nox-openclaw-hunter 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +140 -0
- package/bin/nox.js +2 -0
- package/dist/branding.d.ts +39 -0
- package/dist/branding.d.ts.map +1 -0
- package/dist/branding.js +66 -0
- package/dist/branding.js.map +1 -0
- package/dist/cli.d.ts +15 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +94 -0
- package/dist/cli.js.map +1 -0
- package/dist/commands/export.d.ts +21 -0
- package/dist/commands/export.d.ts.map +1 -0
- package/dist/commands/export.js +616 -0
- package/dist/commands/export.js.map +1 -0
- package/dist/commands/index.d.ts +8 -0
- package/dist/commands/index.d.ts.map +1 -0
- package/dist/commands/index.js +8 -0
- package/dist/commands/index.js.map +1 -0
- package/dist/commands/isolate.d.ts +30 -0
- package/dist/commands/isolate.d.ts.map +1 -0
- package/dist/commands/isolate.js +547 -0
- package/dist/commands/isolate.js.map +1 -0
- package/dist/commands/purge.d.ts +22 -0
- package/dist/commands/purge.d.ts.map +1 -0
- package/dist/commands/purge.js +295 -0
- package/dist/commands/purge.js.map +1 -0
- package/dist/commands/scan.d.ts +23 -0
- package/dist/commands/scan.d.ts.map +1 -0
- package/dist/commands/scan.js +155 -0
- package/dist/commands/scan.js.map +1 -0
- package/dist/detector/app-bundle.d.ts +13 -0
- package/dist/detector/app-bundle.d.ts.map +1 -0
- package/dist/detector/app-bundle.js +27 -0
- package/dist/detector/app-bundle.js.map +1 -0
- package/dist/detector/cli-binary.d.ts +12 -0
- package/dist/detector/cli-binary.d.ts.map +1 -0
- package/dist/detector/cli-binary.js +66 -0
- package/dist/detector/cli-binary.js.map +1 -0
- package/dist/detector/config.d.ts +21 -0
- package/dist/detector/config.d.ts.map +1 -0
- package/dist/detector/config.js +337 -0
- package/dist/detector/config.js.map +1 -0
- package/dist/detector/detection-config.d.ts +24 -0
- package/dist/detector/detection-config.d.ts.map +1 -0
- package/dist/detector/detection-config.js +242 -0
- package/dist/detector/detection-config.js.map +1 -0
- package/dist/detector/docker.d.ts +10 -0
- package/dist/detector/docker.d.ts.map +1 -0
- package/dist/detector/docker.js +94 -0
- package/dist/detector/docker.js.map +1 -0
- package/dist/detector/index.d.ts +50 -0
- package/dist/detector/index.d.ts.map +1 -0
- package/dist/detector/index.js +155 -0
- package/dist/detector/index.js.map +1 -0
- package/dist/detector/network.d.ts +34 -0
- package/dist/detector/network.d.ts.map +1 -0
- package/dist/detector/network.js +205 -0
- package/dist/detector/network.js.map +1 -0
- package/dist/detector/process.d.ts +16 -0
- package/dist/detector/process.d.ts.map +1 -0
- package/dist/detector/process.js +47 -0
- package/dist/detector/process.js.map +1 -0
- package/dist/detector/service.d.ts +17 -0
- package/dist/detector/service.d.ts.map +1 -0
- package/dist/detector/service.js +51 -0
- package/dist/detector/service.js.map +1 -0
- package/dist/enforcer/docker-cleaner.d.ts +30 -0
- package/dist/enforcer/docker-cleaner.d.ts.map +1 -0
- package/dist/enforcer/docker-cleaner.js +163 -0
- package/dist/enforcer/docker-cleaner.js.map +1 -0
- package/dist/enforcer/file-remover.d.ts +34 -0
- package/dist/enforcer/file-remover.d.ts.map +1 -0
- package/dist/enforcer/file-remover.js +137 -0
- package/dist/enforcer/file-remover.js.map +1 -0
- package/dist/enforcer/index.d.ts +33 -0
- package/dist/enforcer/index.d.ts.map +1 -0
- package/dist/enforcer/index.js +142 -0
- package/dist/enforcer/index.js.map +1 -0
- package/dist/enforcer/process-killer.d.ts +18 -0
- package/dist/enforcer/process-killer.d.ts.map +1 -0
- package/dist/enforcer/process-killer.js +80 -0
- package/dist/enforcer/process-killer.js.map +1 -0
- package/dist/enforcer/service-stopper.d.ts +23 -0
- package/dist/enforcer/service-stopper.d.ts.map +1 -0
- package/dist/enforcer/service-stopper.js +95 -0
- package/dist/enforcer/service-stopper.js.map +1 -0
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +10 -0
- package/dist/index.js.map +1 -0
- package/dist/isolator/firewall.d.ts +25 -0
- package/dist/isolator/firewall.d.ts.map +1 -0
- package/dist/isolator/firewall.js +114 -0
- package/dist/isolator/firewall.js.map +1 -0
- package/dist/isolator/index.d.ts +63 -0
- package/dist/isolator/index.d.ts.map +1 -0
- package/dist/isolator/index.js +201 -0
- package/dist/isolator/index.js.map +1 -0
- package/dist/isolator/lockdown.d.ts +22 -0
- package/dist/isolator/lockdown.d.ts.map +1 -0
- package/dist/isolator/lockdown.js +401 -0
- package/dist/isolator/lockdown.js.map +1 -0
- package/dist/isolator/quarantine.d.ts +39 -0
- package/dist/isolator/quarantine.d.ts.map +1 -0
- package/dist/isolator/quarantine.js +364 -0
- package/dist/isolator/quarantine.js.map +1 -0
- package/dist/mdm/index.d.ts +93 -0
- package/dist/mdm/index.d.ts.map +1 -0
- package/dist/mdm/index.js +414 -0
- package/dist/mdm/index.js.map +1 -0
- package/dist/mdm/intune.d.ts +69 -0
- package/dist/mdm/intune.d.ts.map +1 -0
- package/dist/mdm/intune.js +409 -0
- package/dist/mdm/intune.js.map +1 -0
- package/dist/mdm/jamf.d.ts +58 -0
- package/dist/mdm/jamf.d.ts.map +1 -0
- package/dist/mdm/jamf.js +441 -0
- package/dist/mdm/jamf.js.map +1 -0
- package/dist/mdm/jumpcloud.d.ts +73 -0
- package/dist/mdm/jumpcloud.d.ts.map +1 -0
- package/dist/mdm/jumpcloud.js +470 -0
- package/dist/mdm/jumpcloud.js.map +1 -0
- package/dist/mdm/templates/detect.ps1.d.ts +30 -0
- package/dist/mdm/templates/detect.ps1.d.ts.map +1 -0
- package/dist/mdm/templates/detect.ps1.js +463 -0
- package/dist/mdm/templates/detect.ps1.js.map +1 -0
- package/dist/mdm/templates/detect.sh.d.ts +30 -0
- package/dist/mdm/templates/detect.sh.d.ts.map +1 -0
- package/dist/mdm/templates/detect.sh.js +474 -0
- package/dist/mdm/templates/detect.sh.js.map +1 -0
- package/dist/mdm/templates/enforce.ps1.d.ts +33 -0
- package/dist/mdm/templates/enforce.ps1.d.ts.map +1 -0
- package/dist/mdm/templates/enforce.ps1.js +681 -0
- package/dist/mdm/templates/enforce.ps1.js.map +1 -0
- package/dist/mdm/templates/enforce.sh.d.ts +33 -0
- package/dist/mdm/templates/enforce.sh.d.ts.map +1 -0
- package/dist/mdm/templates/enforce.sh.js +591 -0
- package/dist/mdm/templates/enforce.sh.js.map +1 -0
- package/dist/platform/darwin.d.ts +6 -0
- package/dist/platform/darwin.d.ts.map +1 -0
- package/dist/platform/darwin.js +192 -0
- package/dist/platform/darwin.js.map +1 -0
- package/dist/platform/index.d.ts +43 -0
- package/dist/platform/index.d.ts.map +1 -0
- package/dist/platform/index.js +27 -0
- package/dist/platform/index.js.map +1 -0
- package/dist/platform/linux.d.ts +6 -0
- package/dist/platform/linux.d.ts.map +1 -0
- package/dist/platform/linux.js +134 -0
- package/dist/platform/linux.js.map +1 -0
- package/dist/platform/windows.d.ts +6 -0
- package/dist/platform/windows.d.ts.map +1 -0
- package/dist/platform/windows.js +134 -0
- package/dist/platform/windows.js.map +1 -0
- package/dist/reporter/console.d.ts +27 -0
- package/dist/reporter/console.d.ts.map +1 -0
- package/dist/reporter/console.js +431 -0
- package/dist/reporter/console.js.map +1 -0
- package/dist/reporter/index.d.ts +11 -0
- package/dist/reporter/index.d.ts.map +1 -0
- package/dist/reporter/index.js +13 -0
- package/dist/reporter/index.js.map +1 -0
- package/dist/reporter/json.d.ts +61 -0
- package/dist/reporter/json.d.ts.map +1 -0
- package/dist/reporter/json.js +75 -0
- package/dist/reporter/json.js.map +1 -0
- package/dist/reporter/webhook.d.ts +57 -0
- package/dist/reporter/webhook.d.ts.map +1 -0
- package/dist/reporter/webhook.js +230 -0
- package/dist/reporter/webhook.js.map +1 -0
- package/dist/types/config.d.ts +116 -0
- package/dist/types/config.d.ts.map +1 -0
- package/dist/types/config.js +6 -0
- package/dist/types/config.js.map +1 -0
- package/dist/types/detection.d.ts +85 -0
- package/dist/types/detection.d.ts.map +1 -0
- package/dist/types/detection.js +5 -0
- package/dist/types/detection.js.map +1 -0
- package/dist/types/enforcement.d.ts +33 -0
- package/dist/types/enforcement.d.ts.map +1 -0
- package/dist/types/enforcement.js +5 -0
- package/dist/types/enforcement.js.map +1 -0
- package/dist/types/index.d.ts +8 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +8 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/isolation.d.ts +55 -0
- package/dist/types/isolation.d.ts.map +1 -0
- package/dist/types/isolation.js +5 -0
- package/dist/types/isolation.js.map +1 -0
- package/dist/utils/exec.d.ts +48 -0
- package/dist/utils/exec.d.ts.map +1 -0
- package/dist/utils/exec.js +103 -0
- package/dist/utils/exec.js.map +1 -0
- package/dist/utils/fs.d.ts +34 -0
- package/dist/utils/fs.d.ts.map +1 -0
- package/dist/utils/fs.js +111 -0
- package/dist/utils/fs.js.map +1 -0
- package/dist/utils/index.d.ts +7 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +7 -0
- package/dist/utils/index.js.map +1 -0
- package/dist/utils/logger.d.ts +14 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +48 -0
- package/dist/utils/logger.js.map +1 -0
- package/docs/intune.md +390 -0
- package/docs/jamf.md +400 -0
- package/docs/jumpcloud.md +510 -0
- package/package.json +65 -0
|
@@ -0,0 +1,409 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Microsoft Intune MDM integration module.
