sh Cisco AnyConnect Postinstall
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sh Cisco AnyConnect Postinstall相关的知识,希望对你有一定的参考价值。
#!/bin/bash
LAUNCHD_DIR="/Library/LaunchDaemons"
LAUNCHD_FILE="com.cisco.anyconnect.vpnagentd.plist"
LAUNCHD_AGENT_DIR="/Library/LaunchAgents"
LAUNCHD_AGENT_FILE="com.cisco.anyconnect.gui.plist"
INSTPREFIX="/opt/cisco/anyconnect"
BINDIR="/opt/cisco/anyconnect/bin"
PROFILEDIR="/opt/cisco/anyconnect/profile"
FEEDBACK_DIR="/opt/cisco/anyconnect/CustomerExperienceFeedback"
# Update the VPNManifest.dat file
${BINDIR}/manifesttool -i ${INSTPREFIX} ${INSTPREFIX}/ACManifestVPN.xml
# Import any AnyConnect XML profiles and read the ACTransforms.xml from one of these locations
# (from highest to lowest priority):
# 1) the directory that contains the pkg installer
# 2) if pkg installer is on a mounted dmg volume, the directory that contains the mounted dmg
# Errors that occur during import are intentionally ignored (best effort)
echo "Determining import locations"
PKG_FILE=$1
PKG_FILE_DIR=$(dirname "${PKG_FILE}")
DMG_FILE_DIR=""
# Use hdiutil to get the information about all mounted disks. Pull out the mount points
# and the DMG paths into separate arrays. Because we are working with a plist, we know
# that MOUNTED_VOL[i] has the DMG located at DMG_PATH[i].
# Note: If the DMG has been moved after being mounted, image-path will point to the
# original location and image-alias will point to the current location. We may want
# to also check the image-alias folder for things to import.
SAVEIFS=$IFS
IFS=$'\n'
MOUNTED_VOLS=($(hdiutil info -plist | egrep -A 1 "mount-point" | grep "<string>" | sed 's:.*<string>::' | sed 's:</string>::'))
DMG_PATHS=($(hdiutil info -plist | egrep -A 1 "image-path" | grep "<string>" | sed 's:.*<string>::' | sed 's:</string>::'))
# To be safe, we only want to process the hdiutil information if we have an equal number of Volume paths and DMG directories
if [ ${#MOUNTED_VOLS[@]} -eq ${#DMG_PATHS[@]} ] ; then
# If we find a mounted volume that matches our known mounted volume, get the path to the associated DMG
INDEX=0
while [ $INDEX -lt ${#MOUNTED_VOLS[@]} ] ; do
# This check should ensure that there is only a single matching directory to import from.
MOUNTED_VOLS_PATH=${MOUNTED_VOLS[${INDEX}]}
case ${PKG_FILE_DIR} in
${MOUNTED_VOLS_PATH}*)
# pkg is located on the mounted volume
DMG_FILE_DIR=$(dirname "${DMG_PATHS[${INDEX}]}")
;;
esac
let "INDEX = $INDEX + 1"
done
fi
IFS=$SAVEIFS
echo "Installer package path: ${PKG_FILE_DIR}"
echo "Installer DMG path: ${DMG_FILE_DIR}"
IS_PRE_DEPLOY=true
if [ -d "${PKG_FILE_DIR}" ] && [ -e "${PKG_FILE_DIR}/.webdeploy" ]; then
IS_PRE_DEPLOY=false;
fi
if $IS_PRE_DEPLOY; then
# Import local policy file (pre-deploy only)
PKG_PROFILE_IMPORT_DIR="${PKG_FILE_DIR}/Profiles"
DMG_PROFILE_IMPORT_DIR="${DMG_FILE_DIR}/Profiles"
if [ -d "${PKG_FILE_DIR}" ] && [ -d "${PKG_PROFILE_IMPORT_DIR}" ] ; then
echo "Importing AnyConnect Local Policy file from ${PKG_PROFILE_IMPORT_DIR}"
find "${PKG_PROFILE_IMPORT_DIR}" -maxdepth 1 -name "AnyConnectLocalPolicy.xml" -type f -exec cp -f {} ${INSTPREFIX} \;
elif [ -d "${DMG_FILE_DIR}" ] && [ -d "${DMG_PROFILE_IMPORT_DIR}" ] ; then
echo "Importing AnyConnect Local Policy file from ${DMG_PROFILE_IMPORT_DIR}"
find "${DMG_PROFILE_IMPORT_DIR}" -maxdepth 1 -name "AnyConnectLocalPolicy.xml" -type f -exec cp -f {} ${INSTPREFIX} \;
fi
# Import VPN profiles (pre-deploy only)
PKG_VPN_PROFILE_IMPORT_DIR="${PKG_PROFILE_IMPORT_DIR}/vpn"
DMG_VPN_PROFILE_IMPORT_DIR="${DMG_PROFILE_IMPORT_DIR}/vpn"
if [ -d "${PKG_FILE_DIR}" ] && [ -d "${PKG_VPN_PROFILE_IMPORT_DIR}" ] ; then
echo "Importing AnyConnect VPN profiles from ${PKG_VPN_PROFILE_IMPORT_DIR}"
find "${PKG_VPN_PROFILE_IMPORT_DIR}" -maxdepth 1 -name "*.xml" -type f -exec cp -f {} ${PROFILEDIR} \;
elif [ -d "${DMG_FILE_DIR}" ] && [ -d "${DMG_VPN_PROFILE_IMPORT_DIR}" ] ; then
echo "Importing AnyConnect VPN profiles from ${DMG_VPN_PROFILE_IMPORT_DIR}"
find "${DMG_VPN_PROFILE_IMPORT_DIR}" -maxdepth 1 -name "*.xml" -type f -exec cp -f {} ${PROFILEDIR} \;
fi
# Import Customer Feedback profile (pre-deploy only)
PKG_FEEDBACK_PROFILE_IMPORT_DIR="${PKG_PROFILE_IMPORT_DIR}/feedback"
DMG_FEEDBACK_PROFILE_IMPORT_DIR="${DMG_PROFILE_IMPORT_DIR}/feedback"
if [ -d "${PKG_FILE_DIR}" ] && [ -d "${PKG_FEEDBACK_PROFILE_IMPORT_DIR}" ] ; then
echo "Importing AnyConnect Customer Feedback profile from ${PKG_FEEDBACK_PROFILE_IMPORT_DIR}"
find "${PKG_FEEDBACK_PROFILE_IMPORT_DIR}" -maxdepth 1 -name "CustomerExperience_Feedback.xml" -type f -exec cp -f {} ${FEEDBACK_DIR} \;
elif [ -d "${DMG_FILE_DIR}" ] && [ -d "${DMG_FEEDBACK_PROFILE_IMPORT_DIR}" ] ; then
echo "Importing AnyConnect Customer Feedback profile from ${DMG_FEEDBACK_PROFILE_IMPORT_DIR}"
find "${DMG_FEEDBACK_PROFILE_IMPORT_DIR}" -maxdepth 1 -name "CustomerExperience_Feedback.xml" -type f -exec cp -f {} ${FEEDBACK_DIR} \;
fi
fi
# Process transforms
getProperty()
{
FILE=${1}
TAG=${2}
grep ${TAG} "${FILE}" | sed "s/\(.*\)\(<${TAG}>\)\(.*\)\(<\/${TAG}>\)\(.*\)/\3/"
}
DISABLE_VPN_TAG="DisableVPN"
DISABLE_FEEDBACK_TAG="DisableCustomerExperienceFeedback"
BYPASS_DOWNLOADER_TAG="BypassDownloader"
FIPS_MODE_TAG="FipsMode"
RESTRICT_PREFERENCE_CACHING_TAG="RestrictPreferenceCaching"
RESTRICT_TUNNEL_PROTOCOLS_TAG="RestrictTunnelProtocols"
RESTRICT_WEB_LAUNCH_TAG="RestrictWebLaunch"
STRICT_CERTIFICATE_TRUST_TAG="StrictCertificateTrust"
EXCLUDE_PEM_FILE_CERT_STORE_TAG="ExcludePemFileCertStore"
EXCLUDE_WIN_NATIVE_CERT_STORE_TAG="ExcludeWinNativeCertStore"
EXCLUDE_MAC_NATIVE_CERT_STORE_TAG="ExcludeMacNativeCertStore"
EXCLUDE_FIREFOX_NSS_CERT_STORE_TAG="ExcludeFirefoxNSSCertStore"
ALLOW_SOFTWARE_UPDATES_FROM_ANY_SERVER_TAG="AllowSoftwareUpdatesFromAnyServer"
ALLOW_COMPLIANCE_MODULE_UPDATES_FROM_ANY_SERVER_TAG="AllowComplianceModuleUpdatesFromAnyServer"
ALLOW_VPN_PROFILE_UPDATES_FROM_ANY_SERVER_TAG="AllowVPNProfileUpdatesFromAnyServer"
ALLOW_ISE_PROFILE_UPDATES_FROM_ANY_SERVER_TAG="AllowISEProfileUpdatesFromAnyServer"
ALLOW_SERVICE_PROFILE_UPDATES_FROM_ANY_SERVER_TAG="AllowServiceProfileUpdatesFromAnyServer"
AUTHORIZED_SERVER_LIST_TAG="AuthorizedServerList"
if $IS_PRE_DEPLOY; then
PKG_TRANSFORM_FILE="${PKG_PROFILE_IMPORT_DIR}/ACTransforms.xml"
DMG_TRANSFORM_FILE="${DMG_PROFILE_IMPORT_DIR}/ACTransforms.xml"
if [ -d "${PKG_FILE_DIR}" ] && [ -f "${PKG_TRANSFORM_FILE}" ] ; then
TRANSFORM_FILE=${PKG_TRANSFORM_FILE}
elif [ -d "${DMG_FILE_DIR}" ] && [ -f "${DMG_TRANSFORM_FILE}" ] ; then
TRANSFORM_FILE=${DMG_TRANSFORM_FILE}
fi
else
DMG_TRANSFORM_FILE="${DMG_FILE_DIR}/ACTransforms.xml"
if [ -d "${DMG_FILE_DIR}" ] && [ -f "${DMG_TRANSFORM_FILE}" ] ; then
TRANSFORM_FILE=${DMG_TRANSFORM_FILE}
fi
fi
if [ -f "${TRANSFORM_FILE}" ] ; then
echo "Processing transform file in ${TRANSFORM_FILE}"
DISABLE_VPN=$(getProperty "${TRANSFORM_FILE}" ${DISABLE_VPN_TAG})
DISABLE_FEEDBACK=$(getProperty "${TRANSFORM_FILE}" ${DISABLE_FEEDBACK_TAG})
BYPASS_DOWNLOADER=$(getProperty "${TRANSFORM_FILE}" ${BYPASS_DOWNLOADER_TAG})
FIPS_MODE=$(getProperty "${TRANSFORM_FILE}" ${FIPS_MODE_TAG})
RESTRICT_PREFERENCE_CACHING=$(getProperty "${TRANSFORM_FILE}" ${RESTRICT_PREFERENCE_CACHING_TAG})
RESTRICT_TUNNEL_PROTOCOLS=$(getProperty "${TRANSFORM_FILE}" ${RESTRICT_TUNNEL_PROTOCOLS_TAG})
RESTRICT_WEB_LAUNCH=$(getProperty "${TRANSFORM_FILE}" ${RESTRICT_WEB_LAUNCH_TAG})
STRICT_CERTIFICATE_TRUST=$(getProperty "${TRANSFORM_FILE}" ${STRICT_CERTIFICATE_TRUST_TAG})
EXCLUDE_PEM_FILE_CERT_STORE=$(getProperty "${TRANSFORM_FILE}" ${EXCLUDE_PEM_FILE_CERT_STORE_TAG})
EXCLUDE_WIN_NATIVE_CERT_STORE=$(getProperty "${TRANSFORM_FILE}" ${EXCLUDE_WIN_NATIVE_CERT_STORE_TAG})
EXCLUDE_MAC_NATIVE_CERT_STORE=$(getProperty "${TRANSFORM_FILE}" ${EXCLUDE_MAC_NATIVE_CERT_STORE_TAG})
EXCLUDE_FIREFOX_NSS_CERT_STORE=$(getProperty "${TRANSFORM_FILE}" ${EXCLUDE_FIREFOX_NSS_CERT_STORE_TAG})
ALLOW_SOFTWARE_UPDATES_FROM_ANY_SERVER=$(getProperty "${TRANSFORM_FILE}" ${ALLOW_SOFTWARE_UPDATES_FROM_ANY_SERVER_TAG})
ALLOW_COMPLIANCE_MODULE_UPDATES_FROM_ANY_SERVER=$(getProperty "${TRANSFORM_FILE}" ${ALLOW_COMPLIANCE_MODULE_UPDATES_FROM_ANY_SERVER_TAG})
ALLOW_VPN_PROFILE_UPDATES_FROM_ANY_SERVER=$(getProperty "${TRANSFORM_FILE}" ${ALLOW_VPN_PROFILE_UPDATES_FROM_ANY_SERVER_TAG})
ALLOW_ISE_PROFILE_UPDATES_FROM_ANY_SERVER=$(getProperty "${TRANSFORM_FILE}" ${ALLOW_ISE_PROFILE_UPDATES_FROM_ANY_SERVER_TAG})
ALLOW_SERVICE_PROFILE_UPDATES_FROM_ANY_SERVER=$(getProperty "${TRANSFORM_FILE}" ${ALLOW_SERVICE_PROFILE_UPDATES_FROM_ANY_SERVER_TAG})
AUTHORIZED_SERVER_LIST=$(getProperty "${TRANSFORM_FILE}" ${AUTHORIZED_SERVER_LIST_TAG})
fi
# if disable VPN is specified, install disable VPN profile
DISABLE_VPN_PROFILE="${INSTPREFIX}/VPNDisable_ServiceProfile.xml"
if [ "x${DISABLE_VPN}" = "xtrue" ] ; then
echo "Installing disable VPN profile"
if [ -f ${DISABLE_VPN_PROFILE} ] ; then
mv ${DISABLE_VPN_PROFILE} ${PROFILEDIR}/
fi
else
rm -f ${DISABLE_VPN_PROFILE}
fi
# if disable phone home is specified, remove the phone home plugin and any data folder
# note: this will remove the customer feedback profile if it was imported above
FEEDBACK_PLUGIN="${BINDIR}/plugins/libacfeedback.dylib"
#convert tag value to lower case
DISABLE_FEEDBACK=`echo ${DISABLE_FEEDBACK} | tr '[:upper:]' '[:lower:]'`
if [ "x${DISABLE_FEEDBACK}" = "xtrue" ] ; then
echo "Disabling Customer Experience Feedback plugin"
rm -f ${FEEDBACK_PLUGIN}
rm -rf ${FEEDBACK_DIR}
fi
# generate default AnyConnect Local Policy file if it doesn't already exist
${BINDIR}/acinstallhelper -acpolgen bd=${BYPASS_DOWNLOADER:-false} \
fm=${FIPS_MODE:-false} \
rpc=${RESTRICT_PREFERENCE_CACHING:-false} \
rtp=${RESTRICT_TUNNEL_PROTOCOLS:-false} \
rwl=${RESTRICT_WEB_LAUNCH:-false} \
sct=${STRICT_CERTIFICATE_TRUST:-false} \
epf=${EXCLUDE_PEM_FILE_CERT_STORE:-false} \
ewn=${EXCLUDE_WIN_NATIVE_CERT_STORE:-false} \
emn=${EXCLUDE_MAC_NATIVE_CERT_STORE:-false} \
efn=${EXCLUDE_FIREFOX_NSS_CERT_STORE:-false} \
upsu=${ALLOW_SOFTWARE_UPDATES_FROM_ANY_SERVER:-true} \
upcu=${ALLOW_COMPLIANCE_MODULE_UPDATES_FROM_ANY_SERVER:-true} \
upvp=${ALLOW_VPN_PROFILE_UPDATES_FROM_ANY_SERVER:-true} \
upip=${ALLOW_ISE_PROFILE_UPDATES_FROM_ANY_SERVER:-true} \
upsp=${ALLOW_SERVICE_PROFILE_UPDATES_FROM_ANY_SERVER:-true} \
upal=${AUTHORIZED_SERVER_LIST}
echo "Setting ownership permissions for VPN Profiles and AnyConnect Local Policy file ..."
# Set proper ownership and permissions on profiles
chown root:wheel ${PROFILEDIR}/*.xml >/dev/null 2>&1
chmod 0644 ${PROFILEDIR}/*.xml >/dev/null 2>&1
# Set proper ownership and permissions on AnyConnectLocalPolicy file
chown root:wheel ${INSTPREFIX}/AnyConnectLocalPolicy.xml >/dev/null 2>&1
chmod 0644 ${INSTPREFIX}/AnyConnectLocalPolicy.xml >/dev/null 2>&1
# Attempt to start the VPN agent.
echo "Attempting to start the VPN agent ..."
launchctl load -wF ${LAUNCHD_DIR}/${LAUNCHD_FILE} || exit 1
# Load the GUI launch agent
echo "Attempting to load the GUI launch agent ..."
MYUID=$(echo "show State:/Users/ConsoleUser" | scutil | awk '/UID/ { print $3 }')
sudo -u \#${MYUID} launchctl load -wF -S Aqua ${LAUNCHD_AGENT_DIR}/${LAUNCHD_AGENT_FILE}
exit 0
以上是关于sh Cisco AnyConnect Postinstall的主要内容,如果未能解决你的问题,请参考以下文章
sh 适用于OpenConnect的Cisco Anyconnect CSD包装器。
通过 bash 连接 CISCO Anyconnect ***
使用 Cisco *** AnyConnect 时无法让 docker-machine 与 virtualbox 一起使用