Skip to content

Instantly share code, notes, and snippets.

@ploegert

ploegert/entra-linux-install.sh

Created January 8, 2026 18:15
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ploegert/8fdbfdf5a2f479d4347b0a8527285af4 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ploegert/8fdbfdf5a2f479d4347b0a8527285af4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
entra-linux-install.sh
#!/bin/bash
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
#=============================================================#
# Name: AAD/Intune Installer/Uninstaller script #
# Description: Installs or uninstalls necessary packages to #
# support CA access on Linux Desktop #
# USAGE: #
# chmod +x ./linux_cleaner.sh
#===================================================================
# To Install necessary packages to support CA on Linux Desktops
# including: msedge-dev, intune-portal, javabroker
#
# sudo ./linux_cleaner.sh install
#===================================================================
# To uninstall & clean the work folder
# sudo ./linux_cleaner.sh clean
#===================================================================
# To grab an output of logs
# sudo ./linux_cleaner.sh logs
#===================================================================
# To get an idea of what relevant packages are installed, type
# sudo ./linux_cleaner.sh list
#===================================================================
# To get a list of what upgrades are possible
# sudo ./linux_cleaner.sh listupgrades
#===================================================================
################## DECLARE FUNCTIONS ######################
# Exit on error. Append "|| true" if you expect an error.
set -o errexit
# Exit on error inside any functions or subshells.
set -o errtrace
# Do not allow use of undefined vars. Use ${VAR:-} to use an undefined VAR
# set -o nounset
# Catch the error in case mysqldump fails (but gzip succeeds) in `mysqldump |gzip`
set -o pipefail
# Turn on traces, useful while debugging but commented out by default
# set -o xtrace
if [[ "${BASH_SOURCE[0]}" != "${0}" ]]; then
__i_am_main_script="0" # false
if [[ "${__usage+x}" ]]; then
if [[ "${BASH_SOURCE[1]}" = "${0}" ]]; then
__i_am_main_script="1" # true
fi
__b3bp_external_usage="true"
__b3bp_tmp_source_idx=1
fi
else
__i_am_main_script="1" # true
[[ "${__usage+x}" ]] && unset -v __usage
[[ "${__helptext+x}" ]] && unset -v __helptext
fi
# Set magic variables for current file, directory, os, etc.
__dir="$(cd "$(dirname "${BASH_SOURCE[${__b3bp_tmp_source_idx:-0}]}")" && pwd)"
__file="${__dir}/$(basename "${BASH_SOURCE[${__b3bp_tmp_source_idx:-0}]}")"
__base="$(basename "${__file}" .sh)"
# Define the environment variables (and their defaults) that this script depends on
LOG_LEVEL="${LOG_LEVEL:-6}" # 7 = debug -> 0 = emergency
NO_COLOR="${NO_COLOR:-}" # true = disable color. otherwise autodetected
if [ -z $ERROROUTPUT ];then
ERROROUTPUT=/var/tmp/$$.err
fi
#===========================================================================================
# Helper func for input
getUsage()
{
echo ""
echo "Usage: $0 \"[action]\" \"[target]\""
echo -e "\t [action]: = install | clean | list | listupgrades | run | log"
echo -e "\t [target]: = broker | intune | edge | azcli"
echo -e "EXAMPLES:"
echo -e "\t $0 clean intune ==> Will clear any cached data for intune"
echo -e "\t $0 clean ==> Will remove all packages (broker,intune,msedge) & clear any cached data"
echo -e "\t $0 install intune ==> Will install intune package & clear any cached data"
echo -e "\t $0 install ==> Will install all packages (broker,intune,msedge)"
echo -e "\t $0 remove intune ==> Will remove intune package & clear any cached data"
echo -e "\t $0 remove ==> Will remove all packages (broker,intune,msedge)"
echo -e "\t $0 log ==> Will export logs from services"
echo -e "\t $0 run intune ==> Will run intune in debug mode, outputting logs to file"
