Linux Bash Script Deployment with Intune

Introduction

Since the Intune Service Release 2303 it is now possible to distribute configurations using Linux Bash Script Deployment with Intune. Better too late than not at all, I have dealt with this issue. With the help of the Bash programming language (like PowerShell / Windows), manipulations can made to the operating system. Possible solution or automation processes can mapped.

WLAN Bash Script Deployment

The procedure to deploy the special bash script is relatively simple and straight forward. First, a new Linux script is selected under the Devices mask -> Scripts.

Then give the corresponding configuration a name.

Now specific settings for the script can selected, which are explain in more detail below.

  • Execution context: Select the context, either User or Device, in which the script is execute.
    • User (default): This is how it works, When a user signs in to the device, the script runs.
    • Root: Runs at the device level. The script runs if there are zero (0) users signed in or many users signed in to the device.
  • Execution frequency: You can select how frequently the script execute. The default is Every 15 minutes.
  • Execution retries: If you want Intune to retry the failed script, you can input how many times Intune should retry running the script. The default is No retries.
  • Execution Script: Select the file picker to upload an existing Bash script (.sh files).
  • Bash Script: You can edit this script using the option. After you add an existing Bash script, the script text is shown.

Example Bash Script “WLAN”

The script was not written by myself but copied from the following resource. Thanks to the author.

#!/bin/bash

## Restores the screen when the program exits.
trap "tput rmcup; exit"  SIGHUP SIGINT SIGTERM

## Saves the screen contents.
tput smcup

## Clears the screen.
clear

## Loop through available interfaces.
while read interface; do                    # While reads a line of the output
    i=$((i+1))                                  # Only God knows what does this (view note 1).
    type=$(cut -f2 -d ' ' <<< $interface)       # Saves the interface type to check if is wifi.
    status=$(cut -f3 -d ' ' <<< $interface)     # Saves the status of the current interface.
    interface=$(cut -f1 -d ' ' <<< $interface)  # Selects the INTEFACE field of the output.
    if [[ "$type" == "802-11-wireless" ]]; then # If is a WiFi interface then:
      interfaces[$i]=$interface                     # Adds the current interface to an array.
      echo "$i: $interface ($status)"               # Prints the name of current interface.
    fi                                          # Ends the if conditional
done < <(nmcli device | tail -n +2)         # Redirects the output of the command nmcli device to the loop.

## If there is only one interface
if [[ "$i" == "2" ]]; then
    iface=1 # Selected interface is the only one
    clear   # Quick and dirty workaround for make disappear the interface list.
else
    ## Prompts the user for the interface to use.
    read -p "Select the interface: " iface
fi

## If the entered number is valid then...
if [[ "$iface" -le $i ]]; then
    read -p "Enter the SSID or BSSID: " b_ssid # Prompts the user for the ESSID/BSSID
    read -p "Enter the password: " pass # Prompts the user for the password
    output=$(nmcli device wifi connect "$b_ssid" password "$pass" iface wlan0 --timeout 10) # Tries to connect
    wget -q --tries=5 --timeout=5 --spider http://google.com &> /dev/null # Is connected to Internet?
    if [[ $? -eq 0 ]]; then
            echo "You're connected." # Is connected to Internet
            exit 0
    else
            echo "Error. $output" # Anything goes wrong
            exit 1
    fi
else
    echo "Invalid interface entered. Exiting..."
    exit 2
fi

## Note 1: this line increments $i

Finally, distribute and maintain the configuration for devices or user groups.

Important – Actually, it is not recommended to distribute configurations like WLAN via such a solution. This is because sensitive information can read out.

But some of my tests worked, thankfully. Not exactly the safest solution 🙂

Conclusion

The fact that Microsoft Intune now offers more possibilities in the Linux environment is certainly a step in the right direction. Since I am not the specialist in the Linux area, it is still currently difficult for me to find applications. Probably the operating systems share the same problems which can solved with scripts.

New Posts

Nico Wyss

Writer & Blogger

Be the First in Line!

Sign up for a Newsletter.

You have been successfully Subscribed! Ops! Something went wrong, please try again.

© 2023 Copyright