Skip to main content
Question

Best practices: Deploying CIS Remediation Scripts???


Forum|alt.badge.img+14
  • Honored Contributor
  • 351 replies

Fellas...

Looking to the deploy the CIS remediation scripts created by Jamf Pro Services. I can get them to work when I run them manually / one-by-one, but never succeed when run via policy.

Was wondering how others are doing it?

https://github.com/jamfprofessionalservices/CIS-for-macOS-Sierra

4 replies

Forum|alt.badge.img+7
  • Contributor
  • 25 replies
  • February 26, 2018

Can you go into any more detail? Do logs show any errors? I've been customizing those scripts for our environment and haven't run into any issues so far...


Forum|alt.badge.img+14
  • Author
  • Honored Contributor
  • 351 replies
  • February 28, 2018

@hulsebus

How are you deploying them? The issue I see is that when used as part of a policy, the first script doesn't even create the reference file.


Forum|alt.badge.img+7
  • Contributor
  • 25 replies
  • February 28, 2018

Much like the documentation specifies. I set the path for the the file to go to and turned on the applicable controls. When I run the script, the file appears. I just have a policy set up that runs the 'set standards' script periodically (we do change our implementation from time to time). Right now the audit script is on-demand, but we're looking at potentially running it monthly and having it report back through an EA. If the EA shows non-compliance, it goes to a smartgroup for remediation.

If you run the script by hand (through terminal) with an admin account, does the file get created?


Forum|alt.badge.img+14
  • Author
  • Honored Contributor
  • 351 replies
  • March 1, 2018

@hulsebus

Yep. everything works fine when run manually via Terminal. The file gets created. Just when run via Policy, nothing happens...no file created, and that's what I don't get.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings