Archive

Posts Tagged ‘admin’

Collecting Data Using Plist Files

July 16, 2016 Leave a comment

At our recent Dallas area Casper User Group meeting, we got into a discussion around collecting data during a Casper recon. Specifically we were discussing the use of Extension Attributes to collect information about virtual machines.

Extension Attributes are a way to capture information from your systems. You can use scripts to pull information or drop downs or text boxes to store static information in the database. In the instance of collecting info about virtual machines, a script would be run on the systems during the recon to gather the information. Running a script on the system each time a recon happens can be processor heavy, depending on the data that is being gathered. For example, gathering home folder size by running “du” each time a recon happens can be taxing.

Rather than run the script each recon, you can use a policy to run the script once a week, once a month, or just one time, to gather the information you need and place it in a plist file somewhere. During the standard recon period, you can then use an Extension Attribute to read the information in that plist file. This is much less taxing on the systems than running the script during a recon.

Stash The Data

For our example, rather than run through grabbing info about virtual machines, let’s work on grabbing the home folder size for the logged on user. We will store the info in a plist file that we will stash in /Library/IT_Data.

First we need to find the logged in user name. There are plenty of ways to do this, but we’ll use the “Apple approved” method, using a Python one liner. Okay, it’s not really a one liner, it’s just built like one.

loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'`
view rawcontents.sh
view raw gistfile1.txt hosted with ❤ by GitHub

Now that we have our logged in user, we just need to find the user’s home folder and use du to grab the data. We’ll use dscl to grab the home folder location and then du to get the home folder size.

homeDir=`dscl . read /Users/$loggedInUser NFSHomeDirectory | awk '{ print $2 }'`
homeSize=`du -hs ${homeDir}`
view raw gistfile1.txt hosted with ❤ by GitHub

The next thing we need to do is to store this information into our plist file. Using the defaults command, we can write as much data as we want into the plist file, We can use different keys to store whatever data you want, and then recall it during recon by asking for those specific keys.

defaults write /Library/IT_Data/com.mycompany.homesize.plist HomeFolderSize -string "${homeSize}"
view raw gistfile1.txt hosted with ❤ by GitHub

Retrieve The Data

Now that we have the data stashed away, we just need to grab it during the recon process. To do this, we’ll use the defaults command again, to grab the data. We’ll use some variables for the folder path and the plist name, that way we can re-use this code fairly easily. We also want to make sure the file actually exists before trying to read data from it, hence the If statement.

if [[ -e ${dataFile} ]]; then
homeSize=`defaults read ${dataFile} HomeFolderSize`
fi
view raw gistfile1.txt hosted with ❤ by GitHub

Once we’ve read the data, all that’s left is to echo it out into the EA.

if [[ ${homeSize} ]]
echo "<result>${homeSize}</result>"
else
echo "<result>No Results Found</result>"
fi
view raw gistfile1.txt hosted with ❤ by GitHub

That’s All Folks

That’s pretty much all there is. Now that we know how save data to a plist and then read it back, this method could be used for any data we only need to gather once, or gather at infrequent times.

The full script to write the data and to then read the data are below.

#!/bin/bash
loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'`
homeDir=`dscl . read /Users/$loggedInUser NFSHomeDirectory | awk '{ print $2 }'`
homeSize=`du -hs ${homeDir}`
# check for our storage folder, and create if missing
if [[ ! -d "/Library/IT_Data" ]]; then
mkdir "/Library/IT_Data"
fi
defaults write /Library/IT_Data/com.mycompany.homesize.plist HomeFolderSize -string "${homeSize}"
#!/bin/bash
dataFolder="/Library/IT_Data"
dataFile="${dataFolder}/com.mycompany.homesize.plist"
if [[ -e ${dataFile} ]]; then
homeSize=`defaults read ${dataFile} HomeFolderSize`
fi
if [[ ${homeSize} ]]; then
echo "<result>${homeSize}</result>"
else
echo "<result>No Results Found</result>"
fi
Categories: Casper, Tech Tags: , , , ,