Posted on 02-24-2017 12:04 PM
I've seen a number of postings regarding installing Sophos Central (including https://www.jamf.com/jamf-nation/discussions/12348/script-to-launch-sophos-cloud-installer which ultimately points to a derflounder post) but I'm not having any luck at all with getting things to work...
Can someone help me out a bit? Have things changed since the referenced post?
Solved! Go to Solution.
Posted on 02-24-2017 01:22 PM
I assume you're trying to get Sophos Cloud installed from what I gather?
Here's what we do
#!/bin/sh
## postinstall
#
# Created using this Sophos KB article:
# https://community.sophos.com/kb/en-us/14179#v9.2+
#
sudo /private/var/tmp/sophos/Sophos Installer.app/Contents/MacOS/Sophos Installer --install;
#
# Remove installer
/bin/rm -rf /private/var/tmp/sophos;
exit 0 ## Success
exit 1 ## Failure
Hope this helps. It works as a normal pkg for Casper or ARD.
Posted on 10-08-2018 10:09 AM
Adapted these settings into my script and I am seeing the JAMF process that kicks off the install fail and prevent any other tasks from running. If I kill the pid for the jamf process that started the install it will move along.
Posted on 10-16-2018 02:20 AM
I have also come across this issue this week, but only sometime after the 09/21/18 as we prepped 10 new iMacs on this date and they all installed fine. If I run the installer manually it installs fine. But if I use my script or manually run /Users/Shared/Sophos Installer.app/Contents/MacOS/Sophos Installer --install it hangs forever.
At Starting Sophos Bootstrap Installer
Have checked /library and /library/Application Support Permissions and all look fine.
Ive only noticed this week as we configuring Adobe update server and new test machine we getting no software due to this.
Think my next step is Sophos support
anyone have any luck?
my script is:
cd /Users/Shared/
rm -R Sophos
curl -O https://szss-gpi-arn-wu-west-1-4af2.api-upe.p.hmr.sophos.com/api/download/11c15480cfcc24e4badf2da8cf81ae3b/SophosInstall.zip
unzip SophosInstall.zip &> /dev/null
chmod -R +x /Users/Shared/Sophos Installer.app/
/Users/Shared/Sophos Installer.app/Contents/MacOS/Sophos Installer --install
rm -R Sophos
exit
Posted on 10-16-2018 05:17 AM
@ccsshelpdesk @macbentosh we started to see this behavior back in August. We too have been utilizing a script provided by Sophos:
#!/bin/sh
# Date: 19 Mar 2018
#
# modified: 11 Jul 2018 - changed download URL to https://dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com/api/download/71ad97dba3bb650032be8175fa113153/SophosInstall.zip
# Previous URL: https://dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com/api/download/f2a28a2655db28e94087b78bac512b56/SophosInstall.zip
# Grab the token from parameter 4
token_id=$4;
# grab agency code
agency_code=$5;
# sophos server
sophos_server="";
cd /tmp
if [[ -d "/tmp/Sophos Installer.app" ]]; then
rm -rf /tmp/Sophos*
fi
if [[ "$agency_code" == "GB-TBW-149" ]] || [[ "$agency_code" == "GB-TBW-EGP" ]] ||
[[ "$agency_code" == "GB-TBW-INT" ]] || [[ "$agency_code" == "GB-TBW-LON" ]] ||
[[ "$agency_code" == "GB-TBW-MAN" ]] || [[ "$agency_code" == "GB-TBW-MOT" ]] ||
[[ "$agency_code" == "GB-TBW-TWW" ]] || [[ "$agency_code" == "GB-TBW-UKG" ]] ||
[[ "$agency_code" == "GB-BBD-AMV" ]] || [[ "$agency_code" == "GB-BBD-BBD" ]] ||
[[ "$agency_code" == "GB-BBD-RED" ]] || [[ "$agency_code" == "GB-BBD-CED" ]] ||
[[ "$agency_code" == "GB-BBD-PRX" ]] || [[ "$agency_code" == "GB-DAS-PRX" ]] ||
[[ "$agency_code" == "GB-DDB-IBL" ]] || [[ "$agency_code" == "GB-DDB-HMK" ]] ||
[[ "$agency_code" == "GB-DDB-AED" ]] || [[ "$agency_code" == "GB-DDB-TRI" ]] ||
[[ "$agency_code" == "GB-DDB-GUT" ]] || [[ "$agency_code" == "GB-DDB-EUR" ]] ||
[[ "$agency_code" == "GB-DDB-REM" ]] || [[ "$agency_code" == "GB-DDB-HAY" ]] ||
[[ "$agency_code" == "GB-DDB-TRA" ]] || [[ "$agency_code" == "GB-DDB-POD" ]] ||
[[ "$agency_code" == "GB-DDB-AED" ]] || [[ "$agency_code" == "GB-DDB-EUR" ]] ||
[[ "$agency_code" == "GB-DDB-REM" ]] || [[ "$agency_code" == "GB-DDB-GUT" ]] ||
[[ "$agency_code" == "GB-DDB-HAY" ]] || [[ "$agency_code" == "GB-DDB-HMK" ]] ||
[[ "$agency_code" == "GB-DDB-IBL" ]] || [[ "$agency_code" == "GB-DDB-POD" ]] ||
[[ "$agency_code" == "GB-DDB-TRA" ]] || [[ "$agency_code" == "GB-DDB-TRI" ]] ||
[[ "$agency_code" == "GB-DDB" ]] ; then
sophos_server="https://mcs-cloudstation-eu-central-1.prod.hydra.sophos.com/sophos/management/ep";
elif [[ "$agency_code" == "GB-DAS-RAP" ]] || [[ "$agency_code" == "GB-DAS-COD" ]] ; then
sophos_server="https://dzr-mcs-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com/sophos/management/ep";
else
sophos_server="https://dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com/sophos/management/ep";
fi
# download the installer and unzip
# Old URL
#curl -O https://dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com/api/download/f2a28a2655db28e94087b78bac512b56/SophosInstall.zip
# new URL as of Jul 2018
curl -O https://dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com/api/download/71ad97dba3bb650032be8175fa113153/SophosInstall.zip
unzip SophosInstall.zip
chmod a+x ./Sophos Installer.app/Contents/MacOS/Sophos Installer
chmod a+x ./Sophos Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
# replace the token ID in the downloaded files with the token ID we need to isntall
plutil -replace RegistrationToken -string $token_id ./Sophos Installer Components/SophosCloudConfig.plist
# replace the server in the downloaded files with the sophos_server we need to isntall
plutil -replace RegistrationServerURL -string $sophos_server ./Sophos Installer Components/SophosCloudConfig.plist
./Sophos Installer.app/Contents/MacOS/Sophos Installer --install &
exit 0
Because we have mutliple Sophos tenants (consoles) with different Registration Tokens, we pass the token as Parameter 4 and swap it out with what gets downloaded.
We opened a case with Sophos, but they did not have anything for us. They wanted us to collect some trace logs while their installer was running, but shortly after opening the case the problem kind of went away. We would see it on some machines but not others, often times on the same network.
The behavior was that the installer would start and would initiate the bootstrap process. At that point it would appear to hang. Sometimes it would hang for a few minutes, sometimes an hour or two, and in a few cases we saw it hang for over 24 hours. This was causing our provisioning process to hang as well, and our techs were starting to hard reboot in the middle of provisioning.
We made the decision to pull the Sophos installer out of provisioning and make it a policy set to "Ongoing" with an exclusion group of "Sophos Installed". That way if any device did not have Sophos, Sophos would get installed. We also made the decision to let Sophos run in the background my using the ampersand (&) at the end of the installer call:
./Sophos Installer.app/Contents/MacOS/Sophos Installer --install &
That allowed the policy to complete and not hold up other policies while the Sophos installer finished. This worked well up until about a week or two ago and we started getting reports of Sophos never installing. So, I'm about to re-open our case with them and try to grab some trace logs that they wanted, and point them at this post so hopefully we'll get some juice.
If you have a contract with Sophos, I would highly suggest opening a case and referencing this post. I will try to come back and post our case # here, if I get one, so that we can pile on.
Posted on 10-16-2018 05:29 AM
Ditto on all of this, Steve. We also started seeing this behavior in August. Also, intermittently, with no clear reason why Sophos would install on some machine but not others, or why the installer would hang.
Quite frankly, I've become quite unhappy with Sophos over the last few years. There are better products out there, with software teams that can build a proper .pkg installer. I'm replacing my entire fleet in June 2019 and if Sophos can't straighten out their installer mechanism -- so that I don't have to script ridiculous workarounds to make it work as expected -- then our Sophos contract will be terminated and replaced with a vendor that is paying attention to the Mac platform. I'm looking at Cylance, Malwarebytes Breach Remediation, and perhaps Avast. (recommendations welcomed).
Posted on 10-16-2018 12:08 PM
So as of right now, the solution is to make Sophos a policy and have it run based on a smart group? We used to have it set to recurring checkin. The policy would run in terminal after doing a sudo jamf policy. All of our policies would run the same way. I decided to automate this and have all policies run during enrollment. I have one policy running during enrollment and it fetches other policies. Sophos was the problem in this matter. Sophos would hang and other policies wouldn't execute because of that. Once I took out Sophos everything else ran. As of right now I changed Sophos to have run during recurring checkin.
Posted on 10-16-2018 04:19 PM
@kadams It's not necessarily to have Sophos install as a policy scoped to a Smart Group, the solution is to have the install run as a background process ( Bg, Fg, &, Ctrl-Z – 5 Examples to Manage Unix Background Jobs by adding the ampersand &
to the end of the install command:
./Sophos Installer.app/Contents/MacOS/Sophos Installer --install &
By running the install command as a background process the jamf
binary does not get "stuck" waiting for Sophos to finish installing. Instead the policy will complete even though Sophos is still installing on the machine.
The reason I took Sophos out of our provisioning and instead made it a policy scoped to a group of machines, was so that I could keep Sophos installed on the machines, and not have to worry about it making my provisioning stick.
Our Sophos install policies (we have multiple Sophos consoles, like close to 100 or more):
We originally had this set to "Ongoing" but because the installer was still running on the machine, and the inventory did not reflect Sophos as installed, at the next check-in (or network state change) the Sophos install policy would kick off again. So we changed it to "Once per day" and we haven't had that problem since.
@damienbarrett and others, I did hear back from Sophos today. I do not have a case # yet, but I did get this from them:
This looks to be related to something we may be tracking and working on already. Once I get your logs etc into the case, I’ll have it reviewed by our GES team. They’ll be able to confirm for us if it’s the same issue, and provide updates on that investigation and any related fixes.
So it looks like they're aware, now we just need everyone to open cases with Sophos so they are really aware of the scope.
Posted on 10-17-2018 02:18 AM
I have reported to Sophos, awaiting a response my case number is 8413722
If i get any info i will post back.
Posted on 10-19-2018 11:06 AM
Not sure if this is related to the recent problems with installing Sophos anyone is having but figured I'd share anyway. At my job we started noticing issues installing and updating Sophos around 10.9.18. Had a case open with Sophos. Couldn't install using terminal with the bootstrap hang and also couldn't install with the manual installer as the download would hang at 23mb downloaded. My ISO department found that something in the file being downloaded triggered an adobe acrobat threat that, if true, allowed elevated privilege access. This had to be whitelisted on our firewall. Once it was, installs were successful all around.
Posted on 10-19-2018 12:18 PM
We did get a case open with Sophos (8417423) and they have come back asking for some more testing. They did indicate that an updated installer was released this past Tuesday that is supposed to remedy the problem. So for all of you out there having this issue, give it a try and report back if you are no longer seeing the issue.
We removed the ampersand that we were using to put the install in the background, and now I am just waiting on feedback from the field.
Posted on 12-13-2018 10:04 AM
Still having an issue with this. I have to kill the jamf process that starts the install policy...
Posted on 12-13-2018 01:40 PM
@macbentosh Which version of the Sophos Installer are you using? 1.2.1 was supposed to resolve the issue (and solved it for us and I've heard the same from others in MacAdmins).
The current installer is 1.2.2, I believe.
Posted on 12-17-2018 10:31 AM
@kevinwilemon the installer is being curled every time.
Posted on 02-18-2019 01:51 PM
Have not had any luck at all deploying Sophos with Jamf. Followed dmarcnw's suggestions but no luck. Simply get an error in Self Service. Policy is configured with a .pkg. Interesting that a couple of weeks ago I configured Sophos this way with a .dmg created in composer. It worked for a while. Now that policy does not work either. Sophos has offered zero help as expected. Am I missing something?
Posted on 02-18-2019 06:12 PM
@Gabrielson the method I posted up the discussion a bit, to use a script provided by Sophos, still works for us to this day. Once Sophos fixed their installer late last year we no longer have a need to run the script in the background. Instead we have a policy setup that triggers on login, logout, recurring check-in, set to frequency Ongoing with an inventory update. The script has Parameter 4 set to the registration token of the Sophos tenant we need it to go to. If you have a Sophos installer folder (Sophos Installer app with Sophos Installer Components folder), look inside the Installer Components folder and locate the SophosCloudConfig.plist
file. Open the plist, or use defaults read <path to plist> RegistrationToken
, to get the Registration Token. The file looks like this in an editor like TextMate
:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>RegistrationServerURL</key>
<string>https://dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com/sophos/management/ep</string>
<key>CustomerId</key>
<string>4615b7de-3fa5-4c2c-aecc-ce00999d1a6a</string>
<key>RegistrationToken</key>
<string>abcd123456yadfjweotnvadslkj12309uh98ad078234lj098audvlkiu0872134</string>
<key>DesiredFeatures</key>
<string>CORE, SDU, AV, SAV, DVCCNTRL, APPCNTRL, DLP, WEBCNTRL, NTP, HBT, EFW, CLEAN, XPD</string>
<key>ProductType</key>
<string>business</string>
<key>GeneratedAt</key>
<string>2018-07-10T13:38:39Z</string>
<key>DciFileName</key>
<string>f83b12fd5ea16a9b90da41fc358125b4</string>
</dict>
</plist>
Copy the string on the line after <key>RegistrationToken</key>
. That is your registration token. Now put that in Parameter 4 of a policy that contains the following script and is scoped to your machines. You can set the triggers to whatever, set Frequency to whatever, or you can make it. Self Service policy if you want. The script is:
#!/bin/sh
# Grab the token from parameter 4
token_id=$4;
cd /tmp
if [[ -d "/tmp/Sophos Installer.app" ]]; then
rm -rf /tmp/Sophos*
fi
# new URL as of Jul 2018
curl -O https://dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com/api/download/71ad97dba3bb650032be8175fa113153/SophosInstall.zip
unzip SophosInstall.zip
chmod a+x ./Sophos Installer.app/Contents/MacOS/Sophos Installer
chmod a+x ./Sophos Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
# replace the token ID in the downloaded files with the token ID we need to isntall
plutil -replace RegistrationToken -string $token_id ./Sophos Installer Components/SophosCloudConfig.plist
./Sophos Installer.app/Contents/MacOS/Sophos Installer --install
exit 0
That should get Sophos installed for you. Like I said, we've been using it successfully for well over a year and only had issue when the installer itself was broken (we were seeing multiple hour installs), but ever since they fixed that, it's been golden.
Posted on 03-05-2019 08:46 AM
Thanks so much for the advice. I have been traveling so did not see your response until today. I will certainly take the steps listed here and report back on my findings. Cheers!
Posted on 03-06-2019 08:30 AM
This did not work for us. The script is working and installation completes as expected. The problem is when I paste the Registration Token into the Parameter 4 field and click save, the string is immediately truncated to 40 characters. it should be 64 characters as in your example. So although Sophos is installed, it never reports into Sophos Central since the key is compromised. Any ideas? Seems like a bug.
Posted on 04-09-2019 07:27 AM
I had to sort out Sophos cloud for a customer today and revised the last script slightly, I had to set the token and also the server url or it didn't register with the console, I also modified the installed products list so I added that as a variable as well.
I got all the data from the install package downloaded from the console and removed the unwanted product installs from the list contained in the DesiredFeatures key
DesiredFeatures = "CORE, SDU, CLEAN, XPD, AV, SAV, DVCCNTRL, APPCNTRL, DLP, WEBCNTRL, NTP, HBT, EFW, DISKENCRYPTION";
#!/bin/sh
# Grab the token from parameter 4
token_id=$4;
# set the cloud url
sophos_server=$5;
#required features
features_required=$6;
cd /tmp
if [[ -d "/tmp/Sophos Installer.app" ]]; then
rm -rf /tmp/Sophos*
fi
# new URL as of Jul 2018
curl -O https://dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com/api/download/71ad97dba3bb650032be8175fa113153/SophosInstall.zip
unzip SophosInstall.zip
chmod a+x ./Sophos Installer.app/Contents/MacOS/Sophos Installer
chmod a+x ./Sophos Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
# replace the token ID in the downloaded files with the token ID we need to isntall
plutil -replace RegistrationToken -string $token_id ./Sophos Installer Components/SophosCloudConfig.plist
plutil -replace RegistrationServerURL -string $sophos_server ./Sophos Installer Components/SophosCloudConfig.plist
plutil -replace DesiredFeatures -string $features_required ./Sophos Installer Components/SophosCloudConfig.plist
./Sophos Installer.app/Contents/MacOS/Sophos Installer --install
exit 0
Posted on 04-10-2019 12:28 PM
Thanks so much for your input. We have cut ties with Sophos.
Posted on 10-24-2019 07:39 AM
So I've been running the script as @marklamont posted above, but running into an error. I've set parameters 4, 5 and 6 as described to change the values in the plist file. However, when the script runs, it results in the following error:
inflating: Sophos Installer Components/SophosCloudConfig.plist
./Sophos Installer Components/Sophos/SophosCloudConfig.plist: file does not exist or is not readable or is not a regular file (Error Domain=NSCocoaErrorDomain Code=260 "The file “SophosCloudConfig.plist” couldn’t be opened because there is no such file." UserInfo={NSFilePath=./Sophos Installer Components/Sophos/SophosCloudConfig.plist, NSUnderlyingError=0x7fa94bc0be70 {Error Domain=NSPOSIXErrorDomain Code=2 "No such file or directory"}})
2019-10-23 16:01:12.511 Sophos Installer[1035:12664] Starting Sophos Bootstrap Installer.
2019-10-23 16:01:14.060 Sophos Installer[1035:12664] Installation failed with: Failed to get deployment token. (43). See SophosDiagnostics for detailed information.
It seems like it's not able to find the plist file to begin with. Any ideas why this would be happening?
Posted on 02-17-2020 06:20 AM
@Micah.Smith
I had to fix the parameters for $6 and add new one $7
$6= CORE
$7= intercept,antivirus
#!/bin/sh
# Grab the token from parameter 4
token_id=$4;
# set the cloud url
sophos_server=$5;
#required features
features_required=$6;
#Products
products=$7;
cd /tmp
if [[ -d "/tmp/Sophos Installer.app" ]]; then
rm -rf /tmp/Sophos*
fi
# new URL as of Jul 2018
curl -O https://dzr-api-amzn-us-west-2-fa88.api-upe.p.hmr.sophos.com/api/download/71ad97dba3bb650032be8175fa113153/SophosInstall.zip
unzip SophosInstall.zip
chmod a+x ./Sophos Installer.app/Contents/MacOS/Sophos Installer
chmod a+x ./Sophos Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
# replace the token ID in the downloaded files with the token ID we need to isntall
plutil -replace RegistrationToken -string $token_id ./Sophos Installer Components/SophosCloudConfig.plist
plutil -replace RegistrationServerURL -string $sophos_server ./Sophos Installer Components/SophosCloudConfig.plist
plutil -replace DesiredFeatures -string $features_required ./Sophos Installer Components/SophosCloudConfig.plist
plutil -replace Products -string $products ./Sophos Installer Components/SophosCloudConfig.plist
./Sophos Installer.app/Contents/MacOS/Sophos Installer --install
exit 0
Posted on 02-17-2020 09:10 AM
Also tested this script will install on 10.15 but devices don't show in the Sophos console. So download the install files and package them up with Composer then use this post install script.
#!/bin/sh
## postinstall
pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3
chmod a+x /tmp/SophosInstall/Sophos Installer.app/Contents/MacOS/Sophos Installer
chmod a+x /tmp/SophosInstallSophos Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
/tmp/SophosInstall/Sophos Installer.app/Contents/MacOS/Sophos Installer --install
exit 0 ## Success
exit 1 ## Failure
Posted on 06-28-2021 11:22 AM
Are you caching the package, because using Composer does not work for files places in the /tmp folder.
Posted on 10-05-2021 08:53 AM
I've been trying each of these and it all comes back to the chmod command not finding the file/directory. Can this still be deployed via JAMF?