Posted on 02-06-2018 09:21 AM
Please let me know if this isn't the correct tool for what I want to acheive. We are a school and we use FortiClient Anti-Virus on our student and faculty machines.
Sometimes after a while FortiClient icon will disappear from the top tool bar and stop communicating with the EMS.
Is a launchdaemon the correct tool to periodically relaunch the program. Maybe once a day and or when the machine is restarted and logged back in? Would this just be a simple Login Window thing?
None of our machines are bound to AD. I'm not super comfortable creating deamons. Is there a tool or a guide that can help me with this?
Posted on 02-06-2018 09:28 AM
The thing you are checking - is it running as the user? or root? Pick a computer things are working on and open Activity Monitor. Find the process name and see the User. If it's the logged in user, then you need a LaunchAgent. If it is root, then you need a launchDaemon. And I wouldn't create a new LaunchD - there's likely already one so you just need to restart it.
Look in /Library/LaunchDaemons for one with the Forticlient name in it. Then issue this command from Jamf using 'File's and Processes' task.
launchctl unload /Library/LaunchDaemons/com.forticlient.plist; launchctl load /Library/LaunchDaemons/com.forticlient.plist
If it's running as the user, then things get a little more complicated. It's possible that the scanner part runs as root and a menu item (optional) runs as the user.
Posted on 02-06-2018 10:31 AM
A launchagent runs as the user, a launchdaemon runs as root. Most apps with a user interface that would run would be a launchagent. Processes may need to run as either.
Posted on 02-06-2018 10:37 AM
Here are some tools that might help you.
Posted on 02-06-2018 11:06 AM
In activity monitor FortiClient is running as the logged in user. There are FortiClient LaunchDaemons and LaunchAgents so its running as root and the logged in user.
So is it as simple as running at command in jamf to reload the daemon/agent?
Posted on 02-06-2018 11:34 AM
It's likely the LaunchDaemon is running one part of the Forticlient process, and the LaunchAgent is running something user facing, like the icon at the top of the toolbar that you referenced in your first post.
So, if you need to relaunch the LaunchAgent, the above
launchctl load code by itself isn't going to work when run from a policy, because policies run as root, and it would attempt to load the LaunchAgent in the root account space, which it can't do.
For this, I would use
launchctl asuser, possibly first to see if the agent is running, and then to launch it if it's not already running and needs to be.
Here's a sample script, but you will need to determine the exact process name that shows up in the command line and plug that in, as well as the LaunchAgent file name. I don't use Forticlient so I don't know what either of those are. Is the FortiClientAgent name in your screenshot the actual user facing process? If so, you would use that in the
ForticlientProcess section below.
#!/bin/bash ## Get logged in user and UID loggedInUser=$(stat -f%Su /dev/console) loggedInUID=$(id -u $loggedInUser) ## Put the name of the process you want to check on here. Do "ps axc" in Terminal to look for the name ForticlientProcess="FortiClientProcess" ## Put the LaunchAgent plist path and name here ForticlientAgentPlist="/Library/LaunchAgents/com.something.plist" if [ "$loggedInUser" != "root" ]; then echo "A user is logged in. Checking for agent process..." ## Check for agent as user FCProcCheck=$(/bin/launchctl asuser $loggedInUID sudo -iu $loggedInUser ps axc | grep "$ForticlientProcess" 2>&1 >/dev/null; echo $?) if [ "$FCProcCheck" != 0 ]; then echo "Agent is not running. Reloading..." /bin/launchctl asuser $loggedInUID /bin/launchctl unload "$ForticlientAgentPlist" /bin/launchctl asuser $loggedInUID /bin/launchctl load "$ForticlientAgentPlist" else echo "Agent process is running. Nothing to do." exit 0 fi else echo "No-one logged in. Cannot check on agent process." exit 0 fi