Posted on 04-29-2022 03:28 AM
I've been doing a bit of a clean-up on our Jamf Pro instance prior to us migrating to Jamf Cloud (which will hopefully be within the next month or two) and one of our extension attributes seems to be a bit out of date as I've noticed it's not been working properly.
It's supposed to determine what the active/in-use network interface is (i.e. Ethernet or wireless) and has the following script:
#!/bin/sh
OS_MINOR=`/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2`
if (( $OS_MINOR < 5 )); then
if [ -f /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup ];then
echo "<result>`/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup -listnetworkserviceorder 2>&1 | grep $(/usr/sbin/netstat -rn 2>&1 | /usr/bin/grep -m 1 'default' | /usr/bin/awk '{ print $6 }') | sed -e "s/.*Port: //g" -e "s/,.*//g"`</result>"
else
echo "<result>The networksetup binary is not present on this machine.</result>"
fi
else
echo "<result>`/usr/sbin/networksetup -listnetworkserviceorder 2>&1 | grep $(/usr/sbin/netstat -rn 2>&1 | /usr/bin/grep -m 1 'default' | /usr/bin/awk '{ print $6 }') | sed -e "s/.*Port: //g" -e "s/,.*//g"`</result>"
fi
What could we do to upgrade this so it'll work on Catalina, Big Sur and Monterey?
Solved! Go to Solution.
04-29-2022 05:53 AM - edited 04-29-2022 05:59 AM
Yeah, this is an old EA. The problem with this script is primarily in this section of it (though there are other issues too)
OS_MINOR=`/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2`
if (( $OS_MINOR < 5 )); then
The OS_MINOR variable returns as "3" on a Mac running macOS Monterey 12.3.1, because it's getting the second digit separated by the periods. Then the next line says IF the OS minor version is lower than 5, run the following command. But this command does not work on newer OSes. It's looking for the networksetup binary in this path:
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup
This was only intended for macOS versions below 10.5.x.
To fix this script, it needs to be rewritten. Even the method it's using to get the active interface isn't always accurate. It doesn't, for example, account for a connection where the device is on Wi-Fi but connected to a VPN. In those cases, the syntax pulls utun2 or utun3 as the active port, which doesn't show up usually in the networksetup -listnetworkserviceorder output.
Here's the version I use to tell me if a Mac is connected to Ethernet or Wi-Fi. I ignore VPN, because even if connected to a VPN, the Mac is still connected to one of the built in network interfaces or via a dongle, etc, and I consider that to be it's primary connection.
#!/bin/sh
## Script Name: Active Network Interface
## Script Type: Extension Attribute
## Script Purpose: Returns the active network interface(s), such as "Wi-Fi", "Ethernet" etc. of the Mac at the time of inventory collection
## Get the list of active devices from scutil
active_devices=$(/usr/sbin/scutil --nwi | awk -F': ' '/Network interfaces:/{print $NF}')
## Loop over the list of active devices
for device in $(printf '%s\n' "$active_devices"); do
if [[ ! "$device" =~ "utun" ]]; then
## Get the name of the port associated with the device id, such as "Wi-Fi"
port_name=$(/usr/sbin/networksetup -listallhardwareports | grep -B1 "$device" | awk -F': ' '/Hardware Port:/{print $NF}')
## Add that name into an array
port_names+=("$port_name")
fi
done
## Print back the array as the returned value
echo "<result>$(printf '%s\n' "${port_names[@]}")</result>"
04-29-2022 05:53 AM - edited 04-29-2022 05:59 AM
Yeah, this is an old EA. The problem with this script is primarily in this section of it (though there are other issues too)
OS_MINOR=`/usr/bin/sw_vers -productVersion | /usr/bin/cut -d . -f 2`
if (( $OS_MINOR < 5 )); then
The OS_MINOR variable returns as "3" on a Mac running macOS Monterey 12.3.1, because it's getting the second digit separated by the periods. Then the next line says IF the OS minor version is lower than 5, run the following command. But this command does not work on newer OSes. It's looking for the networksetup binary in this path:
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/networksetup
This was only intended for macOS versions below 10.5.x.
To fix this script, it needs to be rewritten. Even the method it's using to get the active interface isn't always accurate. It doesn't, for example, account for a connection where the device is on Wi-Fi but connected to a VPN. In those cases, the syntax pulls utun2 or utun3 as the active port, which doesn't show up usually in the networksetup -listnetworkserviceorder output.
Here's the version I use to tell me if a Mac is connected to Ethernet or Wi-Fi. I ignore VPN, because even if connected to a VPN, the Mac is still connected to one of the built in network interfaces or via a dongle, etc, and I consider that to be it's primary connection.
#!/bin/sh
## Script Name: Active Network Interface
## Script Type: Extension Attribute
## Script Purpose: Returns the active network interface(s), such as "Wi-Fi", "Ethernet" etc. of the Mac at the time of inventory collection
## Get the list of active devices from scutil
active_devices=$(/usr/sbin/scutil --nwi | awk -F': ' '/Network interfaces:/{print $NF}')
## Loop over the list of active devices
for device in $(printf '%s\n' "$active_devices"); do
if [[ ! "$device" =~ "utun" ]]; then
## Get the name of the port associated with the device id, such as "Wi-Fi"
port_name=$(/usr/sbin/networksetup -listallhardwareports | grep -B1 "$device" | awk -F': ' '/Hardware Port:/{print $NF}')
## Add that name into an array
port_names+=("$port_name")
fi
done
## Print back the array as the returned value
echo "<result>$(printf '%s\n' "${port_names[@]}")</result>"
Posted on 07-06-2023 01:26 PM
Have just come across while deciding to tidy up our EAs and can confirm your script works great on latest macOS.
Thanks very much, one less thing to worry!
8 hours ago
Excellent! Still works under macOS 15.x :-)
Posted on 04-29-2022 08:25 AM
It looks like mm2270 already gave an in depth (and more importantly, thoroughly tested) solution, but I just wanted to add my quick and dirty 1-liner I have tied to a policy I scope if I feel I need to see someone's network interface. This hasn't been used super often, and has only been used on recent version of macOS, so I would encourage anyone to test before relying on the output for anything important.
activeInterface=$(route get google.com | grep interface | awk '{print $2}'); networksetup -listnetworkserviceorder | grep $activeInterface
Posted on 04-29-2022 02:03 PM
I may need to do something similar here. I wanted to see if I could use something like this to make a SonicWall Mobile Connect VPN profile. My understanding is that you can use configuration profiles for this, but we have been finding that users are somehow deleting the VPN connection from the SonicWall app, and the config profile doesn't do anything to re-add the connection to SonicWall. Would using an extension attribute help in redeploying the VPN profiles for the SonicWall app? Any help would be appreciated?
Thanks in advance!