echo -e "\t $0 run edge ==> Will run edge in debug mode, outputting logs to file"
exit 1 # Exit script after printing help
}
#===========================================================================================
#Log to console
function __b3bp_log () {
local log_level="${1}"
shift
local action=""
local lineout="${1}"
if [ $# -ge 2 ] && [ -n "$2" ]; then
action="[${2}]"
fi
local color_green="\x1b[32m"
local color_success="\x1b[32m"
local color_debug="\x1b[35m"
local color_info="\x1b[36m"
local color_success="\x1b[36m"
local color_notice="\x1b[34m"
local color_warning="\x1b[33m"
local color_banner="\x1b[33m"
local color_error="\x1b[31m"
local color_critical="\x1b[1;31m"
local color_alert="\x1b[1;33;41m"
local color_emergency="\x1b[1;4;5;33;41m"
local colorvar="color_${log_level}"
local color="${!colorvar:-${color_error}}"
local color_reset="\x1b[0m"
if [[ "${NO_COLOR:-}" = "true" ]] || [[ "${TERM:-}" != "xterm"* ]] || [[ ! -t 2 ]]; then
if [[ "${NO_COLOR:-}" != "false" ]]; then # Don't use colors on pipes or non-recognized terminals
color=""; color_reset=""
fi
fi
if [[ "${log_level}" = "banner" ]]; then
echo -e "${color} $(date -u +"%Y-%m-%d %H:%M:%S UTC") $(printf "[%-4s]%s %s " "" "${action}" "${lineout}")${color_reset}" 1>&2
elif [ "${log_level}" = "success" ]; then
printf "${color_green} $(date -u +"%Y-%m-%d %H:%M:%S UTC") [%-4s]%s ${color_green} ${lineout} ${color_reset}\n" ${log_level:0:4} ${action}
elif [ "${log_level}" = "error" ]; then
printf "${color_error} $(date -u +"%Y-%m-%d %H:%M:%S UTC") [%-4s]%s ${color_error} ${lineout} ${color_reset}\n" ${log_level:0:4} ${action}
else
#printf "$(date -u +"%Y-%m-%d %H:%M:%S UTC") ${color}[%-4s]%s ${color} ${lineout} ${color_reset}\n" ${log_level:0:4} ${action}
echo -e "${color} $(date -u +"%Y-%m-%d %H:%M:%S UTC") $(printf "[%-4s]%s " "${log_level:0:4}" "${action}")${color_reset} ${lineout}" 1>&2
fi
}
function log_emergency () { __b3bp_log emergency "${@}"; exit 1; }
function log_alert () { [[ "${LOG_LEVEL:-0}" -ge 1 ]] && __b3bp_log alert "${@}"; true; }
function log_critical () { [[ "${LOG_LEVEL:-0}" -ge 2 ]] && __b3bp_log critical "${@}"; true; }
function log_error () { [[ "${LOG_LEVEL:-0}" -ge 3 ]] && __b3bp_log error "${@}"; true; }
function log_warning () { [[ "${LOG_LEVEL:-0}" -ge 4 ]] && __b3bp_log warning "${@}"; true; }
function log_notice () { [[ "${LOG_LEVEL:-0}" -ge 5 ]] && __b3bp_log notice "${@}"; true; }
function log_info () { [[ "${LOG_LEVEL:-0}" -ge 6 ]] && __b3bp_log info "${@}"; true; }
function log_debug () { [[ "${LOG_LEVEL:-0}" -ge 7 ]] && __b3bp_log debug "${@}"; true; }
function log_banner () { __b3bp_log banner "========================================="; __b3bp_log banner "${@}"; true; }
function log_success () { __b3bp_log success "${@}"; true; }
#===========================================================================================
#Log to Syslog
log_syslog()
{
/usr/bin/logger $1
}
#===========================================================================================
# Check if script is being run as Root
checkRoot() {
FUNC="checkRoot "
log_banner "Checking if script is being run as root" $FUNC
if [ $(id -u) -ne 0 ]; then
log_error "Script must be run as root. Try 'sudo ...'\n" $FUNC
exit 1
else
log_success "Script is being executed as Root." $FUNC
fi
}
#===========================================================================================
# Check which Distribution is being used
check_distro(){
FUNC="check_distro"
log_banner "Checking Linux Distribution" $FUNC
#DIST=( lsb_release -ds || cat /etc/*release || uname -om ) 2>/dev/null | head -n1)
if [ -f /etc/os-release ]; then
. /etc/os-release
else
echo "ERROR: I need the file /etc/os-release to determine what my distribution is..."; exit
fi
case "$OSTYPE" in
solaris*) distro="SOLARIS" ;;
darwin*) distro="OSX" ;;
linux*) distro="LINUX" ;;
bsd*) distro="BSD" ;;
msys*) distro="WINDOWS" ;;
*) distro="unknown: $OSTYPE" ;;
esac
declare -A osInfo;
osInfo[/etc/redhat-release]=yum
osInfo[/etc/arch-release]=pacman
osInfo[/etc/gentoo-release]=emerge
osInfo[/etc/SuSE-release]=zypp
osInfo[/etc/debian_version]=apt
for f in ${!osInfo[@]}
do
if [[ -f $f ]];then
pkgman=${osInfo[$f]}
fi
done
if [ $(id -u) -ne 0 ]; then
USER_HOME=~
else
USER_HOME=$(getent passwd $SUDO_USER | cut -d: -f6)
fi
log_info "Linux distribution ==> ${NAME}" $FUNC
log_info "Linux Version ==> ${VERSION}" $FUNC
log_info "Package Manager ==> ${pkgman}" $FUNC
log_info "User Directory ==> $USER_HOME " $FUNC
}
#===========================================================================================
# Supporting function to Check system package manager
check_sys(){
local FUNC="check_sys"
local checkType=$1
local value=$2
local release=''
local systemPackage=''
if [[ -f /etc/redhat-release ]]; then
release="centos"
systemPackage="yum"
elif cat /etc/issue | grep -Eqi "debian"; then
release="debian"
systemPackage="apt"
elif cat /etc/issue | grep -Eqi "ubuntu"; then
release="ubuntu"
systemPackage="apt"
elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
release="centos"
systemPackage="yum"
elif cat /proc/version | grep -Eqi "debian"; then
release="debian"
systemPackage="apt"
elif cat /proc/version | grep -Eqi "ubuntu"; then
release="ubuntu"
systemPackage="apt"
elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
release="centos"
systemPackage="yum"
fi
if [[ ${checkType} == "sysRelease" ]]; then
if [ "$value" == "$release" ]; then
return 0
else
return 1
fi
elif [[ ${checkType} == "packageManager" ]]; then
if [ "$value" == "$systemPackage" ]; then
return 0
else
return 1
fi
fi
}
function test_param() {
if [ $# -gt 1 ] || [ $# -lt 1 ];
then
log_error "Incorrect Parameter Passed. Exiting" $FUNC;
exit 1;
fi
}
#======================================
# lookup helper to tell you what package means what for the first value in (dpkg-query -l | grep SERVICENAME)
# reference: https://linuxprograms.wordpress.com/2010/05/11/status-dpkg-list/
function eval_first_pkg() {
case "${1}" in
u) echo "unknown";;
i) echo "i:marked for install" ;;
r) echo "r:marked for removal" ;;
p) echo "p:marked for purging" ;;
h) echo "h:hold" ;;
esac
}
#======================================
# lookup helper to tell you what package means what for the second value in (dpkg-query -l | grep SERVICENAME)
# reference: https://linuxprograms.wordpress.com/2010/05/11/status-dpkg-list/
function eval_second_pkg() {
case "${1}" in
n) echo "The package is not installed" ;;
i) echo "i:The package is successfully installed" ;;
c) echo "c:Configuration files are present" ;;
u) echo "unpacked" ;;
f) echo "f:failed to remove configuration files" ;;
h) echo "h:the package is only partially installed" ;;
w) echo "w:wait - trigger & wait" ;;
t) echo "t:trig-pend" ;;
esac
}
#======================================
# lookup helper to tell you if package is effectively installed or not (dpkg-query -l | grep SERVICENAME)
# reference: https://linuxprograms.wordpress.com/2010/05/11/status-dpkg-list/
function check_package_substatus() {
case "${1:0:1}" in
r|u|p|h) a="false" ;;
i) a="true" ;;
*) ;;
esac
case "${1:1:2}" in
n|c|u|f|h|w|t) b="false" ;;
i) b="true" ;;
*) ;;
esac
if [[ "${a}" = "true" ]] && [[ "$b" = "true" ]]; then
echo "true"
elif [[ "${a}" = "false" ]] && [[ "$b" = "false" ]]; then
echo "false"
fi
}
#===========================================================================================
# Determine if Package is installed
# $1 = Target Package
#===========================================================================================
function is_package_installed() {
FUNC="is_package_installed"
: ${1?"Usage: incorrect number of parameters passed. "} # Test for # of parameters passed
RET="false"
if check_sys packageManager apt; then
dpkg -s $1 &> /dev/null
rest=$(dpkg-query -l | grep $1)
RET=$(check_package_substatus $rest)
elif check_sys packageManager yum; then
log_error "YUM is isn't currently supported!" $FUNC
yum list $1
echo "not supported."
