Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #
- # 1st boot script runs as a Launchd startup script,
- # then deletes itself after completion. Fixes problems left by Apple.
- # Copyright, David Koff 2013© for the J. Paul Getty Trust
- #
- # Created: 3.15.13
- # Last Updated: 5.7.13
- #----------------------------------------------------------
- # Variables
- #----------------------------------------------------------
- #-----Assignments
- SCRIPTNAME=$0
- user405=ard
- #--- Set Logging
- exec >> "/Library/Logs/Getty Installations.log" 2>&1
- #-----Directories & Files
- kickstart="/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart"
- systemsetup="/usr/sbin/systemsetup"
- PlistBuddy="/usr/libexec/PlistBuddy"
- login="/Library/Preferences/com.apple.loginwindow"
- xProtect_MetaPlist="$3/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist"
- xProtect_Plist="$3/System/Library/LaunchDaemons/com.apple.xprotectupdater.plist"
- LaunchDaemons="/System/Library/LaunchDaemons"
- LaunchDaemonsDisabled="/System/Library/LaunchDaemonsDisabled"
- RepoURL="http://xserve-timcook.getty.edu:8088/content/catalogs/others"
- #-----Computationals
- xProtect=`launchctl list | grep com.apple.xprotectupdater`
- over500=`dscl . list /Users UniqueID | awk '$2 > 500 { print $1 }'`
- USER=`defaults read $login lastUserName`
- MSpid=`ps -ax | grep Microsoft | cut -c 1-5`
- macname=`systemsetup -getcomputername | awk '{ print $3 }'`
- hwVers=`system_profiler | grep "Model Name" | awk '{ print $3, $4, $5 }'`
- OS=`sw_vers | grep ProductVersion | awk '{ print $2 }'`
- ip=`ifconfig | grep "inet 153" | cut -d ' ' -f 2`
- #-----Array
- Apps2Quit=( Safari firefox-bin firefox JavaApplicationStub groupwise ) ### use of array allows us to add/subtract titles
- #-----Dynamically Set
- if [[ `ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-50` == "00000000-0000-1000-8000-" ]]; then
- MAC_UUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c51-62 | awk {'print tolower()'}`
- elif [[ `ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-50` != "00000000-0000-1000-8000-" ]]; then
- MAC_UUID=`ioreg -rd1 -c IOPlatformExpertDevice | grep -i "UUID" | cut -c27-62`
- fi
- #----------------------------------------------------------
- # Timestamp
- #----------------------------------------------------------
- echo " "
- echo "###################################"
- echo "##### $SCRIPTNAME"
- echo "##### `date "+%A %m/%d/%Y %H:%M"`"
- echo "###################################"
- echo " "
- echo "
- # ---------------------------------------------------------
- # ---------------------- FIXES --------------------------
- # ---------------------------------------------------------"
- echo ">>>>>>>> RECREATE ARD ACCOUNT IF BROKEN"
- if [ -d /private/var/$user405 ]; then
- echo "the ard directory is already present, no need to recreate..."
- else
- mkdir /private/var/$user405
- fi
- dscl . -create /Users/$user405
- dscl . -create /Users/$user405 realname "${user405}"
- dscl . -create /Users/$user405 NFSHomeDirectory /private/var/$user405
- chown -R $user405 /private/var/$user405
- dscl . -passwd /Users/$user405 ma5ter
- dscl . -create /Users/$user405 PrimaryGroupID 405
- dscl . -create /Users/$user405 UniqueID 405
- dscl . -create /Users/$user405 shell /bin/bash
- dscl . -append /Groups/admin GroupMembership $user405
- defaults write $login Hide500Users -bool TRUE ### hides this user from user list and user switching
- defaults write $login HiddenUsersList -array add $user405 ### hides this user from login screen
- echo ""
- echo ">>>>>>>> PREVENT iCLOUD WIZARD FROM RUNNING"
- # in any user account
- for i in $over500
- do
- defaults write /Users/$i/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
- defaults write /Users/$i/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion -string '10.8'
- chown "${i}":staff /Users/$i/Library/Preferences/com.apple.SetupAssistant.plist
- echo "iCloud wizard removed from the $i account..."
- done
- #in the user template
- for USER_TEMPLATE in "/System/Library/User Template"/*
- do
- defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.loginwindow -dict ” #creates a blank file if none exists
- defaults write "${USER_TEMPLATE}"/Library/Preferences/loginwindow -dict ” #creates a blank file if none exists
- defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -bool TRUE
- defaults write "${USER_TEMPLATE}"/Library/Preferences/com.apple.SetupAssistant LastSeenCloudProductVersion -string '10.8'
- echo "com.apple.SetupAssistant for the $USER_TEMPLATE now won't propmpt for iCloud..."
- done
- echo ""
- echo ">>>>>>>> DISABLE XPROTECT"
- if [ -f $LaunchDaemons/com.apple.xprotectupdater.plist ]; then
- echo "x-Protect has been found in $LaunchDaemons and will now be edited and unloaded:"
- $PlistBuddy -c "Delete :JavaWebComponentVersionMinimum" "$xProtect_MetaPlist"
- echo " Minimum Java Component removed from x-Protect."
- $launchctl unload -w "$xProtect_Plist"
- echo " x-Protect has been unloaded via launchctl."
- if [ ! -d $LaunchDaemonsDisabled ]; then
- echo ""
- echo "Now creating: $LaunchDaemonsDisabled to store xProtect plist:"
- mkdir -v $LaunchDaemonsDisabled
- else
- echo ""
- echo "$LaunchDaemonsDisabled:"
- echo " Directory found & emptied."
- echo " x-Protect moved into that directory:"
- rm -fv $LaunchDaemonsDisabled/*
- mv -v $LaunchDaemons/com.apple.xprotectupdater.plist $LaunchDaemonsDisabled
- fi
- else
- echo "x-Protect hasn't been found in: $LaunchDaemons"
- if [ -f $LaunchDaemonsDisabled/com.apple.xprotectupdater.plist ]; then
- echo "It has already been moved to: $LaunchDaemonsDisabled"
- fi
- fi
- echo "
- # ---------------------------------------------------------
- # ------------ PREFERENCE MODIFICATIONS -----------------
- # ---------------------------------------------------------"
- echo ""
- echo ">>>>>>>> SET PROPER ARD PREFS"
- $kickstart -activate
- $kickstart -configure -users ard -access -on -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutdown -SendFiles -ChangeSettings -clientopts -setmenuextra -menuextra no -setreqperm -reqperm yes
- echo ""
- echo ">>>>>>>> SET PROPER SSH PREFS"
- $systemsetup -setremotelogin on
- echo ""
- echo ">>>>>>>> SET PROPER TIME PREFS"
- $systemsetup -setusingnetworktime on
- $systemsetup -settimezone America/Los_Angeles
- $systemsetup -setnetworktimeserver time.getty.edu
- echo "
- #----------------------------------------------------------
- # ------------------- INSTALLATIONS ----------------------
- #----------------------------------------------------------"
- echo ""
- echo ">>>>>>>> QUIT COMPETING APPS" #Mar2013
- killall "${Apps2Quit[@]}"
- kill $MSpid
- echo ""
- echo ">>>>>>>> QUIT EPO"
- sudo launchctl unload /Library/LaunchDaemons/com.mcafee.ssm.ScanManager.plist
- sudo /usr/local/McAfee/Antimalware/VSControl stop
- echo ""
- echo ">>>>>>>> SET TO REPOSADO & RUN INSTALLS"
- case `sw_vers -productVersion | awk -F . '{print $2}'` in
- 4) URL="${RepoURL}/index-1_production.sucatalog" ;;
- 5) URL="${RepoURL}/index-leopard.merged-1_LabTesters.sucatalog" ;;
- 6) URL="${RepoURL}/index-leopard-snowleopard.merged-1_LabTesters.sucatalog" ;;
- 7) URL="${RepoURL}/index-lion-snowleopard-leopard.merged-1_LabTesters.sucatalog" ;;
- 8) URL="${RepoURL}/index-mountainlion-lion-snowleopard-leopard.merged-1_LabTesters.sucatalog" ;;
- *) echo "Unsupported client OS"; exit 1 ;;
- esac
- defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL "${URL}"
- echo "Software Update Server set to PRODUCTION branch at: $URL"
- echo "Now installing Apple updates:"
- softwareupdate -ia
- echo ""
- echo ">>>>>>>> CUSTOM TRIGGER INSTALLATIONS"
- echo "Apple updates have installed. Now calling a custom policy to:"
- echo "Install Java & Flash"
- jamf policy -trigger UpgradeMountainLion
- echo ""
- echo ">>>>>>>> RESTART EPO"
- sudo launchctl load /Library/LaunchDaemons/com.mcafee.ssm.ScanManager.plist
- sudo /usr/local/McAfee/Antimalware/VSControl mastart
- echo "
- #----------------------------------------------------------
- # ----------------------- JAVA ---------------------------
- #----------------------------------------------------------"
- echo ""
- echo ">>>>>>>> FIX JAVA: CONFIRM PLUG-IN REVERTED TO JSE 6"
- echo "Now checking Java SE 6 Status...."
