say(){ echo"$@"; } doit(){ if [ $APPLY -eq 1 ]; theneval"$@"; elseecho"[DRYRUN] $@"; fi; } moveq(){ local p="$1"; [ -e "$p" ] || return 0; local b; b=$(basename"$p"); doit "sudo mkdir -p \"$QDIR/files\""; doit "sudo mv \"$p\" \"$QDIR/files/${b}_$(date +%H%M%S)\""; }
say "=== 模式: $([ $APPLY -eq 1 ] && echo 执行 || echo 预演) ===" doit "sudo mkdir -p \"$QDIR\" && echo '开始 '$(date) | sudo tee -a \"$LOG\" >/dev/null"
say "1) 终止相关进程"; doit "sudo pkill -if '(atrust|sangfor)' || true"
say "2) bootout & 隔离 launchd" for f in /Library/LaunchDaemons/com.sangfor.* /Library/LaunchAgents/com.sangfor.* "$HOME"/Library/LaunchAgents/com.sangfor.*; do if [ -f "$f" ]; then case"$f"in /Library/LaunchDaemons/*|/Library/LaunchAgents/*) doit "sudo launchctl bootout system \"$f\" 2>/dev/null || true";; "$HOME"/Library/LaunchAgents/*) doit "launchctl bootout gui/$(id -u) \"$f\" 2>/dev/null || true";; esac moveq "$f" fi done
say "3) 隔离程序/数据/Helper" for p in \ /Applications/aTrust.app \ /Library/Sangfor \ /Library/Application\ Support/Sangfor \ "$HOME"/Library/Application\ Support/Sangfor \ /Library/PrivilegedHelperTools/com.sangfor.* \ /Library/Preferences/com.sangfor.* \ "$HOME"/Library/Preferences/com.sangfor.* \ /Library/Logs/Sangfor \ "$HOME"/Library/Logs/Sangfor \ "$HOME"/Library/Caches/com.sangfor.* \ "$HOME"/Library/Application\ Support/aTrust \ "$HOME"/Library/Application\ Support/aTrustTray \ "$HOME"/Library/Application\ Support/CrashReporter/aTrust_*.plist; do [ -e "$p" ] && moveq "$p" done
say "4) pkg 收据(forget,不删文件)" PKGS=$(pkgutil --pkgs | egrep -i 'sangfor|atrust' || true) if [ -n "$PKGS" ]; then while IFS= read -r id; do [ -n "$id" ] && doit "sudo pkgutil --forget \"$id\""; done <<< "$PKGS" fi
say "5) System Extensions(仅提示)"; /usr/bin/systemextensionsctl list | /usr/bin/egrep -i 'sangfor|atrust' || true say " 使用:sudo systemextensionsctl uninstall <TEAMID> <BUNDLEID>"
say "6) 证书(只列出)" CERTS=$(sudo security find-certificate -a -Z -c "Sangfor" /Library/Keychains/System.keychain 2>/dev/null | sed -n 's/^ *SHA-1 hash: //p' || true) [ -n "$CERTS" ] && { echo"$CERTS" | sed 's/^/ SHA1: /'; echo"删除示例:sudo security delete-certificate -Z <SHA1> /Library/Keychains/System.keychain"; }
say "7) 提示:系统设置→网络→过滤器 删除/停用 Sangfor/aTrust" say "8) 重启后复查:应无进程/launchd/扩展再生"
doit "echo '结束 '$(date) | sudo tee -a \"$LOG\" >/dev/null"; say "隔离与日志目录:$QDIR" [ $APPLY -eq 0 ] && say "当前为预演。真正执行:bash $(basename "$0") --apply"