Jamf Nation Community

Mhomar · ‎08-24-2015

I am having trouble with several remote Mavericks computers where the Policy that runs the Security Update 2015-006 is failing. I have a feeling it is a VPN disconnect issue before the computer can report to the JSS. At this point my only way to determine if the policy has run is an Inventory Report on "Receipts Information" using "Packages Installed By Casper". It would be very helpful to find a system file that suggests the Security Update was actually applied via an extension attribute or local search. Any Ideas on how to accomplish this?

mm2270 · ‎08-24-2015

Hmm, OK I see what you mean. Given that every security update is going to be touching different files, I doubt relying on looking for a modified file is going to work.
I normally hate to invoke it since its sometimes slow, but in this, system_profiler will be your friend
Try the following:

system_profiler SPInstallHistoryDataType | grep "Security Update"

That should list all Apple Security Updates installed.

View solution in original post

mm2270 · ‎08-24-2015

I'm not clear what the effective difference would be between looking for an Apple package receipt versus some piece of data collected in a script based EA. Both will require a full inventory report to be submitted back to the JSS from the Mac. Why not just use Package Receipts? Maybe build a Smart group of Macs that have or do not have the receipt? Unless you have disabled Receipt collection on your JSS for some reason?

Also, the local client should retain a log of the policy run if a disconnect happens before it can submit the log back to the JSS. You might find on those clients that the /Library/Application Support/JAMF/logs/ directory has at least one log file in it that would get submitted once the next recon occurs.

Mhomar · ‎08-24-2015

Mike, thanks for the quick reply.... every now and again, I have a difficult time being clear and what I am asking and this is one of them.

Lets leave the reporting out of this question for now. Security Updates are pretty much the only packages that I do not have a file that I can target other than the "Package Receipt" to determine if the update has applied. Most other updates I can get a version number or some such bit of data that tells me the patch is applied in the OS. That is what I would be looking for here. There very well might not be a consistent data bit that I can look for in a Security update other than the Package Receipt?

mm2270 · ‎08-24-2015

Hmm, OK I see what you mean. Given that every security update is going to be touching different files, I doubt relying on looking for a modified file is going to work.
I normally hate to invoke it since its sometimes slow, but in this, system_profiler will be your friend
Try the following:

system_profiler SPInstallHistoryDataType | grep "Security Update"

That should list all Apple Security Updates installed.

Josh_Smith · ‎08-24-2015

Another option:

Every Security Update changes the OS build number....so if you are creating a Smart Group you can just use the build number in the OS Version field. For example: The build number for 10.9.5 with 2015-006 applied is 13F1112.

The Wikipedia page is an easy place to see the build numbers for 10.9 with the various security updates applied.
Mavericks on Wikipedia

Mhomar · ‎08-26-2015

Boom Baby! Thank @mm2270 I knew you could do it ;-)

Ok and Josh... the Build number is a good runner up and a cool tidbit that I did not know.

othernamen · ‎11-06-2018

Hey,

Thanks, old info but helpfull. Im wondering, Josh mentioned: "The build number for 10.9.5 with 2015-006 applied is 13F1112".

But..Would it be same build number if applied 2015-006 to say 10.9.3? or 10.9.6?

Thanks,

Ivan

Jamf Nation Community

Is there a way to determine (at file level) if Security Update 2015-006 actually applied to the OS?