You search for items in macOS using compound conditions in a number of ways. One way is with awk. Here, we’re going to grab the output of a simple ls command. That gets piped into an awk statement. Then we’re going to look at the expression to evaluate. Basically, we’re going to say anything that contains com. as well as apple and .plist. Because it’s ls, we’re looking for names of files that match those patterns. Each pattern is listed in brackets. And then there’s the {print} to lay out the action of printing to the files that match the pattern to the screen:

ls |awk '/[com.][apple][.plist]/ {print}'

Note: I know you’re not supposed to use ls in scripts. Don’t care. If it were dates and such, I’d of used stat…

The post Use awk to evaluate compound conditions appeared first on krypted.com.

via GIPHY

Some tasks are like the Labrynth. You walk around a corner, mark a block in chalk so you can go back, and then a goblin switches your arrow to a different direction. Or you go through a door and fall down an oubliette. But hey, if you write a few more scripts, you can always bring sanity to those you already have but don’t know exist, right?

The post Unravelling Undocumented Middleware appeared first on krypted.com.

The next release of iOS (10.3), macOS (10.12.4), and tvOS (10.2) bring us a host of new management features. These include DEP configuration, remote wipe, single app mode, conference room mode, and remote reboot for Apple TVs. The next evolution of iOS brings us sounds in lost mode, the ability to prevent users from connecting to unmanaged wireless networks (just make sure to push that policy after sending down the actual managed wireless networks – or eek), the option to remotely shut down and reboot devices,

The Mac options includes some of the above but also restricting the feature to unlock macOS devices with Touch ID, restrict documents and desktop syncing with Apple’s iCloud service. Shared iPad environments also get new passcode policies.

Jamf Pro 9.98 has also comes with Symantec PKI integration and lots, and lots, and lots of resolutions to product issues. For more, see https://www.jamf.com/blog/are-you-ready-for-apples-next-release/. For a full run-down of profile options and MDM commands: http://docs.jamf.com/9.98/casper-suite/release-notes/What’s_New_in_This_Release.html.

Keeping with Apple’s evolving standards, Managed Preferences and Provisioning Profiles are being deprecated: http://docs.jamf.com/9.98/casper-suite/release-notes/Deprecations_and_Removals.html (which isn’t to say you can’t still deploy these kinds of things using your own scripts, etc).

Finally, if you have a problem in your environment and want to see if it’s been fixed, for a list of defects and product improvements – see http://docs.jamf.com/9.98/casper-suite/release-notes/Bug_Fixes_and_Enhancements.html

The post Jamf Pro 9.98 Now Available appeared first on krypted.com.

This is the first page of a 5 page piece I just finished writing for MacTech. After the last episode of the MacAdmins podcast though, I wanted to go ahead and get some of the information out there. For a much more detailed analysis, check out MacTech!

Apple has a number of different logging APIs. For the past few releases, Apple has tried to capture everything possible in logs, creating what many administrators and developers might consider to be a lot of chatter. As such, an entirely new interface needed to be developed to categorize and filter messages sent into system logs.

Writing Logs

The logger command is still used to create entries in system logs. However, if you are then using tail to view /var/log/system.log then you will notice that you no longer see your entry being written. This is because as the logs being created in macOS have gotten more complex, the tools to read and write those logs has gotten more complicated as well.

Let’s take a simple log entry. Below, we’ll write the string “Hello Logs” into the system log. To do so, use the –i option to put the process id of the logger process and –s to write to the system log, as well as to stderr. To make the entry easier we’ll tag it with –t followed by the string of the tag. And finally, we’ll quote the entry we want written into the log. This is basically the simplest form of an entry:

logger -is -t krypted "Hello Logs"

Once written, use the log command to read your spiffy new entries. This isn’t terribly different than how things worked previously. If you’re a developer, you will need to note that all of the legacy APIs you might be using, which include asl_log_message, NSLog, and syslog, have been redirected to the new Unified Logging system, provided you build software for 10.12 (you can still build as before for 10.11, iOS 9, tvOS 10, and watchOS 3 and below). These are replaced with the os_log, os_log_info, os_log_debug, os_log_error, os_log_fault, and os_log_create APIs (which correspond to various levels of logs that are written).

Reading Logs

Logs are now stored in the tracev3 formatted files in /var/db/diagnostics, which is a compressed binary format. As with all binary files, you’ll need new tools to read the files. Console has been updated with a new hierarchical capability and the ability to watch activities, subsystems, etc.

The log command provides another means of reading those spiffy new logs. To get started, first check out the man page:

man log

That “Hello Logs” string we used earlier is part of a message that you can easily view using the ‘log show’ command. In the below example, we’ll just run a scan of the last 3 minutes, using the –last option, and then providing a –predicate. We’ll explain those a bit later, but think of it as query parameters – here, we’ll specify to look for “Hello Logs” in eventMessage:

log show --predicate 'eventMessage contains "Hello Logs"' --last 3m

Filtering the log data using “eventMessage CONTAINS “Hello Logs”” shows us that our entry appears as follows:

Timestamp                       Thread     Type        Activity             PID

2017-03-23 23:51:05.236542-0500 0x4b83bb   Default     0x0                  88294  logger: Hello Logs

——————————————————————————————————————–

Log      – Default:          1, Info:                0, Debug:             0, Error:          0, Fault:          0

Activity – Create:           0, Transition:          0, Actions:           0

The post log, logs, and logger appeared first on krypted.com.

There is a new service in macOS, called Tetherator. Tethered-caching is a script that allows you to easily and quickly interact with the tethered-caching service, which has a few kinda’ cool options. This is on a client, and really speeds up all that crazy provisioning stuff you do. It can also check for the presence of a macOS Caching Server and use that as a source for the cache. The tethered-caching script is located at /usr/bin/tethered-caching.

Before you do anything with the service, check the status. That’s done with the -s option (there’s also a -v option to get verbose):

tethered-caching -s

The results before activated should be as follows:

2017-02-28 10:44:45.730 AssetCacheTetheratorUtil[3665:182657] Tetherator is disabled: (no error)
2017-02-28 10:44:45.746 AssetCacheActivatorUtil[3666:182664] Built-in caching server can be activated.
2017-02-28 10:44:45.762 AssetCacheActivatorUtil[3667:182673] Built-in caching server is deactivated: (no error)

Then start the service using the -n option in tethered-caching, along with the IP range to be used:

tethered-caching -n 192.168.1.0

This sets the ListenRanges key in the plist and should result in an activation process that appears as follows:

Starting tethered caching…
2017-02-28 10:47:59.691 AssetCacheActivatorUtil[3848:192902] Built-in caching server can be activated.
2017-02-28 10:47:59.706 AssetCacheActivatorUtil[3849:192910] Built-in caching server is deactivated: (no error)
Filtering the log data using “subsystem == “com.apple.AssetCache” AND messageType == 16″
Timestamp (process)[PID]
2017-02-28 10:48:05.098735-0600 localhost AssetCache[2882]: [com.apple.AssetCache.builtin] Built-in Caching Server activated. Exiting to allow re-launch.
2017-02-28 10:48:05.207493-0600 localhost AssetCache[2882]: [com.apple.AssetCache.builtin] Built-in Caching Server shutting down (0)
2017-02-28 10:48:07.362926-0600 localhost AssetCache[3862]: [com.apple.AssetCache.builtin] Built-in Caching Server version 170 started
2017-03-02 10:45:53.753 AssetCacheTetheratorUtil[29283:2526186] Tetherator enabled.
Started tethered caching. To stop it, press control+c once.

At this point, you’re calling /usr/bin/AssetCacheLocatorUtil to register and then start /usr/libexec/AssetCache/AssetCache via /System/Library/Preferences/Logging/Subsystems/com.apple.AssetCacheServices.plist which defaults read nets:

{Activator = {};
"DEFAULT-OPTIONS" = {
"Default-Privacy-Setting" = Public;
"Enable-Oversize-Messages" = 1;
"Event-Log" = {
Enabled = Inherit;};
Level = {
Enable = Inherit;
Persist = Inherit;};
TTL = {Debug = 0;Default = 10;Info = 10;};};
Daemon = {};
Extensions = {};
Framework = {};
Tetherator = {};}

The AssetCache preferences can be seen by catting /Library/Preferences/com.apple.AssetCache.plist:

Activated = 0;
CacheLimit = 0;
DataPath = "/Library/Caches/com.apple.AssetCache";
LastConfigData = ;
LastConfigURL = "http://suconfig.apple.com/resource/registration/v1/config.plist";
LastPort = 50775;
ListenRanges = ({first = "192.168.1.1";last = "192.168.1.254";});
ListenRangesOnly = 1;
LocalSubnetsOnly = 0;
PeerLocalSubnetsOnly = 1;
Port = 0;
PublicRanges = automatic;
ReservedVolumeSpace = 2000000000;
SavedCacheDetails = {};
SavedCacheDetailsOrder = ("Mac Software","iOS Software","Apple TV Software",iCloud,Books,"iTunes U",Movies,Music,Other);
SavedCacheDetailsStrings = {All the language keys as arrays - which I cut out to truncate the contents of the plist read};
SavedCacheSize = 0;
ServerGUID = "C5F29418-6158-4D3B-9162-XXX";
Version = 1;

Note that in the above, the LastConfigData key is pulled at activation by curling http://suconfig.apple.com/resource/registration/v1/config.plist. I’ve truncated the key as it’s kinda’ long…

A simple command that will be pretty common is to increase the size of the cache. To do so, you’d just edit that CacheLimit key to be the number that you want the cache to be. In the following example, we’re writing the CacheLimit key into AssetCache.plist at 100 gigs:

defaults write /Library/Preferences/com.apple.AssetCache.plist CacheLimit -int 100000000000

There’s also com.apple.AssetCache.builtin.plist in /Library/LaunchDaemons which starts the builtin AssetCache, AssetCacheC, and CacheDelete service.

Once started, you will have a sqlite3 database called AssetInfo.db at /Library/Caches/com.apple.AssetCache. A basic structure of how data is stored includes the following tables:

• ZAFFINITY with the following column: Z_PK INTEGER PRIMARY KEY, Z_ENT INTEGER, Z_OPT INTEGER, ZLASTSAVED TIMESTAMP, ZID VARCHAR
• ZASSET with the following columns: Z_PK INTEGER PRIMARY KEY, Z_ENT INTEGER, Z_OPT INTEGER, ZMD5OFFSET INTEGER, ZTOTALBYTES INTEGER, ZCREATIONDATE TIMESTAMP, ZLASTACCESSED TIMESTAMP, ZCHECKSUM VARCHAR, ZGUID VARCHAR, ZINDEX VARCHAR, ZLASTMODIFIEDSTRING VARCHAR, ZNAMESPACE VARCHAR, ZURI VARCHAR, ZMD5CONTEXT BLOB
• Z_METADATA with the following columns: Z_VERSION INTEGER PRIMARY KEY, Z_UUID VARCHAR(255), Z_PLIST BLOB
• Z_MODELCACHE with just the Z_CONTENT column
• TABLE Z_PRIMARYKEY with the following columns: Z_ENT INTEGER PRIMARY KEY, Z_NAME VARCHAR, Z_SUPER INTEGER, Z_MAX INTEGER

Once enabled, updates will be cached to the computer that the service is enabled on, metadata stored in the previously mentioned database, and then change ports and network ranges when needed.

The post Tethered Caching of iOS Assets from macOS 10.12.4 appeared first on krypted.com.

The videos from the MacADUK sessions are now available on the Internets! Including such great sessions as “What’s New With Managing macOS and iOS” from Marko Jung, “Something something commercial, something something open source” from Graham Gilbert, “Desired State Management Through Automation with Jamf Pro” from John Kitzmiller, “Advanced Mac Software Deployment and Configuration – Just Make it Work” from Tim Sutton, “Securing the Managed Environment – you, me, and everybody” from Pepijn Bruienne, “Munki and Patch. A Comparison” from Ben Toms & James Ridsdale, “Locking down macOS without Locking Up Users (The Sequel)” from Samuel Keeley. Totes fun!

Watch them at https://online-training.amsys.co.uk/courses/macaduk-2017

The post MacADUK Videos Now Available appeared first on krypted.com.

The post Episode 28 of the MacAdmins Podcast: Canadian Conferences, DEP, InstallApplication appeared first on krypted.com.

<iframe style=”border: none” src=”//html5-player.libsyn.com/embed/episode/id/5219905/height/90/width/640/theme/custom/autonext/no/thumbnail/yes/autoplay/no/preload/no/no_addthis/no/direction/backward/render-playlist/no/custom-color/87A93A/” height=”90″ width=”640″ scrolling=”no”  allowfullscreen webkitallowfullscreen mozallowfullscreen oallowfullscreen msallowfullscreen></iframe>

The post Episode 29 of the MacAdmins Podcast: Just Us Chickens appeared first on krypted.com.

The xxd is a bash command in Linux and macOS that is used to take a hexdump (convert a string to hex), or convert hex back to a string. To use xxd, just call it with a couple of options. Below, we’ll use the -p option to export into plain hexdump, and we’ll quote it and the <<< is to take input rather than a file name to convert (the default behavior), as follows:

xxd -p <<< "hey it's a string"

The output would be a hex string, as follows:

6865792069742773206120737472696e670a

Then use the -r option to revert your hex back to text. Since xxd doesn’t allow for a positional parameter to revert, we’ll simply echo the hex string and pipe it back into xxd, as follows:

echo 6865792069742773206120737472696e670a | xxd -r -p

And the output would be (is):

hey it's a string

Other useful options:

• -b: Perform a binary dump instead of a hex dump
• -e: what it looks like when a little endian takes a hex dump
• -h: get help with the command
• -len: stop after the defined number of characters
• -u: use uppercase in the hex, instead of the default lower-case (doesn’t seem to actually work on macOS)
• -v: grab the version of xxd

The post To Hex And Back appeared first on krypted.com.

My latest piece on Huffington Post:

OMG the cloud! Everything must go to the cloud, and now! And sometimes finding a tool is about workflow. And the workflow should make sense and be awesome.

But there’s an argument that you shouldn’t even keep a lot of data unless it’s kept confidential and therefore properly secured. The liability of keeping information about other people and what they do is just too great to outweigh what you might otherwise use that data for.

Security matters. Workflow matters. And with the number of services out there that you can use for any given task, if any aren’t secure enough then there are probably ten others you could use that are. So why might you choose to use a given service:

To read more, check out http://www.huffingtonpost.com/entry/58e26367e4b0d804fbbb7501

The post Security Considerations When Selecting Cloud-Based Software appeared first on krypted.com.

The original title of this piece didn’t last long. That’s too bad. ‘Cause I thought “Getting Bloggers To Talk About Your Crap” was kinda’ fun. But my latest inc.com article ended up getting called “6 Ways To Build Successful Relationships With Online Influencers” – and that’s fine. If you wanna’ check it out, it’s at: http://www.inc.com/charles-edge/6-ways-to-build-successful-relationships-with-bloggers.html.

The post Getting Bloggers To Talk About Your Crap appeared first on krypted.com.

There are two useful commands when scripting operations that involve filenames and paths. The first of these is dirname: dirname can be used to return the directory portion of a path. The second is basename: basename can be used to output the file name portion of a path.

For our first example, let’s say that we have an output of /users/krypted, which we know to be the original short name of my user. To just see just that username, we could use basename to call it:

basename /users/charlesedge

Basename can also be used to trim output. For example, let’s say there was a document called myresume.pdf in my home folder and we wanted to grab that without the file extension. We could run basename using the -s option, followed by the string at the end that we do not want to see to output of (the file extension:

basename -s .pdf /users/charlesedge/myresume.pdf

The dirname command is even more basic. It outputs the directory portion of the file’s path. For example, based on the same string, the following would tell you what directory the user is in:

dirname /users/charlesedge

A great example of when this gets more useful is keying off of currently active data. For example, if we’re scripting a make operation, we can use the which command to get an output that just contains the path to the make binary:

which make

We can then wrap that for expansion and grab just the place that the active make binary is stored:

dirname `which make`

This allows us to key other operations off the path of an object. A couple of notable example of this is home or homeDirectory paths and then breaking up data coming into a script via a positional parameter (e.g. $1).

You can also use variables as well. Let’s say that

homedir=/users/krypted ; dirname $homedir

Finally, keep in mind that dirname is relative, so if you’re calling it for ~/ then you’ll see the output at that relative path.

The post basename and dirname Options appeared first on krypted.com.

The post Episode 30 Of The MacAdmins Podcast: It’s Not Just Sharks In Puddles appeared first on krypted.com.

After updating an iPhone, maybe it’s stuck. Doesn’t happen much, but it can happen. When it does, it’s great if you’ve got a backup of your phone. And those traditional means of restarting, resetting, and restoring don’t work any more. Or at least they do, but they’ve moved.

If you need to DFU or restore your device, starts by plugging the phone into a computer running iTunes. Then press and hold the power button down for 3 seconds and press the volume down button while you’re holding that power button. Hold both down for about 10 seconds and let go of the power button, holding the volume down button for 5 more seconds.

This process is pretty specific and I’ve often had to do it 3-4 times to get it just right. If you see the Apple logo at boot, the device is just rebooting (and that’s usually all I’ve needed). But if you really need it to go into restore or DFU-mode, you’ll want to see the screen that says Plug Into iTunes. Once you see that, you are in restore mode. If you want to be in DFU mode, you’ll want it right in the middle, where the screen is black.

The post DFU and Restore Modes For Haptic iPhones appeared first on krypted.com.

The post Episode 31 of the MacAdmins Podcast, with Caleb Coy appeared first on krypted.com.

I recently had an issue where QuickLook was crashing every time I clicked on certain file types. I thought they were unsupported by QuickLook. But it turns out that they were animated and trying to start while the QuickLook animation was starting. So disable the QuickLook animation and the files appeared as intended. To do so, write a key called QLPanelAnimationDuration into the global defaults database, with a -float value of 0, as follows:

defaults write -g QLPanelAnimationDuration -float 0

The post QuickLook Crashing? appeared first on krypted.com.

There’s a macOS tool called AssetCacheLocatorUtil located at /usr/bin/AssetCacheLocatorUtil. The output is in… stderr. Because stderr is so fun to work with (note that sed -i only works with stdin). So, to update the caching server(s) you are using and only print the IP address of those, you’d do the following:

/usr/bin/AssetCacheLocatorUtil 2>&1 | grep guid | awk '{print$4}' | sed 's/^\(.*\):.*$/\1/' | uniq

If you use Jamf Pro and would like to use this as an extension attribute, that’s posted here: https://github.com/krypted/cachecheck. I didn’t do any of the if/then there, as I’d usually just do that on the JSS.

The post One-liner To Grab Which macOS Caching Server You’re Using appeared first on krypted.com.

MySQL usually pulls settings from a my.cnf file. However, you can end up with settings in include files, which can be defined in the my.cnf using the following directives:

include /home/mydir/myopt.cnf
includedir /home/mydir

Because of this, and the fact that you might not have access to all locations of .cnf files on a filesystem, you can also grab them using the SHOW VARIABLES option within SQL, obtained by

/usr/local/mysql/bin/mysql -uroot -p mypassword -e "SHOW VARIABLES;" > /tmp/SQLSettings.txt

In the above command, -uroot defines we’ll be accessing with the root user, -p defines the password (listed as mypassword) and the -e defines that we want to execute a command and then quit. We then use > to dump the output into the defined file.

The post Show MySQL Settings appeared first on krypted.com.

The post Episode 32: iOS 10.3 and Classroom 2.0 with Fraser Speirs appeared first on krypted.com.

Here’s a new extension attribute at https://github.com/krypted/ituneshash/blob/master/ituneshash.sh for grabbing the hash ID used for iTunes Store accounts, useful with VPP:

#!/bin/sh
#
#
#
#Jamf Pro Extension Attribute to return the App Store Account Hash for iTunes
#Note that the return is null if one is not found
#
#
result=`/usr/libexec/mdmclient QueryAppInstallation | grep iTunesStoreAccountHash | sed '/.*\"\(.*\)\".*/ s//\1/g'`
echo "<result>$result</result>"


The output is something like:

<result>oBSmAAAa0nUAAACBHe5AaALlNBg=</result>

Which would bring the string into Jamf Pro

The post Extension Attribute to Grab iTunes Hashes for VPP on macOS appeared first on krypted.com.