Two thoughts come to mind depending on your security requirements.
1) Deploy it with JAMF and use one of the script variables in the script. Which means only someone who has access to the JAMF policies would have access to the password. I could see this still having issues with some security groups and teams.
2) Use encrypted parameters - https://github.com/jamf/Encrypted-Script-Parameters
I'm feeling like a complete novice here. I'll admit, I know next to nothing about python. So feel free to talk to me like a noob.
I have a package that copies "falcon_password.py" to /Library/CS. That is successful
The python script
#!/usr/bin/env python
from future import print_function
password = "HelloWorld"
try:
while True:
print(password)
except IOError:
pass
I have a shell script, falcon_password.sh
#!/bin/bash
/Library/CS/falcon_password.py | sudo /Library/CS/falconctl installguard
I use Jamf Remote to execute the script, it runs like it was successful, but when I try to uninstall falcon from terminal it still does not prompt me for the password. I have no idea what I ma doing wrong.
We use the following to install and set the password
#!/bin/bash
expect <<- DONE
set timeout -1
spawn sudo /Library/CS/falconctl license licensenumber --password
expect "Falcon Password:"
send -- "password"
send
expect "Confirm Falcon Password:"
send -- "password"
send
expect eof
DONE
This will mimic an interactive session via terminal to apply the license and set the password. You could modify this to just set the password.
Thanks Afarnsworth!!! You are a Godsend.
I had to modify it some since the deployed agents are already licensed.
For anyone using this example, HelloWorld is a fake password in place of whatever real password you are using.
#!/bin/bash
expect <<- DONE
set timeout -1
spawn sudo /Library/CS/falconctl installguard --password
expect "Falcon Password:"
send -- "HelloWorld"
send
expect "Confirm Falcon Password:"
send -- "HelloWorld"
send
expect eof
DONE
