macOS shell script check. A better way to execute the if statement and check for a condition

[myitrumors]

I need to write a very simple shell script that will check if the system is configured to enforce multi-factor authentication.

To verify that the system is configured to enforce multi-factor authentication, run the following commands:

/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep enforceSmartCard

If the results do not show "enforceSmartCard=1", this is a finding.

I created this very simple script, but I am pretty sure there is a more effective, elegant and efficient way to achieve the same result.

Basically if it was you, what kind of modifications would you apply to the script below to achieve the same results?

Thank you so much in advance for your help.

#!/bin/zsh

myVAR=`/usr/sbin/system_profiler SPConfigurationProfileDataType | /usr/bin/grep enforceSmartCard`

if [ $myVAR = "enforceSmartCard=1" ]
then
echo "The system is configured to enforce multi-factor authentication"
else
echo "The system is not configured to enforce multi-factor authentication"
fi

 

[joevt]

Here's one way:

echo "The system is $(system_profiler SPConfigurationProfileDataType | grep -q enforceSmartCard=1 || printf "not ")configured to enforce multi-factor authentication"

I think it's ok to assume that system_profiler and grep will be in $PATH so you don't need the /usr/sbin/ or /usr/bin/ parts.

For if then, I usually put them on the same line (with a semicolon before then).

Use [code] and [/code] for code blocks in forum posts.

grep returns a non-zero status if it cannot find the string, which means it can be used in an if then like this:

if system_profiler SPConfigurationProfileDataType | grep -q "enforceSmartCard=1" ; then
	echo "The system is configured to enforce multi-factor authentication"
else
	echo "The system is not configured to enforce multi-factor authentication"
fi