Jamf Nation Community

tkimpton · ‎09-12-2013

Hi guys im not sure if its possible to create a script to eject a usb device if its not encrypted.

i have tried using bits from here

https://jamfnation.jamfsoftware.com/discussion.html?id=5924

#!/bin/bash
#Get the disk name
for disk in $(diskutil list | awk '/disk[1-9]s/{ print $NF }' | grep -v /dev); do
if [[ $(diskutil info $disk | awk '/Protocol/{ print $2 }') == "USB" ]]; then
echo "Device $disk is a USB removable disk"
diskName=$(diskutil info $disk | awk -F"/" '/Mount Point/{ print $NF }')

# Eject the disk
diskutil unmountDisk $diskName

fi
done

If i use diskutil cs list | grep AES-XTS this finds the encrypted part, but i don't know how to reference the usb drive and check against it.

Does any one have an idea if this is possible?

mikevos · ‎12-27-2015

Any news on this @tkimpton ?
I would really like to use this.

bradtchapman · ‎12-27-2015

If your work environment absolutely requires encrypted storage, the only 100% foolproof solution is to use IronKey flash drives and Safend clients to enforce the use of those drives.

thoule · ‎12-28-2015

I suspect this would work. Like brad says, not 100% foolproof, but it's something...

#!/bin/bash
#Get the disk name
#Tmhoule  

for disk in $(diskutil list | awk '/disk[1-9]s/{ print $NF }' | grep -v /dev); do
    if [[ $(diskutil info $disk | awk '/Protocol/{ print $2 }') == "USB" ]]; then
        echo "Device $disk is a USB removable disk"
        diskName=$(diskutil info $disk | awk -F"/" '/Mount Point/{ print $NF }')

        #If disk is encrypted
        isEncrypted=`diskutil cs info $disk 2>&1|grep "is not a CoreStorage disk"`
        if [ -z "$isEncrypted" ]; then
            echo "$disk is encrypted"
        else
           # Eject the disk
            echo "$disk is NOT encrypted"
            diskutil unmountDisk $diskName
        fi
    fi
done

Jamf Nation Community

Eject usb if its not encrypted