Help

Block hyphenated SSID with script

lpyburn
New Contributor II

Posted on ‎07-16-2018 08:37 AM

Hi all,

My scripting skills are slowly improving, but I am in need of some assistance. I need to block our guest network that has a hyphen in the SSID. I found this awesome script here on Jamfnation. Obviously, it works well with non hyphenated SSID's. Does anyone know how to properly convert the the hyphenated variable and where to place it within the script? I have not been able to find a clear answer in my research.

!/bin/bash

Blocks access to Guest network

VARIABLES

Get the wireless network service (wservice)

wservice=/usr/sbin/networksetup -listallnetworkservices | grep -Ei '(Wi-Fi|AirPort)'

Get the wireless hardware port (whwport)

whwport=networksetup -listallhardwareports | awk "/$wservice/,/Ethernet Address/" | awk 'NR==2' | cut -d " " -f 2

Find the ALL network hardware ports (hwports)

hwports=networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2

Get the wireless network (wirelessnw)

wirelessnw=networksetup -getairportnetwork $hwports | cut -d " " -f 4

Get the SSID

SSID=`/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I
| grep ' SSID:' | cut -d ':' -f 2 | tr -d ' '`

Work SSID

WorkSSID=XXXXXXX

Authentication to use eg WPA2 Enterprise

Auth=WPA2E

Index for SSID

Index=0

SSIDs to Block

Block1=BLAH-BYOD

########################################################################

Set the preferred wireless network to WorkSSID

/usr/sbin/networksetup -addpreferredwirelessnetworkatindex $whwport $WorkSSID $Index $Auth

Turn the wirless hardware port on

/usr/sbin/networksetup -setairportpower $whwport on

Get the wireless network (wirelessnw)

wirelessnw=networksetup -getairportnetwork $hwports | cut -d " " -f 4

Block wireless networks

case $wirelessnw in
XXXXXX)
networksetup -setairportpower $whwport off

Removed guest network from preferred network list to prevent endless looping

/usr/sbin/networksetup -removepreferredwirelessnetwork $whwport XXXXXX

Display message to user connect to Corp WIFI

TITLE="Access Denied"
MSG="Please turn on Wi-Fi connect to CORP WIFI"

/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$TITLE" -description "$MSG" -button1 "Close" -lockHUD -icon /Library/LC/Logo.icns

;;
esac

Check to see it the jss is ping-able and if so submit the ip change to the jss.

This is useful when using Casper Remote and users are switching between wired and wireless

if [ "$checkjss" == "The JSS is available." ]; then

/usr/sbin/jamf log

fi

exit 0

0 Kudos
Reply
4 REPLIES 4

ryan_ball
Valued Contributor

Posted on ‎07-16-2018 08:56 AM

I did not check this for functionality, but I did correct any bash syntax problems. You do have 3 other issues as well:
1. The variable "SSID" is unused
2. The variable "Block1" is unused
3. The variable "checkjss" is referenced but not assigned in your script.

Any variables you set that uses a command should be set like this:
variable="$(command)"

Any variables you set should also be surrounded with quotes as well.

#!/bin/bash
# Blocks access to Guest network
# VARIABLES
# Get the wireless network service (wservice)
wservice="$(/usr/sbin/networksetup -listallnetworkservices | grep -Ei '(Wi-Fi|AirPort)')"

# Get the wireless hardware port (whwport)
whwport="$(/usr/sbin/networksetup -listallhardwareports | awk "/$wservice/,/Ethernet Address/" | awk 'NR==2' | cut -d " " -f 2)"

# Find the ALL network hardware ports (hwports)
hwports="$(/usr/sbin/networksetup -listallhardwareports | awk '/Hardware Port: Wi-Fi/,/Ethernet/' | awk 'NR==2' | cut -d " " -f 2)"

# Get the wireless network (wirelessnw)
wirelessnw="$(/usr/sbin/networksetup -getairportnetwork "$hwports" | cut -d " " -f 4)"

# Get the SSID
SSID=$(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -I 
| grep ' SSID:' | cut -d ':' -f 2 | tr -d ' ')

# Work SSID
WorkSSID="XXXXXXX"

# Authentication to use eg WPA2 Enterprise
Auth="WPA2E"

# Index for SSID
Index="0"

# SSIDs to Block
Block1="BLAH-BYOD"
########################################################################
# Set the preferred wireless network to WorkSSID
/usr/sbin/networksetup -addpreferredwirelessnetworkatindex "$whwport" "$WorkSSID" "$Index" "$Auth"

# Turn the wirless hardware port on
/usr/sbin/networksetup -setairportpower "$whwport" on

# Get the wireless network (wirelessnw)
wirelessnw="$(/usr/sbin/networksetup -getairportnetwork "$hwports" | cut -d " " -f 4)"

# Block wireless networks
case $wirelessnw in
XXXXXX)
/usr/sbin/networksetup -setairportpower "$whwport" off

# Removed guest network from preferred network list to prevent endless looping
/usr/sbin/networksetup -removepreferredwirelessnetwork "$whwport" XXXXXX

# Display message to user connect to Corp WIFI
TITLE="Access Denied"
MSG="Please turn on Wi-Fi connect to CORP WIFI"

/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -windowType utility -title "$TITLE" -description "$MSG" -button1 "Close" -lockHUD -icon /Library/LC/Logo.icns

;;
esac

# Check to see it the jss is ping-able and if so submit the ip change to the jss.
# This is useful when using Casper Remote and users are switching between wired and wireless
if [ "$checkjss" == "The JSS is available." ]; then
    /usr/sbin/jamf log
fi
0 Kudos
Reply

lpyburn
New Contributor II

Posted on ‎07-16-2018 09:28 AM

Thanks Ryan. I have fixed those issues in the script I am testing. This is just the original script, other than the "BLAH-BYOD" I added for reference. The script works fine for a non-hyphenated SSID.

I am trying to figure out how to make use a the hyphenated variable. I realize that the script isn't going to acknowledge the dash. Networking can't change the SSID, so I need to work around it.

0 Kudos
Reply

ryan_ball
Valued Contributor

Posted on ‎07-16-2018 09:54 AM

This is something I've used in the past. Should remove the SSID's (with hypens tested fine) unless the machine is connected to it. Run it as a policy and use the parameters to pass in the SSIDs.

#!/bin/bash
# written by Ryan Ball

log="/Library/Logs/YourCorpNameHere/SSID_Removal"
scriptName=$(basename "$0")
airport=$(/usr/sbin/networksetup -listallhardwareports | grep -E -A 2 "Hardware Port: (Air|Wi-)" | grep "Device:" | awk '{print $2}')
connectedSSID=$(/usr/sbin/networksetup -getairportnetwork "$airport" | grep LISD | awk '{print $NF}')

# Get our SSID array from passed parameters
ssids=("$4" "$5" "$6" "$7")

function writelog () {
    DATE=$(date +%Y-%m-%d %H:%M:%S)
    /bin/echo "${1}"
    /bin/echo "$DATE" " $1" >> $log
}

function finish () {
    writelog "======== Finished $scriptName ========"
    exit "$1"
}

writelog " "
writelog "======== Starting $scriptName ========"

if [[ $(/usr/sbin/networksetup -getairportpower "$airport" | awk '{print $NF}') != "On" ]]; then
    writelog "Wi-Fi adapter not on; powering on Wi-Fi..."
    /usr/sbin/networksetup -setairportpower "$airport" On
    sleep 5
fi

# Remove any SSIDs in the array if the element is not null; also skip SSID if we are connected to it
for ssid in "${ssids[@]}"; do
    if [[ -n "$ssid" ]]; then
        if [[ "$ssid" =~ $connectedSSID ]]; then
            writelog "Can't remove $connectedSSID due to being connected to it; skipping."
            continue
        fi
        if /usr/bin/security find-generic-password -l "$ssid" &>/dev/null ; then
            /usr/bin/security delete-generic-password -l "$ssid" "/Library/Keychains/System.keychain" &>/dev/null
            writelog "Removed keychain entry for $ssid."
            sleep 1
        fi
        if /usr/sbin/networksetup -listpreferredwirelessnetworks "$airport" | grep "$ssid" &>/dev/null ; then
            writelog "$(/usr/sbin/networksetup -removepreferredwirelessnetwork "$airport" "$ssid")."
            sleep 5
        fi
    fi
done

finish 0
0 Kudos
Reply

lpyburn
New Contributor II

Posted on ‎07-16-2018 12:00 PM

Thanks again Ryan. Unfortunately, this does not stop me from connecting to said SSID.

0 Kudos
Reply