Posted on 05-04-2020 02:14 PM
I need to run an activation script as administrator after my pkg installs. I've successfully created the install pkg, in the self service center, it runs, executes, then fails. I've been able to run the pkg and the script manually on the mac, it prompts for the su administrator pwd. Not sure how to script the pwd prompt. Any help would be greatly appreciated.
sudo bash -c " if [[ -f /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ]]; then /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=##### CustomerId=########; else /Applications/QualysCloudAgent.app/Contents/MacOS/qualys-cloud-agent.sh ActivationId=##### CustomerId=#####; fi"
Posted on 05-04-2020 05:26 PM
Hi @Kminarik ,
Is this script added in the package as a postinstall script, or is the script in Jamf Pro as a Script in the policy?
Posted on 05-05-2020 05:24 AM
In JamfPro as a script in the policy after the pkg install
Posted on 05-05-2020 05:30 AM
I also use qualys. Just remove su administrator from your script. Jamf runs everything as root anyway
Posted on 05-05-2020 02:08 PM
I removed the su administrator. The policy runs the pkg and script successfully, but the agents are not showing up in Qualys.
Posted on 08-20-2020 12:40 PM
Hello, any success to install this agent? Is the script is a part of the package?
Posted on 08-24-2020 11:50 AM
Script is not part of the package. To install Qualys via Jamf, you need a policy to:
#!/bin/bash bash -c " if [[ -f /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ]]; then /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=$ CustomerId=$; else /Applications/QualysCloudAgent.app/Contents/MacOS/qualys-cloud-agent.sh ActivationId=$ CustomerId=$; fi"
Replace $ with the actual activation and customer ID #. You also need Full Disk Access permission to let Qualys scan everything. You can use PPPC Utility for that.
Posted on 09-28-2020 10:54 AM
Is there a reason this can't be run under the pkg policy, on the Files and Processes configuration? The Packages installs the Qualys pkg on the distribution point, then Files and Processes runs the bash -c. (I've already taken sudo out, the screenshot reminded me it was there). That's how I have it set up and it according to our Qualys admins the Macs are reporting in and all looks good.
Posted on 09-30-2020 09:53 AM
Different ways to skin the cat I suppose. Operationally our team uses scripts as opposed to files & processes because we keep track of changes of the scripts and maintain larger scripts as well.
Posted on 10-04-2020 02:00 PM
@chrisu The main advantages of scripts are they are reusable, so you can edit the script and change any policies using it at once when you cock up it in the first place :-( but also you can use the jamf script variables so you can have different configs, maybe live an UAT in this case, and just set the variables for each instance.
Posted on 10-27-2020 08:50 AM
The script works, installs the Qualys agent on the Mac. However I have about a 50% success with the scanning. Some of the Mac's that aren't reporting in Qualys are getting this error: 2020-10-21 08:25:07.286 [qualys-cloud-agent.provision]:[Fatal]:Failed to write hostID to path: /etc/qualys/hostid, error:sh: line 1: /Applications/QualysCloudAgent.app/Contents/MacOS/qagent_hostid.sh: Permission denied
Any advice on how to use the Full Disk Access permission to let Qualys scan everything using the PPPC Utility?