Eject usb if its not encrypted

Hi guys im not sure if its possible to create a script to eject a usb device if its not encrypted.

i have tried using bits from here

https://jamfnation.jamfsoftware.com/discussion.html?id=5924

#!/bin/bash

#Get the disk name

for disk in $(diskutil list | awk '/disk[1-9]s/{ print $NF }' | grep -v /dev); do

if [[ $(diskutil info $disk | awk '/Protocol/{ print $2 }') == "USB" ]]; then

echo "Device $disk is a USB removable disk"

diskName=$(diskutil info $disk | awk -F"/" '/Mount Point/{ print $NF }')



# Eject the disk

diskutil unmountDisk $diskName



fi

done

If i use diskutil cs list | grep AES-XTS this finds the encrypted part, but i don't know how to reference the usb drive and check against it.

Does any one have an idea if this is possible?

Page 1 / 1

Any news on this @tkimpton ?
I would really like to use this.

If your work environment absolutely requires encrypted storage, the only 100% foolproof solution is to use IronKey flash drives and Safend clients to enforce the use of those drives.

I suspect this would work. Like brad says, not 100% foolproof, but it's something...

#!/bin/bash

#Get the disk name

#Tmhoule  



for disk in $(diskutil list | awk '/disk[1-9]s/{ print $NF }' | grep -v /dev); do

    if [[ $(diskutil info $disk | awk '/Protocol/{ print $2 }') == "USB" ]]; then

        echo "Device $disk is a USB removable disk"

        diskName=$(diskutil info $disk | awk -F"/" '/Mount Point/{ print $NF }')



        #If disk is encrypted

        isEncrypted=`diskutil cs info $disk 2>&1|grep "is not a CoreStorage disk"`

        if [ -z "$isEncrypted" ]; then

            echo "$disk is encrypted"

        else

           # Eject the disk

            echo "$disk is NOT encrypted"

            diskutil unmountDisk $diskName

        fi

    fi

done

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded