You are here
第一版 我自己亲自做的 seach_keyword.command 搜索关键字敏感字 敏感文件苹果 macos 搜索 有大用 有大大用
星期日, 2025-08-31 11:49 — adminshiping1
把 curl 的网址换掉就可以运行了
最主要的难点是 keyword_file,,,事实上把mdfind搜索到的文件存到数组里,,,,然后从数组里删除掉要排除的文件也可以 ,(在第二版 就是用数组,见 /node-admin/22981 )
本地macos的脚本
#!/bin/zsh
#
ComputerName=$(scutil --get ComputerName)
Serial=$(system_profiler SPHardwareDataType | grep "Serial Number" | awk '{print $4}')
Version="$(sw_vers -productName) $(sw_vers -productVersion)"
#IP=$(ifconfig | grep "inet " | grep -v 127.0.0.1 | head -n 1 | awk '{print $2}')
wired_mac=$(networksetup -listallhardwareports | awk '/Hardware Port: Ethernet/{getline; getline; print $3}'| head -n 1 )
wireless_mac=$(networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/{getline; getline; print $3}'| head -n 1 )
curr_user=$(id -un)
keyword_file=$(mdfind '((kMDItemFSName == "*AAA*"cd) || (kMDItemFSName == "*BBB*"cd) || (kMDItemFSName == "*CCC*"cd) || (kMDItemFSName == "*DDD*"cd)|| (kMDItemFSName == "*EEE*"cd) ) && ((kMDItemFSName == "*.pdf"cd) || (kMDItemFSName == "*.ppt"cd) || (kMDItemFSName == "*.pptx"cd) || (kMDItemFSName == "*.key"cd) || (kMDItemFSName == "*.png"cd) || (kMDItemFSName == "*.jpg"cd) || (kMDItemFSName == "*.jpeg"cd))' -0 | \
while IFS= read -r -d '' file; do
if [[ "$file" != /Library/* && "$file" != /System/Library/* ]]; then
printf "%s<br/>" "$file"
fi
done)
keyword_file=$(echo $keyword_file | sed 's/"/\\"/g') #处理双引号
#echo $keyword_file
#echo "MMMMM"
#echo $keyword_file
#echo "BBBB"
#echo $ComputerName
#echo $Serial
#echo $Version
#echo $IP
#echo $wired_mac
#echo $wireless_mac
#echo $curr_user
#keyword_file=$(echo $keyword_file | sed 'N;s/\n/<br>/;P;D') #替换 \n 为 <br/>
#echo $keyword_file
#echo "BBB"
#keyword_file=$(echo $keyword_file | sed 's/"/\\"/g') #处理双引号
#keyword_file=$(echo $keyword_file | tr -d "\n") #移除换行符
#echo $keyword_file
#echo "AAA"
#echo $keyword_file | sed 'N;s/\n/<br>/;P;D'
#keyword_file=$(echo $keyword_file | sed 'N;s/\n/<br>/;P;D') #替换 \n 为 <br/>
#echo "AAAAAAAAA"
#keyword_file=""
echo $keyword_file
DATA="{\"ComputerName\":\"${ComputerName}\",\"Serial\":\"${Serial}\",\"Version\":\"${Version}\",\"wired_mac\":\"${wired_mac}\",\"wireless_mac\":\"${wireless_mac}\",\"curr_user\":\"${curr_user}\",\"keyword_file\":\"${keyword_file}\"}"
echo $DATA
Result=$(curl -X POST http://aaa.bbbb.com/get_keyword_file_info -H "Content-Type: application/json" -d "${DATA}")
echo $Result
#echo $Result 结果类似于 {"result":"成功获取"}
Result=$(echo $Result | awk -F'"' '{print $4}')
if [ "$Result" = "成功获取" ]; then
fi
(/usr/bin/osascript -e "display dialog \"${Result},自动打开浏览器查看\" buttons {\"OK\"} default button \"OK\" with title \"敏感文件\" ")
jamf的脚本
#!/bin/zsh
#
#set -x # 打开调试模式,执行每行都会输出
#exec > /var/tmp/myscript.log 2>&1 # 把所有输出和错误写入 /var/tmp/myscript.log
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
ComputerName=$(scutil --get ComputerName)
Serial=$(system_profiler SPHardwareDataType | grep "Serial Number" | awk '{print $4}')
Version="$(sw_vers -productName) $(sw_vers -productVersion)"
#IP=$(ifconfig | grep "inet " | grep -v 127.0.0.1 | head -n 1 | awk '{print $2}')
wired_mac=$(networksetup -listallhardwareports | awk '/Hardware Port: Ethernet/{getline; getline; print $3}'| head -n 1 )
wireless_mac=$(networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/{getline; getline; print $3}'| head -n 1 )
#curr_user=$(id -un)
curr_user=${HOME##*/}
keyword_file=$(mdfind '((kMDItemFSName == "*AAA*"cd) || (kMDItemFSName == "*BBB*"cd) || (kMDItemFSName == "*CCC*"cd) || (kMDItemFSName == "*DDD*"cd)|| (kMDItemFSName == "*EEE*"cd) ) && ((kMDItemFSName == "*.pdf"cd) || (kMDItemFSName == "*.ppt"cd) || (kMDItemFSName == "*.pptx"cd) || (kMDItemFSName == "*.key"cd) || (kMDItemFSName == "*.png"cd) || (kMDItemFSName == "*.jpg"cd) || (kMDItemFSName == "*.jpeg"cd))' -0 | \
while IFS= read -r -d '' file; do
if [[ "$file" != /Library/* && "$file" != /System/Library/* ]]; then
printf "%s<br/>" "$file"
fi
done)
keyword_file=$(echo $keyword_file | sed 's/"/\\"/g') #处理双引号
#echo $keyword_file
#echo "MMMMM"
#echo $keyword_file
#echo "BBBB"
#echo $ComputerName
#echo $Serial
#echo $Version
#echo $IP
#echo $wired_mac
#echo $wireless_mac
#echo $curr_user
#keyword_file=$(echo $keyword_file | sed 'N;s/\n/<br>/;P;D') #替换 \n 为 <br/>
#echo $keyword_file
#echo "BBB"
#keyword_file=$(echo $keyword_file | sed 's/"/\\"/g') #处理双引号
#keyword_file=$(echo $keyword_file | tr -d "\n") #移除换行符
#echo $keyword_file
#echo "AAA"
#echo $keyword_file | sed 'N;s/\n/<br>/;P;D'
#keyword_file=$(echo $keyword_file | sed 'N;s/\n/<br>/;P;D') #替换 \n 为 <br/>
#echo "AAAAAAAAA"
#keyword_file=""
echo $keyword_file
DATA="{\"ComputerName\":\"${ComputerName}\",\"Serial\":\"${Serial}\",\"Version\":\"${Version}\",\"wired_mac\":\"${wired_mac}\",\"wireless_mac\":\"${wireless_mac}\",\"curr_user\":\"${curr_user}\",\"keyword_file\":\"${keyword_file}\"}"
#echo $DATA
Result=$(curl -X POST http://aaaa.bbbb.com/get_keyword_file_info -H "Content-Type: application/json" -d "${DATA}")
echo $Result
#echo $Result 结果类似于 {"result":"成功获取"}
Result=$(echo $Result | awk -F'"' '{print $4}')
if [ "$Result" = "成功获取" ]; then
(/usr/bin/osascript -e "display dialog \"${Result},自动打开浏览器查看\" buttons {\"OK\"} default button \"OK\" with title \"敏感文件\" ")
else
(/usr/bin/osascript -e "display dialog \"${Result}\" buttons {\"OK\"} default button \"OK\" with title \"敏感文件\" ")
fi
为什么 本地macos的脚本 与 jamf的脚本 有大用
这里我用 本地macos的脚本 放到 jamf 的 self service 上,执行会报错,如何解决, 见 /node-admin/22970
普通分类: