- Jamf Nation Community
- Products
- Jamf Pro
- Cisco Secure Client Script
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Cisco Secure Client Script
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Good day everyone,
I usually setup our VPN, Cisco Secure Client via https://docs.umbrella.com/umbrella-user-guide/docs/customize-macos-installation-of-cisco-secure-clie....
Simple enough to navigate through if you have all the pieces. I am traversing trying to get this process a hair more automated. The end goal: One Policy that can create the DMG you're looking for.
The theory:
- Use composer to package your already configured XML file and orginfo json file into a specific directory.
- Add the newest version of the pre-deploy DMG to that same directory
- Run a script to do any of the steps you need in the url.
I've made this script so far where I want to make the file locations variables and make "Version" a user parameter so when the next version is getting prepared all you have to do is update the version number in the Policy Script Parameters.
#!/bin/sh
#This is to update the Cisco Secure Client
#Create the Variables
Version=“$4”
orgFile=“/private/tmp/orginfo.json"
ciscoFile="/Volumes/Cisco\ Secure\ Client\ $Version/Profiles/Umbrella/"
installFile=“/private/tmp/install_choices.xml"
dmgFile=“/Volumes/Cisco\ Secure\ Client\ $Version”
#Move to the downloads folder
CD /private/tmp
#Make the DMG Writable
hdiutil convert cisco-secure-client-macos-$Version-predeploy-k9.dmg -format UDRW -o csc-writeable.dmg
Sleep 5
#Mount the Installer
hdiutil attach csc-writeable.dmg
Sleep 5
#Open the Installer
open $dmgFile
Sleep 5
#Move the OrgInfo file into the Umbrella Folder
mv $orgFile $ciscoFile
#Move the Install Choice file to the DMG
mv $installFile $dmgFile
Sleep 5
#Eject the Installer
diskutil eject Cisco\ Secure\ Client\ $Version
#Convert and Rename
hdiutil convert csc-writeable.dmg -format UDRO -o csc-readable-$Version.dmg
The Issue:
I've run each of these commands in terminal as root and they all work individually. However, when I run this as a script from my Jamf Policy, it fails and gives me several errors in the logs, which I'll attach as a comment.
Any help on getting these commands to work in the policy or help with troubleshooting the errors would be greatly appreciated.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Hello!
To set up your Cisco Secure Client VPN more efficiently, you can use a script to package your configured XML and JSON files, and automate the DMG preparation. Ensure proper permissions and use full paths for commands. Add logging for debugging and include delays to ensure each step completes correctly. Your script should handle converting the DMG, mounting it, moving the necessary files, and ejecting the installer before renaming the DMG for the new version. Adjustments for syntax and permissions should help resolve issues when running from Jamf Policy.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
@Bernard295Clark wrote:
Hello!
To set up your Cisco Secure Client VPN more efficiently, you can use a script to package your configured XML and JSON files, and automate the DMG preparation. Ensure proper permissions and use full paths for commands. Add logging iTero Com for debugging and include delays to ensure each step completes correctly. Your script should handle converting the DMG, mounting it, moving the necessary files, and ejecting the installer before renaming the DMG for the new version. Adjustments for syntax and permissions should help resolve issues when running from Jamf Policy.
I hope this helps you!
Best Regards,
Bernard
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago
Where are you putting the Cisco installer? Are you uploading the installer to Jamf and adding it to the policy with the script?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a week ago - last edited a week ago
Here's how I do it
Policy 1
Cache the cisco-secure-client-macos-5.1.6.103-predeploy-k9.dmg
Install VPN profile
Run script
#!/bin/sh
#
#########################
# # Created by mikeg of MacAdmins Slack
#
# This script is designed for use with Jamf Pro but can work with other MDM's.
# It installs Cisco Secure Client for macOS by moving the cached unmodified
# pre-deploy DMG to a temporary directory, converting it to a read/write DMG,
# then deleting/moving the required files for the installer into the new DMG,
# converting back to read only, then moving it back to the waiting room,
# running the installer, then unmounting the DMG, deleting it.
#
# Line 111 & 112 include the Jamf Policy calls. You will have to either use
# the triggers CiscoChoices and CiscoJSON for their respective policies, or
# choose your own.
#
# Lines 161 to line 165 are commented out, they can be added in to delete the
# uninstallers, and open the app if you wish. Without opening it it will not be
# on the menu bar.
#
# Parameter 4 is the DMG file name, Parameter 5 is the Mounted DMG name as it's
# different so verify before deploying and adjust parameters as needed.
#
# This script can be modified to be used with other DMG's
#
# Script does not contain a Jamf recon command as it's designed
# to be run in the enrollment.
#
##### Acknowledgements #####
#
# Thank you to on the MacAdmins slack for sharing part of your script!
# Used the DMG in line conversion to cut down on manual work.
#
##### History #####
#
# v2.0 OCT 26 2023 - mikeg
# Cisco Secure Client v5 removed the auto update feature,
# so hand making new dmgs is not sustainable.
#
# I use seperate Jamf policies to create the choices file and the OrgInfo.json
# as they maybe different or need to be updated more frequently.
#
# Those policies are just scripts with the following which could be added in script.
#
# CiscoFILES='your OrgInfo.json or choices text between single quotes'
# echo "$DATA" > "/Library/Application Support/JAMF/Waiting Room/FILENAME"
#
# v1.0 AUG 7 2023 - mikeg
# Created script
#
#########################
#
### Variables ###
# Where is the original DMG stored
WaitingRoomDMG="/Library/Application Support/JAMF/Waiting Room/$4"
# Temp directory for this script
tmplocation="/tmp/CiscoInstaller"
# Temp location of dmg
tmpDMGLocation="/tmp/CiscoInstaller/$4"
# Name of read-write dmg
tmprwDMGLocation="/tmp/CiscoInstaller/$4-rw.dmg"
# New DMG location
NewDMGLocation="/tmp/CiscoInstaller/New/$4"
# ACTransformations file to hide the AnyConnect VPN portion
#HideVPNGUI='<!-- Optional AnyConnect installer settings are provided below. Uncomment the setting(s) to perform optional action(s) at install time. -->
#<Transforms>
#<DisableVPN>true</DisableVPN> -->
#<DisableCustomerExperienceFeedback>true</DisableCustomerExperienceFeedback> -->
#</Transforms>
#'
# echos to show the locations are right in Jamf policy details
echo "$WaitingRoomDMG"
echo "$tmpDMGLocation"
echo "$tmprwDMGLocation"
mkdir "/tmp/CiscoInstaller/"
mkdir "/tmp/CiscoInstaller/New/"
chmod 777 "/tmp/CiscoInstaller/"
chmod 777 "/tmp/CiscoInstaller/New/"
# Move DMG to temp space
mv "$WaitingRoomDMG" "/tmp/CiscoInstaller/"
sleep 10
# Make a read-write disk image
/usr/bin/hdiutil convert "$tmpDMGLocation" -format UDRW -o "$tmprwDMGLocation"
echo "Converted DMG"
rm "$tmpDMGLocation"
# Attach dmg
hdiutil attach "$tmprwDMGLocation" -nobrowse
echo "Attached R-W DMG"
sleep 15
# Delete old ACTransformations.xml file
# If you are not using the VPN function, it can be hidden from the GUI
# If you are using the VPN
#rm -rf "/Volumes/$5/Profiles/ACTransforms.xml"
#echo "Deleted ACTransforms.xml file"
# Creates new ACTransforms.xml file
#echo "$HideVPNGUI" > "/Library/Application Support/JAMF/Waiting Room/ACTransforms.xml"
# Call Jamf policy to create choices file and OrgInfo.json in waiting room
jamf policy -event CiscoChoices
jamf policy -event CiscoJSON
echo "Cisco required configs created"
# Moves OrgInfo.json, ACTransforms.xml installer choices file into the Read/Write DMG
mv "/Library/Application Support/JAMF/Waiting Room/CiscoChoices.xml" "/Volumes/$5"
mv "/Library/Application Support/JAMF/Waiting Room/OrgInfo.json" "/Volumes/$5/Profiles/umbrella"
mv "/Library/Application Support/JAMF/Waiting Room/ACTransforms.xml" "/Volumes/$5/Profiles/"
echo "Files moved to required locations"
# Unmounts Read Write DMG
hdiutil detach "/Volumes/$5"
sleep 5
# Converts back to read only
/usr/bin/hdiutil convert "$tmprwDMGLocation" -format UDZO -o "$NewDMGLocation"
sleep 10
#Moves back to waiting room for Jamf
mv "$NewDMGLocation" "/Library/Application Support/JAMF/Waiting Room/"
# Added sleep to allow computer to catch up
sleep 5
# Attach modified read only dmg
hdiutil attach "$WaitingRoomDMG" -nobrowse
# Added sleep to allow computer to catch up
sleep 5
# Installs Cisco AnyConnect
installer -applyChoiceChangesXML "/Volumes/$5/CiscoChoices.xml" -pkg "/Volumes/$5/Cisco Secure Client.pkg" -target /
echo "Installed Cisco Secure Client Umbrella"
sleep 15
# Unmount Read-Write DMG
hdiutil detach "/Volumes/$5"
echo "Unmounted DMG"
sleep 5
# Delete DMGs
rm "$WaitingRoomDMG"
echo "Deleted DMG from Waiting Room"
# Deletes uninstallers this can be commented out if you want to leave them
#rm -rf "/Applications/Cisco/Uninstall Cisco Secure Client.app"
# rm -rf "/Applications/Cisco/Uninstall Cisco Secure Client - DART.app"
# Opens the app to ensure it's on the menu bar
#open "/Applications/Cisco/Cisco Secure Client.app"
# Deletes temp folder
rm -rf "/tmp/CiscoInstaller/"
exit 0
Lines 111 and 111 install the choices and json file in separate polices using custom triggers.
