Re: [Fed-Talk] Disable Airport/Bluetooth/
Re: [Fed-Talk] Disable Airport/Bluetooth/
- Subject: Re: [Fed-Talk] Disable Airport/Bluetooth/
- From: Allan Marcus <email@hidden>
- Date: Thu, 28 May 2009 14:21:06 -0600
have the internal WiFi hardware disabled and use a QuickerTek WiFi USB
card for WiFi. Disablement would then simply be unplugging the USB card.
---
Thanks,
Allan Marcus
505-667-5666
On May 26, 2009, at 1:07 PM, Chuck Bishop wrote:
This is my first use of Fed-Talk, so please pardon any etiquette
missteps of mine. I am brand new to the Apple community and platform,
the last time I used an Apple was the IIc! I know very basic scripting
and am fairly familiar with Linux.
One my clients has begun to switch over to MACs exclusively and has
tasked me with securing them to conform for open-secret use. He is
buying Mac Mini's with Leopard installed I need to remove not just
disable Airport, remove Bluetooth and IR support he also wants the
option to reinstall Airport at will with a button for when employees
go
out into the field.
I want the script to run at startup and by default perform the above
procedures, prior to login. Like a machine script in Windows. Then the
user logs in and can reinstall Airport if needed. Bluetooth and IR
remain disabled.
This is my first attempt at a script, I put in the rc.local file.
Could
anyone please offer suggestions on how better to resolve this? The
scripts works and provides affirmation to the users desktop. However I
cannot figure out how to re-enable the Airport without rebooting (thus
starting the script again)
########################################################################
#!/bin/bash
#Put A copy into /sbin owned by root && put a copy called rc.local
in /etc directory
#get date
dt=$(date +%d%m)
tdy=$(date +%D)
#setup temporary Results file
touch /tmp/Results.$dt.txt
echo "Security Results for today $tdy" > /tmp/Results.$dt.txt
echo "" >> /tmp/Results.$dt.txt
# Updating from Internet Software Update Server
# -----------------------------------
# Download and install software updates.
softwareupdate --download --all --install
# -----------------------------
# Securing Software Updates Preferences
# -----------------------------
# Disable check for updates and Download important updates
automatically.
for USER in $(ls /Users)
do
sudo -u $USER softwareupdate --schedule off >/dev/null 2>&1
if [ $? != 1 ]; then
echo "Auto update is turned off for - $USER" >> /tmp/Results.$dt.txt
fi
done
#Remove Airport
if [ -d /System/Library/Extensions/AppleAirPort.kext ]; then
if [ -d /System/security_services/AppleAirPort.kext ];then
rm -R /System/security_services/AppleAirPort.kext &&
mv /System/Library/Extensions/AppleAirPort.kext /System/
security_services/ && echo "Success - Airport disabled 1 of 4" >> /
tmp/Results.$dt.txt
else
mv /System/Library/Extensions/AppleAirPort.kext /System/
security_services/ 2>/dev/null && echo "Success - Airport disabled 1
of 4">> /tmp/Results.$dt.txt
fi
else
echo "Success - Airport disabled 1 of 4." >> /tmp/Results.$dt.txt
fi
if [ -d /System/Library/Extensions/AppleAirPort2.kext ]; then
if [ -d /System/security_services/AppleAirPort2.kext ];then
rm -R /System/security_services/AppleAirPort2.kext &&
mv /System/Library/Extensions/AppleAirPort2.kext /System/
security_services/ && echo "Success - Airport disabled 2 of 4" >> /
tmp/Results.$dt.txt
else
mv /System/Library/Extensions/AppleAirPort2.kext /System/
security_services/ 2>/dev/null && echo "Success - Airport disabled 2
of 4" >> /tmp/Results.$dt.txt
fi
else
echo "Success - Airport disabled 2 of 4." >> /tmp/Results.$dt.txt
fi
if [ -d /System/Library/Extensions/AppleAirPortFW.kext ]; then
if [ -d /System/security_services/AppleAirPortFW.kext ];then
rm -R /System/security_services/AppleAirPortFW.kext &&
mv /System/Library/Extensions/AppleAirPortFW.kext /System/
security_services/ && echo "Success - Airport disabled 3 of 4" >> /
tmp/Results.$dt.txt
else
mv /System/Library/Extensions/AppleAirPortFW.kext /System/
security_services/ 2>/dev/null && echo "Success - Airport disabled 3
of 4" >> /tmp/Results.$dt.txt
fi
else
echo "Success - Airport disabled 3 of 4." >> /tmp/Results.$dt.txt
fi
if
[ -d /System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/
AirPortAtheros.kext ]; then
if [ -d /System/security_services/Plugins ];then
rm -R /System/security_services/Plugins &&
mv /System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/* /
System/security_services/Plugins/ && echo "Success - Airport
disabled 4 of 4" >> /tmp/Results.$dt.txt
else
mv /System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/* /
System/security_services/Plugins/ 2>/dev/null && echo "Success -
Airport disabled 4 of 4" >> /tmp/Results.$dt.txt
fi
else
echo "Success - Airport disabled." >> /tmp/Results.$dt.txt
fi
# Removing BlueTooth Support Software
# -----------------------------
# Remove Bluetooth kernel extensions.
if [ -d /System/Library/Extensions/IOBluetoothFamily.kext ]; then
if [ -d /System/security_services/IOBluetoothFamily.kext ];then
rm -R /System/security_services/IOBluetoothFamily.kext &&
mv /System/Library/Extensions/IOBluetoothFamily.kext /System/
security_services/ && echo "Success - Bluetooth disabled 1 of 2" >> /
tmp/Results.$dt.txt
else
mv /System/Library/Extensions/IOBluetoothFamily.kext /System/
security_services/ 2>/dev/null && echo "Success - Bluetooth disabled
1 of 2" >> /tmp/Results.$dt.txt
fi
else
echo "Success - Bluetooth disabled 1 of 2." >> /tmp/Results.$dt.txt
fi
if [ -d /System/Library/Extensions/IOBluetoothHIDDriver.kext ]; then
if [ -d /System/security_services/IOBluetoothHIDDriver.kext ];then
rm -R /System/security_services/IOBluetoothHIDDriver.kext &&
mv /System/Library/Extensions/IOBluetoothHIDDriver.kext /System/
security_services/ && echo "Success - Bluetooth disabled 1 of 2" >> /
tmp/Results.$dt.txt
else
mv /System/Library/Extensions/IOBluetoothHIDDriver.kext /System/
security_services/ 2>/dev/null && echo "Success - Bluetooth disabled
1 of 2" >> /tmp/Results.$dt.txt
fi
else
echo "Success - Bluetooth disabled 2 of 2." >> /tmp/Results.$dt.txt
fi
# Removing IR Support Software
# -----------------------------
# Remove IR kernel extensions.
if [ -d /System/Library/Extensions/AppleIRController.kext ]; then
if [ -d /System/security_services/AppleIRController.kext ];then
rm -R /System/security_services/AppleIRController.kext &&
mv /System/Library/Extensions/AppleIRController.kext /System/
security_services/ & echo "Success - IR - disabled 1 of 1" >> /tmp/
Results.$dt.txt
else
mv /System/Library/Extensions/AppleIRController.kext /System/
security_services/ 2>/dev/null & echo "Success - IR - disabled 1 of
1" >> /tmp/Results.$dt.txt
fi
else
echo "Success - IR disabled 1 of 1." >> /tmp/Results.$dt.txt
fi
# Disable fast user switching.
#defaults write /Library/Preferences/.GlobalPreferences
#MultipleSessionEnabled -bool NO
# Enabling Access Warning for the Login Window
# ----------------------------------
# Create a login window access warning.
defaults write /Library/Preferences/com.apple.loginwindow
LoginwindowText "DoD Warning Banner Use of this or any other DoD
interest computer system constitutes consent to monitoring at all
times.
This is a DoD interest computer system. All DoD interest computer
systems and related equipment are intended for the communication,
transmission, processing, and storage of official U.S. Government or
other authorized information only. All DoD interest computer systems
are
subject to monitoring at all times to ensure proper functioning of
equipment and systems including security devices and systems, to
prevent
unauthorized use and violations of statutes and security
regulations, to
deter criminal activity, and for other similar purposes. Any user of a
DoD interest computer system should be aware that any information
placed
in the system is subject to monitoring and is not subject to any
expectation of privacy. If monitoring of this or any other DoD
interest
computer system reveals possible evidence of violation of criminal
statutes, this evidence and any other related information, including
identification information about the user, may be provided to law
enforcement officials. If monitoring of this or any other DoD interest
computer systems reveals violations of security regulations or
unauthorized use, employees who violate security regulations or make
unauthorized use of DoD interest computer systems are subject to
appropriate disciplinary action. Use of this or any other DoD interest
computer system constitutes consent to monitoring at all times."
# Securing Security Preferences
# -----------------------------
# Enable Require password to wake this computer from sleep or screen
saver.
defaults -currentHost write com.apple.screensaver askForPassword -
int 1
# Disable automatic login.
#defaults write /Library/Preferences/.GlobalPreferences \
#com.apple.autologout.AutoLogOutDelay -int 0
# Enable secure virtual memory.
#defaults write /Library/Preferences/com.apple.virtualMemory \
#UseEncryptedSwap -bool yes
# -----------------------------
# Disable Remote Login.
#service ssh stop
#_____________________________
#time Machine
defaults write /Library/Preferences/com.apple.TimeMachine AutoBackup 1
for USER in $(ls /Users)
do
cp /tmp/Results.$dt.txt /Users/$USER/Desktop/ 2>/dev/null
done
# Remove Extensions cache files.
touch /System/Library/Extensions
rm /tmp/Results.$dt.txt
wait $!
exit
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden