Is there a way to determine (at file level) if Security Update 2015-006 actually applied to the OS?

Mhomar
Contributor

I am having trouble with several remote Mavericks computers where the Policy that runs the Security Update 2015-006 is failing. I have a feeling it is a VPN disconnect issue before the computer can report to the JSS. At this point my only way to determine if the policy has run is an Inventory Report on "Receipts Information" using "Packages Installed By Casper". It would be very helpful to find a system file that suggests the Security Update was actually applied via an extension attribute or local search. Any Ideas on how to accomplish this?

1 ACCEPTED SOLUTION

mm2270
Legendary Contributor II

Hmm, OK I see what you mean. Given that every security update is going to be touching different files, I doubt relying on looking for a modified file is going to work.
I normally hate to invoke it since its sometimes slow, but in this, system_profiler will be your friend
Try the following:

system_profiler SPInstallHistoryDataType | grep "Security Update"

That should list all Apple Security Updates installed.

View solution in original post

6 REPLIES 6

mm2270
Legendary Contributor II

I'm not clear what the effective difference would be between looking for an Apple package receipt versus some piece of data collected in a script based EA. Both will require a full inventory report to be submitted back to the JSS from the Mac. Why not just use Package Receipts? Maybe build a Smart group of Macs that have or do not have the receipt? Unless you have disabled Receipt collection on your JSS for some reason?

Also, the local client should retain a log of the policy run if a disconnect happens before it can submit the log back to the JSS. You might find on those clients that the /Library/Application Support/JAMF/logs/ directory has at least one log file in it that would get submitted once the next recon occurs.

Mhomar
Contributor

Mike, thanks for the quick reply.... every now and again, I have a difficult time being clear and what I am asking and this is one of them.

Lets leave the reporting out of this question for now. Security Updates are pretty much the only packages that I do not have a file that I can target other than the "Package Receipt" to determine if the update has applied. Most other updates I can get a version number or some such bit of data that tells me the patch is applied in the OS. That is what I would be looking for here. There very well might not be a consistent data bit that I can look for in a Security update other than the Package Receipt?

mm2270
Legendary Contributor II

Hmm, OK I see what you mean. Given that every security update is going to be touching different files, I doubt relying on looking for a modified file is going to work.
I normally hate to invoke it since its sometimes slow, but in this, system_profiler will be your friend
Try the following:

system_profiler SPInstallHistoryDataType | grep "Security Update"

That should list all Apple Security Updates installed.

Josh_Smith
Contributor III

Another option:

Every Security Update changes the OS build number....so if you are creating a Smart Group you can just use the build number in the OS Version field. For example: The build number for 10.9.5 with 2015-006 applied is 13F1112.

The Wikipedia page is an easy place to see the build numbers for 10.9 with the various security updates applied.
Mavericks on Wikipedia

Mhomar
Contributor

Boom Baby! Thank @mm2270 I knew you could do it ;-)

Ok and Josh... the Build number is a good runner up and a cool tidbit that I did not know.

othernamen
New Contributor II

Hey,

Thanks, old info but helpfull. Im wondering, Josh mentioned: "The build number for 10.9.5 with 2015-006 applied is 13F1112".

But..Would it be same build number if applied 2015-006 to say 10.9.3? or 10.9.6?

Thanks,

Ivan