Jamf Nation Community

Bhaskar · ‎06-09-2023

Hi, I have written a script to install CS falcon on Mac via JAMF, but script successfully install the CS falcon on Mac system but "Falcon” Would Like to Filter Network Content" in network extension and "The System Extension Blocked message" in Security & Privacy, which need to "Allow" manually.

Need help to correct the script for automatically run the process without user interaction, following script.

#!/bin/bash

# Set the installation parameters

CLIENT_ID="YOUR_CLIENT_ID"

CLIENT_SECRET="YOUR_CLIENT_SECRET"

INSTALL_TOKEN="YOUR_INSTALL_TOKEN"

# Define the installation directory

INSTALL_DIR="/Applications/Falcon.app"

# Define the Crowdstrike bundle identifier

BUNDLE_IDENTIFIER="com.crowdstrike.falcon.Agent"

# Define the Crowdstrike team identifier

TEAM_IDENTIFIER="X9E956P446"

# Copy the Falcon Sensor package

cp /private/tmp/

# Install the Falcon Sensor package

echo "Installing Falcon Sensor..."

sudo installer -pkg "/private/tmp/FalconSensor.pkg" -target /

# Wait for the installation to complete

sleep 5

# Configure the Falcon Sensor

echo "Configuring Falcon Sensor..."

sudo "/Applications/Falcon.app/Contents/Resources/falconctl" license $INSTALL_TOKEN

# Start the Falcon Sensor

echo "Starting Falcon Sensor..."

sudo "/Applications/Falcon.app/Contents/Resources/falconctl" -s --cid="$CLIENT_ID" --cs-host="https://falconapi.crowdstrike.com"

# Verify the installation

echo "Verifying Falcon Sensor installation..."

if [ -d "$INSTALL_DIR" ]; then

echo "Falcon Sensor installed successfully."

else

echo "Failed to install Falcon Sensor."

exit 1

fi

# Configure Privacy Preferences Policy Control

echo "Configuring Privacy Preferences Policy Control..."

sudo /usr/bin/tccutil.py --insert "$BUNDLE_IDENTIFIER" --service "/System/Library/PreferencePanes/Security.prefPane/Contents/Resources/SystemPolicyAllFiles" --allow

# Configure Approved Kernel Extensions

echo "Configuring Approved Kernel Extensions..."

sudo /usr/bin/kmutil trigger -f "${TEAM_IDENTIFIER}"

# Configure System Extensions

echo "Configuring System Extensions..."

sudo /usr/bin/systemextensionsctl enable "${TEAM_IDENTIFIER}"

# Set Network Content Filter preference to Allow

echo "Setting Network Content Filter preference..."

sudo /usr/bin/defaults write /Library/Preferences/com.apple.networkextension.plist com.apple.networkextension.packet-tunnel-network-settings -dict ContentFilterAllowed -bool true

# Clean up the downloaded package

echo "Cleaning up..."

rm -f "/private/tmp/FalconSensor.pkg"

# Exit with success

exit 0

Thank you

AJPinto · ‎06-10-2023

There is no way to manage System Extensions from CLI. It must be done from a Configuration Profile, this is per Apples Design.

You could go a long way around and have the Configuration Profile target devices that had a command run on them to do a thing (like drop a file) an Extension Attribute is looking for to scope the configuration profile. If we were going this route I would target the configuration profile at a smart group with the application installed, however the application would be installed before the configuration profile so the users would get the popup.

View solution in original post

mm2270 · ‎06-09-2023

To allow those System Extensions, you have to use a Configuration Profile. You can't do this in a script, because of security considerations. Just curious, but what's the issue with using a profile to enable this?

Bhaskar · ‎06-09-2023

hi, thank you for reply.

Script with package policy this will one time active, which installed and configure the setup, and if by mistake Mac system or host name is remove from policy will not effect to the software but in Configuration profile removing the Mac system will effect on the application to run properly.

so i am creating the script will full all the necessary setting to run the software in Mac system in one time.

AJPinto · ‎06-10-2023

Configuration Profiles are much faster than policies. If you target the device with both the configuration profile and the policy, the configuration profile will hit first just do to how fast they are.

For a System Extension it is safe to target all devices, even if they don't have the software installed and never will have the software installed. Then make a group to exempt specific devices or groups of devices from the Configuration Profile. That is probably your best option.

AJPinto · ‎06-09-2023

As @mm2270 said, you need a Content Filter Configuration Profile. Its pretty simple to make, but you need some basic information about the App. I would recommend reaching out to the vendor. They should have a mobileconfig you can upload in to JAMF which does what you need, if not in the very least they should have the information you need to make the configuration profile.

This is what AnyConnects would look like for context.

Bhaskar · ‎06-09-2023

thank you

I have all the information which help to create the profile. and I have created the profile which work on Mac system, but instead of profile I am looking for script to run via policy.

AJPinto · ‎06-10-2023

There is no way to manage System Extensions from CLI. It must be done from a Configuration Profile, this is per Apples Design.

You could go a long way around and have the Configuration Profile target devices that had a command run on them to do a thing (like drop a file) an Extension Attribute is looking for to scope the configuration profile. If we were going this route I would target the configuration profile at a smart group with the application installed, however the application would be installed before the configuration profile so the users would get the popup.

Jamf Nation Community

Need a scripts to deploy CS falcon in Mac system via Jamf policies and Not with profiles