Skip to main content

Hi all,



My scripting skills are slowly improving, but I am in need of some assistance. I need to block our guest network that has a hyphen in the SSID. I found this awesome script here on Jamfnation. Obviously, it works well with non hyphenated SSID's. Does anyone know how to properly convert the the hyphenated variable and where to place it within the script? I have not been able to find a clear answer in my research.



!/bin/bash



Blocks access to Guest network



VARIABLES



Get the wireless network service (wservice)



wservice=/usr/sbin/networksetup -listallnetworkservices | grep -Ei '(Wi-Fi|AirPort)'



Get the wireless hardware port (whwport)



whwport=networksetup -listallhardwareports | awk "/$wservice/,/Ethernet Address/" | awk 'NR==2' | cut -d " " -f 2



Find the ALL network hardware ports (hwports)



hwports=networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2



Get the wireless network (wirelessnw)



wirelessnw=networksetup -getairportnetwork $hwports | cut -d " " -f 4



Get the SSID



SSID=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I
| grep ' SSID:' | cut -d ':' -f 2 | tr -d ' '`



Work SSID



WorkSSID=XXXXXXX



Authentication to use eg WPA2 Enterprise



Auth=WPA2E



Index for SSID



Index=0



SSIDs to Block



Block1=BLAH-BYOD



########################################################################


Set the preferred wireless network to WorkSSID



/usr/sbin/networksetup -addpreferredwirelessnetworkatindex $whwport $WorkSSID $Index $Auth



Turn the wirless hardware port on



/usr/sbin/networksetup -setairportpower $whwport on



Get the wireless network (wirelessnw)



wirelessnw=networksetup -getairportnetwork $hwports | cut -d " " -f 4



Block wireless networks



case $wirelessnw in
XXXXXX)
networksetup -setairportpower $whwport off



Removed guest network from preferred network list to prevent endless looping



/usr/sbin/networksetup -removepreferredwirelessnetwork $whwport XXXXXX



Display message to user connect to Corp WIFI



TITLE="Access Denied"
MSG="Please turn on Wi-Fi connect to CORP WIFI"



/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$TITLE" -description "$MSG" -button1 "Close" -lockHUD -icon /Library/LC/Logo.icns



;;
esac



Check to see it the jss is ping-able and if so submit the ip change to the jss.



This is useful when using Casper Remote and users are switching between wired and wireless



if [ "$checkjss" == "The JSS is available." ]; then



/usr/sbin/jamf log



fi



exit 0

I did not check this for functionality, but I did correct any bash syntax problems. You do have 3 other issues as well:
1. The variable "SSID" is unused
2. The variable "Block1" is unused
3. The variable "checkjss" is referenced but not assigned in your script.



Any variables you set that uses a command should be set like this:
variable="$(command)"



Any variables you set should also be surrounded with quotes as well.



#!/bin/bash

# Blocks access to Guest network

# VARIABLES

# Get the wireless network service (wservice)

wservice="$(/usr/sbin/networksetup -listallnetworkservices | grep -Ei '(Wi-Fi|AirPort)')"



# Get the wireless hardware port (whwport)

whwport="$(/usr/sbin/networksetup -listallhardwareports | awk "/$wservice/,/Ethernet Address/" | awk 'NR==2' | cut -d " " -f 2)"



# Find the ALL network hardware ports (hwports)

hwports="$(/usr/sbin/networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2)"



# Get the wireless network (wirelessnw)

wirelessnw="$(/usr/sbin/networksetup -getairportnetwork "$hwports" | cut -d " " -f 4)"



# Get the SSID

SSID=$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I 

| grep ' SSID:' | cut -d ':' -f 2 | tr -d ' ')



# Work SSID

WorkSSID="XXXXXXX"



# Authentication to use eg WPA2 Enterprise

Auth="WPA2E"



# Index for SSID

Index="0"



# SSIDs to Block

Block1="BLAH-BYOD"

########################################################################

# Set the preferred wireless network to WorkSSID

/usr/sbin/networksetup -addpreferredwirelessnetworkatindex "$whwport" "$WorkSSID" "$Index" "$Auth"



# Turn the wirless hardware port on

/usr/sbin/networksetup -setairportpower "$whwport" on



# Get the wireless network (wirelessnw)

wirelessnw="$(/usr/sbin/networksetup -getairportnetwork "$hwports" | cut -d " " -f 4)"



# Block wireless networks

case $wirelessnw in

XXXXXX)

/usr/sbin/networksetup -setairportpower "$whwport" off



# Removed guest network from preferred network list to prevent endless looping

/usr/sbin/networksetup -removepreferredwirelessnetwork "$whwport" XXXXXX



# Display message to user connect to Corp WIFI

TITLE="Access Denied"

MSG="Please turn on Wi-Fi connect to CORP WIFI"



/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$TITLE" -description "$MSG" -button1 "Close" -lockHUD -icon /Library/LC/Logo.icns



;;

esac



# Check to see it the jss is ping-able and if so submit the ip change to the jss.

# This is useful when using Casper Remote and users are switching between wired and wireless

if [ "$checkjss" == "The JSS is available." ]; then

    /usr/sbin/jamf log

fi

Thanks Ryan. I have fixed those issues in the script I am testing. This is just the original script, other than the "BLAH-BYOD" I added for reference. The script works fine for a non-hyphenated SSID.



I am trying to figure out how to make use a the hyphenated variable. I realize that the script isn't going to acknowledge the dash. Networking can't change the SSID, so I need to work around it.

This is something I've used in the past. Should remove the SSID's (with hypens tested fine) unless the machine is connected to it. Run it as a policy and use the parameters to pass in the SSIDs.



#!/bin/bash

# written by Ryan Ball



log="/Library/Logs/YourCorpNameHere/SSID_Removal"

scriptName=$(basename "$0")

airport=$(/usr/sbin/networksetup -listallhardwareports | grep -E -A 2 "Hardware Port: (Air|Wi-)" | grep "Device:" | awk '{print $2}')

connectedSSID=$(/usr/sbin/networksetup -getairportnetwork "$airport" | grep LISD | awk '{print $NF}')



# Get our SSID array from passed parameters

ssids=("$4" "$5" "$6" "$7")



function writelog () {

    DATE=$(date +%Y-%m-%d %H:%M:%S)

    /bin/echo "${1}"

    /bin/echo "$DATE" " $1" >> $log

}



function finish () {

    writelog "======== Finished $scriptName ========"

    exit "$1"

}



writelog " "

writelog "======== Starting $scriptName ========"



if [[ $(/usr/sbin/networksetup -getairportpower "$airport" | awk '{print $NF}') != "On" ]]; then

    writelog "Wi-Fi adapter not on; powering on Wi-Fi..."

    /usr/sbin/networksetup -setairportpower "$airport" On

    sleep 5

fi



# Remove any SSIDs in the array if the element is not null; also skip SSID if we are connected to it

for ssid in "${ssids[@]}"; do

    if [[ -n "$ssid" ]]; then

        if [[ "$ssid" =~ $connectedSSID ]]; then

            writelog "Can't remove $connectedSSID due to being connected to it; skipping."

            continue

        fi

        if /usr/bin/security find-generic-password -l "$ssid" &>/dev/null ; then

            /usr/bin/security delete-generic-password -l "$ssid" "/Library/Keychains/System.keychain" &>/dev/null

            writelog "Removed keychain entry for $ssid."

            sleep 1

        fi

        if /usr/sbin/networksetup -listpreferredwirelessnetworks "$airport" | grep "$ssid" &>/dev/null ; then

            writelog "$(/usr/sbin/networksetup -removepreferredwirelessnetwork "$airport" "$ssid")."

            sleep 5

        fi

    fi

done



finish 0

Thanks again Ryan. Unfortunately, this does not stop me from connecting to said SSID.

Reply


Terms & ConditionsCookie settings