I'm going to mass deploy Duo for our Macs. Duo has documentation on how to deploy to a single machine:
For mass deployment I need to make a policy and have some scripting in the policy. Duo provides this script:
#!/bin/bash
# Usage: configure_maclogon.sh /path/to/maclogon-x.x.pkg
# NOTE: The path to the MacLogon package is optional.
# This script will look for a package to configure
# in the current working directory if not provided.
version="1.1.0"
echo "Duo Security Mac Logon configuration tool v${version}."
echo "See https://duo.com/docs/macos for documentation"
read_bool() {
local bool_val
read -r bool_val
while ! [[ "$bool_val" == "true" || "$bool_val" == "false" ]]; do
read -rp "Invalid value. Enter true or false: " bool_val
done
echo "$bool_val"
}
# if a package was passed in, always use it
if [[ $# -ge 1 ]]; then
pkg_path=$1
else
# otherwise try to find the default package in this dir
pkgs=( $(find . -name 'MacLogon-NotConfigured-*.pkg') )
num_pkgs=${#pkgs[@]}
if [[ "$num_pkgs" -eq "1" ]]; then
pkg_path=${pkgs[0]}
elif [[ "$num_pkgs" -eq "0" ]]; then
echo "No packages found. Please provide a package."
exit 1
else
echo "Multiple packages found. Please specify one."
echo "Usage: configure_maclogon.sh /path/to/MacLogon-NotConfigured-x.x.pkg"
exit 1
fi
fi
if [ ! -f "${pkg_path}" ]; then
echo "No package found at $pkg_path. Exiting."
exit 1
fi
echo -n "Enter ikey: "
read -r ikey
echo -n "Enter skey: "
read -r skey
echo -n "Enter API Hostname: "
read -r host
echo -n "Should fail open (true or false): "
fail_open=$(read_bool)
echo -n "Should bypass 2FA when using smartcard (true or false): "
smartcard_bypass=$(read_bool)
echo -n "Should auto push if possible (true or false): "
auto_push=$(read_bool)
pkg_dir=$(dirname "${pkg_path}")
pkg_name=$(basename "${pkg_path}" | awk -F\\. '{print $1 "." $2}')
tmp_path="/tmp/${pkg_name}"
echo -e "\\nModifying ${pkg_path}...\\n"
pkgutil --expand "${pkg_path}" "${tmp_path}"
echo -e "Updating config.plist ikey, skey, host, fail_open, smartcard_bypass, and auto_push config...\\n"
defaults write "${tmp_path}"/Scripts/config.plist ikey -string "${ikey}"
defaults write "${tmp_path}"/Scripts/config.plist skey -string "${skey}"
defaults write "${tmp_path}"/Scripts/config.plist host -string "${host}"
defaults write "${tmp_path}"/Scripts/config.plist fail_open -bool "${fail_open}"
defaults write "${tmp_path}"/Scripts/config.plist smartcard_bypass -bool "${smartcard_bypass}"
defaults write "${tmp_path}"/Scripts/config.plist auto_push -bool "${auto_push}"
plutil -convert xml1 "${tmp_path}/Scripts/config.plist"
out_pkg="${pkg_dir}/MacLogon-${version}.pkg"
echo -e "Finalizing package, saving as ${out_pkg}\\n"
pkgutil --flatten "${tmp_path}" "${out_pkg}"
echo -e "Cleaning up temp files...\\n"
rm -rf "${tmp_path}"
echo -e "Done! The package ${out_pkg} has been configured for your use."
exit 0
I know some changes need to be made to answer the prompts but not sure how? How can I add a line at the end to open the newly formed PKG?