Authorization Key for scripts executed via Casper Remote

dan-snelson
Valued Contributor II

Background

We allow our upper-tier TSRs to execute scripts via Casper Remote, but we don't allow them to view the actual scripts in the JSS.

Occasionally, a TSR will execute a script via Casper Remote which I really wish they hadn't, so we came up with an "Authorization Key" for our more impactful scripts.


Concept

Use a Script Parameter to check for some random string of characters before allowing a script to execute.


Implementation & Script

Add an if then else to your script which checks for some random string of characters. If the passed Script Parameter doesn't match, exit; if it does match, proceed.

Casper Remote

The Casper Remote user must enter the correct random string of characters to execute the script. (Authorized JSS admins can easily lookup the random string of characters before adding the script to a policy.)

6fec485e6476444aa89c9409d9b8f8c1

Script

#!/bin/sh
####################################################################################################
#
# ABOUT
#
#   This script will forcibly remove all Configuration Profiles. (Used in preparation to migrate
#   a computer from the JAMF Software Server 9.x to the Jamf Pro Server 10.x
#
####################################################################################################
#
# HISTORY
#
#   Version 1.0, 08-Sep-2017, Dan K. Snelson
#
####################################################################################################

### Variables
authorizationKey="$4"

# Check for a specified value in Parameter 4
if [ "$authorizationKey" != "rs2y3hng1O8kIsz2GiiAN" ]; then

    echo "Error: Incorrect Authorization Key; exiting."

    exit 1

else

    echo "Removing Configuration Profiles ..."
    /bin/rm -Rfv /var/db/ConfigurationProfiles

    echo "Configuration Profiles removed."

fi


exit 0

Casper Remote Log showing error to Casper Remote user

...
Running script removeProfiles.sh...
Script exit code: 1
Script result: Error: Incorrect Authorization Key; exiting.
Error running script: return code was 1.
...
1 REPLY 1

gabester
Contributor III

@dan-snelson Thank you for sharing this ingenious usage to be able to give techs enough power to do their jobs but not so much power that they can cause real harm without at least some opportunity for oversight!