How are y'all tracking and deploying these ever more frequent updates? For point releases we use Nudge, but have not found a way to do so for rapid security responses. Also, the following is not populating. we are on jamf pro release 10.47.0 in a cloud hosted environment. I had thought that this would be reported starting in 10.46 with declarative management (which is enabled).
It’s not perfect, but it works:
OS version IS 13.41 AND Operating System Rapid Security Response IS (a)
It’s not perfect, but it works:
OS version IS 13.41 AND Operating System Rapid Security Response IS (a)
We use teh same Smart Group criteria.
Also @rpayne the updates were pulled so maybe that's why you're not seeing them? I did install on my test boxes and did a recon. The (a) showed up fine on 10.47 cloud.
Is there a way to setup automation for installation of these patches as they come out through Jamf? Has anyone played with this yet? I also did notice that in the main inventory screen all macOS devices show up as 13.4.1 only but not the applied security patch. I did have to go into each device OS selection to confirm that it has installed the (a) patch. Any input on how to setup automation / management for these patches would be greatly appreciated.
We use teh same Smart Group criteria.
Also @rpayne the updates were pulled so maybe that's why you're not seeing them? I did install on my test boxes and did a recon. The (a) showed up fine on 10.47 cloud.
They were pulled? I wonder why?
Is there a way to setup automation for installation of these patches as they come out through Jamf? Has anyone played with this yet? I also did notice that in the main inventory screen all macOS devices show up as 13.4.1 only but not the applied security patch. I did have to go into each device OS selection to confirm that it has installed the (a) patch. Any input on how to setup automation / management for these patches would be greatly appreciated.
This is what I'm asking.
They were pulled? I wonder why?
user agent had version no. with (a) added its seems...
This is what I'm asking.
You can use a Software Update payload in a configuration profile for automatic installation. They do seem to respond to MDM commands as well,
To enable Operating System Rapid Security Response and ensure it appears in the General pane, I implemented the following:
Created an Extension Attribute to report whether the feature is currently enabled.
Developed a script that verifies if the feature is active, checks for available Rapid Security Response updates, and indicates whether a restart is required.
Created a final script that programmatically enables the feature on the device.
Script 1:
#!/bin/bash
# Enable automatic software updates and allow RSR
echo "Configuring system for Rapid Security Response (RSR)..."
# Ensure all software update features are enabled
/usr/bin/defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool true
/usr/bin/defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticDownload -bool true
/usr/bin/defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticallyInstallMacOSUpdates -bool true
# Specifically enable RSR updates
/usr/bin/defaults write /Library/Preferences/com.apple.SoftwareUpdate AllowRapidSecurityResponses -bool true
/usr/bin/defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticallyInstallRapidSecurityResponses -bool true
# Output confirmation
echo "RSR is enabled and set to install automatically when available."
# Show current settings
/usr/bin/defaults read /Library/Preferences/com.apple.SoftwareUpdate | grep -E 'RapidSecurityResponses|Automatic'
Script 2:
#!/bin/bash
# Path to Jamf Helper
JAMF_HELPER="/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper"
# Enable RSR-related settings
/usr/bin/defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool true
/usr/bin/defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticDownload -bool true
/usr/bin/defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticallyInstallMacOSUpdates -bool true
/usr/bin/defaults write /Library/Preferences/com.apple.SoftwareUpdate CriticalUpdateInstall -bool true
/usr/bin/defaults write /Library/Preferences/com.apple.SoftwareUpdate ConfigDataInstall -bool true
# Check for available RSR
rsrAvailable=$(/usr/sbin/softwareupdate --list 2>/dev/null | grep -i "Rapid Security Response")
# Check power status (for laptops)
restartAllowed=true
if pmset -g batt &>/dev/null; then
batteryPercent=$(pmset -g batt | grep -o '[0-9]\\+%' | tr -d '%')
powerSource=$(pmset -g batt | grep -o 'AC Power')
if [[ "$batteryPercent" -lt 50 && -z "$powerSource" ]]; then
restartAllowed=false
echo "Battery too low and not plugged in. Skipping restart."
fi
fi
# If RSR is available and restart is allowed, prompt user
if [[ -n "$rsrAvailable" && "$restartAllowed" == "true" ]]; then
"$JAMF_HELPER" -windowType utility \\
-title "Security Update Available" \\
-heading "Restart Required" \\
-description "A Rapid Security Response update is available and has been installed. Your Mac needs to restart to complete the update." \\
-button1 "Restart Now" \\
-defaultButton 1 \\
-timeout 900 \\
-countdown \\
-alignDescription left \\
-alignHeading center
# Restart the Mac
/sbin/shutdown -r now
else
echo "RSR settings are enabled. No action needed or restart postponed due to power constraints."
fi
exit 0
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.