#!/usr/bin/python # Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one # or more contributor license agreements. Licensed under the Elastic License # 2.0; you may not use this file except in compliance with the Elastic License # 2.0. import sys import uuid import argparse import os template = """ PayloadContent PayloadDescription PayloadDisplayName Privacy Preferences Policy Control PayloadEnabled PayloadIdentifier com.apple.TCC.configuration-profile-policy.{0} PayloadOrganization {6} PayloadType com.apple.TCC.configuration-profile-policy PayloadUUID {0} PayloadVersion 1 Services SystemPolicyAllFiles Allowed 1 CodeRequirement identifier "co.elastic.elastic-agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z" Identifier co.elastic.elastic-agent IdentifierType bundleID StaticCode 1 Allowed 1 CodeRequirement identifier "64_Bit_Endpoint_Macos" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z" Identifier /Library/Elastic/Endpoint/elastic-endpoint IdentifierType path StaticCode 1 Allowed 1 CodeRequirement identifier "co.elastic.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z" Identifier co.elastic.systemextension IdentifierType bundleID StaticCode 1 Allowed 1 CodeRequirement identifier "co.elastic.endpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z" Identifier co.elastic.endpoint IdentifierType bundleID StaticCode 1 FilterBrowsers FilterDataProviderBundleIdentifier co.elastic.systemextension FilterDataProviderDesignatedRequirement identifier "co.elastic.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z" FilterPacketProviderBundleIdentifier co.elastic.systemextension FilterPacketProviderDesignatedRequirement identifier "co.elastic.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z" FilterPackets FilterSockets FilterType Plugin PayloadDisplayName Web Content Filter Payload PayloadIdentifier com.apple.webcontent-filter.{1} PayloadOrganization {6} PayloadType com.apple.webcontent-filter PayloadUUID {1} PayloadVersion 1 PluginBundleID co.elastic.endpoint UserDefinedName ElasticEndpoint AllowUserOverrides AllowedSystemExtensions 2BT3HPN62Z co.elastic.systemextension PayloadDescription PayloadDisplayName System Extensions PayloadEnabled PayloadIdentifier com.apple.system-extension-policy.{2} PayloadOrganization {6} PayloadType com.apple.system-extension-policy PayloadUUID {2} PayloadVersion 1 NotificationSettings AlertType 2 BadgesEnabled BundleIdentifier co.elastic.alert CriticalAlertEnabled NotificationsEnabled ShowInLockScreen ShowInNotificationCenter SoundsEnabled PayloadDisplayName Notifications Payload PayloadIdentifier com.apple.notificationsettings.{3} PayloadOrganization {6} PayloadType com.apple.notificationsettings PayloadUUID {3} PayloadVersion 1 PayloadDescription Grants Elastic Agent the necessary permissions to secure your Mac PayloadDisplayName Elastic Agent Endpoint Configuration PayloadEnabled PayloadIdentifier {4} PayloadOrganization {6} PayloadRemovalDisallowed PayloadScope System PayloadType Configuration PayloadUUID {5} PayloadVersion 1 """ def main(argv): output_file = str() parser = argparse.ArgumentParser() parser.add_argument("-n", "--name", help="The name of your company", action="store", required=True, type=str, dest="name") parser.add_argument("-o", "--output", help="The absolute path to the mobileconfig that will be written out by this script", action="store", required=True, type=str, dest="output_file_path") args = parser.parse_args() output_file = args.output_file_path # Ensure a directory is not specified if os.path.isdir(output_file): print("Please specify a file name in the output path") exit(-1) # Ensure the file ends with .mobileconfig extension if output_file.endswith(".mobileconfig") == False: output_file += ".mobileconfig" with open(output_file, 'w', encoding='utf-8') as output_config_file: pos_args = [str(uuid.uuid4()).upper() for _ in range ( 6)] output_data = template.format(*pos_args, args.name) output_config_file.write(output_data) if __name__ == "__main__": main(sys.argv[1:])