Create SysDiagnose item for Self Service

janzaldua
Contributor

I am having a little brain fart here, but I'm sure it's simple. When I run this jamf policy using the event flag from Terminal, it runs just fine (probably because it prompts for my credentials). But if I try to run it from self service, I get an error that a Terminal is required for the password.

Script:

#!/bin/bash

#Find current logged in user
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

#Runs SysDiagnose as Current User
su $loggedInUser -c "sudo /usr/bin/sysdiagnose -u -f ~/Desktop/"

Error:

Screenshot 2024-05-09 at 5.28.05 PM.png

I want users to have the capability to run SysDiagnose from Self Service, without it prompting for a password.

1 ACCEPTED SOLUTION

janzaldua
Contributor

Nevermind, I figured it out...

New Script:

 

#!/bin/bash

#Find current logged in user
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

#Runs SysDiagnose and places ZIP on User's Desktop
/usr/bin/sysdiagnose -u -f /Users/$loggedInUser/Desktop

 

View solution in original post

4 REPLIES 4

janzaldua
Contributor

Nevermind, I figured it out...

New Script:

 

#!/bin/bash

#Find current logged in user
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

#Runs SysDiagnose and places ZIP on User's Desktop
/usr/bin/sysdiagnose -u -f /Users/$loggedInUser/Desktop

 

howie_isaacks
Valued Contributor II

Thanks for posting this! I made a modification to instead store the sysdiagnose data in /usr/local/Management, a folder I create in a lot of my scripts to be a storage location. A follow up script can handle copying the file to a Mac's Jamf Pro inventory where I can download it when needed. For some things, I don't want to disturb the user.

#!/bin/bash

# Location of the Management folder
managementFolder="/usr/local/Management/"

# Create Management folder if it doesn't exist
if ! [ -d "$managementFolder" ]; then
	echo "Creating Management folder"
	mkdir "$managementFolder"
else
	echo "Managefolder exists..."
fi

#Runs SysDiagnose and places ZIP in the Management folder
echo "Running sysdianose. Saving to $managementFolder."
/usr/bin/sysdiagnose -u -f ${managementFolder}

Thanks for the insight! How would one download the file from the Jamf Pro inventory? I typically am ok with the sysdiagnose going to the desktop, as I would only be doing that while working with the user. But it's interesting to figure out how to download the file later.

howie_isaacks
Valued Contributor II

My policy uses the script that I posted above with the "Before" priority and this script that I got from Github with the "After" priority. I modified the script from https://github.com/kc9wwh/logCollection/blob/master/logCollection.sh. It's below. I changed it to use a bearer token and I changed the variables to work better with what I needed. I created a function called "jamfAPI_auth" that I use in every script that uses the Jamf API.

#!/bin/bash

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# Copyright (c) 2020 Jamf.  All rights reserved.
#
#       Redistribution and use in source and binary forms, with or without
#       modification, are permitted provided that the following conditions are met:
#               * Redistributions of source code must retain the above copyright
#                 notice, this list of conditions and the following disclaimer.
#               * Redistributions in binary form must reproduce the above copyright
#                 notice, this list of conditions and the following disclaimer in the
#                 documentation and/or other materials provided with the distribution.
#               * Neither the name of the Jamf nor the names of its contributors may be
#                 used to endorse or promote products derived from this software without
#                 specific prior written permission.
#
#       THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
#       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#       DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
#       DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
#       (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#       LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#       ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#       (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
#       SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# This script was designed to be used in a Self Service policy to allow the facilitation
# or log collection by the end-user and upload the logs to the device record in Jamf Pro
# as an attachment.
#
# REQUIREMENTS:
#           - Jamf Pro
#           - macOS Clients running version 10.13 or later
#
#
# For more information, visit https://github.com/kc9wwh/logCollection
#
# Written by: Joshua Roskos | Jamf
# Modified 2024-08-21 Howie Isaacks
# Added Jamf auth function, modified variables
#
# Revision History
# 2020-12-01: Added support for macOS Big Sur
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

## Variables
logFiles="$4"

## System Variables
mySerial=$( system_profiler SPHardwareDataType | grep Serial |  awk '{print $NF}' )
currentUser=$( stat -f%Su /dev/console )
compHostName=$( scutil --get LocalHostName )
timeStamp=$( date '+%Y-%m-%d-%H-%M-%S' )
osMajor=$(/usr/bin/sw_vers -productVersion | awk -F . '{print $1}')
osMinor=$(/usr/bin/sw_vers -productVersion | awk -F . '{print $2}')

## Log Collection
fileName=$compHostName-$currentUser-$timeStamp.zip
zip -r /private/tmp/$fileName $logFiles

function jamfAPI_auth() {
	# API login
	jamfProURL="https://yourcompany.jamfcloud.com"
	username="apiuser"
	password="SuperDuperSecretPassword!"
	
	# request auth token
	authToken=$( /usr/bin/curl \
--request POST \
--silent \
--url "$jamfProURL/api/v1/auth/token" \
--user "$username:$password" )
	
	# parse auth token
	token=$( /usr/bin/plutil \
-extract token raw - <<< "$authToken" )
	
	tokenExpiration=$( /usr/bin/plutil \
-extract expires raw - <<< "$authToken" )
	
	localTokenExpirationEpoch=$( TZ=GMT /bin/date -j \
-f "%Y-%m-%dT%T" "$tokenExpiration" \
+"%s" 2> /dev/null )
}

jamfAPI_auth
echo "$token"

## Upload Log File
if [[ "$osMajor" -ge 11 ]]; then
	jamfProID=$( curl -k -H "Accept: text/xml" -H "Authorization: Bearer ${token}" $jamfProURL/JSSResource/computers/serialnumber/$mySerial/subset/general | xpath -e "//computer/general/id/text()" )
elif [[ "$osMajor" -eq 10 && "$osMinor" -gt 12 ]]; then
	jamfProID=$( curl -k -H "Authorization: Bearer ${token}" $jamfProURL/JSSResource/computers/serialnumber/$mySerial/subset/general | xpath "//computer/general/id/text()" )
fi

curl -k -H "Authorization: Bearer ${token}" $jamfProURL/JSSResource/fileuploads/computers/id/$jamfProID -F name=@/private/tmp/$fileName -X POST

## Cleanup
rm /private/tmp/$fileName

exit 0