How to run a script as administrator

Kminarik
New Contributor II

I need to run an activation script as administrator after my pkg installs. I've successfully created the install pkg, in the self service center, it runs, executes, then fails. I've been able to run the pkg and the script manually on the mac, it prompts for the su administrator pwd. Not sure how to script the pwd prompt. Any help would be greatly appreciated.

script:
su administrator

sudo bash -c " if [[ -f /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ]]; then /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=##### CustomerId=########; else /Applications/QualysCloudAgent.app/Contents/MacOS/qualys-cloud-agent.sh ActivationId=##### CustomerId=#####; fi"

11 REPLIES 11

shaquir
Contributor III

Hi @Kminarik ,
Is this script added in the package as a postinstall script, or is the script in Jamf Pro as a Script in the policy?

Kminarik
New Contributor II

In JamfPro as a script in the policy after the pkg install

james_spencer
New Contributor III

I also use qualys. Just remove su administrator from your script. Jamf runs everything as root anyway

Kminarik
New Contributor II

I removed the su administrator. The policy runs the pkg and script successfully, but the agents are not showing up in Qualys.

65fa765963f54cedbeadf1a721c97fa0

nikjamf
New Contributor III

Hello, any success to install this agent? Is the script is a part of the package?
Thank you

pknomad
New Contributor II

@nikjamf

Script is not part of the package. To install Qualys via Jamf, you need a policy to:

  1. Install the package (just upload the qualys install agent pkg file and deploy)
  2. Run the script
#!/bin/bash bash -c " if [[ -f /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ]]; then /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=$ CustomerId=$; else /Applications/QualysCloudAgent.app/Contents/MacOS/qualys-cloud-agent.sh ActivationId=$ CustomerId=$; fi"

Replace $ with the actual activation and customer ID #. You also need Full Disk Access permission to let Qualys scan everything. You can use PPPC Utility for that.

chrisu
New Contributor

Is there a reason this can't be run under the pkg policy, on the Files and Processes configuration? The Packages installs the Qualys pkg on the distribution point, then Files and Processes runs the bash -c. (I've already taken sudo out, the screenshot reminded me it was there). That's how I have it set up and it according to our Qualys admins the Macs are reporting in and all looks good.
dda4e7f30fae47f2b0ae424b64ec2681

pknomad
New Contributor II

Different ways to skin the cat I suppose. Operationally our team uses scripts as opposed to files & processes because we keep track of changes of the scripts and maintain larger scripts as well.

marklamont
Contributor III

@chrisu The main advantages of scripts are they are reusable, so you can edit the script and change any policies using it at once when you cock up it in the first place :-( but also you can use the jamf script variables so you can have different configs, maybe live an UAT in this case, and just set the variables for each instance.

Kminarik
New Contributor II

@pknomad

The script works, installs the Qualys agent on the Mac. However I have about a 50% success with the scanning. Some of the Mac's that aren't reporting in Qualys are getting this error: 2020-10-21 08:25:07.286 [qualys-cloud-agent.provision][3043]:[Fatal]:Failed to write hostID to path: /etc/qualys/hostid, error:sh: line 1: /Applications/QualysCloudAgent.app/Contents/MacOS/qagent_hostid.sh: Permission denied

Any advice on how to use the Full Disk Access permission to let Qualys scan everything using the PPPC Utility?

webbo
New Contributor

Did you ever figure out how to give FDA to Qualys?