Best practices: Deploying CIS Remediation Scripts???

ooshnoo
Valued Contributor

Fellas...

Looking to the deploy the CIS remediation scripts created by Jamf Pro Services. I can get them to work when I run them manually / one-by-one, but never succeed when run via policy.

Was wondering how others are doing it?

https://github.com/jamfprofessionalservices/CIS-for-macOS-Sierra

4 REPLIES 4

hulsebus
New Contributor III

Can you go into any more detail? Do logs show any errors? I've been customizing those scripts for our environment and haven't run into any issues so far...

ooshnoo
Valued Contributor

@hulsebus

How are you deploying them? The issue I see is that when used as part of a policy, the first script doesn't even create the reference file.

hulsebus
New Contributor III

Much like the documentation specifies. I set the path for the the file to go to and turned on the applicable controls. When I run the script, the file appears. I just have a policy set up that runs the 'set standards' script periodically (we do change our implementation from time to time). Right now the audit script is on-demand, but we're looking at potentially running it monthly and having it report back through an EA. If the EA shows non-compliance, it goes to a smartgroup for remediation.

If you run the script by hand (through terminal) with an admin account, does the file get created?

ooshnoo
Valued Contributor

@hulsebus

Yep. everything works fine when run manually via Terminal. The file gets created. Just when run via Policy, nothing happens...no file created, and that's what I don't get.