-
Notifications
You must be signed in to change notification settings - Fork 2
/
AWSVPNDiagnostics.pkginfo
151 lines (131 loc) · 5.33 KB
/
AWSVPNDiagnostics.pkginfo
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OnDemand</key>
<true/>
<key>_metadata</key>
<dict>
<key>created_by</key>
<string>kevinmcox</string>
<key>creation_date</key>
<date>2023-04-26T23:41:19Z</date>
<key>munki_version</key>
<string>6.3.0.4556</string>
<key>os_version</key>
<string>13.4</string>
</dict>
<key>catalogs</key>
<array>
<string>testing</string>
</array>
<key>category</key>
<string>Self-Service</string>
<key>description</key>
<string>"Install" this item to generate AWS VPN Client diagnotic information for attaching to your IT ticket.
NOTE: This item will never show as "Installed" since it performs diagnostics on-demand and can be run multiple times.</string>
<key>developer</key>
<string>Kevin M. Cox</string>
<key>display_name</key>
<string>AWS VPN Diagnostics</string>
<key>icon_name</key>
<string>AWSVPN-Diagnostics.png</string>
<key>installer_type</key>
<string>nopkg</string>
<key>minimum_os_version</key>
<string>10.10</string>
<key>name</key>
<string>AWSVPNDiagnostics</string>
<key>postinstall_script</key>
<string>#!/bin/bash
## AWS VPN Diagnostics and log gathering
## Version 1.0, April 26, 2023
## By Kevin M. Cox
## This script gathers AWS VPN Client logs and runs tests for analysis
## then creates a tarball so users can attach the results to IT tickets for evaluation.
# Get the current date and time
dateShort=$(/bin/date '+%F_%H.%M')
dateLong=$(/bin/date '+%B %d, %Y @ %T %Z')
# Define the output folder
outputFolder="/Users/Shared/AWS_VPN_Diagnostics_$dateShort"
# Get the username of the current user
currentUser="$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk '/Name :/ { print $3 }')"
# Make sure AWS VPN Client and logs actually exist, in case a user runs this accidentally
if [[ ! -d "/Applications/AWS VPN Client/AWS VPN Client.app" ]]; then
echo "AWS VPN Client is not installed."
exit 1
else
if [[ ! -d "/Users/$currentUser/.config/AWSVPNClient/logs/" ]]; then
echo "AWS VPN Client logs do not exist."
exit 1
fi
fi
# Make the output folder to gather the results
/bin/mkdir "$outputFolder"
# Make the folder for the VPN Logs
/bin/mkdir "$outputFolder"/VPN_LOGS/
# Make the folder for the PCAP files
/bin/mkdir "$outputFolder"/PCAPS/
# Copy the VPN Logs
/bin/cp -pr /Users/"$currentUser"/.config/AWSVPNClient/logs/ "$outputFolder"/VPN_LOGS/
# Run the DNS checks and create the RESULTS.txt file
{
#Write the current user and date/time to the top of the file
echo "$dateLong"
echo "USER: $currentUser"
# Output the DNS serers in use
echo -e "\n#### DNS SERVERS ####\n"
/usr/sbin/scutil --dns | /usr/bin/grep nameserver
# Run a DNS lookup on Google
echo -e "\n#### GOOGLE LOOKUP ####\n"
/usr/bin/nslookup google.com
# Run an internal DNS lookup
echo -e "\n#### INTERNAL LOOKUP ####\n"
/usr/bin/nslookup internal.company.net
} > "$outputFolder"/RESULTS.txt
# Get a list of all tunnel names and add them to an array
tunnels=()
while IFS='' read -r line; do tunnels+=("$line"); done < <(/sbin/ifconfig | /usr/bin/grep "utun.*:" | /usr/bin/awk -F ':' '{print $1}')
# Loop through the tunnel names
for utun in "${tunnels[@]}"
do
{
# Run ifconfig on each tunnel and add the RESULTS
echo -e "\n#### $utun ####\n"
/sbin/ifconfig "$utun"
} >> "$outputFolder"/RESULTS.txt
done
# Detect the active interface
interface=$(/sbin/route get internal.company.net | /usr/bin/grep interface | /usr/bin/cut -d":" -f2 | /usr/bin/awk '{$1=$1};1')
# Get the primary DNS server being used
dnsServer=$(/usr/sbin/scutil --dns | /usr/bin/grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | /usr/bin/head -1)
# If a tunnel is active run tcpdump, otherwise log an error
if [[ $interface = utun* ]]; then
# Capture 10 packets with tcpdump for analysis
/usr/sbin/tcpdump -c 10 -nni "$interface" dst port 53 -w "$outputFolder"/PCAPS/utunPort53.pcap 2> "$outputFolder"/PCAPS/utunPort53.txt
/usr/sbin/tcpdump -c 10 -nni "$interface" host "$dnsServer" -w "$outputFolder"/PCAPS/utunHost.pcap 2> "$outputFolder"/PCAPS/utunHost.txt
/usr/sbin/tcpdump -c 10 -nni any dst port 53 -w "$outputFolder"/PCAPS/AnyPort53.pcap 2> "$outputFolder"/PCAPS/AnyPort53.txt
/usr/sbin/tcpdump -c 10 -nni any host "$dnsServer" -w "$outputFolder"/PCAPS/AnyHost.pcap 2> "$outputFolder"/PCAPS/AnyHost.txt
else
echo -e "Tunnel not active\nActive Interface: $interface" > "$outputFolder"/PCAPS/Error.txt
fi
# Create a compressed tar archive of the files for attaching to the ITSD ticket
cd /Users/Shared/ || (echo "Changing directories failed, unable to tar logs" && exit 1)
/usr/bin/tar -czf AWS_VPN_Diagnostics_"$dateShort".tgz "AWS_VPN_Diagnostics_$dateShort"
# Change the ownership on the archive
/usr/sbin/chown "$currentUser":wheel AWS_VPN_Diagnostics_"$dateShort".tgz
# Move it to the desktop
/bin/mv AWS_VPN_Diagnostics_"$dateShort".tgz /Users/"$currentUser"/Desktop/AWS_VPN_Diagnostics_"$dateShort".tgz
# Delete the output folder
/bin/rm -rf "$outputFolder"
</string>
<key>preinstall_alert</key>
<dict>
<key>alert_detail</key>
<string>Gathering the diagnostic information could take several minutes, please be patient.
Results will be in an archive placed on your Mac's desktop.</string>
</dict>
<key>version</key>
<string>1.0</string>
</dict>
</plist>