status.
# 3. Ensure the JSS is contactable.
# 4. Loop for repairs if required.
#
# Date: Tue 23 Apr 2019 16:14:57 BST
# Version: 0.0.2
#############
#set -x
main() {
Network=$(get_network)
Jamf_Status=$(get_local_jamf_status)
echo "${Jamf_Status}"
if [ ${Network} == "Pass" ]; then
echo "Not a slow network, continuing."
# We might have network, but can't reach the cloud so no point continuing.
Jamf_Cloud=$(get_jamf_cloud)
if [ "${Jamf_Cloud}" == "Fail" ]; then
exit 0;
fi
# find out if jamf is borked
counter=0
while [ ${Jamf_Status} -ge 0 ] && [ ${counter} -lt 5 ]
do
((counter++))
case ${Jamf_Status} in
[2-3])
echo "2 or 3 framework"
reinstall_quickadd
sleep 5
Jamf_Status=$(get_local_jamf_status)
;;
1)
echo "1 mdm"
repair_mdm
sleep 5
Jamf_Status=$(get_local_jamf_status)
;;
0)
echo "all good"
break
;;
*)
echo "Invalid value returned: ${Jamf_Status}"
break
;;
esac
done
else
echo "Network check failed, cannot proceed."
exit 0;
fi
}
get_network() {
Active_Adapter=$( route get ed.ac.uk | grep interface | awk '{print $2}' )
Adapter_Name=$( networksetup -listallhardwareports | grep -B1 "$Active_Adapter" | awk -F': ' '/Hardware Port/{print $NF}' )
# Find out out link status if we are on Ethernet or Wireless, then work out if updates should happen.
if [[ "$Adapter_Name" =~ "Ethernet" ]]; then
Link_Speed=$(ifconfig $Active_Adapter | awk -F': ' '/media:/{print $NF}' | awk -F '[()]' '{print $2}' | awk '{print $1}')
# Make sure we have a decent connection.
if [[ "$Link_Speed" =~ "100baseT" ]] || [[ "$Link_Speed" == "1000baseT" ]]; then
Network="Pass"
else
Network="Fail"
fi
elif [[ "$Adapter_Name" =~ "Wi-Fi" ]]; then
Max_Link_Speed=$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I | awk '/maxRate/{print $NF}')
Link_Auth=$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -I | awk '/link auth/{print $NF}')
if [ $Max_Link_Speed -le 200 ]; then
Network="Fail"
else
Network="Pass"
fi
else
Network="Fail"
fi
echo ${Network}
}
get_local_jamf_status () {
Jamf_Version=$( /usr/local/bin/jamf version )
if [ -z ${Jamf_Version} ]; then
Jamf_Status="Fail_Jamf"
else
Jamf_Status="Pass"
fi
MDM_Profile=$( profiles status -type enrollment | grep "MDM enrollment:" | awk '{print $3}' )
if [ "${MDM_Profile}" == "No" ]; then
MDM_Status="Fail_MDM"
else
MDM_Status="Pass"
fi
if [[ ${Jamf_Status} =~ "Fail_" ]] && [[ ${MDM_Status} =~ "Fail_" ]]; then
echo 3 # Worst scenario, booth are borked, return a 3 as it's the sum of the two seperate issues, but it is just a re-install of the quickadd.
fi
if [[ ${Jamf_Status} =~ "Fail_" ]]; then
echo 2 # Jamf is broken, but the mdm seems ok, need to re-install the quickadd.
fi
if [[ ${MDM_Status} =~ "Fail_" ]]; then
echo 1 # MDM is broken, but jamf binary seems ok, need to jamf manage.
fi
if [[ ${Jamf_Status} == "Pass" ]] && [[ ${MDM_Status} == "Pass" ]]; then
echo 0 # all is good here!
fi
}
get_jamf_cloud () {
# Can we see the JSS?
if [ -f /Library/Preferences/com.jamfsoftware.jamf.plist ]; then
Jamf_URL="$(defaults read /Library/Preferences/com.jamfsoftware.jamf.plist jss_url)"
else
Jamf_URL="https://uoe.jamfcloud.com/"
fi
if curl -I "${Jamf_URL}" >/dev/null 2>&1 ; then
echo "Pass"
else
echo "Fail"
fi
}
get_macos () {
# OS version in form 1012
macOS_Vers=$( sw_vers -productVersion | awk -F '.' '{print $1$2}' )
echo ${macOS_Vers}
}
get_user () {
User=$( python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");' )
if [ -z ${User} ] || [ ${User} == "" ]; then
User="none"
fi
echo ${User}
}
repair_mdm () {
if pgrep -f "/usr/local/bin/jamf manage" >/dev/null 2>&1 ; then
echo "repair of mdm is already running"
sleep 5
else
/usr/local/bin/jamf manage
fi
if pgrep -f "/usr/local/bin/jamf recon" >/dev/null 2>&1 ; then
echo "recon already in progress"
sleep 5
else
/usr/local/bin/jamf recon
fi
}
reinstall_quickadd () {
if pgrep -f "/usr/local/bin/jamf enroll" >/dev/null 2>&1 ; then
echo "enrollment is already running"
sleep 5
else
installer -pkg "${Path_To_QuickAdd}" -target /
fi
if pgrep -f "/usr/local/bin/jamf recon" >/dev/null 2>&1 ; then
echo "recon already in progress"
sleep 5
else
/usr/local/bin/jamf recon
fi
}
Path_To_QuickAdd="/Library/MacSD/QuickAddHeal.pkg"
# Call the main function
main
exit 0;