Skip to content

Instantly share code, notes, and snippets.

@bruienne

bruienne/delaypolicybanner.py

Created February 1, 2016 17:33
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bruienne/bd8365691eba466f48c7 to your computer and use it in GitHub Desktop.
Save bruienne/bd8365691eba466f48c7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
delaypolicybanner.py
#!/usr/bin/env python
import subprocess
import plistlib
import sys
# Our read and write commands to the authorizationdb
readcmd = ['/usr/bin/security', 'authorizationdb', 'read', 'system.login.console']
writecmd = ['/usr/bin/security', 'authorizationdb', 'write', 'system.login.console']
# Run the read task, get the contents of system.login.console
task = subprocess.Popen(readcmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(out, err) = task.communicate()
formatted = plistlib.readPlistFromString(out)
# Pop the first item in the list, this should be builtin:policy-banner
banner = formatted['mechanisms'].pop(0)
# If the popped item is not the policy-banner we bail, something is not right
if 'builtin:policy-banner' in banner:
print "NOTICE: Changing policy-banner to be last item in system-login-console."
formatted['mechanisms'].append(banner)
input_plist = plistlib.writePlistToString(formatted)
# Write the plist back to the authorizationdb
task = subprocess.Popen(writecmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(out, err) = task.communicate(input=input_plist)
else:
print "WARNING: Policy banner was not first item, not making changes."
sys.exit(-1)
@bruienne
Copy link
Author

bruienne commented Feb 1, 2016

Careful deploying this, it actively changes system.login.console settings as part of the Authorization database.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment