Skip to content

pwadenz/MSP-example-Scripts

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
Device Count
Device Count
 
 
JPSversions
JPSversions
 
 
Update Activationcode
Update Activationcode
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

MSP-example-Scripts

Current state of the scripts are: "the scripts are examples how you can do this"

INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 
I BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 
THE POSSIBILITY OF SUCH DAMAGE.

GitHub

Here some examples script for Managed Service Providers (MSP) how to automate some task. There will certainly be better workflows, but the purpose of these scripts is to give you an idea, of course you are free to adapt them to your situation.

I try to prevent passwords or API hashes in scripts, to prevent this I use the keychain for this. Keep in mind that this is only if the passwords or API hashes are stored in the keychain on the machine where the script is being run.

Securely store Passwords into the macOS Keychain

Why put cleartext passwords in scripts, when we can use the macOS Keychain to securely store this information for us.

I added this easy way to the script, so we can have a placeholder for the password rather then leaking this password within the script.

How to

After creating the API user with the API Debugger tool, we received the Hue API Hash. We are going to add the Hue API Hash into the macOS Keychain with the security command. For this command we are using -T to add an entry to the login keychain and add the security binary to "Always allow access by these applications:" list in the Access Control preferences.

security add-generic-password [-s service] [-a account] [-w password] -T [appPath]

Usage: 
-s service      Specify service name (required)
-a account      Specify account name (required)
-w password     Specify password to be added. Put at end of command to be prompted (recommended)
-T appPath      Specify an application which may access this item (multiple -T options are allowed)

Example:

security add-generic-password -s hueAPIHash -a HUEAPI -w FIAqb-53KaLBVzXKscihomProgvhUkRko59TAuV -T /usr/bin/security

Now we securely store the Hue API Hash into the macOS Keychain, and allowing the security binary to access this entry. We can use the security command to fetch the Hue API Hash.

security find-generic-password [-s service] -w 
Usage:
-s service      Match service string
-w              Display the password(only) for the item found

We only need to provide the service name and ask for the password

Example:

security find-generic-password -s "hueAPIHash" -w
#RESULT
FIAqb-53KaLBVzXKscihomProgvhUkRko59TAuV

See the man page security in terminal for more options. man security

About

example Scripts for MSP

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%