A Slack App to Simplify Mac Lookups and Troubleshooting

Transcript

1. None

2. © JAMF Software, LLC #JNUC2019 Tania Dastres Senior Apple Systems

   Administrator SEEK AP&A

3. © JAMF Software, LLC #JNUC2019 /jamf: A Slack app to

   simplify Mac lookups and troubleshooting The origin story The /jamf workflow How to build your own /jamf /mymac Gotchas and considerations

4. © JAMF Software, LLC #JNUC2019 The origin story

5. #JNUC2019 & ' SEEK Ltd Australia and New Zealand Founded

   1997

6. #JNUC2019 SEEK Ltd SEEK Asia OCC Mundial Catho ( )

   &' *+,-./01 SEEK AP&A (Asia-Pacific & Americas)

7. #JNUC2019 SEEK Asia *+,-./01

8. #JNUC2019 SEEK Asia Macs 6 locations 5 countries ~180 Macs

   12% macOS fleet *+./1

9. #JNUC2019 Our challenge How best to help level 1 and

   2 techs troubleshoot the Macs that they come across effectively and efficiently?

10. #JNUC2019 Read-only Jamf access SEEK Asia specific extension attributes &

    smart groups Document everything! Success!

11. #JNUC2019

12. #JNUC2019

13. #JNUC2019 6 It’s ‘busy’ and not intuitive for beginners UI

    does not translate well to iOS/mobile Poor iOS experience == tech required to carry their laptops for all desk visits

14. #JNUC2019 Difficult to use Jamf console + Techs unlikely to

    use it for troubleshooting + Lost opportunity for proactive support = Tech & Mac user

15. © JAMF Software, LLC #JNUC2019 ✅ ⚠ ⚠

16. © JAMF Software, LLC #JNUC2019 ✅ ⚠ ✅

17. © JAMF Software, LLC #JNUC2019 ✅ ✅ ⚠ ✅ ✅

18. © JAMF Software, LLC #JNUC2019 Jamf Classic API

19. © JAMF Software, LLC #JNUC2019 Slack

20. © JAMF Software, LLC #JNUC2019 /jamf

21. © JAMF Software, LLC #JNUC2019 The /jamf workflow

22. #JNUC2019 Initiated from Slack's message input field Invoked by entering

    /, followed by command name, e.g. /jamf Option to provide parameter values e.g. /jamf taniacomputer What is a Slack Slash Command?

23. #JNUC2019 urlencoded payload sent to your app ⏳ Slack expects

    response within 3 seconds A Ephemeral response What is a Slack Slash Command?

24. #JNUC2019 /jamf <search string> /jamf taniacomputer*

25. #JNUC2019 Macs that match the search string are listed, with

    their own More Info button.

26. #JNUC2019 Clicking More Info returns a list of attributes and,

    if applicable, a health status for each.

27. #JNUC2019

28. #JNUC2019 ✅ Easy to use - little training required ✅

    All important Mac attributes efficiently listed ✅ Quick assessment of Mac health

29. #JNUC2019

30. © JAMF Software, LLC #JNUC2019 How /jamf is made

31. #JNUC2019 /jamf

32. #JNUC2019 aws

33. #JNUC2019 Lambda Serverless code execution Natively supports Python, Java, Go,

    Powershell, Node.js, C#, and Ruby Runtime API available for additional languages

34. #JNUC2019 API Gateway Service for creating, publishing, maintaining, monitoring, and

    securing REST and WebSocket APIs at any scale Allows your lambda function to receive Slacks HTTP POST request

35. #JNUC2019 Lambda Tasks Respond to slack with statusCode 200 Make

    a Jamf Pro API Get request for search string Loop through results and format it for Slack, attaching a button for further interaction from user

36. #JNUC2019 Respond to slack with statusCode 200 Make a Jamf

    Pro API Get request for search string Loop through results and format it for Slack, attaching a button for further interaction from user

37. © JAMF Software, LLC #JNUC2019 Simple Notification Service Fully managed

    push messaging service SNS instance called a topic Allows first lambda function to ‘notify’ second lambda function that it has been invoked, providing it with the same payload information that it receives from Slack

38. #JNUC2019 Respond to slack with statusCode 200 Make a Jamf

    Pro API Get request for search string Loop through results and format it for Slack, attaching a button for further interaction with user

39. #JNUC2019 Respond to slack with statusCode 200 Make a Jamf

    Pro API Get request for search string Loop through results and format it for Slack, attaching a button for further interaction from user json

40. #JNUC2019 Respond to slack with statusCode 200 Make a Jamf

    Pro API Get request for search string Loop through results and format it for Slack, attaching a button for further interaction from user json

41. #JNUC2019 Respond to slack with statusCode 200 Make a Jamf

    Pro API Get request for search string Loop through results and format it for Slack, attaching a button for further interaction from user json

42. #JNUC2019 Respond to slack with statusCode 200 Make a Jamf

    Pro API Get request for search string Loop through results and format it for Slack, attaching a button for further interaction from user json

43. #JNUC2019 Respond to slack with statusCode 200 Make a Jamf

    Pro API Get request for search string Loop through results and format it for Slack, attaching a button for further interaction from user json

44. #JNUC2019 Identity & Access Management IAM allows you to manage

    access to AWS Services securely Users, Groups, Roles Lambda functions require a role assigned to it that has the required lambda permissions

45. #JNUC2019 slack

46. #JNUC2019

47. #JNUC2019

48. #JNUC2019

49. #JNUC2019

50. #JNUC2019

51. #JNUC2019

52. #JNUC2019

53. #JNUC2019

54. #JNUC2019 ✅ SIP (System Integrity Protection) is enabled <https://support.apple.com/en-au/HT204899|About SIP>

55. #JNUC2019 ✅ SIP (System Integrity Protection) is enabled <https://support.apple.com/en-au/HT204899|About SIP>

56. © JAMF Software, LLC #JNUC2019 Jamf Pro

57. #JNUC2019 Which Mac attributes? Primary user Hardware warranty Last check-in

    & recon times macOS version Security agents Are they installed, updated, and running? FileVault & SIP Status 32-bit apps and other Catalina considerations Core app versions Are they up to date?

58. #JNUC2019 How to access them?

59. #JNUC2019

60. #JNUC2019

61. #JNUC2019 How do we display it? ⏭ Order of results

    C Efficiency and Sustainability ⚠ How to communicate client via emoji

62. #JNUC2019 #!/bin/bash sip_status=$(csrutil status | grep "enabled") if [[ -z

    "$sip_status" ]] then summary="⚠ SIP (System Integrity Protection) is disabled" else summary="✅ SIP (System Integrity Protection) is enabled" fi echo "<result>$summary</result>

63. #JNUC2019 #!/bin/bash sip_status=$(csrutil status | grep "enabled") if [[ -z

    "$sip_status" ]] then summary="⚠ SIP (System Integrity Protection) is disabled" else summary="✅ SIP (System Integrity Protection) is enabled" fi echo "<result>$summary</result>

64. #JNUC2019 #!/bin/bash sip_status=$(csrutil status | grep "enabled") if [[ -z

    "$sip_status" ]] then summary="⚠ SIP (System Integrity Protection) is disabled" else summary="✅ SIP (System Integrity Protection) is enabled" fi echo "<result>$summary</result>

65. #JNUC2019

66. #JNUC2019

67. #JNUC2019

68. #JNUC2019

69. #JNUC2019

70. #JNUC2019

71. #JNUC2019

72. #JNUC2019 group_accounts = computer[“groups_accounts"]["computer_group_memberships"] group_string = "" for group in

    group_accounts: if "⚠" in group: group = group.strip().replace("⚠","⚠ Member of *") group_string = group_string + group + "*\n"

73. #JNUC2019 group_accounts = computer[“groups_accounts"]["computer_group_memberships"] group_string = "" for group in

    group_accounts: if "⚠" in group: group = group.strip().replace("⚠","⚠ Member of *") group_string = group_string + group + "*\n"

74. #JNUC2019 group_accounts = computer[“groups_accounts"]["computer_group_memberships"] group_string = "" for group in

    group_accounts: if "⚠" in group: group = group.strip().replace("⚠","⚠ Member of *") group_string = group_string + group + "*\n"

75. #JNUC2019 group_accounts = computer[“groups_accounts"]["computer_group_memberships"] group_string = "" for group in

    group_accounts: if "⚠" in group: group = group.strip().replace("⚠","⚠ Member of *") group_string = group_string + group + "*\n"

76. #JNUC2019 ext_attributes = computer["extension_attributes"] ea_string = "" for ea in

    ext_attributes: if "slack" in ea_name: ea_name = ea["name"] ea_name = ea_name.replace("slack - ","") ea_value_formatted = ea["value"].replace(".",'\u034F\u002E') ea_value_formatted = ea_value_formatted.strip().replace("\n","\n>") ea_string = ea_string + " *" + ea_name + "*\n>" + ea_value_formatted

77. #JNUC2019 ext_attributes = computer["extension_attributes"] ea_string = "" for ea in

    ext_attributes: if "slack" in ea_name: ea_name = ea["name"] ea_name = ea_name.replace("slack - ","") ea_value_formatted = ea["value"].replace(".",'\u034F\u002E') ea_value_formatted = ea_value_formatted.strip().replace("\n","\n>") ea_string = ea_string + " *" + ea_name + "*\n>" + ea_value_formatted

78. #JNUC2019 ext_attributes = computer["extension_attributes"] ea_string = "" for ea in

    ext_attributes: if "slack" in ea_name: ea_name = ea["name"] ea_name = ea_name.replace("slack - ","") ea_value_formatted = ea["value"].replace(".",'\u034F\u002E') ea_value_formatted = ea_value_formatted.strip().replace("\n","\n>") ea_string = ea_string + " *" + ea_name + "*\n>" + ea_value_formatted

79. #JNUC2019 ext_attributes = computer["extension_attributes"] ea_string = "" for ea in

    ext_attributes: if "slack" in ea_name: ea_name = ea["name"] ea_name = ea_name.replace("slack - ","") ea_value_formatted = ea["value"].replace(".",'\u034F\u002E') ea_value_formatted = ea_value_formatted.strip().replace("\n","\n>") ea_string = ea_string + " *" + ea_name + "*\n>" + ea_value_formatted

80. #JNUC2019 ext_attributes = computer["extension_attributes"] ea_string = "" for ea in

    ext_attributes: if "slack" in ea_name: ea_name = ea["name"] ea_name = ea_name.replace("slack - ","") ea_value_formatted = ea["value"].replace(".",'\u034F\u002E') ea_value_formatted = ea_value_formatted.strip().replace("\n","\n>") ea_string = ea_string + " *" + ea_name + "*\n>" + ea_value_formatted

81. © JAMF Software, LLC #JNUC2019 /jamf

82. #JNUC2019

83. #JNUC2019 /jamf taniacomputer* entered into message box

84. #JNUC2019 Lambda API Gateway urlencoded

85. #JNUC2019 Lambda API Gateway urlencoded

86. #JNUC2019 Lambda API Gateway urlencoded

87. #JNUC2019 Lambda SNS json json

88. #JNUC2019 Lambda json SNS json

89. #JNUC2019 import json import boto3 from urllib import parse as

    urlparse def lambda_handler(event, context): message = dict(urlparse.parse_qsl(event["body"])) search_string = message["text"] client = boto3.client('sns') trigger = client.publish( TargetArn=topicARN, Message=json.dumps({'default': json.dumps(message)}), MessageStructure='json')

90. #JNUC2019 import json import boto3 from urllib import parse as

    urlparse def lambda_handler(event, context): message = dict(urlparse.parse_qsl(event["body"])) search_string = message["text"] client = boto3.client('sns') trigger = client.publish( TargetArn=topicARN, Message=json.dumps({'default': json.dumps(message)}), MessageStructure='json')

91. #JNUC2019 import json import boto3 from urllib import parse as

    urlparse def lambda_handler(event, context): message = dict(urlparse.parse_qsl(event["body"])) search_string = message["text"] client = boto3.client('sns') trigger = client.publish( TargetArn=topicARN, Message=json.dumps({'default': json.dumps(message)}), MessageStructure='json')

92. #JNUC2019 search_string = message["text"] slack_ready_search_string = search_string.replace("*","\u034F*") response_text = ":female-detective::skin-tone-3:

    looking up _" + slack_ready_search_string + "_..." response_code = 200 return { 'statusCode': response_code, 'body': response_text }

93. #JNUC2019 search_string = message["text"] slack_ready_search_string = search_string.replace("*","\u034F*") response_text = ":female-detective::skin-tone-3:

    looking up _" + slack_ready_search_string + "_..." response_code = 200 return { 'statusCode': response_code, 'body': response_text } Combining Graphene Joiner

94. #JNUC2019 search_string = message["text"] slack_ready_search_string = search_string.replace("*","\u034F*") response_text = ":female-detective::skin-tone-3:

    looking up _" + slack_ready_search_string + "_..." response_code = 200 return { 'statusCode': response_code, 'body': response_text }

95. #JNUC2019 search_string = message["text"] slack_ready_search_string = search_string.replace("*","\u034F*") response_text = ":female-detective::skin-tone-3:

    looking up _" + slack_ready_search_string + "_..." response_code = 200 return { 'statusCode': response_code, 'body': response_text }

96. #JNUC2019 json

97. #JNUC2019 json

98. #JNUC2019 json

99. #JNUC2019 import json def lambda_handler(event, context): data = event["Records"][0]["Sns"]["Message"] json_loaded

    = json.loads(data) response_url = json_loaded["response_url"] channel = json_loaded["channel_id"] search_string = json_loaded[“text"]

100. #JNUC2019 import json def lambda_handler(event, context): data = event["Records"][0]["Sns"]["Message"] json_loaded

     = json.loads(data) response_url = json_loaded["response_url"] channel = json_loaded["channel_id"] search_string = json_loaded["text"]

101. #JNUC2019 import json def lambda_handler(event, context): data = event["Records"][0]["Sns"]["Message"] json_loaded

     = json.loads(data) response_url = json_loaded["response_url"] channel = json_loaded["channel_id"] search_string = json_loaded["text"]

102. #JNUC2019 import json def lambda_handler(event, context): data = event["Records"][0]["Sns"]["Message"] json_loaded

     = json.loads(data) response_url = json_loaded["response_url"] channel = json_loaded["channel_id"] search_string = json_loaded["text"]

103. #JNUC2019 json

104. #JNUC2019 json <jamf>/JSSResource/computers/match/tdastres

105. #JNUC2019 GET Request <jamf>/JSSResource/computers/match/tdastres

106. #JNUC2019 GET Request <jamf>/JSSResource/computers/match/tdastres

107. #JNUC2019 from botocore.vendored import requests headers = { 'Accept': 'application/json',

     'Content-type': 'application/json', } search_string = json_loaded["text"] api_url = "https://jamf_pro_url/JSSResource/computers/match/ {}".format(search_string) jamf_response = requests.get(api_url, headers=headers, auth=(jamf_username, jamf_pw))

108. #JNUC2019 from botocore.vendored import requests headers = { 'Accept': 'application/json',

     'Content-type': 'application/json', } search_string = json_loaded["text"] api_url = "https://jamf_pro_url/JSSResource/computers/match/ {}".format(search_string) jamf_response = requests.get(api_url, headers=headers, auth=(jamf_username, jamf_pw))

109. #JNUC2019 json

110. #JNUC2019 json

111. #JNUC2019 data = jamf_response.json() computers = data["computers"] total_results = len(computers)

     attachments = [] for computer in computers: name = computer["name"] name_string = “:computer: *" + name + "*\n" computer_summary = name_string attachment = { 'callback_id': “id search", 'text': computer_summary, 'actions' : [{ 'name': 'moreinfo',

112. #JNUC2019 data = jamf_response.json() computers = data["computers"] total_results = len(computers)

     attachments = [] for computer in computers: name = computer["name"] name_string = “:computer: *" + name + "*\n" computer_summary = name_string attachment = { 'callback_id': “id search", 'text': computer_summary, 'actions' : [{ 'name': 'moreinfo',

113. #JNUC2019 data = jamf_response.json() computers = data["computers"] total_results = len(computers)

     attachments = [] for computer in computers: name = computer["name"] name_string = “:computer: *" + name + "*\n" computer_summary = name_string attachment = { 'callback_id': “id search", 'text': computer_summary, 'actions' : [{ 'name': 'moreinfo',

114. #JNUC2019 data = jamf_response.json() computers = data["computers"] total_results = len(computers)

     attachments = [] for computer in computers: name = computer["name"] name_string = “:computer: *" + name + "*\n" computer_summary = name_string attachment = { 'callback_id': “id search", 'text': computer_summary, 'actions' : [{ 'name': 'moreinfo',

115. #JNUC2019 for computer in computers: name = computer["name"] name_string =

     “:computer: *" + name + "*\n" computer_summary = name_string attachment = { 'callback_id': “id search", 'text': computer_summary, 'actions' : [{ 'name': 'moreinfo', 'text': 'More Info', 'type': "button", 'value': computer_id }] } attachments.append(attachment)

116. #JNUC2019 for computer in computers: name = computer["name"] name_string =

     “:computer: *" + name + "*\n" computer_summary = name_string attachment = { 'callback_id': “id search", 'text': computer_summary, 'actions' : [{ 'name': 'moreinfo', 'text': 'More Info', 'type': "button", 'value': computer_id }] } attachments.append(attachment)

117. #JNUC2019 response_url = json_loaded["response_url"] response_json = { 'text': "Total Results:

     *" + str(total_results) + "*\n" 'attachments' : attachments } response = requests.post( response_url, data=json.dumps(response_json), headers={'Content-Type': 'application/json'} )

118. #JNUC2019 response_url = json_loaded["response_url"] response_json = { 'text': "Total Results:

     *" + str(total_results) + "*\n" 'attachments' : attachments } response = requests.post( response_url, data=json.dumps(response_json), headers={'Content-Type': 'application/json'} )

119. #JNUC2019 response_url = json_loaded["response_url"] response_json = { 'text': "Total Results:

     *" + str(total_results) + "*\n" 'attachments' : attachments } response = requests.post( response_url, data=json.dumps(response_json), headers={'Content-Type': 'application/json'} )

120. #JNUC2019 response_url = json_loaded["response_url"] response_json = { 'text': "Total Results:

     *" + str(total_results) + "*\n" 'attachments' : attachments } response = requests.post( response_url, data=json.dumps(response_json), headers={'Content-Type': 'application/json'} )

121. #JNUC2019 json

122. #JNUC2019 json

123. #JNUC2019 json

124. #JNUC2019 More info button clicked

125. #JNUC2019 urlencoded

126. #JNUC2019 urlencoded

127. #JNUC2019 urlencoded

128. #JNUC2019 json

129. #JNUC2019 json json

130. #JNUC2019 json json

131. #JNUC2019 json

132. #JNUC2019 json

133. #JNUC2019 <jamf>/JSSResource/computers/id/456

134. #JNUC2019 GET Request <jamf>/JSSResource/computers/id/456

135. #JNUC2019 GET Request <jamf>/JSSResource/computers/id/456

136. #JNUC2019 json

137. #JNUC2019 json

138. #JNUC2019 json

139. #JNUC2019 json

140. #JNUC2019 json

141. #JNUC2019 json

142. © JAMF Software, LLC #JNUC2019 Securing /jamf

143. #JNUC2019 Securing /jamf D Verify Channel ID E Lock down

     Jamf Permissions F Verify Message Authenticity G Stored sensitive information securely

144. #JNUC2019 taniacomputer_channel_id = "GK0CRKFND" request = event["body"] message = dict(urlparse.parse_qsl(request))

     channel_id = message["channel_id"] if channel_id != taniacomputer_channel_id: response_text = ":warning: `/jamf` can only be used from an authorized channel." response_json["text"] = response_text else: #etc...

145. #JNUC2019 taniacomputer_channel_id = "GK0CRKFND" request = event["body"] message = dict(urlparse.parse_qsl(request))

     channel_id = message["channel_id"] if channel_id != taniacomputer_channel_id: response_text = ":warning: `/jamf` can only be used from an authorized channel." response_json["text"] = response_text else: #etc...

146. #JNUC2019 taniacomputer_channel_id = "GK0CRKFND" request = event["body"] message = dict(urlparse.parse_qsl(request))

     channel_id = message["channel_id"] if channel_id != taniacomputer_channel_id: response_text = ":warning: `/jamf` can only be used from an authorized channel." response_json["text"] = response_text else: #etc...

147. #JNUC2019

148. #JNUC2019 Read-only Jamf Pro permissions

149. #JNUC2019 Verify Slack Signing Secret

150. #JNUC2019

151. #JNUC2019 Verify Slack Signing Secret “The cooler fresher sibling of

     verification token” Slack gives you a unique ‘signing secret’ string for your app Compute a HMAC-SHA256 hash of each request (using the signing secret as a base) And compare it to the hash value delivered in the request header, event["headers"]['X-Slack-Signature']

152. #JNUC2019 import hmac import hashlib slack_request_timestamp = event["headers"]['X-Slack-Request- Timestamp'] request_body

     = event["body"] basestring = f”v0:{slack_request_timestamp}: {request_body}".encode('utf-8') slack_signing_secret = bytes(signing_secret_string, 'utf-8') expected_signature = 'v0=' + hmac.new(slack_signing_secret, basestring, hashlib.sha256).hexdigest() Verify Slack Signing Secret

153. #JNUC2019 import hmac import hashlib slack_request_timestamp = event["headers"]['X-Slack-Request- Timestamp'] request_body

     = event["body"] basestring = f”v0:{slack_request_timestamp}: {request_body}".encode('utf-8') slack_signing_secret = bytes(signing_secret_string, 'utf-8') expected_signature = 'v0=' + hmac.new(slack_signing_secret, basestring, hashlib.sha256).hexdigest() Verify Slack Signing Secret

154. #JNUC2019 import hmac import hashlib slack_request_timestamp = event["headers"]['X-Slack-Request- Timestamp'] request_body

     = event["body"] basestring = f”v0:{slack_request_timestamp}: {request_body}".encode('utf-8') slack_signing_secret = bytes(signing_secret_string, 'utf-8') expected_signature = 'v0=' + hmac.new(slack_signing_secret, basestring, hashlib.sha256).hexdigest() Verify Slack Signing Secret

155. #JNUC2019 import hmac import hashlib slack_request_timestamp = event["headers"]['X-Slack-Request- Timestamp'] request_body

     = event["body"] basestring = f”v0:{slack_request_timestamp}: {request_body}".encode('utf-8') slack_signing_secret = bytes(signing_secret_string, 'utf-8') expected_signature = 'v0=' + hmac.new(slack_signing_secret, basestring, hashlib.sha256).hexdigest() Verify Slack Signing Secret

156. #JNUC2019 import hmac import hashlib slack_request_timestamp = event["headers"]['X-Slack-Request- Timestamp'] request_body

     = event["body"] basestring = f”v0:{slack_request_timestamp}: {request_body}".encode('utf-8') slack_signing_secret = bytes(signing_secret_string, 'utf-8') expected_signature = 'v0=' + hmac.new(slack_signing_secret, basestring, hashlib.sha256).hexdigest() Verify Slack Signing Secret

157. #JNUC2019 expected_signature = 'v0=' + hmac.new(slack_signing_secret, basestring, hashlib.sha256).hexdigest() delivered_signature =

     event["headers"]['X-Slack-Signature'] if hmac.compare_digest(expected_signature, delivered_sig): # Hooray, request came from Slack else: # Wah, this is an imposter message Verify Slack Signing Secret

158. #JNUC2019 expected_signature = 'v0=' + hmac.new(slack_signing_secret, basestring, hashlib.sha256).hexdigest() delivered_signature =

     event["headers"]['X-Slack-Signature'] if hmac.compare_digest(expected_signature, delivered_sig): # Hooray, request came from Slack else: # Wah, this is an imposter message Verify Slack Signing Secret

159. #JNUC2019 import time slack_request_timestamp = float(event[“headers”]['X-Slack- Request-Timestamp']) current_time = time.time()

     if (current_time - slack_request_timestamp) > 300: response_text = "Message is more than 5 minutes old" response_code = 412 else: #etc... Verify Timestamp

160. #JNUC2019 import time slack_request_timestamp = float(event[“headers”]['X-Slack- Request-Timestamp']) current_time = time.time()

     if (current_time - slack_request_timestamp) > 300: response_text = "Message is more than 5 minutes old" response_code = 412 else: #etc... Verify Timestamp

161. #JNUC2019 import time slack_request_timestamp = float(event[“headers”]['X-Slack- Request-Timestamp']) current_time = time.time()

     if (current_time - slack_request_timestamp) > 300: response_text = "Message is more than 5 minutes old" response_code = 412 else: #etc... Verify Timestamp

162. #JNUC2019 import time slack_request_timestamp = float(event[“headers”]['X-Slack- Request-Timestamp']) current_time = time.time()

     if (current_time - slack_request_timestamp) > 300: response_text = "Message is more than 5 minutes old" response_code = 412 else: #etc... Verify Timestamp

163. © JAMF Software, LLC #JNUC2019 Secrets Management Instead of hardcoding

     sensitive information into the Lambda code, use Amazon Secrets Manager to store: Jamf API credentials Slack signing secret Any other sensitive information Retrieve the values ‘on the fly’

164. #JNUC2019

165. #JNUC2019

166. #JNUC2019 import boto3 from botocore.vendored import requests auth_credentials = get_secret(‘jamf_slackbot_credentials')

     url = "https://myjss.com/JSSResource/computers/name/ {}".format(search_string) response = requests.get(url, headers=headers, auth=(auth_credentials[“username"], auth_credentials["password"]))

167. #JNUC2019 import boto3 from botocore.vendored import requests auth_credentials = get_secret(‘jamf_slackbot_credentials')

     url = "https://myjss.com/JSSResource/computers/name/ {}".format(search_string) response = requests.get(url, headers=headers, auth=(auth_credentials[“username"], auth_credentials["password"]))

168. #JNUC2019 import boto3 from botocore.vendored import requests auth_credentials = get_secret(‘jamf_slackbot_credentials')

     url = "https://myjss.com/JSSResource/computers/name/ {}".format(search_string) response = requests.get(url, headers=headers, auth=(auth_credentials[“username"], auth_credentials["password"]))

169. © JAMF Software, LLC #JNUC2019 /mymac & wrap up

170. #JNUC2019 /mymac Customer facing Mac ‘health’ summary, with links to

     Apple articles and Self Service policies jamfselfservice:// Invoked with /mymac No other input required - Slack username used to find assigned Mac

171. #JNUC2019

172. #JNUC2019 #!/bin/bash summary=“" sip_status=$(csrutil status | grep “enabled") if [[

     -z "$sip_status" ]] then summary="$summary ⚠ SIP (System Integrity Protection) is disabled Please contact #ops to resolve ASAP. <https://support.apple.com/en-au/HT204899|About SIP>" else summary="$summary ✅ SIP (System Integrity Protection) is enabled <https://support.apple.com/en-au/HT204899|About SIP>" fi echo "<result>$summary</result>"

173. #JNUC2019 #!/bin/bash summary=“" sip_status=$(csrutil status | grep “enabled") if [[

     -z "$sip_status" ]] then summary="$summary ⚠ SIP (System Integrity Protection) is disabled Please contact #ops to resolve ASAP. <https://support.apple.com/en-au/HT204899|About SIP>" else summary="$summary ✅ SIP (System Integrity Protection) is enabled <https://support.apple.com/en-au/HT204899|About SIP>" fi echo "<result>$summary</result>"

174. #JNUC2019 #!/bin/bash summary=“" sip_status=$(csrutil status | grep “enabled") if [[

     -z "$sip_status" ]] then summary="$summary ⚠ SIP (System Integrity Protection) is disabled Please contact #ops to resolve ASAP. <https://support.apple.com/en-au/HT204899|About SIP>" else summary="$summary ✅ SIP (System Integrity Protection) is enabled <https://support.apple.com/en-au/HT204899|About SIP>" fi echo "<result>$summary</result>"

175. #JNUC2019 #!/bin/bash summary=“" sip_status=$(csrutil status | grep “enabled") if [[

     -z "$sip_status" ]] then summary="$summary ⚠ SIP (System Integrity Protection) is disabled Please contact #ops to resolve ASAP. <https://support.apple.com/en-au/HT204899|About SIP>" else summary="$summary ✅ SIP (System Integrity Protection) is enabled <https://support.apple.com/en-au/HT204899|About SIP>" fi echo "<result>$summary</result>"

176. #JNUC2019 #!/bin/bash summary=“" sip_status=$(csrutil status | grep “enabled") if [[

     -z "$sip_status" ]] then summary="$summary ⚠ SIP (System Integrity Protection) is disabled Please contact #ops to resolve ASAP. <https://support.apple.com/en-au/HT204899|About SIP>" else summary="$summary ✅ SIP (System Integrity Protection) is enabled <https://support.apple.com/en-au/HT204899|About SIP>" fi echo "<result>$summary</result>"

177. © JAMF Software, LLC #JNUC2019 Gotchas & other considerations

178. #JNUC2019 Jamf records epoch time in milliseconds, while Python time.now()

     returns seconds Lambda Function timeout is 3 seconds, but 6 seconds probably best

179. © JAMF Software, LLC #JNUC2019 Maximum of 100 attachments per

     message, but Slack best practice is 20 response_url can be used up to 5 times within 30 minutes of the command being invoked Provide a helper text for your slash command

180. #JNUC2019 from urllib import parse as urlparse request = event["body"]

     message = dict(urlparse.parse_qsl(request)) try: search_string = message["text"] except KeyError: search_string = "" if search_string == "" or search_string == "help": response_text = help_text response_code = 200 else: #etc... Helper Text

181. #JNUC2019 from urllib import parse as urlparse request = event["body"]

     message = dict(urlparse.parse_qsl(request)) try: search_string = message["text"] except KeyError: search_string = "" if search_string == "" or search_string == "help": response_text = help_text response_code = 200 else: #etc... Helper Text

182. #JNUC2019

183. #JNUC2019 etc. etc. Alternate tools and services

184. #JNUC2019 Retroactive disclaimer

185. © JAMF Software, LLC #JNUC2019 Thank you for your time!

     www.taniacomputer.com @taniacomputer

186. © JAMF Software, LLC Thank you for listening! Give us

     feedback by completing the 2-question session survey in the JNUC 2019 app. UP NEXT Build a Second Generation 1-to-1 Student Device Program 2:45 - 3:30 p.m.