|
|
3
|
+
* Generates Intune-specific deployment scripts and documentation.
|
|
4
|
+
*/
|
|
5
|
+
import { VERSION, COMPANY } from '../branding.js';
|
|
6
|
+
import { generateDetectPowerShellScript, } from './templates/detect.ps1.js';
|
|
7
|
+
import { generateEnforcePowerShellScript, } from './templates/enforce.ps1.js';
|
|
8
|
+
import { generateDetectShellScript, } from './templates/detect.sh.js';
|
|
9
|
+
import { generateEnforceShellScript, } from './templates/enforce.sh.js';
|
|
10
|
+
/**
|
|
11
|
+
* Generate Intune-formatted Windows detection script.
|
|
12
|
+
*/
|
|
13
|
+
export function generateIntuneWindowsDetectScript(options = {}) {
|
|
14
|
+
const scriptOptions = {
|
|
15
|
+
webhookUrl: options.webhookUrl,
|
|
16
|
+
webhookToken: options.webhookToken,
|
|
17
|
+
gatewayPort: options.gatewayPort,
|
|
18
|
+
verbose: options.verbose,
|
|
19
|
+
};
|
|
20
|
+
const baseScript = generateDetectPowerShellScript(scriptOptions);
|
|
21
|
+
const intuneScript = wrapWithIntuneHeader(baseScript, 'detect', 'windows');
|
|
22
|
+
return {
|
|
23
|
+
filename: 'Detect-OpenClaw.ps1',
|
|
24
|
+
content: intuneScript,
|
|
25
|
+
description: 'Intune detection script for OpenClaw AI agent on Windows',
|
|
26
|
+
platform: 'windows',
|
|
27
|
+
runAs: 'system',
|
|
28
|
+
runIn64Bit: true,
|
|
29
|
+
enforceSignature: false,
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Generate Intune-formatted Windows enforcement script.
|
|
34
|
+
*/
|
|
35
|
+
export function generateIntuneWindowsEnforceScript(options = {}) {
|
|
36
|
+
const scriptOptions = {
|
|
37
|
+
webhookUrl: options.webhookUrl,
|
|
38
|
+
webhookToken: options.webhookToken,
|
|
39
|
+
gatewayPort: options.gatewayPort,
|
|
40
|
+
verbose: options.verbose,
|
|
41
|
+
quarantine: options.quarantine,
|
|
42
|
+
};
|
|
43
|
+
const baseScript = generateEnforcePowerShellScript(scriptOptions);
|
|
44
|
+
const intuneScript = wrapWithIntuneHeader(baseScript, 'enforce', 'windows');
|
|
45
|
+
return {
|
|
46
|
+
filename: 'Remediate-OpenClaw.ps1',
|
|
47
|
+
content: intuneScript,
|
|
48
|
+
description: 'Intune remediation script for OpenClaw AI agent removal on Windows',
|
|
49
|
+
platform: 'windows',
|
|
50
|
+
runAs: 'system',
|
|
51
|
+
runIn64Bit: true,
|
|
52
|
+
enforceSignature: false,
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
/**
|
|
56
|
+
* Generate Intune-formatted macOS detection script.
|
|
57
|
+
*/
|
|
58
|
+
export function generateIntuneMacOSDetectScript(options = {}) {
|
|
59
|
+
const scriptOptions = {
|
|
60
|
+
webhookUrl: options.webhookUrl,
|
|
61
|
+
webhookToken: options.webhookToken,
|
|
62
|
+
gatewayPort: options.gatewayPort,
|
|
63
|
+
verbose: options.verbose,
|
|
64
|
+
};
|
|
65
|
+
const baseScript = generateDetectShellScript(scriptOptions);
|
|
66
|
+
const intuneScript = wrapWithIntuneHeader(baseScript, 'detect', 'macos');
|
|
67
|
+
return {
|
|
68
|
+
filename: 'detect-openclaw.sh',
|
|
69
|
+
content: intuneScript,
|
|
70
|
+
description: 'Intune detection script for OpenClaw AI agent on macOS',
|
|
71
|
+
platform: 'macos',
|
|
72
|
+
runAs: 'system',
|
|
73
|
+
runIn64Bit: true,
|
|
74
|
+
enforceSignature: false,
|
|
75
|
+
};
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* Generate Intune-formatted macOS enforcement script.
|
|
79
|
+
*/
|
|
80
|
+
export function generateIntuneMacOSEnforceScript(options = {}) {
|
|
81
|
+
const scriptOptions = {
|
|
82
|
+
webhookUrl: options.webhookUrl,
|
|
83
|
+
webhookToken: options.webhookToken,
|
|
84
|
+
gatewayPort: options.gatewayPort,
|
|
85
|
+
verbose: options.verbose,
|
|
86
|
+
quarantine: options.quarantine,
|
|
87
|
+
};
|
|
88
|
+
const baseScript = generateEnforceShellScript(scriptOptions);
|
|
89
|
+
const intuneScript = wrapWithIntuneHeader(baseScript, 'enforce', 'macos');
|
|
90
|
+
return {
|
|
91
|
+
filename: 'remediate-openclaw.sh',
|
|
92
|
+
content: intuneScript,
|
|
93
|
+
description: 'Intune remediation script for OpenClaw AI agent removal on macOS',
|
|
94
|
+
platform: 'macos',
|
|
95
|
+
runAs: 'system',
|
|
96
|
+
runIn64Bit: true,
|
|
97
|
+
enforceSignature: false,
|
|
98
|
+
};
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
* Wrap script with Intune-specific header.
|
|
102
|
+
*/
|
|
103
|
+
function wrapWithIntuneHeader(script, mode, platform) {
|
|
104
|
+
if (platform === 'windows') {
|
|
105
|
+
const header = `<#
|
|
106
|
+
.SYNOPSIS
|
|
107
|
+
Nox OpenClaw ${mode === 'detect' ? 'Detection' : 'Remediation'} Script for Microsoft Intune
|
|
108
|
+
|
|
109
|
+
.DESCRIPTION
|
|
110
|
+
${mode === 'detect' ? 'Detects' : 'Removes'} OpenClaw AI agent installations.
|
|
111
|
+
Designed for deployment via Microsoft Intune.
|
|
112
|
+
|
|
113
|
+
Generated by nox-openclaw-detector v${VERSION}
|
|
114
|
+
${COMPANY} - https://nox.security
|
|
115
|
+
|
|
116
|
+
.NOTES
|
|
117
|
+
Intune Configuration:
|
|
118
|
+
- Run this script using the logged on credentials: No
|
|
119
|
+
- Enforce script signature check: No
|
|
120
|
+
- Run script in 64-bit PowerShell: Yes
|
|
121
|
+
|
|
122
|
+
Exit Codes:
|
|
123
|
+
${mode === 'detect'
|
|
124
|
+
? '0 = Not detected (compliant)\n 1 = Detected (non-compliant)'
|
|
125
|
+
: '0 = Remediation successful\n 1 = Remediation partially failed\n 3 = Nothing to remediate'}
|
|
126
|
+
#>
|
|
127
|
+
|
|
128
|
+
`;
|
|
129
|
+
// Find the original header and replace it
|
|
130
|
+
const lines = script.split('\n');
|
|
131
|
+
let headerEndIndex = 0;
|
|
132
|
+
for (let i = 0; i < lines.length; i++) {
|
|
133
|
+
if (lines[i].startsWith('#>')) {
|
|
134
|
+
headerEndIndex = i + 1;
|
|
135
|
+
break;
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
return header + lines.slice(headerEndIndex).join('\n');
|
|
139
|
+
}
|
|
140
|
+
else {
|
|
141
|
+
// macOS/Linux - already has appropriate header
|
|
142
|
+
return script;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* Generate Intune Proactive Remediation package definition.
|
|
147
|
+
*/
|
|
148
|
+
export function generateIntuneProactiveRemediation(options = {}) {
|
|
149
|
+
return {
|
|
150
|
+
name: 'Nox OpenClaw Detection and Remediation',
|
|
151
|
+
description: `Detects and optionally removes OpenClaw AI agent installations.
|
|
152
|
+
|
|
153
|
+
Generated by nox-openclaw-detector v${VERSION}
|
|
154
|
+
${COMPANY}`,
|
|
155
|
+
platform: 'windows',
|
|
156
|
+
detectionScript: generateIntuneWindowsDetectScript(options).content,
|
|
157
|
+
remediationScript: generateIntuneWindowsEnforceScript(options).content,
|
|
158
|
+
};
|
|
159
|
+
}
|
|
160
|
+
/**
|
|
161
|
+
* Generate Intune deployment documentation.
|
|
162
|
+
*/
|
|
163
|
+
export function generateIntuneDocumentation() {
|
|
164
|
+
return `# Microsoft Intune Integration Guide
|
|
165
|
+
|
|
166
|
+
## Overview
|
|
167
|
+
|
|
168
|
+
This guide explains how to deploy Nox OpenClaw detection and remediation scripts via Microsoft Intune for fleet-wide management of Windows and macOS devices.
|
|
169
|
+
|
|
170
|
+
Generated by nox-openclaw-detector v${VERSION}
|
|
171
|
+
${COMPANY} - https://nox.security
|
|
172
|
+
|
|
173
|
+
## Prerequisites
|
|
174
|
+
|
|
175
|
+
- Microsoft Intune subscription
|
|
176
|
+
- Azure AD joined or hybrid joined devices
|
|
177
|
+
- Windows 10/11 or macOS 10.15+ managed devices
|
|
178
|
+
- Intune admin access
|
|
179
|
+
|
|
180
|
+
## Quick Start
|
|
181
|
+
|
|
182
|
+
1. Upload scripts to Intune
|
|
183
|
+
2. Create a script deployment policy
|
|
184
|
+
3. (Optional) Set up Proactive Remediation for automated enforcement
|
|
185
|
+
4. Monitor compliance via Intune reports
|
|
186
|
+
|
|
187
|
+
## Windows Deployment
|
|
188
|
+
|
|
189
|
+
### Method 1: Platform Scripts
|
|
190
|
+
|
|
191
|
+
#### Add Detection Script
|
|
192
|
+
|
|
193
|
+
1. Navigate to **Devices > Scripts > Platform scripts > Windows**
|
|
194
|
+
2. Click **+ Add**
|
|
195
|
+
3. Configure Basics:
|
|
196
|
+
- **Name:** Nox OpenClaw Detection
|
|
197
|
+
- **Description:** Detects OpenClaw AI agent installations
|
|
198
|
+
4. Configure Script Settings:
|
|
199
|
+
- Upload \`Detect-OpenClaw.ps1\`
|
|
200
|
+
- **Run this script using the logged on credentials:** No
|
|
201
|
+
- **Enforce script signature check:** No
|
|
202
|
+
- **Run script in 64-bit PowerShell:** Yes
|
|
203
|
+
5. Assign to device groups
|
|
204
|
+
6. Click **Create**
|
|
205
|
+
|
|
206
|
+
#### Add Remediation Script
|
|
207
|
+
|
|
208
|
+
1. Navigate to **Devices > Scripts > Platform scripts > Windows**
|
|
209
|
+
2. Click **+ Add**
|
|
210
|
+
3. Configure Basics:
|
|
211
|
+
- **Name:** Nox OpenClaw Remediation
|
|
212
|
+
- **Description:** Removes OpenClaw AI agent installations
|
|
213
|
+
4. Configure Script Settings:
|
|
214
|
+
- Upload \`Remediate-OpenClaw.ps1\`
|
|
215
|
+
- **Run this script using the logged on credentials:** No
|
|
216
|
+
- **Enforce script signature check:** No
|
|
217
|
+
- **Run script in 64-bit PowerShell:** Yes
|
|
218
|
+
5. Assign to device groups (or use with Proactive Remediation)
|
|
219
|
+
6. Click **Create**
|
|
220
|
+
|
|
221
|
+
### Method 2: Proactive Remediation (Recommended)
|
|
222
|
+
|
|
223
|
+
Proactive Remediation runs detection on a schedule and automatically remediates non-compliant devices.
|
|
224
|
+
|
|
225
|
+
1. Navigate to **Devices > Remediations**
|
|
226
|
+
2. Click **+ Create script package**
|
|
227
|
+
3. Configure Basics:
|
|
228
|
+
- **Name:** Nox OpenClaw Detection and Remediation
|
|
229
|
+
- **Description:** Automatically detects and removes OpenClaw
|
|
230
|
+
- **Publisher:** ${COMPANY}
|
|
231
|
+
4. Configure Settings:
|
|
232
|
+
- **Detection script file:** Upload \`Detect-OpenClaw.ps1\`
|
|
233
|
+
- **Remediation script file:** Upload \`Remediate-OpenClaw.ps1\`
|
|
234
|
+
- **Run this script using the logged on credentials:** No
|
|
235
|
+
- **Enforce script signature check:** No
|
|
236
|
+
- **Run script in 64-bit PowerShell:** Yes
|
|
237
|
+
5. Configure Scope tags (optional)
|
|
238
|
+
6. Configure Assignments:
|
|
239
|
+
- Select target groups
|
|
240
|
+
- **Schedule:** Daily or Every 6 hours (recommended)
|
|
241
|
+
7. Click **Create**
|
|
242
|
+
|
|
243
|
+
## macOS Deployment
|
|
244
|
+
|
|
245
|
+
### Add Shell Scripts
|
|
246
|
+
|
|
247
|
+
1. Navigate to **Devices > Scripts > macOS**
|
|
248
|
+
2. Click **+ Add**
|
|
249
|
+
3. Configure Basics:
|
|
250
|
+
- **Name:** Nox OpenClaw Detection (macOS)
|
|
251
|
+
4. Configure Script Settings:
|
|
252
|
+
- Upload \`detect-openclaw.sh\`
|
|
253
|
+
- **Run script as signed-in user:** No
|
|
254
|
+
- **Hide script notifications on devices:** Yes
|
|
255
|
+
- **Script frequency:** Daily
|
|
256
|
+
- **Max number of times to retry:** 3
|
|
257
|
+
5. Assign to device groups
|
|
258
|
+
6. Click **Create**
|
|
259
|
+
|
|
260
|
+
Repeat for the remediation script.
|
|
261
|
+
|
|
262
|
+
## Compliance Policy (Optional)
|
|
263
|
+
|
|
264
|
+
Create a compliance policy to mark devices with OpenClaw as non-compliant:
|
|
265
|
+
|
|
266
|
+
1. Navigate to **Devices > Compliance policies**
|
|
267
|
+
2. Click **+ Create Policy**
|
|
268
|
+
3. Select platform (Windows or macOS)
|
|
269
|
+
4. Configure settings based on custom script results
|
|
270
|
+
5. Set actions for non-compliance:
|
|
271
|
+
- Send email notification
|
|
272
|
+
- Mark device non-compliant
|
|
273
|
+
- Block access to corporate resources
|
|
274
|
+
|
|
275
|
+
## Monitoring and Reporting
|
|
276
|
+
|
|
277
|
+
### Script Status
|
|
278
|
+
|
|
279
|
+
1. Navigate to **Devices > Monitor > Device script status**
|
|
280
|
+
2. Filter by script name to see execution results
|
|
281
|
+
|
|
282
|
+
### Proactive Remediation Reports
|
|
283
|
+
|
|
284
|
+
1. Navigate to **Reports > Endpoint analytics > Proactive remediations**
|
|
285
|
+
2. Click on your remediation package
|
|
286
|
+
3. View:
|
|
287
|
+
- Detection status
|
|
288
|
+
- Remediation status
|
|
289
|
+
- Devices with issues
|
|
290
|
+
|
|
291
|
+
### Custom Reporting with Log Analytics
|
|
292
|
+
|
|
293
|
+
Export script results to Azure Log Analytics for custom dashboards:
|
|
294
|
+
|
|
295
|
+
\`\`\`kusto
|
|
296
|
+
IntuneDevices
|
|
297
|
+
| where ScriptName == "Nox OpenClaw Detection"
|
|
298
|
+
| where ScriptExitCode == 1
|
|
299
|
+
| project DeviceName, UserPrincipalName, LastCheckIn, ScriptExitCode
|
|
300
|
+
\`\`\`
|
|
301
|
+
|
|
302
|
+
## Exit Codes
|
|
303
|
+
|
|
304
|
+
### Detection Script
|
|
305
|
+
|
|
306
|
+
| Code | Meaning | Intune Status |
|
|
307
|
+
|------|---------|---------------|
|
|
308
|
+
| 0 | Not detected | Compliant |
|
|
309
|
+
| 1 | Detected | Non-compliant (triggers remediation) |
|
|
310
|
+
| 2 | Script error | Error |
|
|
311
|
+
|
|
312
|
+
### Remediation Script
|
|
313
|
+
|
|
314
|
+
| Code | Meaning | Intune Status |
|
|
315
|
+
|------|---------|---------------|
|
|
316
|
+
| 0 | Remediation successful | Success |
|
|
317
|
+
| 1 | Partial failure | With issues |
|
|
318
|
+
| 2 | Script error | Failed |
|
|
319
|
+
| 3 | Nothing to remediate | Success |
|
|
320
|
+
|
|
321
|
+
## Webhook Integration
|
|
322
|
+
|
|
323
|
+
Configure webhooks to send results to your SIEM:
|
|
324
|
+
|
|
325
|
+
1. Edit the script before uploading
|
|
326
|
+
2. Set the webhook URL and token in the configuration section
|
|
327
|
+
3. Or use Intune's built-in Log Analytics integration
|
|
328
|
+
|
|
329
|
+
Webhook payload format:
|
|
330
|
+
\`\`\`json
|
|
331
|
+
{
|
|
332
|
+
"event": "openclaw.detection",
|
|
333
|
+
"version": "1.0",
|
|
334
|
+
"timestamp": "2026-02-03T10:30:00Z",
|
|
335
|
+
"status": "detected",
|
|
336
|
+
"severity": "high",
|
|
337
|
+
"host": {
|
|
338
|
+
"hostname": "DESKTOP-ABC123",
|
|
339
|
+
"os": "Windows",
|
|
340
|
+
"osVersion": "Microsoft Windows NT 10.0.19045.0",
|
|
341
|
+
"arch": "AMD64",
|
|
342
|
+
"user": "jsmith",
|
|
343
|
+
"domain": "CONTOSO"
|
|
344
|
+
},
|
|
345
|
+
"details": "CLI found at C:\\\\Users\\\\jsmith\\\\AppData\\\\Local\\\\Programs\\\\openclaw",
|
|
346
|
+
"source": {
|
|
347
|
+
"tool": "nox-openclaw-detector",
|
|
348
|
+
"version": "${VERSION}",
|
|
349
|
+
"vendor": "${COMPANY}"
|
|
350
|
+
}
|
|
351
|
+
}
|
|
352
|
+
\`\`\`
|
|
353
|
+
|
|
354
|
+
## Troubleshooting
|
|
355
|
+
|
|
356
|
+
### Script Not Running
|
|
357
|
+
|
|
358
|
+
1. Verify device is enrolled and checking in
|
|
359
|
+
2. Check device group assignment
|
|
360
|
+
3. Review Intune Management Extension logs:
|
|
361
|
+
\`%ProgramData%\\Microsoft\\IntuneManagementExtension\\Logs\`
|
|
362
|
+
|
|
363
|
+
### Access Denied Errors
|
|
364
|
+
|
|
365
|
+
1. Verify script runs as SYSTEM (not user)
|
|
366
|
+
2. Check for Conditional Access blocking enrollment
|
|
367
|
+
3. Ensure MDM authority is set correctly
|
|
368
|
+
|
|
369
|
+
### Remediation Not Triggering
|
|
370
|
+
|
|
371
|
+
1. Verify detection script returns exit code 1 for detection
|
|
372
|
+
2. Check remediation script is assigned to package
|
|
373
|
+
3. Review Proactive Remediation schedule
|
|
374
|
+
|
|
375
|
+
## Best Practices
|
|
376
|
+
|
|
377
|
+
1. **Test scripts** in a pilot group before broad deployment
|
|
378
|
+
2. **Use Proactive Remediation** for continuous monitoring
|
|
379
|
+
3. **Enable Log Analytics** for long-term reporting
|
|
380
|
+
4. **Set appropriate schedules** - daily is usually sufficient
|
|
381
|
+
5. **Monitor remediation success** and investigate failures
|
|
382
|
+
|
|
383
|
+
## Support
|
|
384
|
+
|
|
385
|
+
For issues or questions:
|
|
386
|
+
- Email: support@nox.security
|
|
387
|
+
- Documentation: https://docs.nox.security/intune
|
|
388
|
+
`;
|
|
389
|
+
}
|
|
390
|
+
/**
|
|
391
|
+
* Get all Intune exports.
|
|
392
|
+
*/
|
|
393
|
+
export function getIntuneExports(options = {}) {
|
|
394
|
+
return {
|
|
395
|
+
windowsDetectScript: generateIntuneWindowsDetectScript(options),
|
|
396
|
+
windowsEnforceScript: generateIntuneWindowsEnforceScript(options),
|
|
397
|
+
macosDetectScript: generateIntuneMacOSDetectScript(options),
|
|
398
|
+
macosEnforceScript: generateIntuneMacOSEnforceScript(options),
|
|
399
|
+
proactiveRemediation: generateIntuneProactiveRemediation(options),
|
|
400
|
+
documentation: generateIntuneDocumentation(),
|
|
401
|
+
metadata: {
|
|
402
|
+
platform: 'intune',
|
|
403
|
+
displayName: 'Microsoft Intune',
|
|
404
|
+
supportedOS: ['Windows', 'macOS'],
|
|
405
|
+
version: VERSION,
|
|
406
|
+
},
|
|
407
|
+
};
|
|
408
|
+
}
|
|
409
|
+
//# sourceMappingURL=intune.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"intune.js","sourceRoot":"","sources":["../../src/mdm/intune.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EACL,8BAA8B,GAG/B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,+BAA+B,GAGhC,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,yBAAyB,GAE1B,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,0BAA0B,GAE3B,MAAM,2BAA2B,CAAC;AA4BnC;;GAEG;AACH,MAAM,UAAU,iCAAiC,CAAC,UAA+B,EAAE;IACjF,MAAM,aAAa,GAA4B;QAC7C,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC;IAEF,MAAM,UAAU,GAAG,8BAA8B,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,YAAY,GAAG,oBAAoB,CAAC,UAAU,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IAE3E,OAAO;QACL,QAAQ,EAAE,qBAAqB;QAC/B,OAAO,EAAE,YAAY;QACrB,WAAW,EAAE,0DAA0D;QACvE,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,QAAQ;QACf,UAAU,EAAE,IAAI;QAChB,gBAAgB,EAAE,KAAK;KACxB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kCAAkC,CAAC,UAA+B,EAAE;IAClF,MAAM,aAAa,GAA6B;QAC9C,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,UAAU,EAAE,OAAO,CAAC,UAAU;KAC/B,CAAC;IAEF,MAAM,UAAU,GAAG,+BAA+B,CAAC,aAAa,CAAC,CAAC;IAClE,MAAM,YAAY,GAAG,oBAAoB,CAAC,UAAU,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IAE5E,OAAO;QACL,QAAQ,EAAE,wBAAwB;QAClC,OAAO,EAAE,YAAY;QACrB,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,SAAS;QACnB,KAAK,EAAE,QAAQ;QACf,UAAU,EAAE,IAAI;QAChB,gBAAgB,EAAE,KAAK;KACxB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,+BAA+B,CAAC,UAA+B,EAAE;IAC/E,MAAM,aAAa,GAAuB;QACxC,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC;IAEF,MAAM,UAAU,GAAG,yBAAyB,CAAC,aAAa,CAAC,CAAC;IAC5D,MAAM,YAAY,GAAG,oBAAoB,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAEzE,OAAO;QACL,QAAQ,EAAE,oBAAoB;QAC9B,OAAO,EAAE,YAAY;QACrB,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,QAAQ;QACf,UAAU,EAAE,IAAI;QAChB,gBAAgB,EAAE,KAAK;KACxB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gCAAgC,CAAC,UAA+B,EAAE;IAChF,MAAM,aAAa,GAAwB;QACzC,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,UAAU,EAAE,OAAO,CAAC,UAAU;KAC/B,CAAC;IAEF,MAAM,UAAU,GAAG,0BAA0B,CAAC,aAAa,CAAC,CAAC;IAC7D,MAAM,YAAY,GAAG,oBAAoB,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAE1E,OAAO;QACL,QAAQ,EAAE,uBAAuB;QACjC,OAAO,EAAE,YAAY;QACrB,WAAW,EAAE,kEAAkE;QAC/E,QAAQ,EAAE,OAAO;QACjB,KAAK,EAAE,QAAQ;QACf,UAAU,EAAE,IAAI;QAChB,gBAAgB,EAAE,KAAK;KACxB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB,CAAC,MAAc,EAAE,IAA0B,EAAE,QAA6B;IACrG,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG;;mBAEA,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa;;;MAG5D,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;;;0CAGL,OAAO;MAC3C,OAAO;;;;;;;;;MASP,IAAI,KAAK,QAAQ;YACjB,CAAC,CAAC,gEAAgE;YAClE,CAAC,CAAC,gGAAgG;;;CAGvG,CAAC;QACE,0CAA0C;QAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACjC,IAAI,cAAc,GAAG,CAAC,CAAC;QACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,cAAc,GAAG,CAAC,GAAG,CAAC,CAAC;gBACvB,MAAM;YACR,CAAC;QACH,CAAC;QAED,OAAO,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,+CAA+C;QAC/C,OAAO,MAAM,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kCAAkC,CAAC,UAA+B,EAAE;IAClF,OAAO;QACL,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE;;sCAEqB,OAAO;EAC3C,OAAO,EAAE;QACP,QAAQ,EAAE,SAAS;QACnB,eAAe,EAAE,iCAAiC,CAAC,OAAO,CAAC,CAAC,OAAO;QACnE,iBAAiB,EAAE,kCAAkC,CAAC,OAAO,CAAC,CAAC,OAAO;KACvE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B;IACzC,OAAO;;;;;;sCAM6B,OAAO;EAC3C,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBA2Da,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAsHX,OAAO;iBACR,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuCvB,CAAC;AACF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAA+B,EAAE;IAChE,OAAO;QACL,mBAAmB,EAAE,iCAAiC,CAAC,OAAO,CAAC;QAC/D,oBAAoB,EAAE,kCAAkC,CAAC,OAAO,CAAC;QACjE,iBAAiB,EAAE,+BAA+B,CAAC,OAAO,CAAC;QAC3D,kBAAkB,EAAE,gCAAgC,CAAC,OAAO,CAAC;QAC7D,oBAAoB,EAAE,kCAAkC,CAAC,OAAO,CAAC;QACjE,aAAa,EAAE,2BAA2B,EAAE;QAC5C,QAAQ,EAAE;YACR,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,kBAAkB;YAC/B,WAAW,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;YACjC,OAAO,EAAE,OAAO;SACjB;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Jamf Pro MDM integration module.
|
|
3
|
+
* Generates Jamf-specific deployment scripts and documentation.
|
|
4
|
+
*/
|
|
5
|
+
export interface JamfScriptOptions {
|
|
6
|
+
webhookUrl?: string;
|
|
7
|
+
webhookToken?: string;
|
|
8
|
+
gatewayPort?: number;
|
|
9
|
+
verbose?: boolean;
|
|
10
|
+
quarantine?: boolean;
|
|
11
|
+
}
|
|
12
|
+
export interface JamfScript {
|
|
13
|
+
filename: string;
|
|
14
|
+
content: string;
|
|
15
|
+
description: string;
|
|
16
|
+
jamfCategory: string;
|
|
17
|
+
priority: 'Before' | 'After' | 'At Reboot';
|
|
18
|
+
parameters: JamfParameter[];
|
|
19
|
+
}
|
|
20
|
+
export interface JamfParameter {
|
|
21
|
+
number: number;
|
|
22
|
+
label: string;
|
|
23
|
+
description: string;
|
|
24
|
+
required: boolean;
|
|
25
|
+
defaultValue?: string;
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Generate Jamf-formatted detection script.
|
|
29
|
+
*/
|
|
30
|
+
export declare function generateJamfDetectScript(options?: JamfScriptOptions): JamfScript;
|
|
31
|
+
/**
|
|
32
|
+
* Generate Jamf-formatted enforcement script.
|
|
33
|
+
*/
|
|
34
|
+
export declare function generateJamfEnforceScript(options?: JamfScriptOptions): JamfScript;
|
|
35
|
+
/**
|
|
36
|
+
* Generate Jamf Pro extension attribute for inventory.
|
|
37
|
+
*/
|
|
38
|
+
export declare function generateJamfExtensionAttribute(): string;
|
|
39
|
+
/**
|
|
40
|
+
* Generate Jamf deployment documentation.
|
|
41
|
+
*/
|
|
42
|
+
export declare function generateJamfDocumentation(): string;
|
|
43
|
+
/**
|
|
44
|
+
* Get all Jamf exports.
|
|
45
|
+
*/
|
|
46
|
+
export declare function getJamfExports(options?: JamfScriptOptions): {
|
|
47
|
+
detectScript: JamfScript;
|
|
48
|
+
enforceScript: JamfScript;
|
|
49
|
+
extensionAttribute: string;
|
|
50
|
+
documentation: string;
|
|
51
|
+
metadata: {
|
|
52
|
+
platform: string;
|
|
53
|
+
displayName: string;
|
|
54
|
+
supportedOS: string[];
|
|
55
|
+
version: string;
|
|
56
|
+
};
|
|
57
|
+
};
|
|
58
|
+
//# sourceMappingURL=jamf.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jamf.d.ts","sourceRoot":"","sources":["../../src/mdm/jamf.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAcH,MAAM,WAAW,iBAAiB;IAChC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,QAAQ,GAAG,OAAO,GAAG,WAAW,CAAC;IAC3C,UAAU,EAAE,aAAa,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,OAAO,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,GAAE,iBAAsB,GAAG,UAAU,CAoBpF;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,GAAE,iBAAsB,GAAG,UAAU,CAoBrF;AA8HD;;GAEG;AACH,wBAAgB,8BAA8B,IAAI,MAAM,CAoDvD;AAED;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,CAkMlD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,GAAE,iBAAsB;;;;;;;;;;;EAa7D"}
|