The following worklet will enable FileVault on Macs and save the recovery key into Automox. To avoid requesting credentials from the user it has been set to enable at the next login.
The recovery key will be written to a tag in Automox the next time the worklet runs following FileVault being enabled.
Evaluation:
#!/bin/bash
#
# Check if FileVault is enabled
if ($(fdesetup isactive)); then
echo "FileVault is enabled!"
exit 0
fi
exit 1
Remediation:
#!/bin/bash
#Created by Gary Langley
#02/12/2020
#
# Check if FileVault is enabled or current user is System
if ( $(fdesetup isactive) && [ ! -f "/Users/Shared/Automox/filevault.plist" ] ); then
echo "FileVault is already enabled!"
exit 0
fi
# Enable Filevault and get Recovery Key
fdesetup enable -defer /Users/Shared/Automox/filevault.plist -forceatlogin 3 -dontaskatlogout
# Use Python to parse JSON output from API and return values required for the PUT request
python2 -c '
import urllib2
import json
import socket
import plistlib
host = socket.gethostname()
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer <insert your API key>"
}
url = "https://console.automox.com/api/servers?policyId=<insert policyID>"
req = urllib2.Request(url, None, headers)
response = urllib2.urlopen(req)
html = response.read()
jres = json.loads(html)
for item in jres:
if item["name"] == host:
serverid = item["id"]
servergroupid = item["server_group_id"]
orgid = item["organization_id"]
reldata = {
"ServerID": serverid,
"ServerGroupID": servergroupid,
"OrgID": orgid
}
with open("/Users/Shared/Automox/com.automox.agent.device.plist", "wb+") as fp:
plistlib.writePlist(reldata, fp)
'
if [ -f "/Users/Shared/Automox/filevault.plist" ]; then
# Write recovery key to device tag in Automoxs
serverid=$(defaults read /Users/Shared/Automox/com.automox.agent.device ServerID)
servergroupid=$(defaults read /Users/Shared/Automox/com.automox.agent.device ServerGroupID)
orgid=$(defaults read /Users/Shared/Automox/com.automox.agent.device OrgID)
recoverykey=$(defaults read /Users/Shared/Automox/filevault RecoveryKey)
posturl="https://console.automox.com/api/servers/$serverid?o=$orgid"
curl -X PUT $posturl \
-H 'Authorization: Bearer <insert your API key>' \
-H 'Content-Type: application/json' \
-d '{
"server_group_id": '$servergroupid',
"tags": [
"Recovery Key: '$recoverykey'"
],
"exception": false
}'
echo "Recovery Key: $recoverykey"
exit 0
fi
echo "FileVault will be enabled at next login"