Issue with deploying Forescout connector on Mac via Jamf policy

Jaykrishna1
Contributor II

We are trying to deploy the Forescout connector on a Mac machine through a Jamf policy, which requires us to deploy a .pkg file, a script, and most importantly, the folder containing the Forescout agent on the desktop. This folder includes the launch daemon and a few other commands. However, we are encountering errors and are not able to successfully deploy the folder. Can you advise us on how to proceed?

3 ACCEPTED SOLUTIONS

AJPinto
Esteemed Contributor

I found it better to just use a script and get the Forescout .tar with curl and do everything on the Mac.

 

#!/bin/sh

####################################################################################################
#* 
####################################################################################################

#Downloading OSX Update Package to /tmp on the host

curl -o {path where you want to save the dowload}.tgz http://{source file URL}; sleep 3

#Extracting update.tgz to /tmp

tar -zxvf {path where you want to save the download}.tgz -C {path where you want to uncompress the tar}; sleep 3

#Installing SecureConnector as a Daemon/Dissolvable w/ visible/invisible menu bar icon

sudo sh {path where you want to save the download}/Update.sh -t daemon -v 1; sleep 3

#Checking/Starting processes in case they did not start on install

daemon_pid=`ps auxww | grep -v grep | egrep "ForeScout SecureConnector.-daemon" | awk '{print $2}'`
agent_pid=`ps auxww | grep -v grep | egrep "ForeScout SecureConnector.-agent" | awk '{print $2}'`
daemon_plist=/Library/LaunchDaemons/com.forescout.secureconnector.daemon.plist
agent_plist=/Library/LaunchAgents/com.forescout.secureconnector.agent.plist

if [[ -z "$daemon_pid" && -z "$agent_pid" ]]; then

#Starting Daemon process

launchctl unload $daemon_plist
launchctl load $daemon_plist

#Starting GUI process

launchctl unload $agent_plist
launchctl load $agent_plist

elif [[ ! -z "$daemon_pid" && -z "$agent_pid" ]]; then

#Starting GUI process

launchctl unload $agent_plist
launchctl load $agent_plist

fi

#Clean-up a little

sudo rm -rf {path where you want to save the download}.tgz {path where you want to uncompress the tar}

 

View solution in original post

Hello,

 

Thanks for sharing this information and sample script as I have modified this and deployed it to my few machines along with the .pkg of application through Jamf Policy and found that it's perfectly working in our only two machines and in the rest machine it's got installed but not reflecting in the menubar. Jamf policy logs are same compare to working machine

View solution in original post

Jaykrishna1
Contributor II

We recently had a meeting with the Forescout Connector team to address an issue with the application not running and not appearing in the Menubar on some machines. Despite their review, they were unable to identify any specific reasons for the problem. In an attempt to resolve the issue, I reconfigured a working machine, but unfortunately, the application did not launch and did not appear in the machine either.

 

Therefore, we had to troubleshoot and find an alternative way to deploy the application. We created a new policy in Jamf that includes two .pkg files. The first file is a folder with a priority of 1 that contains com.forescout.secureconnector.plist, launchScComponents.sh, startScDaemon, stopSc.sh, Uninstall.sh, and Update.sh. This folder will be installed in the /Users (Macintosh HD) directory and is secured against deletion by non-administrative users. The second .pkg file is the installation package for the Forescout Connector agent.

 

Finally, we added a script

 

 #!/bin/sh

cd /Users/Update

 

sudo ./Update.sh -t daemon -v 1

 

to open and run the folder item to launch the daemon. The result of this deployment strategy is that we have successfully installed the application on over 400 machines and it is now available in the menubar.

View solution in original post

9 REPLIES 9

sdagley
Esteemed Contributor II

@Jaykrishna1 Have you looked to see if Forescout provides a guide for deploying via Jamf Pro? That folder you describe probably isn't something to be placed on the user's Desktop. That's not where apps are normally installed on a Mac, and is definitely the wrong location for a LaunchDaemon, so it's probably the things that need to be installed in other locations.

Yes, that make sense will check this out. also could you please advise on how we can deploy any folder on mac using jamf policy ?

sdagley
Esteemed Contributor II

@Jaykrishna1 To deploy a folder you'd need to create a deployment installer with Composer. If you create a .dmg installer you can use the Fill Existing User option in Composer to replicate a folder to all existing user accounts on a Mac. If you create a .pkg installer you'd have the folder installed in a hidden temporary location (e.g. /var/tmp/somefoldername/) and then use a postinstall script to copy that into the desired directory for the active user, or if there are multiple users copy it into the desired directory for all existing users.

AJPinto
Esteemed Contributor

I found it better to just use a script and get the Forescout .tar with curl and do everything on the Mac.

 

#!/bin/sh

####################################################################################################
#* 
####################################################################################################

#Downloading OSX Update Package to /tmp on the host

curl -o {path where you want to save the dowload}.tgz http://{source file URL}; sleep 3

#Extracting update.tgz to /tmp

tar -zxvf {path where you want to save the download}.tgz -C {path where you want to uncompress the tar}; sleep 3

#Installing SecureConnector as a Daemon/Dissolvable w/ visible/invisible menu bar icon

sudo sh {path where you want to save the download}/Update.sh -t daemon -v 1; sleep 3

#Checking/Starting processes in case they did not start on install

daemon_pid=`ps auxww | grep -v grep | egrep "ForeScout SecureConnector.-daemon" | awk '{print $2}'`
agent_pid=`ps auxww | grep -v grep | egrep "ForeScout SecureConnector.-agent" | awk '{print $2}'`
daemon_plist=/Library/LaunchDaemons/com.forescout.secureconnector.daemon.plist
agent_plist=/Library/LaunchAgents/com.forescout.secureconnector.agent.plist

if [[ -z "$daemon_pid" && -z "$agent_pid" ]]; then

#Starting Daemon process

launchctl unload $daemon_plist
launchctl load $daemon_plist

#Starting GUI process

launchctl unload $agent_plist
launchctl load $agent_plist

elif [[ ! -z "$daemon_pid" && -z "$agent_pid" ]]; then

#Starting GUI process

launchctl unload $agent_plist
launchctl load $agent_plist

fi

#Clean-up a little

sudo rm -rf {path where you want to save the download}.tgz {path where you want to uncompress the tar}

 

sdagley
Esteemed Contributor II

A scripted install alternative for something that requires building a .pkg with a postinstall script definitely makes deployment easier.

PSA concerning launchctl... The load and unload subcommands for launchctl have been considered legacy since Apple re-wrote launchd for macOS 10.10 Yosemite and the replacement subcommands are bootstrap and bootout. These commands require a domain parameter which avoids the problem with the legacy command inferring the domain from the context the command was being run from. See https://babodee.wordpress.com/2016/04/09/launchctl-2-0-syntax/ for a discussion of the launchd changes in 10.10.

AJPinto
Esteemed Contributor

Very good point on the launchctl. I wrote (probably stole) this script quite some time back and keep forgetting to go back and update it. 

So, What I understand....is I just need to little modify this script and along with Forescout .pkg we need to deploy it on the machine using policy?

Hello,

 

Thanks for sharing this information and sample script as I have modified this and deployed it to my few machines along with the .pkg of application through Jamf Policy and found that it's perfectly working in our only two machines and in the rest machine it's got installed but not reflecting in the menubar. Jamf policy logs are same compare to working machine

Jaykrishna1
Contributor II

We recently had a meeting with the Forescout Connector team to address an issue with the application not running and not appearing in the Menubar on some machines. Despite their review, they were unable to identify any specific reasons for the problem. In an attempt to resolve the issue, I reconfigured a working machine, but unfortunately, the application did not launch and did not appear in the machine either.

 

Therefore, we had to troubleshoot and find an alternative way to deploy the application. We created a new policy in Jamf that includes two .pkg files. The first file is a folder with a priority of 1 that contains com.forescout.secureconnector.plist, launchScComponents.sh, startScDaemon, stopSc.sh, Uninstall.sh, and Update.sh. This folder will be installed in the /Users (Macintosh HD) directory and is secured against deletion by non-administrative users. The second .pkg file is the installation package for the Forescout Connector agent.

 

Finally, we added a script

 

 #!/bin/sh

cd /Users/Update

 

sudo ./Update.sh -t daemon -v 1

 

to open and run the folder item to launch the daemon. The result of this deployment strategy is that we have successfully installed the application on over 400 machines and it is now available in the menubar.