- if [ ! -d /Library/Internet\ Plug-Ins/disabled ]; then
- mkdir -pv /Library/Internet\ Plug-Ins/disabled
- mv -v /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin /Library/Internet\ Plug-Ins/disabled
- ln -sf /System/Library/Java/Support/Deploy.bundle/Contents/Resources/JavaPlugin2_NPAPI.plugin /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin
- ln -sf /System/Library/Frameworks/JavaVM.framework/Commands/javaws /usr/bin/javaws
- echo "Java reverted to JSE 6 on this Mac..."
- else
- echo "The java applet has already been reverted to SE 6 and the newer plug-ins moved."
- fi
- echo ""
- echo ">>>>>>>> ENABLE JAVA PLUG-INS"
- for i in $over500
- do
- echo "-------------------------------------------------"
- rm -fv /Users/$i/Library/Preferences/ByHost/com.apple.java.JavaPreferences.*
- echo "JavaPrefs plist has been deleted from: $i account"
- echo "The Mac UUID has been set to: $MAC_UUID"
- # Set the "Enable applet plug-in" setting in the Java Preferences for the current user.
- $PlistBuddy -c "Delete :GeneralByTask:Any:WebComponentsEnabled" /Users/$USER/Library/Preferences/ByHost/com.apple.java.JavaPreferences.${MAC_UUID}.plist
- $PlistBuddy -c "Add :GeneralByTask:Any:WebComponentsEnabled bool true" /Users/$USER/Library/Preferences/ByHost/com.apple.java.JavaPreferences.${MAC_UUID}.plist
- $PlistBuddy -c "Delete :GeneralByTask:Any:WebComponentsLastUsed" /Users/$USER/Library/Preferences/ByHost/com.apple.java.JavaPreferences.${MAC_UUID}.plist
- $PlistBuddy -c "Add :GeneralByTask:Any:WebComponentsLastUsed real $(( $(date "+%s") - 978307200 ))" /Users/$USER/Library/Preferences/ByHost/com.apple.java.JavaPreferences.${MAC_UUID}.plist
- echo " "
- done
- echo "Java Web-Apps have been enabled for ALL 500+ users on this Mac."
- echo "
- #----------------------------------------------------------
- # --------------------- SEND EMAIL -----------------------
- #----------------------------------------------------------"
- if [ ! -d /Library/Server/Mail/Data/spool ]; then
- echo "Creating Unix mail folder hierarchy to enable sendmail..."
- mkdir -p /Library/Server/Mail/Data/spool
- $mail set-permissions
- $mail reload
- sleep 2
- fi
- $mail start
- echo "An OTW upgrade has been performed on this Mac. Computer information follows:
- Date: `date "+%m/%d/%Y"`
- Time: `date "+%H:%M"`
- Name: $macname
- Type: $hwVers
- OS: $OS
- IP: $ip" | mail -s "OTW Install Notification: $macname" dkoff@getty.edu, cnorris@getty.edu
- $mail stop
- echo ""
- echo "e-mail has been sent to ITS Lab SysAdmins."
- #----------------------------------------------------------
- # Wrap-Up
- #----------------------------------------------------------
- # Removes the launchd items & scripts
- sleep 2
- rm -f $0
- echo "$0 has now been deleted."
- rm -f /Library/LaunchDaemons/com.getty.NewOS1stBoot.plist
- echo "The 1stBoot LaunchDaemon have been deleted."
- echo " "
- echo "###################################"
- echo "##### End Log"
- echo "##### `date "+%A %m/%d/%Y %H:%M"`"
- echo "###################################"
- echo " "
- /sbin/reboot #force reboot to bake it in
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement