forked from hardstriker/mSCP_EAs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
mSCP-FailedResultsCount.xml
75 lines (65 loc) · 2.31 KB
/
mSCP-FailedResultsCount.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?xml version="1.0" encoding="UTF-8"?>
<extensionAttribute>
<displayName>mSCP - Failed Results Count</displayName>
<displayInCategory>Operating System</displayInCategory>
<dataType>integer</dataType>
<description>Displays the number of compliance controls that failed.</description>
<scriptContentsMac>#!/bin/sh
######
# mSCP-FailedCount.sh
# Original by Matt Woodruff @ Jamf
# Last modified 2022.10.04 by Jordan Burnette
# https://github.com/jordanburnette/mSCP_EAs
###### Description
# Displays the number of compliance controls that failed.
######
audit=$(ls -l /Library/Preferences | /usr/bin/grep 'org.*.audit.plist' | /usr/bin/awk '{print $NF}')
EXEMPT_RULES=()
FAILED_RULES=()
if [[ ! -z "$audit" ]]; then
count=$(echo "$audit" | wc -l | xargs)
if [[ "$count" == 1 ]]; then
# Get the Exemptions
exemptfile="/Library/Managed Preferences/${audit}"
if [[ ! -e "$exemptfile" ]];then
exemptfile="/Library/Preferences/${audit}"
fi
rules=($(/usr/libexec/PlistBuddy -c "print :" "${exemptfile}" | awk '/Dict/ { print $1 }'))
for rule in ${rules[*]}; do
if [[ $rule == "Dict" ]]; then
continue
fi
EXEMPTIONS=$(/usr/libexec/PlistBuddy -c "print :$rule:exempt" "${exemptfile}" 2>/dev/null)
if [[ "$EXEMPTIONS" == "true" ]]; then
EXEMPT_RULES+=($rule)
fi
done
unset $rules
# Get the Findings
auditfile="/Library/Preferences/${audit}"
rules=($(/usr/libexec/PlistBuddy -c "print :" "${auditfile}" | awk '/Dict/ { print $1 }'))
for rule in ${rules[*]}; do
if [[ $rule == "Dict" ]]; then
continue
fi
FINDING=$(/usr/libexec/PlistBuddy -c "print :$rule:finding" "${auditfile}")
if [[ "$FINDING" == "true" ]]; then
FAILED_RULES+=($rule)
fi
done
# count items only in Findings
count=0
for finding in ${FAILED_RULES[@]}; do
if [[ ! " ${EXEMPT_RULES[*]} " =~ " ${finding} " ]] ;then
((count=count+1))
fi
done
else
count="-2"
fi
else
count="-1"
fi
/bin/echo "<result>${count}</result>"
</scriptContentsMac>
</extensionAttribute>