Skip to main content
Question

Cisco Secure Client Script

  • January 29, 2025
  • 5 replies
  • 47 views

Forum|alt.badge.img+4

Good day everyone,

I usually setup our VPN, Cisco Secure Client via https://docs.umbrella.com/umbrella-user-guide/docs/customize-macos-installation-of-cisco-secure-client.

Simple enough to navigate through if you have all the pieces. I am traversing trying to get this process a hair more automated. The end goal: One Policy that can create the DMG you're looking for. 

The theory: 

- Use composer to package your already configured XML file and orginfo json file into a specific directory.

- Add the newest version of the pre-deploy DMG to that same directory

- Run a script to do any of the steps you need in the url.

 

I've made this script so far where I want to make the file locations variables and make "Version" a user parameter so when the next version is getting prepared all you have to do is update the version number in the Policy Script Parameters.

#!/bin/sh #This is to update the Cisco Secure Client #Create the Variables Version=“$4” orgFile=“/private/tmp/orginfo.json" ciscoFile="/Volumes/Cisco\\ Secure\\ Client\\ $Version/Profiles/Umbrella/" installFile=“/private/tmp/install_choices.xml" dmgFile=“/Volumes/Cisco\\ Secure\\ Client\\ $Version” #Move to the downloads folder CD /private/tmp #Make the DMG Writable hdiutil convert cisco-secure-client-macos-$Version-predeploy-k9.dmg -format UDRW -o csc-writeable.dmg Sleep 5 #Mount the Installer hdiutil attach csc-writeable.dmg Sleep 5 #Open the Installer open $dmgFile Sleep 5 #Move the OrgInfo file into the Umbrella Folder mv $orgFile $ciscoFile #Move the Install Choice file to the DMG mv $installFile $dmgFile Sleep 5 #Eject the Installer diskutil eject Cisco\\ Secure\\ Client\\ $Version #Convert and Rename hdiutil convert csc-writeable.dmg -format UDRO -o csc-readable-$Version.dmg

 

The Issue:

I've run each of these commands in terminal as root and they all work individually. However, when I run this as a script from my Jamf Policy, it fails and gives me several errors in the logs, which I'll attach as a comment. 

Any help on getting these commands to work in the policy or help with troubleshooting the errors would be greatly appreciated. 

5 replies

Forum|alt.badge.img+4
  • Author
  • Contributor
  • 14 replies
  • January 29, 2025

 


Forum|alt.badge.img+1

Hello!

To set up your Cisco Secure Client VPN more efficiently, you can use a script to package your configured XML and JSON files, and automate the DMG preparation. Ensure proper permissions and use full paths for commands. Add logging for debugging and include delays to ensure each step completes correctly. Your script should handle converting the DMG, mounting it, moving the necessary files, and ejecting the installer before renaming the DMG for the new version. Adjustments for syntax and permissions should help resolve issues when running from Jamf Policy. 


junjishimazaki
Forum|alt.badge.img+10
  • New Contributor
  • 423 replies
  • January 29, 2025

Where are you putting the Cisco installer? Are you uploading the installer to Jamf and adding it to the policy with the script?


mattjerome
Forum|alt.badge.img+6
  • Jamf Heroes
  • 51 replies
  • January 29, 2025

Here's how I do it

Policy 1
Cache the cisco-secure-client-macos-5.1.6.103-predeploy-k9.dmg
Install VPN profile
Run script 

 

#!/bin/sh # ######################### # # Created by mikeg of MacAdmins Slack # # This script is designed for use with Jamf Pro but can work with other MDM's. # It installs Cisco Secure Client for macOS by moving the cached unmodified # pre-deploy DMG to a temporary directory, converting it to a read/write DMG, # then deleting/moving the required files for the installer into the new DMG, # converting back to read only, then moving it back to the waiting room, # running the installer, then unmounting the DMG, deleting it. # # Line 111 & 112 include the Jamf Policy calls. You will have to either use # the triggers CiscoChoices and CiscoJSON for their respective policies, or # choose your own. # # Lines 161 to line 165 are commented out, they can be added in to delete the # uninstallers, and open the app if you wish. Without opening it it will not be # on the menu bar. # # Parameter 4 is the DMG file name, Parameter 5 is the Mounted DMG name as it's # different so verify before deploying and adjust parameters as needed. # # This script can be modified to be used with other DMG's # # Script does not contain a Jamf recon command as it's designed # to be run in the enrollment. # ##### Acknowledgements ##### # # Thank you to on the MacAdmins slack for sharing part of your script! # Used the DMG in line conversion to cut down on manual work. # ##### History ##### # # v2.0 OCT 26 2023 - mikeg # Cisco Secure Client v5 removed the auto update feature, # so hand making new dmgs is not sustainable. # # I use seperate Jamf policies to create the choices file and the OrgInfo.json # as they maybe different or need to be updated more frequently. # # Those policies are just scripts with the following which could be added in script. # # CiscoFILES='your OrgInfo.json or choices text between single quotes' # echo "$DATA" > "/Library/Application Support/JAMF/Waiting Room/FILENAME" # # v1.0 AUG 7 2023 - mikeg # Created script # ######################### # ### Variables ### # Where is the original DMG stored WaitingRoomDMG="/Library/Application Support/JAMF/Waiting Room/$4" # Temp directory for this script tmplocation="/tmp/CiscoInstaller" # Temp location of dmg tmpDMGLocation="/tmp/CiscoInstaller/$4" # Name of read-write dmg tmprwDMGLocation="/tmp/CiscoInstaller/$4-rw.dmg" # New DMG location NewDMGLocation="/tmp/CiscoInstaller/New/$4" # ACTransformations file to hide the AnyConnect VPN portion #HideVPNGUI='<!-- Optional AnyConnect installer settings are provided below. Uncomment the setting(s) to perform optional action(s) at install time. --> #<Transforms> #<DisableVPN>true</DisableVPN> --> #<DisableCustomerExperienceFeedback>true</DisableCustomerExperienceFeedback> --> #</Transforms> #' # echos to show the locations are right in Jamf policy details echo "$WaitingRoomDMG" echo "$tmpDMGLocation" echo "$tmprwDMGLocation" mkdir "/tmp/CiscoInstaller/" mkdir "/tmp/CiscoInstaller/New/" chmod 777 "/tmp/CiscoInstaller/" chmod 777 "/tmp/CiscoInstaller/New/" # Move DMG to temp space mv "$WaitingRoomDMG" "/tmp/CiscoInstaller/" sleep 10 # Make a read-write disk image /usr/bin/hdiutil convert "$tmpDMGLocation" -format UDRW -o "$tmprwDMGLocation" echo "Converted DMG" rm "$tmpDMGLocation" # Attach dmg hdiutil attach "$tmprwDMGLocation" -nobrowse echo "Attached R-W DMG" sleep 15 # Delete old ACTransformations.xml file # If you are not using the VPN function, it can be hidden from the GUI # If you are using the VPN #rm -rf "/Volumes/$5/Profiles/ACTransforms.xml" #echo "Deleted ACTransforms.xml file" # Creates new ACTransforms.xml file #echo "$HideVPNGUI" > "/Library/Application Support/JAMF/Waiting Room/ACTransforms.xml" # Call Jamf policy to create choices file and OrgInfo.json in waiting room jamf policy -event CiscoChoices jamf policy -event CiscoJSON echo "Cisco required configs created" # Moves OrgInfo.json, ACTransforms.xml installer choices file into the Read/Write DMG mv "/Library/Application Support/JAMF/Waiting Room/CiscoChoices.xml" "/Volumes/$5" mv "/Library/Application Support/JAMF/Waiting Room/OrgInfo.json" "/Volumes/$5/Profiles/umbrella" mv "/Library/Application Support/JAMF/Waiting Room/ACTransforms.xml" "/Volumes/$5/Profiles/" echo "Files moved to required locations" # Unmounts Read Write DMG hdiutil detach "/Volumes/$5" sleep 5 # Converts back to read only /usr/bin/hdiutil convert "$tmprwDMGLocation" -format UDZO -o "$NewDMGLocation" sleep 10 #Moves back to waiting room for Jamf mv "$NewDMGLocation" "/Library/Application Support/JAMF/Waiting Room/" # Added sleep to allow computer to catch up sleep 5 # Attach modified read only dmg hdiutil attach "$WaitingRoomDMG" -nobrowse # Added sleep to allow computer to catch up sleep 5 # Installs Cisco AnyConnect installer -applyChoiceChangesXML "/Volumes/$5/CiscoChoices.xml" -pkg "/Volumes/$5/Cisco Secure Client.pkg" -target / echo "Installed Cisco Secure Client Umbrella" sleep 15 # Unmount Read-Write DMG hdiutil detach "/Volumes/$5" echo "Unmounted DMG" sleep 5 # Delete DMGs rm "$WaitingRoomDMG" echo "Deleted DMG from Waiting Room" # Deletes uninstallers this can be commented out if you want to leave them #rm -rf "/Applications/Cisco/Uninstall Cisco Secure Client.app" # rm -rf "/Applications/Cisco/Uninstall Cisco Secure Client - DART.app" # Opens the app to ensure it's on the menu bar #open "/Applications/Cisco/Cisco Secure Client.app" # Deletes temp folder rm -rf "/tmp/CiscoInstaller/" exit 0

 

Lines 111 and 111 install the choices and json file in separate polices using custom triggers.

 


Forum|alt.badge.img+1
Bernard295Clark wrote:

Hello!

To set up your Cisco Secure Client VPN more efficiently, you can use a script to package your configured XML and JSON files, and automate the DMG preparation. Ensure proper permissions and use full paths for commands. Add logging for debugging and include delays to ensure each step completes correctly. Your script should handle converting the DMG, mounting it, moving the necessary files, and ejecting the installer before renaming the DMG for the new version. Adjustments for syntax and permissions should help resolve issues when running from Jamf Policy. 



@Bernard295Clark wrote:

Hello!

To set up your Cisco Secure Client VPN more efficiently, you can use a script to package your configured XML and JSON files, and automate the DMG preparation. Ensure proper permissions and use full paths for commands. Add logging iTero Com for debugging and include delays to ensure each step completes correctly. Your script should handle converting the DMG, mounting it, moving the necessary files, and ejecting the installer before renaming the DMG for the new version. Adjustments for syntax and permissions should help resolve issues when running from Jamf Policy. 


I hope this helps you!

Best Regards,

Bernard


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings