Skip to content

Instantly share code, notes, and snippets.

View poundbangbash's full-sized avatar

eholtam poundbangbash

43 followers · 33 following
View GitHub Profile
@dreness
dreness / find-cli.sh
Last active December 6, 2023 06:21
#!/bin/zsh
TARGET=$1
# to be used as an egrep pattern
SYMS='getprogname|NSGetArgv|NSGetArgc|optarg|optind|getopt|getopt_long'
sudo find ${TARGET} -type f -perm +111 \! -name "*.dylib" | \
while read f ; do
sudo nm -u ${f} 2> /dev/null | \
@erikng
erikng / changes in profiles command on 10.13.4 and higher
Last active March 6, 2019 18:54
10.13.4 profile install failure
To prevent unintended installations, profiles containing certain payloads (specifically com.apple.Safari) will require a manual verification even when running as root.
Example:
sudo profiles install -path ~/Desktop/safari.mobileconfig
Enter the admin user name:
sudo profiles -IvF ~/Desktop/safari.mobileconfig
profiles: verbose mode ON
profiles install profile ~/Desktop/safari.mobileconfig for user: (null)
Enter the admin user name:
@MagerValp
MagerValp / Kernel Extension Policy.mobileconfig
Last active May 2, 2020 15:27
Sample kernel extension whitelist for 10.13.4+
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>AllowUserOverrides</key>
<true/>
<key>AllowedTeamIdentifiers</key>
@zoocoup
zoocoup / SecureToken and sysadminctl in 10.13 (based on 10.13.4)
Last active April 23, 2024 12:41
### Updated to reflect changes introduced with 10.13.4. Update to 10.13.4 if needed before attempting to make
SecureToken-related changes. ###
sysadminctl is a tool Apple introduced in 10.10 for working with system user accounts. In 10.13, sysadminctl is Apple's
recommended tool for working with user accounts in the CLI, replacing functionality that has long been provided by dscl
and adds new features available only in 10.13. sysadminctl can be used to change user passwords, create new users or
check the status of a new-to-10.13 security feature named SecureToken.
SecureToken is a non-visible APFS file system attribute, unlike the SIP protected flag or file creation date, that triggers
the creation of a new AuthenticationAuthority entry in a user's local account record
@gregneagle
gregneagle / startosinstall_10.12.6_normalboot.txt
Last active February 6, 2024 07:28
Comparison of startosinstall's available options depending on boot OS environment
bash-3.2$ /Applications/Install\ macOS\ Sierra.app/Contents/Resources/startosinstall --usage
Usage: startosinstall --applicationpath <install macOS.app path>
Arguments
--applicationpath, a path to copy of the OS installer application to start the install with.
--license, prints the user license agreement only.
--agreetolicense, agree to license the license you printed with --license.
--rebootdelay, how long to delay the reboot at the end of preparing. This delay is in seconds and has a maximum of 300 (5 minutes).
--pidtosignal, Specify a PID to which to send SIGUSR1 upon completion of the prepare phase. To bypass "rebootdelay" send SIGUSR1 back to startosinstall.
--usage, prints this message.
@erikng
erikng / xcode9.plist
Created September 28, 2017 16:05
xcode9.plist (for munki)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>autoremove</key>
<false/>
<key>catalogs</key>
<array>
<string>production</string>
</array>
@gregneagle
gregneagle / fancy_defaults_read.py
Last active February 6, 2024 15:14
fancy_defaults_read.py: Reads a preference, prints its value, type, and where it is defined.
#!/usr/bin/python
import os
import sys
from CoreFoundation import (CFPreferencesAppValueIsForced,
CFPreferencesCopyAppValue,
CFPreferencesCopyValue,
kCFPreferencesAnyUser,
kCFPreferencesAnyHost,
@geoffrepoli
geoffrepoli / bash ref
Created June 23, 2017 23:39
## REMOVE FIRST CHARACTER FROM STRING
sed '/^.//'
== Example ==
$ echo "foo" | sed 's/^.//'
oo
____________________________________________________________________
@joshua-d-miller
joshua-d-miller / 802.1x System Fix.py
Last active February 4, 2022 14:42
This script will allow your 802.1x Configuration Profile to work on any other Ethernet interface at the System Level
#!/usr/bin/python
# pylint: disable=E0611, E1101, E0602
''''Fix 802.1x When Using Config Profiles and PEAP-MSCHAPV2 or EAP-TLS'''
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# This script will find the system profile that is attached to one ethernet
# interface from our configuration profile and then copy it to all other
# ethernet interfaces so that other ethernet interfaces can be used instead
# of just the FirstActiveEthernet at time of profile installation. This issue
# is still an issue as of 10.12.3
@joshua-d-miller
joshua-d-miller / 802.1x Fix.py
Last active January 18, 2019 12:46
When deploying an EAP-TLS profile for 802.1x Ethernet, this script will create a User Identity preference which will allow a logged in user to use any Ethernet interface that is connected to their machine.
#!/usr/bin/python
# pylint: disable=C0103, W0612, E1101, E0602, E0611
# pylint: disable=W0101, W0110, W0141
''''Fix 802.1x When Using Config Profiles and EAP-TLS'''
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# This script will determine the profile ID that was used when
# installing the 802.1x Ethernet Identity preference and make
# a copy of the keychain entry to be used as a user identity preference
# so that any Ethernet can be used when a user is logged in. As of 10.12.3