I need to run an activation script as administrator after my pkg installs. I've successfully created the install pkg, in the self service center, it runs, executes, then fails. I've been able to run the pkg and the script manually on the mac, it prompts for the su administrator pwd. Not sure how to script the pwd prompt. Any help would be greatly appreciated.
sudo bash -c " if [[ -f /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ]]; then /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=##### CustomerId=########; else /Applications/QualysCloudAgent.app/Contents/MacOS/qualys-cloud-agent.sh ActivationId=##### CustomerId=#####; fi"
Script is not part of the package. To install Qualys via Jamf, you need a policy to:
#!/bin/bash bash -c " if [[ -f /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ]]; then /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent.sh ActivationId=$ CustomerId=$; else /Applications/QualysCloudAgent.app/Contents/MacOS/qualys-cloud-agent.sh ActivationId=$ CustomerId=$; fi"
Replace $ with the actual activation and customer ID #. You also need Full Disk Access permission to let Qualys scan everything. You can use PPPC Utility for that.
Is there a reason this can't be run under the pkg policy, on the Files and Processes configuration? The Packages installs the Qualys pkg on the distribution point, then Files and Processes runs the bash -c. (I've already taken sudo out, the screenshot reminded me it was there). That's how I have it set up and it according to our Qualys admins the Macs are reporting in and all looks good.
@chrisu The main advantages of scripts are they are reusable, so you can edit the script and change any policies using it at once when you cock up it in the first place :-( but also you can use the jamf script variables so you can have different configs, maybe live an UAT in this case, and just set the variables for each instance.
The script works, installs the Qualys agent on the Mac. However I have about a 50% success with the scanning. Some of the Mac's that aren't reporting in Qualys are getting this error: 2020-10-21 08:25:07.286 [qualys-cloud-agent.provision]:[Fatal]:Failed to write hostID to path: /etc/qualys/hostid, error:sh: line 1: /Applications/QualysCloudAgent.app/Contents/MacOS/qagent_hostid.sh: Permission denied
Any advice on how to use the Full Disk Access permission to let Qualys scan everything using the PPPC Utility?