This repository provides a LaunchDaemon
based workflow using StartOnMount
monitoring new Volumes
being mounted on the macOS endpoint, once a new volume mount has been detected by the LaunchDaemon
it triggers the DiskEncrypter.sh
script to provide a end-user driven workflow to have the removable media devices encrypted or automatically mounted as read-only
.
This workflow could help any organisation by preventing loss of corporate data on to unencrypted removable storage devices and provide guided end-users workflows to have the storage devices encrypted in an automated fashion.
Please read through and test this script intensively prior adding it to your production environment, as in some cases the end-user agree's to erase the external disk and losing it's contents stored on it.
This workflow has been tested against
The workflows relies on swiftDialog, the preference is that it is already pre-installed but within the script we do provide checks to download and install it if it's not existing on the endpoint.
JSON
schema uploaded into Jamf ProSteps to create the workflow:
JSON
schema for the Managed Preferences com.custom.diskencrypter
in to Jamf Pro Configuration Profiles Custon Applications & Settingsby installing the provided package in this repository we are distributing the com.custom.volumewatcher
LaunchDaemon
and loading with by using launchctl
. This LaunchDaemon
monitors the /volumes/ folder on changes and runs the ProgramArguments
in case changes happens.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.custom.volumewatcher</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/bin/sh</string>
<string>/Library/Application Support/Custom/DiskEncrypter.sh</string>
</array>
<key>StartOnMount</key>
<true/>
</dict>
</plist>
On detection of a new volume being mounted in Volumes
the LaunchDaemon
triggers the DiskEncrypter.sh
which does the following
DiskEncrypter writes to the macOS Unified Log, use the following command to filter the Unified Logs.
log show --predicate 'process == "logger" AND eventMessage contains "DiskEncrypter:"'
USBInserted
can be used alongside this workflow to monitor on USB Inserted activityFile Event
#