Posted on 11-02-2013 12:51 PM
JSS 8.62
I am having an issue with the "Enable Firewall.sh" script from JamfNation when I run it in a policy. I have this run on all machines, even if the machines has the firewall already enabled, because there have been times when a user has disabled their firewall and I want the machine to re-enable it.
POLICY:
Triggered by login
Set to Run the script as Before with parameter 4 = TRUE
On some of the computers I am getting this error/policy failure log.
/usr/sbin/jamf is version 8.62
Executing Policy Enable Firewall...
Creating directory structure for /Library/Application Support/JAMF/Downloads/
Downloading https://jamfserver:443/software/Scripts/enableFirewall.sh...
Running script enableFirewall.sh...
Script exit code: 0
Script result: Enabling Firewall for OS 10.8 ...
launchctl: Error unloading: com.apple.alf.useragent
Anyone know why this is having an issue unloading the com.apple.alf.useragent?
Solved! Go to Solution.
Posted on 11-04-2013 07:09 AM
@tuinte - I did receive information from JAMFsupport.
These errors are indicating that the launch daemon isn't loaded on these computers. We can either suppress the errors or add a check to see if the launch daemon is loaded by adding a "2>/dev/null" to the end of each line that UNLOADS the task. Here's an example:
/bin/launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist 2>/dev/null /bin/launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist 2>/dev/null
This seems to have either fixed the problem or at least stopped the policy from reporting failure.
Posted on 11-02-2013 01:33 PM
I'm not familiar with the script, but you'd get an error like that if the launchagent you're trying to unload has not been loaded.
Posted on 11-04-2013 06:57 AM
@ zmbarker - I'm using the same script and am getting the same error almost every time it is run. That being said, it DOES enable the firewall and I haven't had any issues afterward. We are using it in production despite the error. YMMV?
Posted on 11-04-2013 07:09 AM
@tuinte - I did receive information from JAMFsupport.
These errors are indicating that the launch daemon isn't loaded on these computers. We can either suppress the errors or add a check to see if the launch daemon is loaded by adding a "2>/dev/null" to the end of each line that UNLOADS the task. Here's an example:
/bin/launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist 2>/dev/null /bin/launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist 2>/dev/null
This seems to have either fixed the problem or at least stopped the policy from reporting failure.
Posted on 11-04-2013 11:47 AM
Thanks a bunch.