Posted on 09-12-2013 07:56 AM
Hi guys im not sure if its possible to create a script to eject a usb device if its not encrypted.
i have tried using bits from here
https://jamfnation.jamfsoftware.com/discussion.html?id=5924
#!/bin/bash
#Get the disk name
for disk in $(diskutil list | awk '/disk[1-9]s/{ print $NF }' | grep -v /dev); do
if [[ $(diskutil info $disk | awk '/Protocol/{ print $2 }') == "USB" ]]; then
echo "Device $disk is a USB removable disk"
diskName=$(diskutil info $disk | awk -F"/" '/Mount Point/{ print $NF }')
# Eject the disk
diskutil unmountDisk $diskName
fi
done
If i use diskutil cs list | grep AES-XTS this finds the encrypted part, but i don't know how to reference the usb drive and check against it.
Does any one have an idea if this is possible?
Posted on 12-27-2015 02:10 AM
Any news on this @tkimpton ?
I would really like to use this.
Posted on 12-27-2015 10:05 AM
If your work environment absolutely requires encrypted storage, the only 100% foolproof solution is to use IronKey flash drives and Safend clients to enforce the use of those drives.
Posted on 12-28-2015 06:15 AM
I suspect this would work. Like brad says, not 100% foolproof, but it's something...
#!/bin/bash
#Get the disk name
#Tmhoule
for disk in $(diskutil list | awk '/disk[1-9]s/{ print $NF }' | grep -v /dev); do
if [[ $(diskutil info $disk | awk '/Protocol/{ print $2 }') == "USB" ]]; then
echo "Device $disk is a USB removable disk"
diskName=$(diskutil info $disk | awk -F"/" '/Mount Point/{ print $NF }')
#If disk is encrypted
isEncrypted=`diskutil cs info $disk 2>&1|grep "is not a CoreStorage disk"`
if [ -z "$isEncrypted" ]; then
echo "$disk is encrypted"
else
# Eject the disk
echo "$disk is NOT encrypted"
diskutil unmountDisk $diskName
fi
fi
done