This is a collection of configurations for the setup a new Mac in a business environment.
#!/bin/sh
clear
echo "Preparing Functions..."
# Functions - Start
# Function to convert IP Subnet Mask to CIDR
function mask2cdr ()
{
# Assumes there's no "255." after a non-255 byte in the mask
local x=${1##*255.}
set -- 0^^^128^192^224^240^248^252^254^ $(( (${#1} - ${#x})*2 )) ${x%%.*}
x=${1%%$3*}
echo $(( $2 + (${#x}/4) ))
}
# Functions - Stop
echo "Functions Ready."
echo "Preparing Variables..."
#Variables - start
username=$(whoami)
# Ask for the administrator password upfront and run a keep-alive to update existing `sudo` time stamp until script has finished
echo "\nType in the $username password:"
sudo -v
while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null &
companyname="Kittell.net"
companyPolicy="$(echo $companyname)\n\rWARNING\n\rThis computer system is the property of $(echo $companyname). It may be accessed and used only for authorized $(echo $companyname) business by authorized personnel. Unauthorized access or use of this computer system may subject violators to criminal, civil and/or administrative disciplinary action.\n\r$(echo $companyname) may monitor or log any activity or communication on the system and retrieve any information stored within the system. By accessing and using this computer,
you are consenting to such monitoring and information retrieval for law enforcement and other purposes. All information accessed via this system should be considered confidential unless otherwise indicated. Access or use of this computer system by any person, whether authorized or unauthorized, constitutes consent to these terms. There is no right of privacy in this system.\n\rNOTE: By logging into this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.\n"
sExternalIPService="http://dns.kittell.net/ip.php"
sExternalMACALService="http://dns.kittell.net/macaltext.php?address="
echo "$companyPolicy" | sudo tee -a /etc/banner
# cat /etc/banner
# Get operating system name and version - Start
OSvers1=$( sw_vers -productVersion | cut -d. -f1 )
# echo $OSvers1
OSvers2=$( sw_vers -productVersion | cut -d. -f2 )
# echo $OSvers2
OSvers3=$( sw_vers -productVersion | cut -d. -f3 )
# echo $OSvers3
case $OSvers2 in
8)
OSName="Mountain Lion"
;;
9)
OSName="Mavericks"
;;
10)
OSName="Yosemite"
;;
11)
OSName="El Capitan"
;;
12)
OSName="Sierra"
;;
13)
OSName="High Sierra"
;;
default)
OSName="Unknown"
;;
esac
# Get operating system name and version - Stop
# Get Serial Number
sSerialNumber=$(system_profiler SPHardwareDataType |grep "Serial Number (system)" |awk '{print $4}' | cut -d/ -f1)
# echo $sSerialNumber
clear
# Ask User if the computer is a laptop
printf "Is this a laptop, if yes type y or if no type n followed by [ENTER]:\n"
read sLaptop
#echo "$sLaptop provided"
case $sLaptop in
[yY])
sMachineName="L$sSerialNumber"
echo "Setting Machine Name to $sMachineName"
;;
[nN])
sMachineName="D$sSerialNumber"
echo "Setting Machine Name to $sMachineName"
;;
*)
sMachineName=$sSerialNumber
echo "Setting Machine Name to $sMachineName"
;;
esac
# echo $sMachineName
# Name the Machine in all areas the same - Start
sudo scutil --set HostName $sMachineName
sudo scutil --set ComputerName $sMachineName
sudo scutil --set LocalHostName $sMachineName
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server NetBIOSName -string $sMachineName
# Name the Machine in all areas the same - Stop
#Variables - stop
echo "Variables Ready."
# Software Update - Start
echo "Verifying all application software is current"
softwareupdate -l
echo "Enabling auto-updating"
sudo softwareupdate --schedule on
#printf "Install Mac Updates, if yes type y or if no type n followed by [ENTER]:\n"
#read sInstallMacUpdates
#case $sInstallMacUpdates in
# [yY])
# sudo softwareupdate --install --all
# ;;
# *)
# echo "Make sure to manually check updates."
# ;;
#esac
# Software Update - Stop
echo "Set Timezone"
sudo systemsetup -settimezone "America/Detroit" ]]> /dev/null
#echo "Keep Wi-Fi Alive When computer is locked"
# cd /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources
# sudo ./airport en0 prefs DisconnectOnLogout=NO
echo "Reveal IP address, hostname, OS version, etc. when clicking the clock in the login window"
sudo defaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo HostName
# echo "Setting background image of login screen"
# sudo cp Pictures/com.apple.desktop.admin_12000x7500.png /Library/Caches/com.apple.desktop.admin.png
clear
rm -f ~/NetworkInfo.txt
# Get IP - Start
# List all Network ports
NetworkPorts=$(ifconfig -uv | grep '^[a-z0-9]' | awk -F : '{print $1}')
#echo $NetworkPorts
for val in $(echo $NetworkPorts); do # Get for all available hardware ports their status
activated=$(ifconfig -uv "$(echo $val)" | grep 'status: ' | awk '{print $2}')
# echo $activated
label=$(ifconfig -uv "$(echo $val)" | grep 'type' | awk '{print $2}')
# echo $label
ActiveNetwork=$(route get default | grep interface | awk '{print $2}')
ActiveNetworkName=$(networksetup -listallhardwareports | grep -B 1 "$label" | awk '/Hardware Port/{ print }'|cut -d " " -f3- | uniq)
# echo $ActiveNetwork
# echo $ActiveNetworkName
state=$(ifconfig -uv "$val" | grep 'status: ' | awk '{print $2}')
# echo $state
ipaddress=$(ifconfig -uv "$val" | grep 'inet ' | awk '{print $2}')
# echo $ipaddress
if [[ -z $(ifconfig -uv "$val" | grep 'link rate: ' | awk '{print $3, $4}' | sed 'N;s/\n/ up /' ) ]]; then
networkspeed="$(ifconfig -uv "$val" | grep 'link rate: ' | awk '{print $3}' ) up/down"
else
networkspeed="$(ifconfig -uv "$val" | grep 'link rate: ' | awk '{print $3, $4}' | sed 'N;s/\n/ up /' ) down"
fi
# echo $networkspeed
macaddress=$(ifconfig -uv "$val" | grep 'ether ' | awk '{print $2}')
# echo $macaddress
macal=$(curl -s "$sExternalMACALService$macaddress")
# echo $macal
quality=$(ifconfig -uv "$val" | grep 'link quality:' | awk '{print $3, $4}')
# echo $quality
netmask=$(ipconfig getpacket "$val" | grep 'subnet_mask (ip):' | awk '{print $3}' | tr -d '[:space:]')
# echo $netmask
router=$(ipconfig getpacket "$val" | grep 'router (ip_mult):' | sed 's/.*router (ip_mult): {\([^}]*\)}.*/\1/')
# echo $router
DHCPActive=$(networksetup -getinfo "Wi-Fi" | grep DHCP)
# echo $DHCPActive
dnsserver=$(networksetup -getdnsservers "$ActiveNetworkName" | awk '{print $1, $2}' | sed 'N;s/\n//' )
# echo $dnsserver
if [[ ! -z "$netmask" ]]; then
#echo "Network Port is Active"
if [[ $ipaddress ]]; then
echo "$ActiveNetworkName ($val)" >> ~/NetworkInfo.txt
echo "--------------" >> ~/NetworkInfo.txt
# Is this a WiFi associated port? If so, then we want the network name
if [ "$label" = "Wi-Fi" ]; then
WiFiName=$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I | grep '\sSSID:' | sed 's/.*: //')
#echo $WiFiName
echo " Network Name: $WiFiName" >> ~/NetworkInfo.txt
fi
echo " IP Address: $ipaddress" >> ~/NetworkInfo.txt
echo " Subnet Mask: $netmask" >> ~/NetworkInfo.txt
echo " Router: $router" >> ~/NetworkInfo.txt
echo " IP CIDR: $ipaddress/$(mask2cdr $netmask)" >> ~/NetworkInfo.txt
if [[ -z $dnsserver ]]; then
if [[ $DHCPActive ]]; then
echo " DNS Server: Set With DHCP" >> ~/NetworkInfo.txt
else
echo " DNS Server: Unknown" >> ~/NetworkInfo.txt
fi
else
echo " DNS Server: $dnsserver" >> ~/NetworkInfo.txt
fi
echo " MAC-address: $macaddress ($macal)" >> ~/NetworkInfo.txt
#echo " Network Speed: $networkspeed" >> ~/NetworkInfo.txt
#echo " Link quality: $quality" >> ~/NetworkInfo.txt
echo " " >> ~/NetworkInfo.txt
fi
fi
done
# cat ~/NetworkInfo.txt
declare NetInfo=$(cat ~/NetworkInfo.txt)
# Get IP - Stop
declare banner=""
declare banner="\n$companyname\nComputer OS: Mac OS X - $OSName $OSvers1.$OSvers2.$OSvers3\nHostname: $sMachineName\nSerial Number: $sSerialNumber\n\nNetwork Information\n$NetInfo\n"
#echo "$banner"
#echo "Server Specific Items - Stop"
# Banner Start
clear
echo "$banner"|sudo tee /etc/motd
cat /etc/motd
# Set SSH Banner
#sudo touch /etc/banner
#sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
#sudo cp /etc/ssh/sshd_config.bak /etc/ssh/sshd_config
sudo sed -i '.bak' 's|#Banner none|Banner /etc/banner|' /etc/ssh/sshd_config
sudo launchctl unload /System/Library/LaunchDaemons/ssh.plist
sudo launchctl load -w /System/Library/LaunchDaemons/ssh.plist
# Banner Stop
#echo "Require a password to unlock each System Preferences Pane"
security authorizationdb read system.preferences > /tmp/system.preferences.plist
defaults write /tmp/system.preferences.plist shared -bool false
security authorizationdb write system.preferences < /tmp/system.preferences.plist
#echo "Disable automatic login"
sudo defaults write /Library/Preferences/.GlobalPreferences.plist come.apple.userpref.DisableAutoLogin -bool yes
echo "Create an access warning for the login window"
defaults write /Users/$username/Library/Preferences/com.apple.loginwindow LoginwindowText ""
sudo defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText ""
defaults write /Users/$username/Library/Preferences/com.apple.loginwindow LoginwindowText "$(echo $companyname)"
sudo defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText "$(echo $companyname)"
echo "Create a Login window banner"
# https://support.apple.com/en-us/HT202277
echo $companyPolicy > ~/PolicyBanner.txt
sudo mv ~/PolicyBanner.txt /Library/Security/
sudo chmod o+r /Library/Security/PolicyBanner.txt
echo "Show full name at login window"
sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWFULLNAME -bool yes
echo "Disable Show password hints"
sudo defaults write /Library/Preferences/com.apple.loginwindow RetriesUntilHint -int 0
echo "Disable the Guest account"
sudo defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool NO
echo "Disable Allow guests to connect to shared folders"
sudo defaults write /Library/Preferences/com.apple.AppleFileServer guestAccess -bool no
sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server AllowGuestAccess -bool no
# Install Python PIP
sudo easy_install pip
# OPTIONAL - Install BashBeautify (Make bash shell scripting look nicer)
pip install --upgrade bashbeautify
# Go to the directory you have .sh files in and run "bashbeautify *.sh"
sudo shutdown -r now
exit 0
Originally Posted on January 13, 2017
Last Updated on August 22, 2018
Last Updated on August 22, 2018
All information on this site is shared with the intention to help. Before any source code or program is ran on a production (non-development) system it is suggested you test it and fully understand what it is doing not just what it appears it is doing. I accept no responsibility for any damage you may do with this code.