Environment
- Cb Defense Sensor: All Versions
- Cb Defense PSC Console: All Versions
- Apple macOS: All Supported Versions
- Jamf Cloud used for MDM and software deployment
Objective
Deploy the Cb Defense Sensor with Jamf Cloud
Resolution
Prepare Installation Package and Scripts
- Download the Cb Defense macOS Sensor Install kit to Mac endpoint
- Mount the confer_installer_mac-<version>.dmg file and extract the "CbDefense Install.pkg" and "cbdefense_install_unattended.sh" files
- Edit the "cbdefense_install_unattended.sh" file to included the required COMPANY_CODE and CBD_INSTALLER values (add values in between quotation marks)(all other values are optional)
#options
CBD_INSTALLER="/Path/Where/PreinstallScript/Downloads/Installer.pkg"
COMPANY_CODE="COMPANY_CODE"
- Create a separate pre-install script that that will use the Curl command to download the "Cb Defense Install.pkg" to the location referenced in the "cbdefense_install_unattended.sh". Example of script to that will download Cb Defense Installer to the /tmp directory of a client:
#!/bin/bash
#This script will pull the CbDefenseInstaller.pkg from an AWS S3 bucket or other network location and download it to the /tmp/ directory on a macOS client machine.
#The file will need to be public for this command to function (See AWS documentation if Authentication is required).
#The command option is the letter "O" rather than the number "0"
cd /tmp/
curl -O (URL to File goes here) -O /tmp/
Upload Installer and Scripts to Jamf Cloud
- Upload the installer to Jamf Cloud by navigating in Jamf to All Settings > Computer Management > Packages
- If using an AWS S3 Bucket, log in the AWS management instance and navigate to AWS > S3 > S3 Bucket > File > Actions > Make Public to make the package available
- Upload both the Pre-install script and the "cbdefense_install_unattended.sh" file to Jamf Cloud under All Settings > Computer Management > Scripts
Create Deployment Policy in Jamf Cloud
- Navigate to Jamf Cloud > Computers > Policies > Add New.
- Edit the Scripts section of the new policy.
- Set the Cb Defense Pre-install script to "Before" so that it runs first and downloads the "CbDefense Installer.pkg" to the designated directory
- Set the "cbdefense_install_unattended.sh" to "After" so that it will run after the download of the "CbDefense Installer.pkg" and install the Cb Defense Sensor
Additional Notes
- While this article focuses on using an AWS S3 bucket for hosting application installers, this method may be used for other hosting methods
- Note that the above script is accessing a Cb Defense installer which is publicly reachable in AWS S3
- The "Cb Defense Install.pkg" does not include the Company Code or any other data that will link the installer to any organization
- There are options outlined in AWS documentation for using Curl to download from S3 buckets with a Username, Password, and Access Keys
- Kext approval for the Cb Defense Sensor is required on macOS 10.13 and higher
- Kext approval can be configured with a Configuration Profile within Jamf that can be pushed out to managed machines independent of the Cb Defense install process
- The Kext can be pre-approved with MDM policy either through Jamf or other MDM solutions
Related Content