Issue with Jamf Remote with mac : deleting Jamf binary !!

New Contributor


After use of JAMF Remote, the jamf binary goes to 0 byte !

Our JSS cloud is in 10.2.0
Our JAMF Remote is in 10.2.1 (done the same on 10.2.2 as well)

Here is explanation (see logs below for more details) :

  • "JAMF Remote" connects well
  • Check the jamf binary version : KO (10.2.0, expecting 10.2.1)
 /usr/local/bin/jamf is (10.2.0-t1518103206) not the current version (10.2.1-t1518903662).
  • Tried to download the binary
 /usr/bin/curl -s --connect-timeout 15 '' >/private/tmp/jamf

But the computer is behind proxies to access to the internet so the out file is 0 byte

  • Copy the 0 byte binary (without checking the size nor checksum) to /usr/local/jamf/bin/jamf (overwriting the actual jamf binary)
/usr/bin/sudo /bin/cp /private/tmp/jamf /usr/local/jamf/bin/jamf

-> After that, there is no more jamf binary on the mac, there is no way to manage it anymore (no more policy check, no more inventory, etc.)

By a twist of fate, the binary it tried to download is the same version of the binary which was overwrited.

So be carefull while using JAMF Remote on a large amount of computers !

Seems to me unbelievable the way of downloading the binary without any integrity checksum (or at least size or checking the downloaded binary version before overwriting the actual binary)

May be I missed something, does someone had the same JAMF Remote behaviour ?


Sending Wake On LAN command...
Opening SSH Connection to x.x.x.x...
Accepting authentication method...
Successfully authenticated.
Verifying Computer's Identity...
The MAC Address has been verified.
Checking Operating System Version...
Running Mac OS X 10.13.3 (17D47)
Verifying /usr/local/jamf/bin/jamf...
/usr/local/bin/jamf is (10.2.0-t1518103206) not the current version (10.2.1-t1518903662).
Verifying /usr/sbin/jamf...
/usr/sbin/jamf does not exist.
Downloading /usr/local/jamf/bin/jamf from Jamf Pro Server...
Moving jamf binary to /usr/local/jamf/bin/jamf...
Created the jamf binary directory /usr/local/jamf/bin.
Moving jamf binary to /usr/local/jamf/bin/jamf...
Moved the JAMF CLI Binary to /usr/local/jamf/bin/jamf.
Creating symlink /usr/local/bin/jamf...
Enabling /usr/local/jamf/bin/jamf...
Enabled the JAMF CLI Binary.
Verifying /Library/Preferences/com.jamfsoftware.jamf.plist...
Preparing Policy...

Command logs :

/bin/echo <result60>; /sbin/ifconfig;/bin/echo </result60>
/bin/echo <result80>; /usr/bin/sw_vers;/bin/echo </result80>
/bin/echo <result100>; /usr/local/jamf/bin/jamf -version;/bin/echo </result100>
/bin/echo <result120>; /usr/sbin/jamf -version;/bin/echo </result120>
/bin/echo <result140>;/usr/bin/sudo /usr/bin/curl -s --connect-timeout 15 '' >/private/tmp/jamf;/bin/echo </result140>
/bin/echo <result150>;/usr/bin/sudo /bin/mkdir -p /usr/local/jamf/bin/;/bin/echo </result150>
/bin/echo <result160>;/usr/bin/sudo /bin/cp /private/tmp/jamf /usr/local/jamf/bin/jamf;/bin/echo </result160>
/bin/echo <result170>;/usr/bin/sudo /bin/ln -s /usr/local/jamf/bin/jamf /usr/local/bin/jamf;/bin/echo </result170>
/bin/echo <result180>;/usr/bin/sudo /bin/chmod 555 /usr/local/jamf/bin/jamf;/bin/echo </result180>
/bin/echo <result180>;/usr/bin/sudo /usr/sbin/chown root /usr/local/jamf/bin/jamf;/bin/echo </result180>
/bin/echo <result380>;/usr/bin/sudo /usr/local/jamf/bin/jamf createConf -url '';/bin/echo </result380>
/bin/echo <result400>;/usr/bin/sudo /usr/local/jamf/bin/jamf policy -id 112 -showProgress;/bin/echo </result400>
/bin/echo <result420>; /usr/bin/sudo -k;/bin/echo </result420>

Valued Contributor

Why not just use the version of the application which matches your Jamf Pro server? Then it won't try to download anything prior to executing the policy.