fi
if [[ $RET = 0 ]]; then
echo "true"
else
echo "false"
fi
}
#===========================================================================================
# Determine if Service is running
# $1 = Target Package
#===========================================================================================
function is_service_running() {
FUNC="get_service_info"
: ${1?"Usage: incorrect number of parameters passed. "} # Test for # of parameters passed
SERVICE_STATE=$(systemctl show -p SubState --value $1)
if [ $SERVICE_STATE = "running" ]; then
echo "true";
else
echo "false";
fi
}
#===========================================================================================
# Start Service
# $1 = Target file/folder
#===========================================================================================
function start_service() {
FUNC="start_service"
log_banner "Start Service [$1]..." $FUNC
: ${1?"Usage: incorrect number of parameters passed. "} # Test for # of parameters passed
sudo systemctl start $1 2> $ERROROUTPUT && log_success "service [$1] started.." $FUNC || log_error "Error! $(cat $ERROROUTPUT)" $FUNC
}
#===========================================================================================
# Stop Service
# $1 = Target file/folder
#===========================================================================================
function stop_service() {
FUNC="stop_service"
log_banner "Stop Service & clean up [$1]..." $FUNC
: ${1?"Usage: incorrect number of parameters passed. "} # Test for # of parameters passed
if [ $(is_service_running $1) = "true" ];
then
log_info "[$1] is running - we'll need to stop that..." $FUNC
sudo systemctl stop $1 2> $ERROROUTPUT && log_success "done." $FUNC || log_error "Error! $(cat $ERROROUTPUT)" $FUNC
log_success "[$1] is stopped!!!" $FUNC
else
log_info "no action required - service [$1] is not running or not found." $FUNC
fi
}
#===========================================================================================
# Clean Service
# $1 = Target file/folder
#===========================================================================================
function clean_service_config() {
FUNC="clean_service_config"
log_banner "Clean Service config for [$1]..." $FUNC
: ${1?"Usage: incorrect number of parameters passed. "} # Test for # of parameters passed
if [ $(is_service_running $1) = "true" ];
then
stop_service $1
log_info "Executing: sudo systemctl clean --what=all $1" $FUNC
sudo systemctl clean --what=all $1 2> $ERROROUTPUT && log_success "done." $FUNC || log_error "Error! $(cat $ERROROUTPUT)" $FUNC
else
log_info "no action required - service [$1] is not running or not found." $FUNC
fi
}
#===========================================================================================
# Clean up specified folder
# $1 = Target file/folder
#===========================================================================================
function clean_filefolder() {
FUNC="clean_filefolder"
: ${1?"Usage: incorrect number of parameters passed. "} # Test for # of parameters passed
if [ -d ${1} ] || [[ -f ${1} ]]; then
sudo rm -r ${1} 2> $ERROROUTPUT && log_success "done." $FUNC || log_error "Error! $(cat $ERROROUTPUT)" $FUNC
log_success "Successfully removed [$1]..." $FUNC
else
log_info "no action required - [$1] doesn't exist." $FUNC
fi
}
#===========================================================================================
# uninstall a specified app
# $1 = Target Directory
#===========================================================================================
function purge_app() {
FUNC="purge_app"
log_banner "Purging Package..." $FUNC
: ${1?"Usage: incorrect number of parameters passed. "} # Test for # of parameters passed
packages_found=$(is_package_installed $1)
echo "Packages found: $packages_found"
if [[ $packages_found = "false" ]];
then
log_info "App $1 is NOT currently installed." $FUNC
else
log_info "App $1 is currently installed. Purging..." $FUNC
log_info "Uninstall $1 [sudo dpkg --purge $1]..." $FUNC
if check_sys packageManager apt; then
sudo dpkg --purge $1 2> $ERROROUTPUT && log_success "done." $FUNC || log_error "Error! $(cat $ERROROUTPUT)" $FUNC
elif check_sys packageManager yum; then
log_error "YUM is NOT currently supported!" $FUNC
fi
fi
}
#===========================================================================================
# uninstall a specified app
# $1 = Target Directory
#===========================================================================================
function uninstall_app() {
FUNC="uninstall_app"
log_banner "Uninstall Package..." $FUNC
: ${1?"Usage: incorrect number of parameters passed. "} # Test for # of parameters passed
packages_found=$(is_package_installed $1)
if [[ $packages_found = "false" ]];
then
log_info "no action required - App $1 is NOT currently installed." $FUNC
else
log_info "Executing ==> [sudo apt remove $1 -y]..." $FUNC
if check_sys packageManager apt; then
sudo apt remove $1 -y 2> $ERROROUTPUT && log_success "done." $FUNC || log_error "Error! $(cat $ERROROUTPUT)" $FUNC
sudo apt autoremove -y 2> $ERROROUTPUT && log_success "done." $FUNC || log_error "Error! $(cat $ERROROUTPUT)" $FUNC
elif check_sys packageManager yum; then
log_error "YUM is NOT currently supported!" $FUNC
fi
fi
}
#===========================================================================================
# install a specified app
# $1 = Target Directory
#===========================================================================================
function install_app() {
FUNC="install_app"
log_banner "install Package..." $FUNC
: ${1?"Usage: incorrect number of parameters passed. "}
packages_found=$(is_package_installed $1)
if [[ $packages_found = "false" ]];
then
log_info "App $1 is NOT currently installed." $FUNC
log_info "Executing ==> [sudo apt install $1 -y]..." $FUNC
if check_sys packageManager apt; then
sudo apt install $1 -y 2> $ERROROUTPUT && log_success "done." $FUNC || log_error "Error! $(cat $ERROROUTPUT)" $FUNC
elif check_sys packageManager yum; then
log_error "YUM is NOT currently supported!" $FUNC
fi
else
log_info "App $1 is currently installed. no action required..." $FUNC
fi
}
#===========================================================================================
# Get Package Info - returns additional info about package
# $1 = Target file/folder
#===========================================================================================
function get_package_info {
OP_TEXT="get_package_info"
: ${1?"Usage: incorrect number of parameters passed. "} # Test for # of parameters passed
log_info "Executing ==> dpkg-query -l | { grep $1 || :; }| wc -l" $OP_TEXT
packages_found=$(dpkg-query -l | { grep $1 || :; }| wc -l)
if [ $packages_found -gt 0 ] ; then
log_info "Package Info:" $OP_TEXT
log_info " ==> $(dpkg -s $1 | grep '^Version:')" $OP_TEXT
log_info " ==> $(dpkg -s $1 | grep '^Status:')" $OP_TEXT
log_info " ==> $(dpkg -s $1 | grep '^Package:')" $OP_TEXT
log_info " ==> $(dpkg -s $1 | grep '^Config-Version:')" $OP_TEXT
log_info " ==> $(dpkg -s $1 | grep '^Depends:')" $OP_TEXT
fi
}
#===========================================================================================
# List Package Info - returns additional info about package
# $1 = Target file/folder
#===========================================================================================
function list_package {
OP_TEXT="get_package_info"
: ${1?"Usage: incorrect number of parameters passed. "} # Test for # of parameters passed
log_info "Executing ==> sudo dpkg -l | grep $1"
sudo dpkg -l | { grep "$1" || :; }
is_package_installed "$1"
get_package_info $1
}
#===========================================================================================
# Remove cache files for Broker
#===========================================================================================
function remove_broker_config {
OP_TEXT="remove_broker_config"
log_banner "Cleaning identity broker configuration...."
clean_filefolder "$USER_HOME/.local/state/microsoft-identity-broker"
clean_filefolder "$USER_HOME/.config/microsoft-identity-broker"
clean_filefolder "/var/lib/microsoft-identity-device-broker"
log_success "Cleaning config of identity broker is complete." $OP_TEXT
}
#===========================================================================================
# Remove cache files for Intune
#===========================================================================================
function remove_intune_config {
OP_TEXT="remove_intune_config"
log_banner "Cleaning Intune configuration...."
clean_filefolder "$USER_HOME/.local/share/intune"
clean_filefolder "$USER_HOME/.config/intune/registration.toml"
clean_filefolder "$USER_HOME/.local/share/intune-portal"
clean_filefolder "$USER_HOME/.cache/intune-portal"
clean_filefolder "$USER_HOME/.local/share/intune-portal"
clean_filefolder "$USER_HOME/.config/intune"
log_success "Cleaning config of Intune is done." $OP_TEXT
}
#===========================================================================================
# Remove cache files for Edge
#===========================================================================================
function remove_edge_config {
OP_TEXT="remove_broker_config"
log_banner "Cleaning config of MSEdge components...."
clean_filefolder "$USER_HOME/.config/$PACKAGE_NAME_EDGE"
log_success "Cleaning config of MSEdge is done." $ACTION
}
#===========================================================================================
# Add Package Repo
# $1 = Target file/folder
#===========================================================================================
function add_package_repo {
OP_TEXT="add_package_repo"
: ${1?"Usage: incorrect number of parameters passed. "} # Test for # of parameters passed
log_info "Executing ==> dpkg-query -l | { grep $1 || :; }| wc -l" $OP_TEXT
if check_sys packageManager apt; then
sudo add-apt-repository $1 -y 2> $ERROROUTPUT && log_success "done." $FUNC || log_error "Error! $(cat $ERROROUTPUT)" $FUNC
sudo apt update
elif check_sys packageManager yum; then
log_error "YUM is NOT currently supported!" $FUNC
fi
}
#===========================================================================
#===========================================================================
#===========================================================================
# Main Execution Code
log_banner "START OF SCRIPT"
ACTION=$1
TARGET=$2
if [[ "${ACTION}" = "-h" ]] || [[ "${ACTION}" = "help" ]] || [[ "${ACTION}" = "?" ]] || [[ "${ACTION}" = "-?" ]] || [[ "${ACTION}" = "--help" ]]; then
getUsage
fi
# Dependency Checking
#checkRoot
check_distro
REALUSER=$(logname)
log_info "User Directory ==> $USER_HOME "
PACKAGE_NAME_BROKER2="microsoft-identity-broker"
PACKAGE_NAME_BROKER="microsoft-identity-broker"
PACKAGE_NAME_INTUNE="intune-portal"
PACKAGE_NAME_EDGE="microsoft-edge-stable"
SERVICE_NAME_BROKER_USER="microsoft-identity-broker"
SERVICE_NAME_BROKER_SYSTEM="microsoft-identity-device-broker"
SERVICE_NAME_INTUNE="intune-portal"
SERVICE_NAME_EDGE="microsoft-edge-stable"
#===================================================
# INSTALL
#===================================================
if [[ "${ACTION}" = "install" ]]; then
log_banner "Install option was specified." $FUNC
# Update Add/Repos:
log_banner "Updating Repos..."
sudo apt-get update
#install Edge
if [[ "${TARGET}" = "edge" ]] || [[ -z "$TARGET" ]]; then
log_banner "Installing $PACKAGE_NAME_EDGE..."
install_app $PACKAGE_NAME_EDGE
fi
# install intune:
if [[ "${TARGET}" = "intune" ]] || [[ -z "$TARGET" ]]; then
log_banner "Installing $PACKAGE_NAME_INTUNE..."
install_app $PACKAGE_NAME_INTUNE
fi
#Install Password complexity tools
log_banner "Installing libpam-pwquality..."
if [[ $(is_package_installed libpam-pwquality) = "false" ]]; then
sudo apt install libpam-pwquality 2> $ERROROUTPUT && log_success "done." $ACTION || log_error "Error! $(cat $ERROROUTPUT)" $ACTION
else
log_info "libpam-pwquality is already installed." $ACTION
fi
# Install Azure CLI
if [[ "${TARGET}" = "azcli" ]] || [[ -z "$TARGET" ]]; then
# All in One Command:
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
fi
exit $?
#===================================================
# LIST
#===================================================
elif [[ "${ACTION}" = "list" ]]; then
log_banner "LIST option was specified."
list_package $PACKAGE_NAME_BROKER
list_package $PACKAGE_NAME_INTUNE
list_package $PACKAGE_NAME_EDGE
#===================================================
# services
#===================================================
elif [[ "${ACTION}" = "service" ]]; then
log_banner "SERVICE option was specified."
FUNC="service"
if [[ "${TARGET}" = "start" ]] || [[ -z "$TARGET" ]]; then
systemctl --user start $SERVICE_NAME_BROKER_USER 2> $ERROROUTPUT && log_success "Service [$SERVICE_NAME_BROKER_USER] started." $FUNC || log_error "Service start [$SERVICE_NAME_BROKER_USER] Error! $(cat $ERROROUTPUT)" $FUNC
sudo systemctl --system start $SERVICE_NAME_BROKER_SYSTEM 2> $ERROROUTPUT && log_success "Service [$SERVICE_NAME_BROKER_SYSTEM] started." $FUNC || log_error "Service start [$SERVICE_NAME_BROKER_SYSTEM] Error! $(cat $ERROROUTPUT)" $FUNC
# start_service $SERVICE_NAME_BROKER_SYSTEM
# start_service $SERVICE_NAME_BROKER_USER
fi
if [[ "${TARGET}" = "list" ]] || [[ -z "$TARGET" ]]; then
systemctl --type=service --state=running
fi
if [[ "${TARGET}" = "status" ]] || [[ -z "$TARGET" ]]; then
log_info "========================> Microsoft-identity-broker <=========================="
systemctl --user status microsoft-identity-broker --no-pager
log_info "========================> microsoft-identity-device-broker <=========================="
sudo systemctl --system -f status microsoft-identity-device-broker --no-pager
fi
#===================================================
# Run
#===================================================
elif [[ "${ACTION}" = "run" ]]; then
now=$(date +"%m_%d_%Y_%H%M")
if [[ "${TARGET}" = "intune" ]] || [[ -z "$TARGET" ]]; then
cmd="/bin/intune-portal"
file="intune_user_$now.txt"
log_info "Executing ==> $cmd 2>&1 | tee $file"
su $REALUSER -c $cmd 2>&1 | tee $file
fi
if [[ "${TARGET}" = "edge" ]] || [[ -z "$TARGET" ]]; then
log_info "Executing ==> sudo dpkg -l | grep $PACKAGE_NAME_EDGE"
cmd="./microsoft-edge-stable"
file="edge_user_$now.txt"
log_info "Executing ==> $cmd 2>&1 | tee $file"
su $REALUSER -c $cmd 2>&1 | tee $file
fi
#===================================================
# listupgrades
#===================================================
elif [[ "${ACTION}" = "listupgrades" ]]; then
log_banner "LISTUPGRADES option was specified."
log_info "Listing Upgradeable Packages [sudo apt list --upgradable]"
sudo apt update 2> $ERROROUTPUT && log_success "done." $ACTION || log_error "Error! $(cat $ERROROUTPUT)" $ACTION
sudo apt list --upgradable 2> $ERROROUTPUT && log_success "done." $ACTION || log_error "Error! $(cat $ERROROUTPUT)" $ACTION
#===================================================
# log - extract logs
#===================================================
elif [[ "${ACTION}" = "log" ]]; then
log_banner "log option was specified."
now=$(date +"%m_%d_%Y_%H%M")
su $REALUSER -c "journalctl --user -u $SERVICE_NAME_BROKER_USER -S -1h > broker_user_$now.txt" 2> $ERROROUTPUT && log_success "done." $ACTION || log_error "Error! $(cat $ERROROUTPUT)" $ACTION
journalctl --system -u $SERVICE_NAME_BROKER_SYSTEM -S -1h > broker_sys_$now.txt 2> $ERROROUTPUT && log_success "done." $ACTION || log_error "Error! $(cat $ERROROUTPUT)" $ACTION
su $REALUSER -c "journalctl --user -u $SERVICE_NAME_INTUNE -S -1h > intune_user_$now.txt" 2> $ERROROUTPUT && log_success "done." $ACTION || log_error "Error! $(cat $ERROROUTPUT)" $ACTION
journalctl --system -u $SERVICE_NAME_INTUNE -S -1h > intune_sys_$now.txt 2> $ERROROUTPUT && log_success "done." $ACTION || log_error "Error! $(cat $ERROROUTPUT)" $ACTION
su $REALUSER -c "journalctl --user -u $SERVICE_NAME_EDGE -S -1h > edge_user_$now.txt" 2> $ERROROUTPUT && log_success "done." $ACTION || log_error "Error! $(cat $ERROROUTPUT)" $ACTION
journalctl --system -u $SERVICE_NAME_EDGE -S -1h > edge_$now.txt 2> $ERROROUTPUT && log_success "done." $ACTION || log_error "Error! $(cat $ERROROUTPUT)" $ACTION
#===================================================
# UNINSTALL
#===================================================
elif [[ "${ACTION}" = "remove" ]]; then
log_banner "Uninstall option was specified."
# CLEAN Identity Service
if [[ "${TARGET}" = "broker" ]] || [[ -z "$TARGET" ]]; then
log_banner "Uninstalling JavaBroker components...."
uninstall_app $PACKAGE_NAME_BROKER
log_success "Uninstalling Javabroker is done." $ACTION
fi
# CLEAN Intune
if [[ "${TARGET}" = "intune" ]] || [[ -z "$TARGET" ]]; then
log_banner "Uninstalling Intune components...."
uninstall_app $PACKAGE_NAME_INTUNE
log_success "Uninstalling Intune is done." $ACTION
fi
#===================================================
# Clean - Remove all configuration
#===================================================
elif [[ "${ACTION}" = "clean" ]]; then
log_banner "Clean option was specified."
#sudo apt-get update
# CLEAN Identity Service
if [[ "${TARGET}" = "broker" ]] || [[ -z "$TARGET" ]]; then
log_banner "Cleaning identity broker configuration...."
stop_service "$SERVICE_NAME_BROKER_SYSTEM"
stop_service "$SERVICE_NAME_BROKER_USER"
# clean_service_config $SERVICE_NAME_BROKER_SYSTEM
# clean_service_config $SERVICE_NAME_BROKER_USER
remove_broker_config
log_success "Cleaning of Identity Broker is done." $ACTION
fi
# CLEAN Intune
if [[ "${TARGET}" = "intune" ]] || [[ -z "$TARGET" ]]; then
remove_intune_config
fi
# CLEAN MSEDGE
if [[ "${TARGET}" = "edge" ]] || [[ -z "$TARGET" ]]; then
remove_edge_config
fi
# remove stored secrets
if [[ "${TARGET}" = "secrets" ]] || [[ -z "$TARGET" ]]; then
log_info "Executing: ==> removing secrets from keychain"
log_warning "Running the following command will purge any stored secrets & require re-registration/enrollment."
read -p "Are you sure you want to continue? " -n 1 -r
echo # (optional) move to a new line
if [[ $REPLY =~ ^[Yy]$ ]]
then
install_app "libsecret-tools"
secret-tool search --all name LinuxBrokerRegularUserSecretKey --unlock
secret-tool search --all name LinuxBrokerSystemUserSecretKey --unlock
secret-tool search --all name MSAL --unlock
secret-tool clear name LinuxBrokerRegularUserSecretKey
secret-tool clear name LinuxBrokerSystemUserSecretKey
secret-tool clear name MSAL
log_success "Secret removal is complete." $ACTION
else
log_info "Skipping secret removal."
fi
fi #end of remove stored secrets
# run Autoremove
if [[ "${TARGET}" = "autoremove" ]] || [[ -z "$TARGET" ]]; then
log_info "Executing: ==> sudo apt autoremove"
sudo apt autoremove 2> $ERROROUTPUT && log_success "done." $ACTION || log_error "Error! $(cat $ERROROUTPUT)" $ACTION
fi
# Autoclean clears out the local repository of retrieved package files.
if [[ "${TARGET}" = "autoremove" ]] || [[ -z "$TARGET" ]]; then
log_info "Executing: ==> sudo apt autoclean - Autoclean clears out the local repository of retrieved package files."
sudo apt autoclean
fi
fi #end of clean
log_banner "END OF SCRIPT"
exit $?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment