#!/bin/zsh ################################################################################ # Created by Ryan Slater | Solutions Engineering | Kandji, Inc. ################################################################################ # # Created on 2024/05/02 # ################################################################################ # Tested macOS Versions ################################################################################ # # - macOS Sonoma 14.4 & 14.4.1 # ################################################################################ # Software Information ################################################################################ # # A simple Audit script to evaluate the optimal conditions to install LucidLink # v2 as a Custom App in Kandji. It requires a Kernel Extension in order to # function so it'll check for the ID of the Kernel Extension Profile you define # before calling for the installer to proceed # ################################################################################ # License Information ################################################################################ # Copyright 2024 Kandji, Inc. # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is furnished # to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in all # copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. # ################################################################################ # Script Version VERSION="1.0.0" ############################################################################## ############################# USER INPUT ##################################### ############################################################################## # Variables that should be set by the admin using the script. Typically # these will be unique to a specific customer. # Kandji API URL api_url="instancename.api.eu.kandji.io" # API Bearer Token # The API token needs permission for: Device List, Device ID and Restart Device token="YOUR_TOKEN_HERE" ############################################################################## ############################# VARIABLES ###################################### ############################################################################## # Get Device Serial serial_number=$(/usr/sbin/system_profiler SPHardwareDataType | awk '/Serial/ { print $NF }') ############################################################################## ################## FUNCTIONS - DO NOT MODIFY BELOW ########################### ############################################################################## # Set logging - Send logs to stdout as well as Unified Log # Usage: logging "LEVEL" "Message..." # Use 'log show --process "logger"'to view logs activity. logging(){ script_id="LucidLink-Postinstall" timestamp=$(/bin/date +"%m-%d-%Y %H:%M:%S") echo "${timestamp} ${1}: ${2}" /usr/bin/logger "${script_id}: [${1}] ${2}" } ############################################################################## ################### MAIN LOGIC - DO NOT MODIFY BELOW ######################### ############################################################################## # Do not modify the below; there be dragons. Modify at your own risk. logging "INFO" "Executing script v${VERSION}..." logging "INFO" "Getting Device ID from ${api_url}" # GETTING DEVICE RECORD INFORMATION BASED ON SERIAL NUMBER device_record=$(/usr/bin/curl --silent --request GET --url "${api_url}/api/v1/devices/?serial_number=${serial_number}" \ --header "Authorization: Bearer ${token}" \ --header "Content-Type: application/json") # WAS THE API TOKEN VALID? if [[ "${device_record}" == *"Invalid Token"* ]]; then logging "ERROR" "Invalid API Token, unable to proceed and exiting" exit 1 fi # EXTRACT THE DEVICE ID FROM THE JSON RESPONSE device_id=$(/usr/bin/plutil -extract 0.device_id raw -o - - <<< "${device_record}") # EXIT IF DEVICE ID WAS NOT FOUND if [[ "${device_id}" == *"Could not extract"* ]]; then logging "ERROR" "Could not identify Device ID for ${serial_number}, exiting post-install without a reboot" exit 1 else logging "INFO" "Device ID was identified as ${device_id}, proceeding to send reboot command via API" fi # LUCID NEEDS TO LAUNCH TO LOAD THE KEXT /usr/bin/open "/Applications/Lucid.app" # WAIT FOR LUCIDAPP TO START while ! /usr/bin/pgrep "LucidApp" > /dev/null; do sleep 1 done logging "INFO" "LucidLink App Launched, preparing for reboot" # DELAY FOR APP LOADING TIME sleep 10 device_restart=$(/usr/bin/curl --location -g --request POST "${api_url}/api/v1/devices/${device_id}/action/restart" \ --header "Authorization: Bearer ${token}" \ --header "Content-Type: application/json" \ -w "%{http_code}" \ -o /dev/null \ --data '{ "RebuildKernelCache": true, "NotifyUser": true }' ) if [[ "${device_restart}" = "200" ]]; then logging "INFO" "Sent device restart command to the API" exit 0 else logging "ERROR" "Restart command could not be sent via API, http code was ${device_restart}" exit 1 fi