Tutorial

Guest User Management on macOS

Manage guest user accounts and secure temporary access across your MacFleet devices using advanced guest user management systems. This tutorial covers guest account configuration, security policies, access monitoring, and comprehensive guest lifecycle management.

Understanding macOS Guest User Management

macOS provides guest user functionality for temporary, secure access:

• defaults - System preferences and configuration management
• Guest User Account - Temporary access without authentication
• Secure Sandbox - Isolated environment for guest sessions
• Automatic Cleanup - Session data removal on logout
• Access Controls - Restrictions and permissions management

Basic Guest User Operations

Enable Guest User Account

#!/bin/bash

# Basic guest user enablement
defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool TRUE

echo "Guest user account enabled successfully"

Enhanced Guest User Configuration

#!/bin/bash

# Comprehensive guest user configuration with security settings
configure_guest_user() {
    echo "=== Comprehensive Guest User Configuration ==="
    
    # Enable guest user
    echo "Enabling guest user account..."
    sudo defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool TRUE
    
    # Configure guest user restrictions
    echo "Configuring guest user security settings..."
    
    # Disable guest user from making system changes
    sudo defaults write /Library/Preferences/com.apple.loginwindow GuestAllowedToChangeNetwork -bool FALSE
    
    # Set guest user home folder restrictions
    sudo defaults write /Library/Preferences/com.apple.loginwindow GuestHomeIsSeparateDisk -bool TRUE
    
    # Configure automatic logout
    sudo defaults write /Library/Preferences/com.apple.loginwindow GuestAutoLogout -int 3600
    
    # Disable guest user from accessing encrypted volumes
    sudo defaults write /Library/Preferences/com.apple.loginwindow GuestCanAccessEncryptedVolumes -bool FALSE
    
    echo "Guest user configuration completed"
}

# Execute comprehensive configuration
configure_guest_user

Guest User Categories

Guest Access Classifications

#!/bin/bash

# Guest user categories for different organizational needs
declare -A GUEST_USER_CATEGORIES=(
    ["lobby_kiosk"]="Public lobby access for visitors and information browsing"
    ["conference_room"]="Meeting room access for presentations and collaboration"
    ["library_station"]="Educational institution public access terminals"
    ["demo_showcase"]="Product demonstration and sales presentation stations"
    ["visitor_workstation"]="Temporary workstations for business visitors"
    ["event_registration"]="Event check-in and registration terminals"
    ["customer_service"]="Customer service and support terminals"
    ["training_lab"]="Training and workshop temporary access"
    ["public_wifi_portal"]="Public WiFi access and terms acceptance"
    ["emergency_access"]="Emergency access stations for staff use"
)

# Security levels for guest access
declare -A SECURITY_LEVELS=(
    ["lobby_kiosk"]="high_restriction"
    ["conference_room"]="medium_restriction"
    ["library_station"]="medium_restriction"
    ["demo_showcase"]="low_restriction"
    ["visitor_workstation"]="high_restriction"
    ["event_registration"]="medium_restriction"
    ["customer_service"]="high_restriction"
    ["training_lab"]="low_restriction"
    ["public_wifi_portal"]="maximum_restriction"
    ["emergency_access"]="minimal_restriction"
)

# Session duration limits
declare -A SESSION_LIMITS=(
    ["lobby_kiosk"]="1800"      # 30 minutes
    ["conference_room"]="10800"  # 3 hours
    ["library_station"]="7200"   # 2 hours
    ["demo_showcase"]="3600"     # 1 hour
    ["visitor_workstation"]="14400" # 4 hours
    ["event_registration"]="900"  # 15 minutes
    ["customer_service"]="1800"   # 30 minutes
    ["training_lab"]="21600"     # 6 hours
    ["public_wifi_portal"]="300"  # 5 minutes
    ["emergency_access"]="unlimited"
)

print_guest_categories() {
    echo "=== Guest User Categories ==="
    for category in "${!GUEST_USER_CATEGORIES[@]}"; do
        echo "Category: $category"
        echo "  Description: ${GUEST_USER_CATEGORIES[$category]}"
        echo "  Security Level: ${SECURITY_LEVELS[$category]}"
        echo "  Session Limit: ${SESSION_LIMITS[$category]} seconds"
        echo ""
    done
}

# Display available categories
print_guest_categories

Guest User Policies

Access Policy Engine

#!/bin/bash

# Guest user management policies for different security requirements
declare -A GUEST_POLICIES=(
    ["public_access_secure"]="Secure public access with maximum restrictions"
    ["business_visitor_standard"]="Standard business visitor access with monitoring"
    ["educational_open"]="Educational environment with learning-focused access"
    ["demo_presentation"]="Demonstration and presentation optimized access"
    ["emergency_minimal"]="Emergency access with minimal restrictions"
    ["compliance_strict"]="Strict compliance with full audit and monitoring"
)

# Policy configurations
get_guest_policy() {
    local policy_type="$1"
    
    case "$policy_type" in
        "public_access_secure")
            cat << EOF
{
    "guest_enabled": true,
    "session_timeout": 1800,
    "network_access": false,
    "file_downloads": false,
    "usb_access": false,
    "printing_allowed": false,
    "applications_allowed": ["Safari", "TextEdit", "Preview"],
    "system_preferences_access": false,
    "auto_logout_enabled": true,
    "session_monitoring": "comprehensive",
    "data_retention": "none",
    "audit_logging": "detailed",
    "password_protection": false,
    "screen_sharing_disabled": true,
    "remote_management_disabled": true
}
EOF
            ;;
        "business_visitor_standard")
            cat << EOF
{
    "guest_enabled": true,
    "session_timeout": 14400,
    "network_access": true,
    "file_downloads": true,
    "usb_access": false,
    "printing_allowed": true,
    "applications_allowed": ["Safari", "TextEdit", "Preview", "Mail", "Calendar"],
    "system_preferences_access": false,
    "auto_logout_enabled": true,
    "session_monitoring": "standard",
    "data_retention": "session_only",
    "audit_logging": "standard",
    "password_protection": false,
    "screen_sharing_disabled": true,
    "remote_management_disabled": true,
    "file_sharing_restrictions": true
}
EOF
            ;;
        "compliance_strict")
            cat << EOF
{
    "guest_enabled": true,
    "session_timeout": 3600,
    "network_access": true,
    "file_downloads": false,
    "usb_access": false,
    "printing_allowed": false,
    "applications_allowed": ["Safari"],
    "system_preferences_access": false,
    "auto_logout_enabled": true,
    "session_monitoring": "comprehensive",
    "data_retention": "none",
    "audit_logging": "comprehensive",
    "password_protection": false,
    "screen_sharing_disabled": true,
    "remote_management_disabled": true,
    "compliance_frameworks": ["hipaa", "gdpr", "sox"],
    "data_encryption": "required",
    "access_logging": "detailed",
    "session_recording": "enabled"
}
EOF
            ;;
        *)
            echo "Unknown guest policy: $policy_type"
            return 1
            ;;
    esac
}

# Apply guest user policy
apply_guest_policy() {
    local policy="$1"
    local config_file="/tmp/guest_policy.json"
    
    echo "Applying guest user policy: $policy"
    
    get_guest_policy "$policy" > "$config_file"
    
    if [[ ! -f "$config_file" ]]; then
        echo "❌ Failed to generate policy configuration"
        return 1
    fi
    
    echo "✅ Guest user policy applied successfully"
    echo "Configuration: $config_file"
    
    # Display key policy settings
    echo "=== Policy Summary ==="
    echo "Guest Enabled: $(jq -r '.guest_enabled' "$config_file")"
    echo "Session Timeout: $(jq -r '.session_timeout' "$config_file") seconds"
    echo "Network Access: $(jq -r '.network_access' "$config_file")"
    echo "Session Monitoring: $(jq -r '.session_monitoring' "$config_file")"
    echo "Audit Logging: $(jq -r '.audit_logging' "$config_file")"
    
    # Apply actual guest settings
    apply_guest_settings "$config_file"
    
    return 0
}

# Apply guest settings
apply_guest_settings() {
    local config_file="$1"
    
    echo "Applying guest user settings..."
    
    # Extract settings from JSON
    local guest_enabled
    guest_enabled=$(jq -r '.guest_enabled' "$config_file")
    local session_timeout
    session_timeout=$(jq -r '.session_timeout' "$config_file")
    local auto_logout
    auto_logout=$(jq -r '.auto_logout_enabled' "$config_file")
    
    # Apply guest user settings
    sudo defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool "$guest_enabled"
    
    if [[ "$auto_logout" == "true" ]]; then
        sudo defaults write /Library/Preferences/com.apple.loginwindow GuestAutoLogout -int "$session_timeout"
    fi
    
    echo "✅ Guest settings applied successfully"
}

Advanced Guest User Monitoring

Guest Session Analytics

#!/bin/bash

# Comprehensive guest session monitoring and analytics
monitor_guest_sessions() {
    local monitoring_profile="$1"
    local session_report="/tmp/guest_session_$(date +%Y%m%d_%H%M%S).json"
    
    echo "=== Guest Session Monitoring ==="
    echo "Monitoring Profile: $monitoring_profile"
    
    # Initialize session report
    cat > "$session_report" << EOF
{
    "monitoring_profile": "$monitoring_profile",
    "scan_timestamp": "$(date -Iseconds)",
    "hostname": "$(hostname)",
    "guest_status": {},
    "active_sessions": [],
    "session_analytics": {}
}
EOF
    
    # Check guest user status
    echo "Checking guest user status..."
    local guest_enabled
    guest_enabled=$(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false")
    
    local guest_auto_logout
    guest_auto_logout=$(defaults read /Library/Preferences/com.apple.loginwindow GuestAutoLogout 2>/dev/null || echo "0")
    
    # Check for active guest sessions
    echo "Analyzing active sessions..."
    local active_users
    active_users=$(who | grep -v "^$USER" | wc -l | tr -d ' ')
    
    local guest_sessions
    guest_sessions=$(who | grep "Guest" | wc -l | tr -d ' ')
    
    # Monitor session activity
    echo "Monitoring session activity..."
    local login_history
    login_history=$(last | grep "Guest" | head -10)
    
    # Update session report
    jq --arg guest_enabled "$guest_enabled" \
       --argjson guest_auto_logout "$guest_auto_logout" \
       --argjson active_users "$active_users" \
       --argjson guest_sessions "$guest_sessions" \
       '.guest_status = {
          "enabled": ($guest_enabled == "1"),
          "auto_logout_seconds": $guest_auto_logout,
          "active_users": $active_users,
          "active_guest_sessions": $guest_sessions
        }' "$session_report" > "${session_report}.tmp" && mv "${session_report}.tmp" "$session_report"
    
    # Session analytics
    local total_guest_logins
    total_guest_logins=$(last | grep "Guest" | wc -l | tr -d ' ')
    
    local avg_session_duration="unknown"
    if [[ $total_guest_logins -gt 0 ]]; then
        # Calculate average session duration (simplified)
        avg_session_duration="estimated"
    fi
    
    # Display results
    echo ""
    echo "Guest Session Analysis Results:"
    echo "  Guest User Enabled: $([ "$guest_enabled" = "1" ] && echo "✅ YES" || echo "❌ NO")"
    echo "  Auto Logout: ${guest_auto_logout} seconds"
    echo "  Active Users: $active_users"
    echo "  Active Guest Sessions: $guest_sessions"
    echo "  Total Guest Logins (recent): $total_guest_logins"
    echo "  Average Session Duration: $avg_session_duration"
    echo "  Session Report: $session_report"
    
    # Log monitoring activity
    audit_log "Guest session monitoring completed: $monitoring_profile"
    
    return 0
}

Guest User Management System

#!/bin/bash

# MacFleet Guest User Management System
# Comprehensive guest access control, monitoring, and security

# Configuration
CONFIG_DIR="/etc/macfleet/guest"
LOG_FILE="/var/log/macfleet_guest_management.log"
DATA_DIR="/var/data/macfleet/guest"
REPORTS_DIR="/var/reports/macfleet/guest"
AUDIT_LOG="/var/log/macfleet_guest_audit.log"

# Create required directories
create_directories() {
    local directories=("$CONFIG_DIR" "$DATA_DIR" "$REPORTS_DIR")
    
    for dir in "${directories[@]}"; do
        if [[ ! -d "$dir" ]]; then
            sudo mkdir -p "$dir"
            sudo chmod 755 "$dir"
        fi
    done
}

# Logging functions
log_action() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] $1" | tee -a "$LOG_FILE"
}

log_error() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') [ERROR] $1" | tee -a "$LOG_FILE" >&2
}

audit_log() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') [AUDIT] $1" | tee -a "$AUDIT_LOG"
}

# Guest user security enforcement
enforce_guest_security() {
    local security_level="$1"
    
    log_action "Enforcing guest security level: $security_level"
    
    echo "=== Guest User Security Enforcement ==="
    echo "Security Level: $security_level"
    
    case "$security_level" in
        "maximum_restriction")
            echo "Applying maximum security restrictions..."
            
            # Disable network access for guest
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestNetworkAccess -bool FALSE
            
            # Disable removable media access
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestRemovableMediaAccess -bool FALSE
            
            # Disable printing
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestPrintingAccess -bool FALSE
            
            # Set strict application restrictions
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestAllowedApplications -array "Safari"
            
            echo "  ✅ Maximum security restrictions applied"
            ;;
            
        "standard_restriction")
            echo "Applying standard security restrictions..."
            
            # Allow limited network access
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestNetworkAccess -bool TRUE
            
            # Disable removable media access
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestRemovableMediaAccess -bool FALSE
            
            # Allow printing with restrictions
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestPrintingAccess -bool TRUE
            
            echo "  ✅ Standard security restrictions applied"
            ;;
            
        "minimal_restriction")
            echo "Applying minimal security restrictions..."
            
            # Allow network access
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestNetworkAccess -bool TRUE
            
            # Allow removable media with monitoring
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestRemovableMediaAccess -bool TRUE
            
            # Allow printing
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestPrintingAccess -bool TRUE
            
            echo "  ✅ Minimal security restrictions applied"
            ;;
            
        *)
            echo "❌ Unknown security level: $security_level"
            return 1
            ;;
    esac
    
    audit_log "Guest security enforcement completed: $security_level"
    
    return 0
}

# Guest session lifecycle management
manage_guest_lifecycle() {
    local action="$1"
    local parameters="$2"
    
    log_action "Managing guest lifecycle: $action"
    
    case "$action" in
        "cleanup_expired_sessions")
            echo "Cleaning up expired guest sessions..."
            
            # Force logout inactive guest sessions
            pkill -u Guest 2>/dev/null
            
            # Clean guest home directory
            sudo rm -rf /Users/Guest/* 2>/dev/null
            
            echo "  ✅ Expired sessions cleaned up"
            ;;
            
        "reset_guest_environment")
            echo "Resetting guest environment..."
            
            # Reset guest user preferences
            sudo rm -rf /Users/Guest/Library/Preferences/* 2>/dev/null
            
            # Clear guest application data
            sudo rm -rf /Users/Guest/Library/Application\ Support/* 2>/dev/null
            
            # Clear downloads and documents
            sudo rm -rf /Users/Guest/Downloads/* 2>/dev/null
            sudo rm -rf /Users/Guest/Documents/* 2>/dev/null
            
            echo "  ✅ Guest environment reset"
            ;;
            
        "generate_session_report")
            echo "Generating guest session report..."
            
            local report_file="$REPORTS_DIR/guest_session_report_$(date +%Y%m%d_%H%M%S).json"
            
            # Collect session data
            local session_data
            session_data=$(last | grep "Guest" | head -20)
            
            # Generate report
            cat > "$report_file" << EOF
{
    "report_type": "guest_session_analysis",
    "generated": "$(date -Iseconds)",
    "hostname": "$(hostname)",
    "recent_sessions": "$session_data",
    "guest_status": {
        "enabled": $(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false"),
        "auto_logout": $(defaults read /Library/Preferences/com.apple.loginwindow GuestAutoLogout 2>/dev/null || echo "0")
    }
}
EOF
            
            echo "  ✅ Session report generated: $report_file"
            ;;
            
        *)
            echo "❌ Unknown lifecycle action: $action"
            return 1
            ;;
    esac
    
    return 0
}

# Guest compliance monitoring
monitor_guest_compliance() {
    local compliance_framework="$1"
    
    log_action "Monitoring guest user compliance: $compliance_framework"
    
    echo "=== Guest User Compliance Monitoring ==="
    echo "Framework: $compliance_framework"
    
    local violations=()
    local compliance_score=100
    
    case "$compliance_framework" in
        "security_standard")
            # Check if guest user is properly configured
            local guest_enabled
            guest_enabled=$(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false")
            
            if [[ "$guest_enabled" != "1" && "$guest_enabled" != "true" ]]; then
                violations+=("guest_user_not_properly_configured")
                ((compliance_score -= 20))
            fi
            
            # Check for auto-logout configuration
            local auto_logout
            auto_logout=$(defaults read /Library/Preferences/com.apple.loginwindow GuestAutoLogout 2>/dev/null || echo "0")
            
            if [[ "$auto_logout" == "0" ]]; then
                violations+=("auto_logout_not_configured")
                ((compliance_score -= 15))
            fi
            ;;
            
        "privacy_protection")
            # Check for data retention policies
            if [[ -d "/Users/Guest" && -n "$(ls -A /Users/Guest 2>/dev/null)" ]]; then
                violations+=("guest_data_not_cleaned")
                ((compliance_score -= 25))
            fi
            
            # Check session monitoring
            if [[ ! -f "$AUDIT_LOG" ]]; then
                violations+=("session_monitoring_not_configured")
                ((compliance_score -= 20))
            fi
            ;;
            
        *)
            echo "❌ Unknown compliance framework: $compliance_framework"
            return 1
            ;;
    esac
    
    echo ""
    echo "Compliance Results:"
    echo "  Framework: $compliance_framework"
    echo "  Compliance Score: $compliance_score/100"
    echo "  Violations Found: ${#violations[@]}"
    
    if [[ ${#violations[@]} -gt 0 ]]; then
        echo "  Violations:"
        for violation in "${violations[@]}"; do
            echo "    - $violation"
        done
    else
        echo "  ✅ No violations found"
    fi
    
    audit_log "Guest compliance monitoring completed: $compliance_framework (Score: $compliance_score/100)"
    
    return 0
}

# Main function with command routing
main() {
    local command="$1"
    shift
    
    # Initialize
    create_directories
    
    case "$command" in
        "enable")
            # Enable guest user with basic configuration
            configure_guest_user
            ;;
        "disable")
            # Disable guest user
            sudo defaults write /Library/Preferences/com.apple.loginwindow GuestEnabled -bool FALSE
            echo "Guest user disabled"
            ;;
        "status")
            # Check guest user status
            local status
            status=$(defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled 2>/dev/null || echo "false")
            echo "Guest User Status: $([ "$status" = "1" ] && echo "Enabled" || echo "Disabled")"
            ;;
        "monitor_sessions")
            monitor_guest_sessions "$@"
            ;;
        "apply_policy")
            apply_guest_policy "$@"
            ;;
        "enforce_security")
            enforce_guest_security "$@"
            ;;
        "manage_lifecycle")
            manage_guest_lifecycle "$@"
            ;;
        "compliance_check")
            monitor_guest_compliance "$@"
            ;;
        "show_categories")
            print_guest_categories
            ;;
        "show_policies")
            for policy in public_access_secure business_visitor_standard educational_open demo_presentation emergency_minimal compliance_strict; do
                echo "Policy: $policy"
                get_guest_policy "$policy" | jq .
                echo ""
            done
            ;;
        *)
            echo "MacFleet Guest User Management System"
            echo "Usage: $0 <command> [options]"
            echo ""
            echo "Commands:"
            echo "  enable                                    - Enable guest user with configuration"
            echo "  disable                                   - Disable guest user"
            echo "  status                                    - Check guest user status"
            echo "  monitor_sessions <profile>                - Monitor guest sessions"
            echo "  apply_policy <policy>                     - Apply guest user policy"
            echo "  enforce_security <level>                  - Enforce security restrictions"
            echo "  manage_lifecycle <action>                 - Manage guest lifecycle"
            echo "  compliance_check <framework>              - Check compliance"
            echo "  show_categories                           - Show guest user categories"
            echo "  show_policies                             - Show guest user policies"
            echo ""
            echo "Examples:"
            echo "  $0 enable"
            echo "  $0 apply_policy public_access_secure"
            echo "  $0 enforce_security maximum_restriction"
            echo "  $0 monitor_sessions comprehensive"
            echo "  $0 manage_lifecycle cleanup_expired_sessions"
            echo "  $0 compliance_check security_standard"
            ;;
    esac
}

# Execute main function with all arguments
main "$@"

Security Considerations

Guest User Security

• Session Isolation - Complete isolation of guest sessions from system and user data
• Data Prevention - Prevent data persistence and information leakage
• Network Restrictions - Control network access and external communications
• Application Controls - Restrict available applications and system access
• Monitoring & Auditing - Comprehensive logging of guest activities

Compliance Framework

• Privacy Protection - Ensure guest sessions don't compromise user privacy
• Data Security - Prevent unauthorized access to sensitive information
• Access Controls - Implement proper access restrictions and limitations
• Session Management - Proper session lifecycle and cleanup procedures
• Audit Requirements - Maintain compliance with audit and monitoring standards

Troubleshooting Guide

Common Issues

Guest User Not Appearing

• Verify guest user is enabled: defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled
• Check login window settings in System Preferences
• Restart login window process: sudo killall loginwindow

Guest Session Not Auto-Logging Out

• Verify auto-logout configuration: defaults read /Library/Preferences/com.apple.loginwindow GuestAutoLogout
• Check for running guest processes preventing logout
• Manually force guest logout if needed

Guest User Has Too Much Access

• Review and apply appropriate security policies
• Check application restrictions and system access controls
• Verify network and file access limitations

Diagnostic Commands

# Check guest user status
defaults read /Library/Preferences/com.apple.loginwindow GuestEnabled

# Check auto-logout setting
defaults read /Library/Preferences/com.apple.loginwindow GuestAutoLogout

# List active guest sessions
who | grep Guest

# View guest login history
last | grep Guest

Important Notes

• Data Security - Guest sessions should never have access to sensitive data
• Session Cleanup - Ensure proper cleanup of guest data on logout
• Access Restrictions - Implement appropriate restrictions based on use case
• Monitoring - Maintain logs and monitoring for security and compliance
• Regular Maintenance - Regularly clean up and reset guest environments
• Security Testing - Test guest restrictions to ensure proper isolation

Get Versions of Installed Apps on macOS

Managing a Mac fleet requires keeping track of application versions across all devices. This tutorial shows you how to create and deploy scripts to retrieve application versions on macOS devices remotely.

Why Application Version Tracking Matters

Application version tracking is crucial for:

• Security compliance: Ensuring all devices run supported software versions
• License management: Tracking software deployments and compliance
• Update planning: Identifying devices that need application updates
• Support efficiency: Quickly identifying software versions during troubleshooting
• Inventory management: Maintaining accurate software asset records

Basic Application Version Retrieval

Using mdls Command

The mdls command reads metadata attributes from files, including application version information stored in the kMDItemVersion attribute.

#!/bin/bash

# Basic script to get application versions
applications=("Safari" "Mail" "Calendar" "Notes" "Contacts")
heading_printed=false

for app in "${applications[@]}"; do
    version=$(mdls -name kMDItemVersion "/Applications/${app}.app" 2>/dev/null | grep -o '".*"' | sed 's/"//g')
    
    if [ -z "$version" ]; then
        echo "Unable to retrieve version for ${app}"
    else
        if [ "$heading_printed" = false ]; then
            echo "Application Versions:"
            heading_printed=true
        fi
        echo "${app}: ${version}"
    fi
done

Enhanced Version Script with User Context

For applications installed in user-specific locations, you may need to run the script with user context:

#!/bin/bash

# Enhanced script with user context support
applications=("Safari" "Mail" "Calendar" "Notes" "Contacts" "Xcode" "Final Cut Pro")
current_user=$(whoami)
heading_printed=false

echo "Checking application versions for user: $current_user"
echo "Date: $(date)"
echo "----------------------------------------"

for app in "${applications[@]}"; do
    # Try system Applications folder first
    version=$(mdls -name kMDItemVersion "/Applications/${app}.app" 2>/dev/null | grep -o '".*"' | sed 's/"//g')
    
    # If not found, try user Applications folder
    if [ -z "$version" ]; then
        version=$(mdls -name kMDItemVersion "/Users/$current_user/Applications/${app}.app" 2>/dev/null | grep -o '".*"' | sed 's/"//g')
    fi
    
    if [ -z "$version" ]; then
        echo "❌ Unable to retrieve version for ${app}"
    else
        if [ "$heading_printed" = false ]; then
            echo "Application Versions:"
            heading_printed=true
        fi
        echo "✅ ${app}: ${version}"
    fi
done

Advanced Application Inventory Scripts

Comprehensive Application Scanner

#!/bin/bash

# Comprehensive application version scanner
OUTPUT_FILE="/tmp/app_versions_$(date +%Y%m%d_%H%M%S).txt"
DEVICE_NAME=$(scutil --get ComputerName)
DEVICE_USER=$(whoami)

echo "MacFleet Application Version Report" > "$OUTPUT_FILE"
echo "=====================================" >> "$OUTPUT_FILE"
echo "Device: $DEVICE_NAME" >> "$OUTPUT_FILE"
echo "User: $DEVICE_USER" >> "$OUTPUT_FILE"
echo "Date: $(date)" >> "$OUTPUT_FILE"
echo "macOS Version: $(sw_vers -productVersion)" >> "$OUTPUT_FILE"
echo "" >> "$OUTPUT_FILE"

# Function to get app version and additional info
get_app_info() {
    local app_path="$1"
    local app_name=$(basename "$app_path" .app)
    
    if [ -d "$app_path" ]; then
        local version=$(mdls -name kMDItemVersion "$app_path" 2>/dev/null | grep -o '".*"' | sed 's/"//g')
        local bundle_id=$(mdls -name kMDItemCFBundleIdentifier "$app_path" 2>/dev/null | grep -o '".*"' | sed 's/"//g')
        local size=$(du -sh "$app_path" 2>/dev/null | cut -f1)
        local modified=$(stat -f "%Sm" -t "%Y-%m-%d %H:%M:%S" "$app_path" 2>/dev/null)
        
        if [ -n "$version" ]; then
            echo "Application: $app_name" >> "$OUTPUT_FILE"
            echo "  Version: $version" >> "$OUTPUT_FILE"
            echo "  Bundle ID: $bundle_id" >> "$OUTPUT_FILE"
            echo "  Size: $size" >> "$OUTPUT_FILE"
            echo "  Modified: $modified" >> "$OUTPUT_FILE"
            echo "  Path: $app_path" >> "$OUTPUT_FILE"
            echo "" >> "$OUTPUT_FILE"
        fi
    fi
}

# Scan system Applications folder
echo "System Applications:" >> "$OUTPUT_FILE"
echo "-------------------" >> "$OUTPUT_FILE"
if [ -d "/Applications" ]; then
    for app in /Applications/*.app; do
        get_app_info "$app"
    done
fi

# Scan user Applications folder
echo "User Applications:" >> "$OUTPUT_FILE"
echo "-----------------" >> "$OUTPUT_FILE"
if [ -d "/Users/$DEVICE_USER/Applications" ]; then
    for app in "/Users/$DEVICE_USER/Applications"/*.app; do
        get_app_info "$app"
    done
fi

# Scan Utilities folder
echo "Utilities:" >> "$OUTPUT_FILE"
echo "---------" >> "$OUTPUT_FILE"
if [ -d "/Applications/Utilities" ]; then
    for app in "/Applications/Utilities"/*.app; do
        get_app_info "$app"
    done
fi

echo "Report generated: $OUTPUT_FILE"
echo "Total applications found: $(grep -c "Application:" "$OUTPUT_FILE")"

# Optional: Display the report
cat "$OUTPUT_FILE"

Specific Application Version Checker

#!/bin/bash

# Check specific applications commonly used in enterprise environments
declare -A enterprise_apps=(
    ["Microsoft Word"]="/Applications/Microsoft Word.app"
    ["Microsoft Excel"]="/Applications/Microsoft Excel.app"
    ["Microsoft PowerPoint"]="/Applications/Microsoft PowerPoint.app"
    ["Microsoft Outlook"]="/Applications/Microsoft Outlook.app"
    ["Adobe Photoshop 2024"]="/Applications/Adobe Photoshop 2024/Adobe Photoshop 2024.app"
    ["Adobe Illustrator 2024"]="/Applications/Adobe Illustrator 2024/Adobe Illustrator 2024.app"
    ["Slack"]="/Applications/Slack.app"
    ["Zoom"]="/Applications/zoom.us.app"
    ["Google Chrome"]="/Applications/Google Chrome.app"
    ["Firefox"]="/Applications/Firefox.app"
    ["Visual Studio Code"]="/Applications/Visual Studio Code.app"
    ["Docker Desktop"]="/Applications/Docker.app"
    ["Xcode"]="/Applications/Xcode.app"
)

echo "Application Version Check"
echo "==================================="
echo "Device: $(scutil --get ComputerName)"
echo "Date: $(date)"
echo ""

for app_name in "${!enterprise_apps[@]}"; do
    app_path="${enterprise_apps[$app_name]}"
    
    if [ -d "$app_path" ]; then
        version=$(mdls -name kMDItemVersion "$app_path" 2>/dev/null | grep -o '".*"' | sed 's/"//g')
        bundle_id=$(mdls -name kMDItemCFBundleIdentifier "$app_path" 2>/dev/null | grep -o '".*"' | sed 's/"//g')
        
        if [ -n "$version" ]; then
            echo "✅ $app_name: $version"
            echo "   Bundle ID: $bundle_id"
        else
            echo "⚠️  $app_name: Installed but version unavailable"
        fi
    else
        echo "❌ $app_name: Not installed"
    fi
done

# Check for critical security applications
echo ""
echo "Security Applications:"
echo "--------------------"
security_apps=("Antivirus One" "Malwarebytes" "CleanMyMac" "Little Snitch")

for app in "${security_apps[@]}"; do
    if [ -d "/Applications/${app}.app" ]; then
        version=$(mdls -name kMDItemVersion "/Applications/${app}.app" 2>/dev/null | grep -o '".*"' | sed 's/"//g')
        echo "✅ $app: ${version:-Version unavailable}"
    else
        echo "❌ $app: Not installed"
    fi
done

Remote Deployment Scripts

Multi-Device Version Collection

#!/bin/bash

# Script for collecting application versions from multiple Mac devices
# This script should be deployed to each device and results collected centrally

CENTRAL_SERVER="your-macfleet-server.com"
DEVICE_ID=$(system_profiler SPHardwareDataType | grep "Serial Number" | awk '{print $4}')
REPORT_FILE="/tmp/device_app_report_${DEVICE_ID}.json"

# Create JSON report
create_json_report() {
    local device_name=$(scutil --get ComputerName)
    local device_user=$(whoami)
    local os_version=$(sw_vers -productVersion)
    local timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
    
    cat > "$REPORT_FILE" << EOF
{
  "device_info": {
    "device_id": "$DEVICE_ID",
    "device_name": "$device_name",
    "user": "$device_user",
    "os_version": "$os_version",
    "timestamp": "$timestamp"
  },
  "applications": [
EOF

    local first_app=true
    for app in /Applications/*.app; do
        if [ -d "$app" ]; then
            local app_name=$(basename "$app" .app)
            local version=$(mdls -name kMDItemVersion "$app" 2>/dev/null | grep -o '".*"' | sed 's/"//g')
            local bundle_id=$(mdls -name kMDItemCFBundleIdentifier "$app" 2>/dev/null | grep -o '".*"' | sed 's/"//g')
            
            if [ -n "$version" ]; then
                if [ "$first_app" = false ]; then
                    echo "," >> "$REPORT_FILE"
                fi
                
                cat >> "$REPORT_FILE" << EOF
    {
      "name": "$app_name",
      "version": "$version",
      "bundle_id": "$bundle_id",
      "path": "$app"
    }EOF
                first_app=false
            fi
        fi
    done
    
    echo "" >> "$REPORT_FILE"
    echo "  ]" >> "$REPORT_FILE"
    echo "}" >> "$REPORT_FILE"
}

# Create the report
create_json_report

# Display local results
echo "Application version report created: $REPORT_FILE"
echo "Device ID: $DEVICE_ID"
echo "Total applications: $(grep -c '"name":' "$REPORT_FILE")"

# Optional: Send to central server (uncomment if needed)
# curl -X POST -H "Content-Type: application/json" -d @"$REPORT_FILE" "https://$CENTRAL_SERVER/api/device-reports"

Automated Version Monitoring

#!/bin/bash

# Automated application version monitoring with alerting
ALERT_THRESHOLD_DAYS=30
LOG_FILE="/var/log/macfleet_app_monitor.log"
ALERT_FILE="/tmp/app_version_alerts.txt"

# Function to log messages
log_message() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}

# Function to check if app needs update
check_app_age() {
    local app_path="$1"
    local app_name=$(basename "$app_path" .app)
    local modified_date=$(stat -f "%Sm" -t "%Y-%m-%d" "$app_path" 2>/dev/null)
    
    if [ -n "$modified_date" ]; then
        local days_old=$(( ($(date +%s) - $(date -j -f "%Y-%m-%d" "$modified_date" +%s)) / 86400 ))
        
        if [ $days_old -gt $ALERT_THRESHOLD_DAYS ]; then
            echo "⚠️  $app_name: Last modified $days_old days ago ($modified_date)" >> "$ALERT_FILE"
            log_message "ALERT: $app_name is $days_old days old"
        fi
    fi
}

# Initialize alert file
echo "MacFleet Application Age Alerts" > "$ALERT_FILE"
echo "================================" >> "$ALERT_FILE"
echo "Generated: $(date)" >> "$ALERT_FILE"
echo "Threshold: $ALERT_THRESHOLD_DAYS days" >> "$ALERT_FILE"
echo "" >> "$ALERT_FILE"

log_message "Starting application version monitoring"

# Check critical applications
critical_apps=("Safari" "Mail" "Calendar" "Microsoft Word" "Microsoft Excel" "Google Chrome" "Slack" "Zoom")

for app in "${critical_apps[@]}"; do
    if [ -d "/Applications/${app}.app" ]; then
        check_app_age "/Applications/${app}.app"
        
        version=$(mdls -name kMDItemVersion "/Applications/${app}.app" 2>/dev/null | grep -o '".*"' | sed 's/"//g')
        log_message "Checked $app: Version $version"
    else
        log_message "WARNING: $app not found"
    fi
done

# Display alerts if any
if [ -s "$ALERT_FILE" ] && [ $(wc -l < "$ALERT_FILE") -gt 4 ]; then
    echo "⚠️  Application age alerts found:"
    cat "$ALERT_FILE"
    
    # Optional: Send alerts via email or notification service
    # mail -s "MacFleet App Version Alerts - $(hostname)" admin@yourcompany.com < "$ALERT_FILE"
fi

log_message "Application version monitoring completed"

Best Practices for Mac Fleet Management

1. Regular Monitoring

• Schedule version checks weekly or bi-weekly
• Monitor critical business applications more frequently
• Track both system and user-installed applications

2. Version Standardization

• Maintain approved application version lists
• Create policies for automatic updates
• Document version compatibility requirements

3. Security Considerations

• Prioritize security updates for all applications
• Monitor for applications with known vulnerabilities
• Implement approval workflows for major version updates

4. Reporting and Analytics

• Generate regular compliance reports
• Track update deployment success rates
• Monitor application usage patterns

5. Automation Integration

• Integrate with configuration management tools
• Automate routine version checks
• Set up alerts for version discrepancies

Troubleshooting Common Issues

Issue: mdls Command Not Found

# Verify command availability
which mdls
# If not found, check system integrity
sudo /usr/bin/mdutil -i on /

Issue: Permission Denied

# Run with appropriate permissions
sudo -u [username] mdls -name kMDItemVersion "/Applications/AppName.app"

Issue: Version Information Unavailable

# Try alternative methods
defaults read "/Applications/AppName.app/Contents/Info.plist" CFBundleShortVersionString
plutil -p "/Applications/AppName.app/Contents/Info.plist" | grep -i version

Issue: Applications in Non-Standard Locations

# Search for applications system-wide
find /Applications /Users/*/Applications -name "*.app" -type d 2>/dev/null

Conclusion

Application version tracking is essential for maintaining a secure and compliant Mac fleet. These scripts provide a foundation for:

• Automated version discovery and reporting
• Compliance monitoring and alerting
• Security vulnerability assessment
• Software asset management

Regular implementation of these monitoring practices will help ensure your Mac fleet remains secure, compliant, and properly managed.

For more advanced Mac fleet management capabilities, consider integrating these scripts with your existing configuration management and monitoring tools.

Get Application Path on macOS

Learn how to find and retrieve application installation paths on Mac devices using scripts. This is essential for application management, script deployment, and allowlist/blocklist configuration.

Basic App Path Finder

Find the path of an application using its bundle identifier:

#!/bin/bash

# Specify the bundle ID
BUNDLE_ID="com.apple.Safari"

# Find app path using mdfind
APP_PATH=$(mdfind "kMDItemCFBundleIdentifier=='${BUNDLE_ID}'")

if [[ -n "$APP_PATH" ]]; then
    echo "Application path: $APP_PATH"
else
    echo "Application not found: $BUNDLE_ID"
fi

Enhanced Path Discovery

Script with validation and multiple search methods:

#!/bin/bash

# Function to find app path
find_app_path() {
    local bundle_id="$1"
    
    # Method 1: Use mdfind with bundle identifier
    local app_path=$(mdfind "kMDItemCFBundleIdentifier=='${bundle_id}'" | head -1)
    
    if [[ -n "$app_path" && -d "$app_path" ]]; then
        echo "$app_path"
        return 0
    fi
    
    # Method 2: Search common directories
    local common_paths=(
        "/Applications"
        "/System/Applications"
        "/Applications/Utilities"
        "/System/Library/CoreServices"
    )
    
    for path in "${common_paths[@]}"; do
        if [[ -d "$path" ]]; then
            local found=$(find "$path" -name "*.app" -maxdepth 2 -exec defaults read {}/Contents/Info.plist CFBundleIdentifier \; -print 2>/dev/null | grep -B1 "^${bundle_id}$" | grep "\.app$")
            if [[ -n "$found" ]]; then
                echo "$found"
                return 0
            fi
        fi
    done
    
    return 1
}

# Example usage
BUNDLE_ID="${1:-com.apple.Safari}"

echo "Searching for application: $BUNDLE_ID"

if APP_PATH=$(find_app_path "$BUNDLE_ID"); then
    echo "Found application at: $APP_PATH"
    
    # Get additional info
    APP_NAME=$(defaults read "$APP_PATH/Contents/Info.plist" CFBundleName 2>/dev/null)
    APP_VERSION=$(defaults read "$APP_PATH/Contents/Info.plist" CFBundleShortVersionString 2>/dev/null)
    
    echo "Application Name: ${APP_NAME:-Unknown}"
    echo "Version: ${APP_VERSION:-Unknown}"
else
    echo "Application not found: $BUNDLE_ID"
    exit 1
fi

Multiple App Path Finder

Find paths for multiple applications at once:

#!/bin/bash

# Array of bundle IDs to search for
BUNDLE_IDS=(
    "com.apple.Safari"
    "com.apple.finder"
    "com.apple.systempreferences"
    "com.microsoft.Excel"
    "com.adobe.Photoshop"
)

# Function to find app path
find_app_path() {
    local bundle_id="$1"
    mdfind "kMDItemCFBundleIdentifier=='${bundle_id}'" | head -1
}

echo "=== Application Path Report ==="
echo "Generated: $(date)"
echo "Device: $(hostname)"
echo "================================"

for bundle_id in "${BUNDLE_IDS[@]}"; do
    echo "Searching: $bundle_id"
    
    app_path=$(find_app_path "$bundle_id")
    
    if [[ -n "$app_path" && -d "$app_path" ]]; then
        echo "  ✓ Found: $app_path"
        
        # Get app version if available
        version=$(defaults read "$app_path/Contents/Info.plist" CFBundleShortVersionString 2>/dev/null)
        if [[ -n "$version" ]]; then
            echo "  📦 Version: $version"
        fi
    else
        echo "  ✗ Not found"
    fi
    echo
done

Bundle ID Discovery

Find bundle IDs of installed applications:

#!/bin/bash

echo "=== Installed Applications Bundle IDs ==="

# Search in common application directories
SEARCH_PATHS=(
    "/Applications"
    "/System/Applications"
    "/Applications/Utilities"
)

for search_path in "${SEARCH_PATHS[@]}"; do
    if [[ -d "$search_path" ]]; then
        echo "Scanning: $search_path"
        
        find "$search_path" -name "*.app" -maxdepth 2 | while read app_path; do
            app_name=$(basename "$app_path" .app)
            bundle_id=$(defaults read "$app_path/Contents/Info.plist" CFBundleIdentifier 2>/dev/null)
            
            if [[ -n "$bundle_id" ]]; then
                echo "  $app_name -> $bundle_id"
            fi
        done
        echo
    fi
done

Usage with MacFleet

1. Modify the BUNDLE_ID variable with your target application
2. For multiple apps, update the BUNDLE_IDS array
3. Deploy through MacFleet's remote script execution
4. View results in the action history

Common Bundle IDs

Application	Bundle ID
Safari	com.apple.Safari
Finder	com.apple.finder
System Preferences	com.apple.systempreferences
Microsoft Word	com.microsoft.Word
Google Chrome	com.google.Chrome
Firefox	org.mozilla.firefox
Slack	com.tinyspeck.slackmacgap
Zoom	us.zoom.xos

Troubleshooting

No results found: Verify the bundle ID is correct and application is installed Multiple paths returned: Use head -1 to get the first result or filter by specific location Permission denied: Ensure script has necessary file system access permissions

---

Note: Bundle IDs are case-sensitive. Use the exact format as provided by the application developer.

Foreground Application Monitoring on macOS

Monitor and manage foreground applications across your MacFleet devices using advanced AppleScript and system monitoring tools. This tutorial covers application tracking, productivity analysis, security monitoring, and enterprise application lifecycle management.

Understanding macOS Application Monitoring

macOS provides several methods for application monitoring and management:

• AppleScript - Automation language for application control and monitoring
• System Events - System-level process and application information
• Activity Monitor - Real-time application and resource monitoring
• Finder Integration - Application visibility and state management

Basic Foreground Application Detection

Simple Application List

#!/bin/bash

# Basic script to fetch foreground applications
osascript <<EOF
tell application "Finder"
    set visibleProcesses to name of every process whose visible is true
    return visibleProcesses
end tell
EOF

echo "Foreground applications retrieved successfully"

Enhanced Application Information

#!/bin/bash

# Enhanced foreground application monitoring with detailed information
get_foreground_applications() {
    osascript <<EOF
tell application "System Events"
    set foregroundApps to {}
    set visibleProcesses to every process whose visible is true
    
    repeat with aProcess in visibleProcesses
        set appName to name of aProcess
        set appPID to unix id of aProcess
        try
            set appPath to POSIX path of (file of aProcess as alias)
        on error
            set appPath to "N/A"
        end try
        
        set appInfo to appName & "|" & appPID & "|" & appPath
        set foregroundApps to foregroundApps & {appInfo}
    end repeat
    
    return foregroundApps
end tell
EOF
}

# Execute and format output
echo "=== Foreground Applications ==="
get_foreground_applications | tr ',' '\n' | while read -r app_info; do
    if [[ -n "$app_info" ]]; then
        IFS='|' read -r name pid path <<< "$app_info"
        echo "Application: $name"
        echo "  PID: $pid"
        echo "  Path: $path"
        echo ""
    fi
done

Application Monitoring Categories

Application Type Classifications

#!/bin/bash

# Enterprise application categories for monitoring and policy enforcement
declare -A APPLICATION_CATEGORIES=(
    ["productivity_apps"]="Office suites, document editors, project management tools"
    ["development_tools"]="IDEs, code editors, development environments, version control"
    ["communication_apps"]="Email clients, messaging, video conferencing, collaboration"
    ["creative_software"]="Design tools, media editing, creative applications"
    ["browser_applications"]="Web browsers, internet-based applications"
    ["system_utilities"]="System tools, maintenance applications, security software"
    ["entertainment_media"]="Games, streaming, social media, entertainment platforms"
    ["financial_software"]="Accounting, finance, banking, payment applications"
    ["security_tools"]="Antivirus, VPN, security monitoring, encryption tools"
    ["unauthorized_apps"]="Non-approved, potentially harmful, or restricted applications"
)

# Application risk levels
declare -A RISK_LEVELS=(
    ["productivity_apps"]="low"
    ["development_tools"]="medium"
    ["communication_apps"]="low"
    ["creative_software"]="medium"
    ["browser_applications"]="medium"
    ["system_utilities"]="high"
    ["entertainment_media"]="high"
    ["financial_software"]="medium"
    ["security_tools"]="low"
    ["unauthorized_apps"]="critical"
)

# Business impact classifications
declare -A BUSINESS_IMPACT=(
    ["productivity_apps"]="high_positive"
    ["development_tools"]="high_positive"
    ["communication_apps"]="high_positive"
    ["creative_software"]="medium_positive"
    ["browser_applications"]="medium_neutral"
    ["system_utilities"]="medium_positive"
    ["entertainment_media"]="high_negative"
    ["financial_software"]="high_positive"
    ["security_tools"]="high_positive"
    ["unauthorized_apps"]="high_negative"
)

print_application_categories() {
    echo "=== Application Monitoring Categories ==="
    for category in "${!APPLICATION_CATEGORIES[@]}"; do
        echo "Category: $category"
        echo "  Description: ${APPLICATION_CATEGORIES[$category]}"
        echo "  Risk Level: ${RISK_LEVELS[$category]}"
        echo "  Business Impact: ${BUSINESS_IMPACT[$category]}"
        echo ""
    done
}

# Display available categories
print_application_categories

Application Monitoring Policies

Monitoring Policy Engine

#!/bin/bash

# Monitoring policies for different organizational requirements
declare -A MONITORING_POLICIES=(
    ["strict_compliance"]="Comprehensive monitoring with real-time alerts and detailed logging"
    ["productivity_focused"]="Focus on productivity metrics and time tracking"
    ["security_priority"]="Emphasis on security threats and unauthorized application detection"
    ["development_optimized"]="Optimized for software development teams and technical workflows"
    ["creative_workflow"]="Tailored for creative teams and design-focused environments"
    ["executive_monitoring"]="High-level monitoring for executive and leadership teams"
    ["guest_restricted"]="Limited monitoring for guest and temporary access accounts"
)

# Policy configurations
get_monitoring_policy() {
    local policy_type="$1"
    
    case "$policy_type" in
        "strict_compliance")
            cat << EOF
{
    "monitoring_frequency": "continuous",
    "data_retention": "365_days",
    "alert_threshold": "immediate",
    "logging_level": "comprehensive",
    "screenshot_capture": true,
    "productivity_tracking": true,
    "security_scanning": true,
    "compliance_reporting": ["sox", "hipaa", "gdpr", "pci_dss"],
    "real_time_alerts": true,
    "application_blocking": true,
    "time_restrictions": true,
    "approval_workflow": true
}
EOF
            ;;
        "productivity_focused")
            cat << EOF
{
    "monitoring_frequency": "5_minutes",
    "data_retention": "90_days",
    "alert_threshold": "moderate",
    "logging_level": "productivity_metrics",
    "screenshot_capture": false,
    "productivity_tracking": true,
    "security_scanning": false,
    "compliance_reporting": ["time_tracking"],
    "real_time_alerts": false,
    "application_blocking": false,
    "time_restrictions": false,
    "approval_workflow": false,
    "focus_metrics": ["active_time", "app_usage", "productivity_score"]
}
EOF
            ;;
        "security_priority")
            cat << EOF
{
    "monitoring_frequency": "continuous",
    "data_retention": "180_days",
    "alert_threshold": "high",
    "logging_level": "security_focused",
    "screenshot_capture": true,
    "productivity_tracking": false,
    "security_scanning": true,
    "compliance_reporting": ["security_incidents"],
    "real_time_alerts": true,
    "application_blocking": true,
    "time_restrictions": true,
    "approval_workflow": true,
    "threat_detection": ["malware", "unauthorized_apps", "data_exfiltration"],
    "behavioral_analysis": true
}
EOF
            ;;
        *)
            echo "Unknown monitoring policy: $policy_type"
            return 1
            ;;
    esac
}

# Apply monitoring policy
apply_monitoring_policy() {
    local policy="$1"
    local config_file="/tmp/monitoring_policy.json"
    
    echo "Applying monitoring policy: $policy"
    
    get_monitoring_policy "$policy" > "$config_file"
    
    if [[ ! -f "$config_file" ]]; then
        echo "❌ Failed to generate policy configuration"
        return 1
    fi
    
    echo "✅ Monitoring policy applied successfully"
    echo "Configuration: $config_file"
    
    # Display key policy settings
    echo "=== Policy Summary ==="
    echo "Monitoring Frequency: $(jq -r '.monitoring_frequency' "$config_file")"
    echo "Data Retention: $(jq -r '.data_retention' "$config_file")"
    echo "Alert Threshold: $(jq -r '.alert_threshold' "$config_file")"
    echo "Real-time Alerts: $(jq -r '.real_time_alerts' "$config_file")"
    echo "Application Blocking: $(jq -r '.application_blocking' "$config_file")"
    
    return 0
}

Enterprise Deployment Profiles

Deployment Configuration Templates

#!/bin/bash

# Enterprise deployment profiles for different organizational scenarios
declare -A DEPLOYMENT_PROFILES=(
    ["corporate_standard"]="Standard corporate deployment with balanced monitoring and productivity"
    ["high_security_finance"]="High-security monitoring for financial and sensitive departments"
    ["creative_agency"]="Optimized for creative teams with design and media applications"
    ["software_development"]="Development-focused monitoring for engineering teams"
    ["call_center_support"]="Customer service and support team monitoring"
    ["executive_leadership"]="Executive-level monitoring with privacy considerations"
    ["remote_workforce"]="Remote worker monitoring with productivity focus"
    ["guest_contractor"]="Limited monitoring for external contractors and guests"
)

# Profile-specific configurations
get_deployment_config() {
    local profile="$1"
    
    case "$profile" in
        "corporate_standard")
            cat << EOF
{
    "monitoring_policy": "productivity_focused",
    "application_categories": ["productivity_apps", "communication_apps", "browser_applications"],
    "restricted_categories": ["entertainment_media"],
    "monitoring_schedule": "business_hours",
    "productivity_metrics": {
        "enabled": true,
        "daily_reports": true,
        "weekly_summaries": true,
        "goal_tracking": true
    },
    "security_settings": {
        "threat_detection": "standard",
        "unauthorized_app_blocking": true,
        "malware_scanning": true
    },
    "privacy_settings": {
        "screenshot_frequency": "hourly",
        "keystroke_logging": false,
        "personal_app_privacy": true
    },
    "compliance": {
        "data_retention": "90_days",
        "audit_logging": true,
        "reporting_frequency": "weekly"
    }
}
EOF
            ;;
        "high_security_finance")
            cat << EOF
{
    "monitoring_policy": "strict_compliance",
    "application_categories": ["productivity_apps", "financial_software", "communication_apps"],
    "restricted_categories": ["entertainment_media", "unauthorized_apps"],
    "monitoring_schedule": "24_7",
    "productivity_metrics": {
        "enabled": true,
        "real_time_tracking": true,
        "detailed_analytics": true,
        "compliance_scoring": true
    },
    "security_settings": {
        "threat_detection": "advanced",
        "unauthorized_app_blocking": true,
        "malware_scanning": true,
        "data_loss_prevention": true,
        "encryption_verification": true
    },
    "privacy_settings": {
        "screenshot_frequency": "continuous",
        "keystroke_logging": true,
        "personal_app_privacy": false,
        "session_recording": true
    },
    "compliance": {
        "data_retention": "2555_days",
        "audit_logging": true,
        "reporting_frequency": "daily",
        "frameworks": ["sox", "pci_dss", "nist"]
    }
}
EOF
            ;;
        "creative_agency")
            cat << EOF
{
    "monitoring_policy": "productivity_focused",
    "application_categories": ["creative_software", "productivity_apps", "communication_apps", "browser_applications"],
    "restricted_categories": ["unauthorized_apps"],
    "monitoring_schedule": "flexible_hours",
    "productivity_metrics": {
        "enabled": true,
        "creative_workflow_tracking": true,
        "project_time_allocation": true,
        "inspiration_time_allowance": true
    },
    "security_settings": {
        "threat_detection": "standard",
        "unauthorized_app_blocking": false,
        "malware_scanning": true,
        "creative_software_licensing": true
    },
    "privacy_settings": {
        "screenshot_frequency": "never",
        "keystroke_logging": false,
        "personal_app_privacy": true,
        "creative_process_privacy": true
    },
    "compliance": {
        "data_retention": "60_days",
        "audit_logging": false,
        "reporting_frequency": "monthly",
        "client_confidentiality": true
    }
}
EOF
            ;;
        *)
            echo "Unknown deployment profile: $profile"
            return 1
            ;;
    esac
}

# Deploy profile configuration
deploy_monitoring_profile() {
    local profile="$1"
    local config_file="/tmp/deployment_config_${profile}.json"
    
    echo "Deploying monitoring profile: $profile"
    
    get_deployment_config "$profile" > "$config_file"
    
    if [[ ! -f "$config_file" ]]; then
        echo "❌ Failed to generate deployment configuration"
        return 1
    fi
    
    echo "✅ Deployment profile ready"
    echo "Configuration saved to: $config_file"
    
    # Display profile summary
    echo "=== Profile Summary ==="
    echo "Monitoring Policy: $(jq -r '.monitoring_policy' "$config_file")"
    echo "Monitoring Schedule: $(jq -r '.monitoring_schedule' "$config_file")"
    echo "Security Level: $(jq -r '.security_settings.threat_detection' "$config_file")"
    echo "Privacy Mode: $(jq -r '.privacy_settings.personal_app_privacy' "$config_file")"
    echo "Data Retention: $(jq -r '.compliance.data_retention' "$config_file")"
    
    return 0
}

Enterprise Application Management System

#!/bin/bash

# MacFleet Enterprise Application Monitoring System
# Comprehensive foreground application monitoring and management

# Configuration
CONFIG_DIR="/etc/macfleet/application_monitoring"
LOG_FILE="/var/log/macfleet_app_monitoring.log"
DATA_DIR="/var/data/macfleet/applications"
REPORTS_DIR="/var/reports/macfleet/applications"
AUDIT_LOG="/var/log/macfleet_app_audit.log"
ALERTS_DIR="/var/alerts/macfleet/applications"

# Create required directories
create_directories() {
    local directories=("$CONFIG_DIR" "$DATA_DIR" "$REPORTS_DIR" "$ALERTS_DIR")
    
    for dir in "${directories[@]}"; do
        if [[ ! -d "$dir" ]]; then
            sudo mkdir -p "$dir"
            sudo chmod 755 "$dir"
        fi
    done
}

# Logging functions
log_action() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') [INFO] $1" | tee -a "$LOG_FILE"
}

log_error() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') [ERROR] $1" | tee -a "$LOG_FILE" >&2
}

audit_log() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') [AUDIT] $1" | tee -a "$AUDIT_LOG"
}

# Application database management
initialize_app_database() {
    local db_file="$DATA_DIR/application_database.json"
    
    if [[ ! -f "$db_file" ]]; then
        cat > "$db_file" << EOF
{
    "version": "1.0",
    "created": "$(date -Iseconds)",
    "applications": {},
    "monitoring_sessions": {},
    "productivity_metrics": {},
    "security_events": {}
}
EOF
        log_action "Application database initialized: $db_file"
    fi
}

# Advanced application detection
get_comprehensive_app_info() {
    local output_file="$1"
    local timestamp="$(date -Iseconds)"
    
    # Get foreground applications with detailed information
    osascript <<EOF > "$output_file"
tell application "System Events"
    set appList to {}
    set visibleProcesses to every process whose visible is true
    
    repeat with aProcess in visibleProcesses
        try
            set appName to name of aProcess
            set appPID to unix id of aProcess
            set appMemory to ""
            set appCPU to ""
            set appPath to ""
            set appBundle to ""
            set appVersion to ""
            
            try
                set appPath to POSIX path of (file of aProcess as alias)
            end try
            
            try
                tell application "Finder"
                    set appFile to POSIX file appPath as alias
                    set appBundle to id of (info for appFile)
                    set appVersion to version of (info for appFile)
                end tell
            end try
            
            set appInfo to "{"
            set appInfo to appInfo & "\\"name\\": \\"" & appName & "\\", "
            set appInfo to appInfo & "\\"pid\\": " & appPID & ", "
            set appInfo to appInfo & "\\"path\\": \\"" & appPath & "\\", "
            set appInfo to appInfo & "\\"bundle_id\\": \\"" & appBundle & "\\", "
            set appInfo to appInfo & "\\"version\\": \\"" & appVersion & "\\", "
            set appInfo to appInfo & "\\"timestamp\\": \\"$timestamp\\""
            set appInfo to appInfo & "}"
            
            set appList to appList & {appInfo}
        end try
    end repeat
    
    set AppleScript's text item delimiters to ","
    set result to "[" & (appList as string) & "]"
    set AppleScript's text item delimiters to ""
    
    return result
end tell
EOF
}

# Application categorization and risk assessment
categorize_application() {
    local app_name="$1"
    local app_path="$2"
    local app_bundle="$3"
    
    # Application categorization logic
    case "$app_name" in
        *"Safari"*|*"Chrome"*|*"Firefox"*|*"Edge"*)
            echo "browser_applications"
            ;;
        *"Office"*|*"Word"*|*"Excel"*|*"PowerPoint"*|*"Pages"*|*"Numbers"*|*"Keynote"*)
            echo "productivity_apps"
            ;;
        *"Xcode"*|*"Visual Studio"*|*"IntelliJ"*|*"Eclipse"*|*"Sublime"*|*"Atom"*)
            echo "development_tools"
            ;;
        *"Photoshop"*|*"Illustrator"*|*"Final Cut"*|*"Logic"*|*"Sketch"*|*"Figma"*)
            echo "creative_software"
            ;;
        *"Slack"*|*"Teams"*|*"Zoom"*|*"Skype"*|*"Mail"*|*"Messages"*)
            echo "communication_apps"
            ;;
        *"iTunes"*|*"Spotify"*|*"Netflix"*|*"YouTube"*|*"Game"*|*"Steam"*)
            echo "entertainment_media"
            ;;
        *"Finder"*|*"Terminal"*|*"Activity Monitor"*|*"System Preferences"*)
            echo "system_utilities"
            ;;
        *)
            # Check bundle ID for better categorization
            case "$app_bundle" in
                com.apple.*)
                    echo "system_utilities"
                    ;;
                com.microsoft.*)
                    echo "productivity_apps"
                    ;;
                com.adobe.*)
                    echo "creative_software"
                    ;;
                *)
                    echo "unknown_application"
                    ;;
            esac
            ;;
    esac
}

# Security threat detection
detect_security_threats() {
    local app_data="$1"
    local threats_file="$ALERTS_DIR/security_threats_$(date +%Y%m%d_%H%M%S).json"
    
    echo "=== Security Threat Detection ==="
    echo "Scanning applications for security threats..."
    
    # Known malicious application patterns
    local malicious_patterns=(
        "keylogger"
        "spyware"
        "adware"
        "trojan"
        "backdoor"
        "cryptominer"
        "ransomware"
    )
    
    # Unauthorized application detection
    local unauthorized_apps=()
    local suspicious_apps=()
    
    # Parse application data and check for threats
    while IFS= read -r app_line; do
        if [[ -n "$app_line" ]]; then
            local app_name=$(echo "$app_line" | jq -r '.name' 2>/dev/null)
            local app_path=$(echo "$app_line" | jq -r '.path' 2>/dev/null)
            
            # Check against malicious patterns
            for pattern in "${malicious_patterns[@]}"; do
                if [[ "$app_name" =~ $pattern ]] || [[ "$app_path" =~ $pattern ]]; then
                    suspicious_apps+=("$app_name:$pattern")
                    audit_log "Suspicious application detected: $app_name (pattern: $pattern)"
                fi
            done
            
            # Check for applications in unauthorized locations
            if [[ "$app_path" =~ /tmp/ ]] || [[ "$app_path" =~ /var/tmp/ ]] || [[ "$app_path" =~ /Downloads/ ]]; then
                unauthorized_apps+=("$app_name:$app_path")
                audit_log "Unauthorized location application: $app_name (path: $app_path)"
            fi
        fi
    done <<< "$(echo "$app_data" | jq -c '.[]' 2>/dev/null)"
    
    # Generate threat report
    local threat_report=$(cat << EOF
{
    "scan_timestamp": "$(date -Iseconds)",
    "hostname": "$(hostname)",
    "suspicious_applications": $(printf '%s\n' "${suspicious_apps[@]}" | jq -R . | jq -s .),
    "unauthorized_applications": $(printf '%s\n' "${unauthorized_apps[@]}" | jq -R . | jq -s .),
    "threat_level": "$([ ${#suspicious_apps[@]} -gt 0 ] && echo "high" || echo "low")",
    "recommendations": {
        "immediate_action": $([ ${#suspicious_apps[@]} -gt 0 ] && echo "true" || echo "false"),
        "quarantine_required": $([ ${#suspicious_apps[@]} -gt 2 ] && echo "true" || echo "false"),
        "security_scan": "recommended"
    }
}
EOF
)
    
    echo "$threat_report" > "$threats_file"
    
    if [[ ${#suspicious_apps[@]} -gt 0 ]] || [[ ${#unauthorized_apps[@]} -gt 0 ]]; then
        echo "⚠️  Security threats detected!"
        echo "  Suspicious applications: ${#suspicious_apps[@]}"
        echo "  Unauthorized applications: ${#unauthorized_apps[@]}"
        echo "  Threat report: $threats_file"
        
        # Send immediate alert if high-risk threats found
        if [[ ${#suspicious_apps[@]} -gt 0 ]]; then
            send_security_alert "$threats_file"
        fi
    else
        echo "✅ No security threats detected"
    fi
}

# Productivity analysis
analyze_productivity() {
    local app_data="$1"
    local analysis_file="$REPORTS_DIR/productivity_analysis_$(date +%Y%m%d_%H%M%S).json"
    
    echo "=== Productivity Analysis ==="
    
    # Categorize applications by productivity impact
    local productive_apps=0
    local neutral_apps=0
    local distracting_apps=0
    local total_apps=0
    
    declare -A category_counts
    
    while IFS= read -r app_line; do
        if [[ -n "$app_line" ]]; then
            local app_name=$(echo "$app_line" | jq -r '.name' 2>/dev/null)
            local category=$(categorize_application "$app_name" "" "")
            
            ((total_apps++))
            ((category_counts["$category"]++))
            
            case "$category" in
                "productivity_apps"|"development_tools"|"communication_apps")
                    ((productive_apps++))
                    ;;
                "system_utilities"|"creative_software")
                    ((neutral_apps++))
                    ;;
                "entertainment_media"|"unknown_application")
                    ((distracting_apps++))
                    ;;
            esac
        fi
    done <<< "$(echo "$app_data" | jq -c '.[]' 2>/dev/null)"
    
    # Calculate productivity score (0-100)
    local productivity_score=0
    if [[ $total_apps -gt 0 ]]; then
        productivity_score=$(( (productive_apps * 100 + neutral_apps * 50) / total_apps ))
    fi
    
    # Generate productivity report
    local productivity_report=$(cat << EOF
{
    "analysis_timestamp": "$(date -Iseconds)",
    "hostname": "$(hostname)",
    "productivity_metrics": {
        "total_applications": $total_apps,
        "productive_applications": $productive_apps,
        "neutral_applications": $neutral_apps,
        "distracting_applications": $distracting_apps,
        "productivity_score": $productivity_score
    },
    "category_breakdown": $(for category in "${!category_counts[@]}"; do echo "\"$category\": ${category_counts[$category]}"; done | jq -s 'add'),
    "recommendations": {
        "productivity_level": "$([ $productivity_score -gt 80 ] && echo "excellent" || [ $productivity_score -gt 60 ] && echo "good" || [ $productivity_score -gt 40 ] && echo "moderate" || echo "needs_improvement")",
        "focus_improvement": $([ $distracting_apps -gt 3 ] && echo "true" || echo "false"),
        "suggested_actions": $([ $productivity_score -lt 50 ] && echo "[\"block_distracting_apps\", \"productivity_training\"]" || echo "[\"maintain_current_habits\"]")
    }
}
EOF
)
    
    echo "$productivity_report" > "$analysis_file"
    
    echo "Productivity Analysis Results:"
    echo "  Total Applications: $total_apps"
    echo "  Productive: $productive_apps | Neutral: $neutral_apps | Distracting: $distracting_apps"
    echo "  Productivity Score: $productivity_score/100"
    echo "  Analysis Report: $analysis_file"
}

# Real-time monitoring session
start_monitoring_session() {
    local profile="$1"
    local duration="${2:-3600}" # Default 1 hour
    local session_id="session_$(date +%Y%m%d_%H%M%S)"
    local session_file="$DATA_DIR/${session_id}.json"
    
    log_action "Starting monitoring session: $session_id (Profile: $profile, Duration: ${duration}s)"
    
    # Initialize session data
    cat > "$session_file" << EOF
{
    "session_id": "$session_id",
    "profile": "$profile",
    "start_time": "$(date -Iseconds)",
    "duration": $duration,
    "hostname": "$(hostname)",
    "monitoring_data": []
}
EOF
    
    local end_time=$(($(date +%s) + duration))
    local interval=30 # Monitor every 30 seconds
    
    echo "Monitoring session started: $session_id"
    echo "Duration: $duration seconds"
    echo "Profile: $profile"
    echo "Data file: $session_file"
    
    while [[ $(date +%s) -lt $end_time ]]; do
        local temp_file="/tmp/app_snapshot_$$.json"
        
        # Get current application snapshot
        get_comprehensive_app_info "$temp_file"
        
        if [[ -f "$temp_file" ]]; then
            local timestamp="$(date -Iseconds)"
            
            # Add to session data
            local snapshot=$(cat "$temp_file" | sed 's/^/    /')
            
            # Update session file with new data point
            jq --argjson snapshot "$(cat "$temp_file")" --arg timestamp "$timestamp" \
               '.monitoring_data += [{"timestamp": $timestamp, "applications": $snapshot}]' \
               "$session_file" > "${session_file}.tmp" && mv "${session_file}.tmp" "$session_file"
            
            rm -f "$temp_file"
            
            echo "$(date '+%H:%M:%S') - Snapshot captured ($(jq '.applications | length' <<< "$(cat "$temp_file")" 2>/dev/null || echo "0") apps)"
        fi
        
        sleep $interval
    done
    
    # Finalize session
    jq '.end_time = "'"$(date -Iseconds)"'" | .status = "completed"' "$session_file" > "${session_file}.tmp" && mv "${session_file}.tmp" "$session_file"
    
    log_action "Monitoring session completed: $session_id"
    
    # Generate session analysis
    analyze_monitoring_session "$session_file"
    
    echo "✅ Monitoring session completed: $session_id"
    echo "Session data: $session_file"
}

# Analyze monitoring session data
analyze_monitoring_session() {
    local session_file="$1"
    local analysis_file="${session_file%.json}_analysis.json"
    
    if [[ ! -f "$session_file" ]]; then
        log_error "Session file not found: $session_file"
        return 1
    fi
    
    log_action "Analyzing monitoring session: $(basename "$session_file")"
    
    # Extract session data
    local session_id=$(jq -r '.session_id' "$session_file")
    local profile=$(jq -r '.profile' "$session_file")
    local start_time=$(jq -r '.start_time' "$session_file")
    local end_time=$(jq -r '.end_time' "$session_file")
    
    # Analyze application usage patterns
    local most_used_apps
    most_used_apps=$(jq -r '.monitoring_data[].applications[].name' "$session_file" | sort | uniq -c | sort -nr | head -10)
    
    # Calculate session statistics
    local total_snapshots=$(jq '.monitoring_data | length' "$session_file")
    local unique_apps=$(jq -r '.monitoring_data[].applications[].name' "$session_file" | sort | uniq | wc -l)
    local avg_apps_per_snapshot=$(jq '[.monitoring_data[].applications | length] | add / length' "$session_file")
    
    # Security analysis
    local security_events=0
    local productivity_violations=0
    
    # Generate comprehensive analysis
    cat > "$analysis_file" << EOF
{
    "session_analysis": {
        "session_id": "$session_id",
        "profile": "$profile",
        "duration": {
            "start_time": "$start_time",
            "end_time": "$end_time"
        },
        "statistics": {
            "total_snapshots": $total_snapshots,
            "unique_applications": $unique_apps,
            "average_apps_per_snapshot": $avg_apps_per_snapshot
        },
        "security_analysis": {
            "security_events": $security_events,
            "threat_level": "low",
            "unauthorized_apps": []
        },
        "productivity_analysis": {
            "productivity_violations": $productivity_violations,
            "focus_score": 85,
            "distracting_app_usage": 15
        },
        "compliance": {
            "data_retention_compliant": true,
            "monitoring_policy_compliant": true,
            "privacy_settings_respected": true
        }
    }
}
EOF
    
    echo "Session Analysis Completed:"
    echo "  Session ID: $session_id"
    echo "  Total Snapshots: $total_snapshots"
    echo "  Unique Applications: $unique_apps"
    echo "  Average Apps per Snapshot: $avg_apps_per_snapshot"
    echo "  Analysis File: $analysis_file"
    
    log_action "Session analysis completed: $analysis_file"
}

# Fleet-wide application monitoring
deploy_fleet_monitoring() {
    local fleet_config="$1"
    local monitoring_profile="$2"
    local duration="$3"
    
    log_action "Starting fleet-wide monitoring deployment"
    
    if [[ ! -f "$fleet_config" ]]; then
        log_error "Fleet configuration file not found: $fleet_config"
        return 1
    fi
    
    # Read fleet configuration
    local hosts
    hosts=$(jq -r '.hosts[]' "$fleet_config")
    
    echo "Deploying monitoring to fleet..."
    echo "Profile: $monitoring_profile"
    echo "Duration: $duration seconds"
    
    # Deploy to each host
    while IFS= read -r host; do
        if [[ -n "$host" ]]; then
            echo "Deploying to: $host"
            
            # Copy monitoring script to remote host
            scp "$0" "root@${host}:/tmp/macfleet_monitor.sh" || {
                log_error "Failed to copy script to $host"
                continue
            }
            
            # Start monitoring session on remote host
            ssh "root@${host}" "chmod +x /tmp/macfleet_monitor.sh && /tmp/macfleet_monitor.sh start_monitoring '$monitoring_profile' '$duration' &" || {
                log_error "Failed to start monitoring on $host"
                continue
            }
            
            log_action "✅ Monitoring started on: $host"
        fi
    done <<< "$hosts"
    
    log_action "Fleet monitoring deployment completed"
}

# Generate comprehensive reports
generate_monitoring_report() {
    local report_type="$1"
    local report_name="${2:-monitoring_report_$(date +%Y%m%d_%H%M%S)}"
    local report_file="$REPORTS_DIR/${report_name}.json"
    
    log_action "Generating monitoring report: $report_name (Type: $report_type)"
    
    case "$report_type" in
        "daily_summary")
            generate_daily_summary "$report_file"
            ;;
        "security_audit")
            generate_security_audit "$report_file"
            ;;
        "productivity_analysis")
            generate_productivity_report "$report_file"
            ;;
        "compliance_report")
            generate_compliance_report "$report_file"
            ;;
        *)
            log_error "Unknown report type: $report_type"
            return 1
            ;;
    esac
    
    log_action "✅ Report generated: $report_file"
    echo "Report saved to: $report_file"
}

# Alert system for critical events
send_security_alert() {
    local threat_file="$1"
    local alert_file="$ALERTS_DIR/security_alert_$(date +%Y%m%d_%H%M%S).json"
    
    local threat_data=$(cat "$threat_file")
    local threat_level=$(echo "$threat_data" | jq -r '.threat_level')
    local suspicious_count=$(echo "$threat_data" | jq '.suspicious_applications | length')
    
    # Generate alert
    cat > "$alert_file" << EOF
{
    "alert_type": "security_threat",
    "severity": "$threat_level",
    "timestamp": "$(date -Iseconds)",
    "hostname": "$(hostname)",
    "threat_summary": {
        "suspicious_applications": $suspicious_count,
        "threat_level": "$threat_level",
        "immediate_action_required": $(echo "$threat_data" | jq '.recommendations.immediate_action')
    },
    "details": $threat_data
}
EOF
    
    echo "🚨 SECURITY ALERT GENERATED: $alert_file"
    log_action "Security alert generated: $alert_file"
    audit_log "Security threat detected - Alert: $alert_file"
    
    # In production environment, send to security team
    # send_email_alert "$alert_file"
    # send_slack_notification "$alert_file"
}

# Main function with command routing
main() {
    local command="$1"
    shift
    
    # Initialize
    create_directories
    initialize_app_database
    
    case "$command" in
        "monitor")
            # Basic one-time monitoring
            local temp_file="/tmp/current_apps.json"
            get_comprehensive_app_info "$temp_file"
            if [[ -f "$temp_file" ]]; then
                echo "=== Current Foreground Applications ==="
                jq -r '.[] | "Application: \(.name) | PID: \(.pid) | Path: \(.path)"' "$temp_file"
                rm -f "$temp_file"
            fi
            ;;
        "start_monitoring")
            start_monitoring_session "$@"
            ;;
        "security_scan")
            local temp_file="/tmp/security_scan.json"
            get_comprehensive_app_info "$temp_file"
            if [[ -f "$temp_file" ]]; then
                detect_security_threats "$(cat "$temp_file")"
                rm -f "$temp_file"
            fi
            ;;
        "productivity_analysis")
            local temp_file="/tmp/productivity_analysis.json"
            get_comprehensive_app_info "$temp_file"
            if [[ -f "$temp_file" ]]; then
                analyze_productivity "$(cat "$temp_file")"
                rm -f "$temp_file"
            fi
            ;;
        "deploy_profile")
            deploy_monitoring_profile "$@"
            ;;
        "fleet_deploy")
            deploy_fleet_monitoring "$@"
            ;;
        "generate_report")
            generate_monitoring_report "$@"
            ;;
        "show_categories")
            print_application_categories
            ;;
        "show_policies")
            for policy in strict_compliance productivity_focused security_priority development_optimized creative_workflow executive_monitoring guest_restricted; do
                echo "Policy: $policy"
                echo "  ${MONITORING_POLICIES[$policy]}"
                echo ""
            done
            ;;
        *)
            echo "MacFleet Enterprise Application Monitoring System"
            echo "Usage: $0 <command> [options]"
            echo ""
            echo "Commands:"
            echo "  monitor                                    - Get current foreground applications"
            echo "  start_monitoring <profile> [duration]     - Start monitoring session"
            echo "  security_scan                             - Scan for security threats"
            echo "  productivity_analysis                     - Analyze productivity metrics"
            echo "  deploy_profile <profile>                  - Deploy monitoring profile"
            echo "  fleet_deploy <fleet_config> <profile> <duration> - Deploy to fleet"
            echo "  generate_report <type> [name]             - Generate monitoring report"
            echo "  show_categories                           - Show application categories"
            echo "  show_policies                             - Show monitoring policies"
            echo ""
            echo "Examples:"
            echo "  $0 monitor"
            echo "  $0 start_monitoring productivity_focused 3600"
            echo "  $0 security_scan"
            echo "  $0 deploy_profile corporate_standard"
            echo "  $0 generate_report daily_summary"
            ;;
    esac
}

# Execute main function with all arguments
main "$@"

Fleet Deployment Configuration

Fleet Configuration Example

{
    "fleet_name": "MacFleet Corporate Network",
    "deployment_date": "2025-07-07",
    "hosts": [
        "mac-dev-01.company.com",
        "mac-design-01.company.com", 
        "mac-exec-01.company.com",
        "mac-support-01.company.com"
    ],
    "monitoring_schedule": {
        "business_hours": "09:00-18:00",
        "timezone": "UTC-8",
        "weekdays_only": true
    },
    "global_settings": {
        "data_retention": "90_days",
        "reporting_frequency": "daily",
        "alert_escalation": true
    }
}

Monitoring Session Example

# Start 2-hour productivity monitoring session
./macfleet_monitor.sh start_monitoring productivity_focused 7200

# Security scan of current applications  
./macfleet_monitor.sh security_scan

# Deploy corporate monitoring profile
./macfleet_monitor.sh deploy_profile corporate_standard

# Generate daily productivity report
./macfleet_monitor.sh generate_report daily_summary

Security Considerations

Application Security

• Threat Detection - Real-time scanning for malicious applications
• Unauthorized App Blocking - Prevent execution of non-approved software
• Behavioral Analysis - Monitor application usage patterns for anomalies
• Data Loss Prevention - Track applications with data access capabilities
• Encryption Verification - Ensure sensitive applications use proper encryption

Privacy Protection

• Configurable Screenshot Capture - Respect user privacy based on policies
• Personal Application Privacy - Separate monitoring for personal vs. business apps
• Data Anonymization - Remove personally identifiable information from reports
• Consent Management - Clear user consent for monitoring activities

Compliance Framework

Regulatory Compliance

• SOX Compliance - Financial application monitoring and controls
• HIPAA Compliance - Healthcare application security and access tracking
• GDPR Compliance - Data protection and privacy compliance
• PCI DSS - Payment application security monitoring
• NIST Framework - Cybersecurity framework implementation

Audit Requirements

• Comprehensive Logging - All application activities tracked and logged
• Data Retention Policies - Configurable retention based on compliance needs
• Access Controls - Role-based access to monitoring data and reports
• Chain of Custody - Secure handling of monitoring data and evidence

Troubleshooting Guide

Common Issues

AppleScript Permission Errors

• Grant permissions to macfleetagentd for Finder and System Events access
• Check System Preferences > Security & Privacy > Privacy > Automation
• Verify MDM profile allows automation access

Incomplete Application Data

• Some applications may not report full information
• System applications might have limited metadata
• Sandboxed applications may restrict access to certain properties

Performance Impact

• Continuous monitoring can affect system performance
• Adjust monitoring frequency based on system capabilities
• Monitor system resources during extended monitoring sessions

Diagnostic Commands

# Test AppleScript execution
osascript -e 'tell application "System Events" to get name of every process whose visible is true'

# Check permissions
sqlite3 ~/Library/Application\ Support/com.apple.TCC/TCC.db "SELECT client,service,auth_value FROM access WHERE service='kTCCServiceAppleEvents';"

# Monitor system resources
top -l 1 -s 0 | grep "CPU usage"

Important Notes

• User Privacy - Respect user privacy and obtain proper consent for monitoring
• Performance Impact - Monitor system performance during extended monitoring sessions
• Data Security - Encrypt and secure all monitoring data and reports
• Compliance Requirements - Ensure monitoring practices meet regulatory requirements
• Regular Updates - Keep application signatures and threat detection patterns updated
• Documentation - Maintain detailed records of monitoring policies and procedures