You are here
第二版 我自己亲自做的 seach_keyword.command 搜索关键字敏感字 敏感文件苹果 macos 搜索 有大用 有大大用
星期三, 2025-09-03 12:08 — adminshiping1
把 curl 的网址换掉就可以运行了
最主要的难点是 keyword_file,,,事实上从数组里删除掉要排队的文件也可以
本地macos的脚本
#!/bin/zsh
#
REMOTE_HOST="192.168.70.220"
REMOTE_SHARE="FFFFFF_Audit%24/EFFA"
MOUNT_POINT="/tmp/.smb_mount"
SMBUSER="myusername"
SMBPASS="url_encode_mypassword"
ComputerName=$(scutil --get ComputerName)
Serial=$(system_profiler SPHardwareDataType | grep "Serial Number" | awk '{print $4}')
Version="$(sw_vers -productName) $(sw_vers -productVersion)"
#IP=$(ifconfig | grep "inet " | grep -v 127.0.0.1 | head -n 1 | awk '{print $2}')
wired_mac=$(networksetup -listallhardwareports | awk '/Hardware Port: Ethernet/{getline; getline; print $3}'| head -n 1 )
wireless_mac=$(networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/{getline; getline; print $3}'| head -n 1 )
curr_user=$(id -un)
TARGET_DIR="${ComputerName}_${curr_user}"
# 先把搜索结果存到数组里
files=()
while IFS= read -r -d '' file; do
if [[ "$file" != /Library/* && "$file" != /System/Library/* ]]; then
files+=("$file")
fi
done < <(mdfind '((kMDItemFSName == "*AAAAA*"cd) || (kMDItemFSName == "*BBBBB*"cd) || (kMDItemFSName == "*CCCCC*"cd) || (kMDItemFSName == "*DDDDD*"cd) || (kMDItemFSName == "*EEEEE*"cd)) && ((kMDItemFSName == "*.pdf"cd) || (kMDItemFSName == "*.ppt"cd) || (kMDItemFSName == "*.pptx"cd) || (kMDItemFSName == "*.key"cd) || (kMDItemFSName == "*.png"cd) || (kMDItemFSName == "*.jpg"cd) || (kMDItemFSName == "*.jpeg"cd))' -0)
if [[ ${#files[@]} -eq 0 ]];then
(/usr/bin/osascript -e "display dialog \"没有关键字文件\" buttons {\"OK\"} default button \"OK\" with title \"敏感文件\" ")
exit 0
fi
# 确保挂载点目录存在
if [[ ! -d "$MOUNT_POINT" ]]; then
mkdir -p "$MOUNT_POINT"
fi
# 如果没挂载,挂载共享
if ! mount | grep -q "$MOUNT_POINT"; then
mount_smbfs "//$SMBUSER:$SMBPASS@$REMOTE_HOST/$REMOTE_SHARE" "$MOUNT_POINT"
fi
# 判断远程目录是否存在,不存在就创建
if [[ ! -d "$MOUNT_POINT/$TARGET_DIR" ]]; then
mkdir "$MOUNT_POINT/$TARGET_DIR"
fi
# 复制文件
for file in "${files[@]}"; do
echo "正在复制: $file"
\cp -f "$file" "$MOUNT_POINT/$TARGET_DIR/"
done
#卸载
umount "$MOUNT_POINT"
keyword_file=""
for file in "${files[@]}";do
keyword_file="${keyword_file}${file}<br/>"
done
echo $keyword_file
#keyword_file=$(printf '%s' $keyword_file | sed 's/\\/\\\\\\/g') #处理反斜杠
echo $keyword_file
keyword_file=$(printf '%s' $keyword_file | sed 's/"/\\"/g') #处理双引号
echo $keyword_file
echo "MMMMM"
#echo $keyword_file
#echo "BBBB"
#echo $ComputerName
#echo $Serial
#echo $Version
#echo $IP
#echo $wired_mac
#echo $wireless_mac
#echo $curr_user
#keyword_file=$(echo $keyword_file | sed 'N;s/\n/<br>/;P;D') #替换 \n 为 <br/>
#echo $keyword_file
#echo "BBB"
#keyword_file=$(echo $keyword_file | sed 's/"/\\"/g') #处理双引号
#keyword_file=$(echo $keyword_file | tr -d "\n") #移除换行符
#echo $keyword_file
#echo "AAA"
#echo $keyword_file | sed 'N;s/\n/<br>/;P;D'
#keyword_file=$(echo $keyword_file | sed 'N;s/\n/<br>/;P;D') #替换 \n 为 <br/>
#echo "AAAAAAAAA"
#keyword_file=""
#echo $keyword_file
DATA="{\"ComputerName\":\"${ComputerName}\",\"Serial\":\"${Serial}\",\"Version\":\"${Version}\",\"wired_mac\":\"${wired_mac}\",\"wireless_mac\":\"${wireless_mac}\",\"curr_user\":\"${curr_user}\",\"keyword_file\":\"${keyword_file}\"}"
echo $DATA
Result=$(curl -X POST http://aaaaa.bbbbb-ict.com/get_keyword_file_info -H "Content-Type: application/json" -d "${DATA}")
echo $Result
#echo $Result 结果类似于 {"result":"成功获取"}
Result=$(echo $Result | awk -F'"' '{print $4}')
if [ "$Result" = "成功获取" ]; then
(/usr/bin/osascript -e "display dialog \"${Result},自动打开浏览器查看\" buttons {\"OK\"} default button \"OK\" with title \"敏感文件\" ")
else
(/usr/bin/osascript -e "display dialog \"${Result}\" buttons {\"OK\"} default button \"OK\" with title \"敏感文件\" ")
fi
jamf self service 的脚本
#!/bin/zsh
#
#set -x # 打开调试模式,执行每行都会输出
#exec > /var/tmp/myscript.log 2>&1 # 把所有输出和错误写入 /var/tmp/myscript.log
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
REMOTE_HOST="192.168.70.220"
REMOTE_SHARE="FFFFFF_Audit%24/EFFA"
MOUNT_POINT="/tmp/.smb_mount"
SMBUSER="myusername"
SMBPASS="url_encode_mypassword"
ComputerName=$(scutil --get ComputerName)
Serial=$(system_profiler SPHardwareDataType | grep "Serial Number" | awk '{print $4}')
Version="$(sw_vers -productName) $(sw_vers -productVersion)"
#IP=$(ifconfig | grep "inet " | grep -v 127.0.0.1 | head -n 1 | awk '{print $2}')
wired_mac=$(networksetup -listallhardwareports | awk '/Hardware Port: Ethernet/{getline; getline; print $3}'| head -n 1 )
wireless_mac=$(networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/{getline; getline; print $3}'| head -n 1 )
#curr_user=$(id -un)
curr_user=${HOME##*/}
TARGET_DIR="${ComputerName}_${curr_user}"
# 先把搜索结果存到数组里
files=()
while IFS= read -r -d '' file; do
if [[ "$file" != /Library/* && "$file" != /System/Library/* ]]; then
files+=("$file")
fi
done < <(mdfind '((kMDItemFSName == "*AAAAA*"cd) || (kMDItemFSName == "*BBBBB*"cd) || (kMDItemFSName == "*CCCCC*"cd) || (kMDItemFSName == "*DDDDD*"cd) || (kMDItemFSName == "*EEEEE*"cd)) && ((kMDItemFSName == "*.pdf"cd) || (kMDItemFSName == "*.ppt"cd) || (kMDItemFSName == "*.pptx"cd) || (kMDItemFSName == "*.key"cd) || (kMDItemFSName == "*.png"cd) || (kMDItemFSName == "*.jpg"cd) || (kMDItemFSName == "*.jpeg"cd))' -0)
if [[ ${#files[@]} -eq 0 ]];then
(/usr/bin/osascript -e "display dialog \"没有关键字文件\" buttons {\"OK\"} default button \"OK\" with title \"敏感文件\" ")
exit 0
fi
# 确保挂载点目录存在
if [[ ! -d "$MOUNT_POINT" ]]; then
mkdir -p "$MOUNT_POINT"
fi
# 如果没挂载,挂载共享
if ! mount | grep -q "$MOUNT_POINT"; then
mount_smbfs "//$SMBUSER:$SMBPASS@$REMOTE_HOST/$REMOTE_SHARE" "$MOUNT_POINT"
fi
# 判断远程目录是否存在,不存在就创建
if [[ ! -d "$MOUNT_POINT/$TARGET_DIR" ]]; then
mkdir "$MOUNT_POINT/$TARGET_DIR"
fi
# 复制文件
for file in "${files[@]}"; do
echo "正在复制: $file"
\cp -f "$file" "$MOUNT_POINT/$TARGET_DIR/"
done
#卸载
umount "$MOUNT_POINT"
keyword_file=""
for file in "${files[@]}";do
keyword_file="${keyword_file}${file}<br/>"
done
#keyword_file=$(printf '%s' $keyword_file | sed 's/\\/\\\\\\/g') #处理反斜杠,不用处理
keyword_file=$(echo $keyword_file | sed 's/"/\\"/g') #处理双引号
#echo $keyword_file
#echo "MMMMM"
#echo $keyword_file
#echo "BBBB"
#echo $ComputerName
#echo $Serial
#echo $Version
#echo $IP
#echo $wired_mac
#echo $wireless_mac
#echo $curr_user
#keyword_file=$(echo $keyword_file | sed 'N;s/\n/<br>/;P;D') #替换 \n 为 <br/>
#echo $keyword_file
#echo "BBB"
#keyword_file=$(echo $keyword_file | sed 's/"/\\"/g') #处理双引号
#keyword_file=$(echo $keyword_file | tr -d "\n") #移除换行符
#echo $keyword_file
#echo "AAA"
#echo $keyword_file | sed 'N;s/\n/<br>/;P;D'
#keyword_file=$(echo $keyword_file | sed 'N;s/\n/<br>/;P;D') #替换 \n 为 <br/>
#echo "AAAAAAAAA"
#keyword_file=""
#echo $keyword_file
DATA="{\"ComputerName\":\"${ComputerName}\",\"Serial\":\"${Serial}\",\"Version\":\"${Version}\",\"wired_mac\":\"${wired_mac}\",\"wireless_mac\":\"${wireless_mac}\",\"curr_user\":\"${curr_user}\",\"keyword_file\":\"${keyword_file}\"}"
#echo $DATA
Result=$(curl -X POST http://aaaaa.bbbbb-ict.com/get_keyword_file_info -H "Content-Type: application/json" -d "${DATA}")
echo $Result
#echo $Result 结果类似于 {"result":"成功获取"}
Result=$(echo $Result | awk -F'"' '{print $4}')
if [ "$Result" = "成功获取" ]; then
(/usr/bin/osascript -e "display dialog \"${Result},自动打开浏览器查看\" buttons {\"OK\"} default button \"OK\" with title \"敏感文件\" ")
else
(/usr/bin/osascript -e "display dialog \"${Result}\" buttons {\"OK\"} default button \"OK\" with title \"敏感文件\" ")
fi
普通分类: