Help

Best practices: Deploying CIS Remediation Scripts???

ooshnoo
Valued Contributor

Posted on ‎02-26-2018 06:25 AM

Fellas...

Looking to the deploy the CIS remediation scripts created by Jamf Pro Services. I can get them to work when I run them manually / one-by-one, but never succeed when run via policy.

Was wondering how others are doing it?

https://github.com/jamfprofessionalservices/CIS-for-macOS-Sierra

0 Kudos
Reply
4 REPLIES 4

hulsebus
New Contributor III

Posted on ‎02-26-2018 08:51 AM

Can you go into any more detail? Do logs show any errors? I've been customizing those scripts for our environment and haven't run into any issues so far...

0 Kudos
Reply

ooshnoo
Valued Contributor

Posted on ‎02-28-2018 07:17 AM

@hulsebus

How are you deploying them? The issue I see is that when used as part of a policy, the first script doesn't even create the reference file.

0 Kudos
Reply

hulsebus
New Contributor III

Posted on ‎02-28-2018 08:01 AM

Much like the documentation specifies. I set the path for the the file to go to and turned on the applicable controls. When I run the script, the file appears. I just have a policy set up that runs the 'set standards' script periodically (we do change our implementation from time to time). Right now the audit script is on-demand, but we're looking at potentially running it monthly and having it report back through an EA. If the EA shows non-compliance, it goes to a smartgroup for remediation.

If you run the script by hand (through terminal) with an admin account, does the file get created?

0 Kudos
Reply

ooshnoo
Valued Contributor

Posted on ‎03-01-2018 09:24 AM

@hulsebus

Yep. everything works fine when run manually via Terminal. The file gets created. Just when run via Policy, nothing happens...no file created, and that's what I don't get.

0 Kudos
Reply