Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: How to Deploy Sensor with Jamf Cloud

Cb Defense: How to Deploy Sensor with Jamf Cloud

Environment

  • Cb Defense Sensor: All Versions
  • Cb Defense PSC Console: All Versions
  • Apple macOS: All Supported Versions
  • Jamf Cloud used for MDM and software deployment

Objective

Deploy the Cb Defense Sensor with Jamf Cloud

Resolution

Prepare Installation Package and Scripts

  1. Download the Cb Defense macOS Sensor Install kit to Mac endpoint
  2. Mount the confer_installer_mac-<version>.dmg file and extract the "CbDefense Install.pkg" and "cbdefense_install_unattended.sh" files
  3. Edit the "cbdefense_install_unattended.sh" file to included the required COMPANY_CODE and CBD_INSTALLER values (add values in between quotation marks)(all other values are optional)
    #options 
    CBD_INSTALLER="/Path/Where/PreinstallScript/Downloads/Installer.pkg"
    COMPANY_CODE="COMPANY_CODE"
  4. Create a separate pre-install script that that will use the Curl command to download the "Cb Defense Install.pkg" to the location referenced in the "cbdefense_install_unattended.sh".  Example of script to that will download Cb Defense Installer to the /tmp directory of a client:
    #!/bin/bash
     
    #This script will pull the CbDefenseInstaller.pkg from an AWS S3 bucket or other network location and download it to the /tmp/ directory on a macOS client machine. 
    #The file will need to be public for this command to function (See AWS documentation if Authentication is required). 
    #The command option is the letter "O" rather than the number "0"
     
    cd /tmp/
    curl -O (URL to File goes here) -O /tmp/

Upload Installer and Scripts to Jamf Cloud 

  1. Upload the installer to Jamf Cloud by navigating in Jamf to All Settings > Computer Management > Packages
  2. If using an AWS S3 Bucket, log in the AWS management instance and navigate to AWS > S3 > S3 Bucket > File > Actions > Make Public to make the package available
  3. Upload both the Pre-install script and the "cbdefense_install_unattended.sh" file to Jamf Cloud under All Settings > Computer Management > Scripts

Create Deployment Policy in Jamf Cloud

  1. Navigate to Jamf Cloud > Computers > Policies > Add New.
  2. Edit the Scripts section of the new policy.
  3. Set the Cb Defense Pre-install script to "Before" so that it runs first and downloads the "CbDefense Installer.pkg" to the designated directory 
  4. Set the "cbdefense_install_unattended.sh" to "After" so that it will run after the download of the "CbDefense Installer.pkg" and install the Cb Defense Sensor

Additional Notes

  • While this article focuses on using an AWS S3 bucket for hosting application installers, this method may be used for other hosting methods
  • Note that the above script is accessing a Cb Defense installer which is publicly reachable in AWS S3
  • The "Cb Defense Install.pkg" does not include the Company Code or any other data that will link the installer to any organization
  • There are options outlined in AWS documentation for using Curl to download from S3 buckets with a Username, Password, and Access Keys
  • Kext approval for the Cb Defense Sensor is required on macOS 10.13 and higher
  • Kext approval can be configured with a Configuration Profile within Jamf that can be pushed out to managed machines independent of the Cb Defense install process
  • The Kext can be pre-approved with MDM policy either through Jamf or other MDM solutions

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎11-30-2018
Views:
8991
Contributors