- Home
- Solutions
- Zluri Agents
- HOW TO DEPLOY MAC AGENT VIA JUMPCLOUD
HOW TO DEPLOY MAC AGENT VIA JUMPCLOUD
Deployment of Mac agent via Jumpcloud requires deploying the agent application and scripts.
Adding Zluri app for deployment
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT>Software Management.
- Under Software Management - Select Apple.
- Under Apple > Select Self-Hosted.
- Fill the Package Settings
Software Description: Zluri
Software Package URL: Click here to download
Software Name: Zluri
Software Version: 3.6.3
- Select Device Groups or Devices for deployment and click on the Save button.
Setting up Scripts for Zluri app to deploy
>Script 1: Audit scriptFor auto update, use the following audit-script:
Note: expectedVersion in the script should be the current Zluri agent version. Once the command is Setup run the command manually.
#!/bin/bash CURRENT_USER=$(/bin/ls -l /dev/console | awk '{print $3}') # version comparison logic function version_compare { printf "%03d%03d%03d%03d" $(echo "$1" | tr '.' ' '); } # perform version comparision function perf_comparison { installedVersion=$(defaults read /Applications/zluri.app/Contents/Info.plist CFBundleShortVersionString) # ask installed version of the app from system expectedVersion="3.6.3" # admin should update the expectedVersion value to the latest version available installedVersionComparison=$(version_compare $installedVersion) expectedVersionComparison=$(version_compare $expectedVersion) if [ "$installedVersionComparison" -lt "$expectedVersionComparison" ]; then echo "1" elif [ "$installedVersionComparison" -gt "$expectedVersionComparison" ] || [ "$installedVersionComparison" -eq "$expectedVersionComparison" ]; then echo "0" fi } shouldUpdate=0 finalResult=0 ZLURI_APP="/Applications/zluri.app" if [ -e $ZLURI_APP ]; then echo "zluri app found in /Applications/ dir" installedVersion=$(defaults read /Applications/zluri.app/Contents/Info.plist CFBundleShortVersionString) echo "installed zluri app version: $installedVersion" shouldUpdate=$(perf_comparison) echo "shouldUpdate value: $shouldUpdate" else echo "zluri app NOT found in /Applications/ dir" # exit 1 finalResult=1 fi if [[ $shouldUpdate -eq 1 ]] || [[ $finalResult -eq 1 ]]; then echo "it should update or exit with code 1" # first kill the app if running # needed for auto-update # ZLURI_PROCESS=$(ps aux | grep -v grep | grep -ci zluri) # OSQUERY_PROCESS=$(ps aux | grep -v grep | grep -ci osquery) ZLURI_PROCESS=$(pgrep -f zluri | wc -l) OSQUERY_PROCESS=$(pgrep -f osquery | wc -l) if [[ $ZLURI_PROCESS -gt 0 ]] && [[ $OSQUERY_PROCESS -gt 0 ]]; then echo "trying to kill the process" pkill -f "zluri" pkill -f "osquery" fi # remove zluri app echo "attempting to remove zluri app" rm -rf /Applications/zluri.app # curl and usr/bin/installer curl -o /tmp/zluri-agent.pkg "https://zluri-agents-intenal-s3.s3.us-west-2.amazonaws.com/zluri-3.6.3.pkg" sudo chown -R ${CURRENT_USER}:staff /tmp/zluri-agent.pkg /usr/sbin/installer -pkg /tmp/zluri-agent.pkg -target /Applications sudo chown -R ${CURRENT_USER}:staff /Applications/zluri.app fi if [[ $finalResult -eq 0 ]] || [[ $shouldUpdate -eq 0 ]]; then echo "all ok" exit 0 fi echo "exiting with code 1" exit 1 - To set up the Audit Script, Go to Commands:
- Click on the "+" icon.
Click on the Command button:
In the Name you have to mention audit-script
Under Run As: select Root
Under Type: select Mac
Copy and paste the above auditscript script in place of the Command.
Under Launch Event, select Run Manually because the audit-script is meant for auto-update, which is a once-in-a-while event and must be run manually.
Under Options, the Timeout after must be 120 seconds or more, depending on the number of machines in your organization.
Finally, verify and click on save.
Click Run Now on the audit script command.
>Script 2: Pre-install script
Command script for pre-install script:
Note: Replace the <ORG_TOKEN> in the script to your organization token
Example: ORG_TOKEN=61efca55b988e3fa898deeae
To get the org token, you can login to Zluri and navigate to Sources>Agents. Here you'll find the org token.
#!/bin/bash
CURRENT_USER=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
HOMEDIR=$(/usr/bin/dscl . -read /Users/"$CURRENT_USER" NFSHomeDirectory | /usr/bin/cut -d' ' -f2)
ORG_TOKEN=<ORG_TOKEN>
INTERVAL=600000
SCREEN_RECORD=off
LOCAL_SERVER=on
echo "$ORG_TOKEN"
echo "$CURRENT_USER"
echo "$HOMEDIR"
echo "$LOCAL_SERVER"
echo "writing zluri generic-MDM config file"
if [ ! -d /tmp/zluritemp ]; then
mkdir -p /tmp/zluritemp
else
echo "zluritemp dir exists"
fi
echo "{\"org_token\": \"$ORG_TOKEN\", \"interval\": \"$INTERVAL\", \"screen_recording\": \"$SCREEN_RECORD\", \"silent_auth\": \"on\", \"local_server\": \"$LOCAL_SERVER\"}" > /tmp/zluritemp/client-config.json
echo "====written the client config json file required configurations in temp directory===="
# Handle the rosetta-related issues in preinstall script
# Determine the processor brand
processor_brand=$(/usr/sbin/sysctl -n machdep.cpu.brand_string)
# Determine the processor brand
if [[ "$processor_brand" == *"Apple"* ]]; then
/bin/echo "Apple Processor is present..."
# Check if the Rosetta service is running
check_rosetta_status=$(/usr/bin/pgrep oahd)
# Rosetta Folder location
# Condition to check to see if the Rosetta folder exists. This check was added
# because the Rosetta2 service is already running in macOS versions 11.5 and
# greater without Rosseta2 actually being installed.
rosetta_folder="/Library/Apple/usr/share/rosetta"
if [[ -n $check_rosetta_status ]] && [[ -e $rosetta_folder ]]; then
/bin/echo "Rosetta2 is installed... no action needed"
else
# Installs Rosetta
/bin/echo "Rosetta is not installed... installing now"
/usr/sbin/softwareupdate --install-rosetta --agree-to-license
fi
else
/bin/echo "Apple Processor is not present...Rosetta2 is not needed"
fi
echo "{\"org_token\": \"$ORG_TOKEN\", \"interval\": \"$INTERVAL\", \"screen_recording\": \"$SCREEN_RECORD\", \"silent_auth\": \"on\", \"local_server\": \"$LOCAL_SERVER\"}" > $HOMEDIR/Library/Application\ Support/zluri/client-config.json
echo "====written the client config json file required configurations in appData directory===="
exit 0
1. To set up the Pre-install Script, Go to Commands:
2. Click on "+" icon.
3. Click on the Command button:
In the Name you have to mention preinstall
Under Run As: select Root
Under Type: select Mac
4. Copy and paste the above pre-install script in place of Command.
5. Under Launch Event
Event: Run as Repeating
Command Repeats By: Minute
Repeat every: 20 minutes
6. Under Options, Timeout after must be 120 seconds or more, depending on the number of machines in your organization.
7. Finally, verify and click on save.
>Script 3: Post-install Runner script
Command script for post-install script:
Note: Replace the <ORG_TOKEN> in the script to your organization token
Example: ORG_TOKEN=61efca55b988e3fa898deeae
#!/bin/bash
CURRENT_USER=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
HOMEDIR=$(/usr/bin/dscl . -read /Users/"$CURRENT_USER" NFSHomeDirectory | /usr/bin/cut -d' ' -f2)
ORG_TOKEN=<ORG_TOKEN>
INTERVAL=600000
SCREEN_RECORD=off
LOCAL_SERVER=on
sudo chown -R ${CURRENT_USER}:wheel /Applications/zluri.app
echo "ORG TOKEN: $ORG_TOKEN"
echo "API INTERVAL: $INTERVAL"
echo "SCREEN RECORD: $SCREEN_RECORD"
echo "CURRENT USER: $CURRENT_USER"
echo "HOMEDIR: $HOMEDIR"
echo "LOCAL_SERVER: $LOCAL_SERVER"
sleep 100
ZLURIDIR="$HOMEDIR/Library/Application Support/zluri"
echo "ZLURIDIR: $ZLURIDIR"
if [ -d "$ZLURIDIR" ]; then
echo "{\"org_token\": \"$ORG_TOKEN\", \"interval\": \"$INTERVAL\", \"screen_recording\": \"$SCREEN_RECORD\", \"silent_auth\": \"on\", \"local_server\": \"$LOCAL_SERVER\"}" > "$ZLURIDIR"/client-config.json
echo "===writing config json file to appData directory==="
else
echo "zluri folder doesn't exist, cannot write config json file"
fi- To set up the post-install script, Go to Commands:
- Click on "+".
Click on the Command:
In the Name, you have to mention postinstall
Under Run As: select Root
Under Type: select Mac
- Copy and paste the above post-install script in place of the Command.
Under Launch Event.
Event: Run as Repeating
Command Repeats By: Minute
Repeat every: 25 minutes
- Under Options, the Timeout after must be 120 seconds or more, depending on the number of machines in your organization.
- Finally, click on save.
>Script 4: Agent runner script
Command script for agent runner script:
#!/bin/bash
# Log everything to a file
exec > /tmp/mdm_script_log.txt 2>&1
# Print environment variables
env > /tmp/mdm_env.txt
# Function to get the currently logged-in user
get_logged_in_user() {
/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'
}
# Get the currently logged-in user
current_user=$(get_logged_in_user)
# Check if the user is found
if [ -z "$current_user" ]; then
echo "No user is currently logged in."
exit 1
fi
echo "Current logged-in user: $current_user"
# export PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/opt/local/bin:/opt/jc/bin
ZLURI_PROCESS=$(pgrep -f zluri | wc -l)
OSQUERY_PROCESS=$(pgrep -f osquery | wc -l)
CURRENT_USER=$(/bin/ls -l /dev/console | awk '{print $3}')
sudo -u "$CURRENT_USER" chown -R ${CURRENT_USER}:staff /Applications/zluri.app
echo "ZLURI_PROCESS count: $ZLURI_PROCESS"
echo "OSQUERY_PROCESS count: $OSQUERY_PROCESS"
echo "CURRENT_USER: $CURRENT_USER"
# zluri not running
if [[ $ZLURI_PROCESS -eq 0 ]] && [[ $OSQUERY_PROCESS -eq 0 ]]
then
echo "app not running, will open zluri agent"
# open -a /Applications/zluri.app # open the agent if not running
su -l "$current_user" -c 'open /Applications/zluri.app'
if [ $? -ne 0 ]; then
echo "Failed to open zluri.app, checking logs for more details..."
log show --predicate 'eventMessage contains "zluri.app"' --info --last 30m
exit 1
fi
else
echo "already running"
fi
- To set up the agent runner script, Go to Commands:
- Click on "+".
Click on the Command:
In the Name, you have to mention agent-runner
Under Run As: select Root
Under Type: select Mac
- Copy and paste the above runner script in place of the Command.
Under Launch Event.
Event: Run as Repeating
Command Repeats By: Minute
Repeat every: 10 minutes
- Under Options, the Timeout after must be 120 seconds or more, depending on the number of machines in your organization.
- Finally, click on save.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article
Deployment of Mac agent via Jumpcloud requires deploying the agent application and scripts.
Adding Zluri app for deployment
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT>Software Management.
- Under Software Management - Select Apple.
- Under Apple > Select Self-Hosted.
- Fill the Package Settings
Software Description: Zluri
Software Package URL: Click here to download
Software Name: Zluri
Software Version: 3.6.3
- Select Device Groups or Devices for deployment and click on the Save button.
Setting up Scripts for Zluri app to deploy
>Script 1: Audit scriptFor auto update, use the following audit-script:
Note: expectedVersion in the script should be the current Zluri agent version. Once the command is Setup run the command manually.
#!/bin/bash CURRENT_USER=$(/bin/ls -l /dev/console | awk '{print $3}') # version comparison logic function version_compare { printf "%03d%03d%03d%03d" $(echo "$1" | tr '.' ' '); } # perform version comparision function perf_comparison { installedVersion=$(defaults read /Applications/zluri.app/Contents/Info.plist CFBundleShortVersionString) # ask installed version of the app from system expectedVersion="3.6.3" # admin should update the expectedVersion value to the latest version available installedVersionComparison=$(version_compare $installedVersion) expectedVersionComparison=$(version_compare $expectedVersion) if [ "$installedVersionComparison" -lt "$expectedVersionComparison" ]; then echo "1" elif [ "$installedVersionComparison" -gt "$expectedVersionComparison" ] || [ "$installedVersionComparison" -eq "$expectedVersionComparison" ]; then echo "0" fi } shouldUpdate=0 finalResult=0 ZLURI_APP="/Applications/zluri.app" if [ -e $ZLURI_APP ]; then echo "zluri app found in /Applications/ dir" installedVersion=$(defaults read /Applications/zluri.app/Contents/Info.plist CFBundleShortVersionString) echo "installed zluri app version: $installedVersion" shouldUpdate=$(perf_comparison) echo "shouldUpdate value: $shouldUpdate" else echo "zluri app NOT found in /Applications/ dir" # exit 1 finalResult=1 fi if [[ $shouldUpdate -eq 1 ]] || [[ $finalResult -eq 1 ]]; then echo "it should update or exit with code 1" # first kill the app if running # needed for auto-update # ZLURI_PROCESS=$(ps aux | grep -v grep | grep -ci zluri) # OSQUERY_PROCESS=$(ps aux | grep -v grep | grep -ci osquery) ZLURI_PROCESS=$(pgrep -f zluri | wc -l) OSQUERY_PROCESS=$(pgrep -f osquery | wc -l) if [[ $ZLURI_PROCESS -gt 0 ]] && [[ $OSQUERY_PROCESS -gt 0 ]]; then echo "trying to kill the process" pkill -f "zluri" pkill -f "osquery" fi # remove zluri app echo "attempting to remove zluri app" rm -rf /Applications/zluri.app # curl and usr/bin/installer curl -o /tmp/zluri-agent.pkg "https://zluri-agents-intenal-s3.s3.us-west-2.amazonaws.com/zluri-3.6.3.pkg" sudo chown -R ${CURRENT_USER}:staff /tmp/zluri-agent.pkg /usr/sbin/installer -pkg /tmp/zluri-agent.pkg -target /Applications sudo chown -R ${CURRENT_USER}:staff /Applications/zluri.app fi if [[ $finalResult -eq 0 ]] || [[ $shouldUpdate -eq 0 ]]; then echo "all ok" exit 0 fi echo "exiting with code 1" exit 1 - To set up the Audit Script, Go to Commands:
- Click on the "+" icon.
Click on the Command button:
In the Name you have to mention audit-script
Under Run As: select Root
Under Type: select Mac
Copy and paste the above auditscript script in place of the Command.
Under Launch Event, select Run Manually because the audit-script is meant for auto-update, which is a once-in-a-while event and must be run manually.
Under Options, the Timeout after must be 120 seconds or more, depending on the number of machines in your organization.
Finally, verify and click on save.
Click Run Now on the audit script command.
>Script 2: Pre-install script
Command script for pre-install script:
Note: Replace the <ORG_TOKEN> in the script to your organization token
Example: ORG_TOKEN=61efca55b988e3fa898deeae
To get the org token, you can login to Zluri and navigate to Sources>Agents. Here you'll find the org token.
#!/bin/bash
CURRENT_USER=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
HOMEDIR=$(/usr/bin/dscl . -read /Users/"$CURRENT_USER" NFSHomeDirectory | /usr/bin/cut -d' ' -f2)
ORG_TOKEN=<ORG_TOKEN>
INTERVAL=600000
SCREEN_RECORD=off
LOCAL_SERVER=on
echo "$ORG_TOKEN"
echo "$CURRENT_USER"
echo "$HOMEDIR"
echo "$LOCAL_SERVER"
echo "writing zluri generic-MDM config file"
if [ ! -d /tmp/zluritemp ]; then
mkdir -p /tmp/zluritemp
else
echo "zluritemp dir exists"
fi
echo "{\"org_token\": \"$ORG_TOKEN\", \"interval\": \"$INTERVAL\", \"screen_recording\": \"$SCREEN_RECORD\", \"silent_auth\": \"on\", \"local_server\": \"$LOCAL_SERVER\"}" > /tmp/zluritemp/client-config.json
echo "====written the client config json file required configurations in temp directory===="
# Handle the rosetta-related issues in preinstall script
# Determine the processor brand
processor_brand=$(/usr/sbin/sysctl -n machdep.cpu.brand_string)
# Determine the processor brand
if [[ "$processor_brand" == *"Apple"* ]]; then
/bin/echo "Apple Processor is present..."
# Check if the Rosetta service is running
check_rosetta_status=$(/usr/bin/pgrep oahd)
# Rosetta Folder location
# Condition to check to see if the Rosetta folder exists. This check was added
# because the Rosetta2 service is already running in macOS versions 11.5 and
# greater without Rosseta2 actually being installed.
rosetta_folder="/Library/Apple/usr/share/rosetta"
if [[ -n $check_rosetta_status ]] && [[ -e $rosetta_folder ]]; then
/bin/echo "Rosetta2 is installed... no action needed"
else
# Installs Rosetta
/bin/echo "Rosetta is not installed... installing now"
/usr/sbin/softwareupdate --install-rosetta --agree-to-license
fi
else
/bin/echo "Apple Processor is not present...Rosetta2 is not needed"
fi
echo "{\"org_token\": \"$ORG_TOKEN\", \"interval\": \"$INTERVAL\", \"screen_recording\": \"$SCREEN_RECORD\", \"silent_auth\": \"on\", \"local_server\": \"$LOCAL_SERVER\"}" > $HOMEDIR/Library/Application\ Support/zluri/client-config.json
echo "====written the client config json file required configurations in appData directory===="
exit 0
1. To set up the Pre-install Script, Go to Commands:
2. Click on "+" icon.
3. Click on the Command button:
In the Name you have to mention preinstall
Under Run As: select Root
Under Type: select Mac
4. Copy and paste the above pre-install script in place of Command.
5. Under Launch Event
Event: Run as Repeating
Command Repeats By: Minute
Repeat every: 20 minutes
6. Under Options, Timeout after must be 120 seconds or more, depending on the number of machines in your organization.
7. Finally, verify and click on save.
>Script 3: Post-install Runner script
Command script for post-install script:
Note: Replace the <ORG_TOKEN> in the script to your organization token
Example: ORG_TOKEN=61efca55b988e3fa898deeae
#!/bin/bash
CURRENT_USER=$( echo "show State:/Users/ConsoleUser" | scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
HOMEDIR=$(/usr/bin/dscl . -read /Users/"$CURRENT_USER" NFSHomeDirectory | /usr/bin/cut -d' ' -f2)
ORG_TOKEN=<ORG_TOKEN>
INTERVAL=600000
SCREEN_RECORD=off
LOCAL_SERVER=on
sudo chown -R ${CURRENT_USER}:wheel /Applications/zluri.app
echo "ORG TOKEN: $ORG_TOKEN"
echo "API INTERVAL: $INTERVAL"
echo "SCREEN RECORD: $SCREEN_RECORD"
echo "CURRENT USER: $CURRENT_USER"
echo "HOMEDIR: $HOMEDIR"
echo "LOCAL_SERVER: $LOCAL_SERVER"
sleep 100
ZLURIDIR="$HOMEDIR/Library/Application Support/zluri"
echo "ZLURIDIR: $ZLURIDIR"
if [ -d "$ZLURIDIR" ]; then
echo "{\"org_token\": \"$ORG_TOKEN\", \"interval\": \"$INTERVAL\", \"screen_recording\": \"$SCREEN_RECORD\", \"silent_auth\": \"on\", \"local_server\": \"$LOCAL_SERVER\"}" > "$ZLURIDIR"/client-config.json
echo "===writing config json file to appData directory==="
else
echo "zluri folder doesn't exist, cannot write config json file"
fi- To set up the post-install script, Go to Commands:
- Click on "+".
Click on the Command:
In the Name, you have to mention postinstall
Under Run As: select Root
Under Type: select Mac
- Copy and paste the above post-install script in place of the Command.
Under Launch Event.
Event: Run as Repeating
Command Repeats By: Minute
Repeat every: 25 minutes
- Under Options, the Timeout after must be 120 seconds or more, depending on the number of machines in your organization.
- Finally, click on save.
>Script 4: Agent runner script
Command script for agent runner script:
#!/bin/bash
# Log everything to a file
exec > /tmp/mdm_script_log.txt 2>&1
# Print environment variables
env > /tmp/mdm_env.txt
# Function to get the currently logged-in user
get_logged_in_user() {
/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'
}
# Get the currently logged-in user
current_user=$(get_logged_in_user)
# Check if the user is found
if [ -z "$current_user" ]; then
echo "No user is currently logged in."
exit 1
fi
echo "Current logged-in user: $current_user"
# export PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/opt/local/bin:/opt/jc/bin
ZLURI_PROCESS=$(pgrep -f zluri | wc -l)
OSQUERY_PROCESS=$(pgrep -f osquery | wc -l)
CURRENT_USER=$(/bin/ls -l /dev/console | awk '{print $3}')
sudo -u "$CURRENT_USER" chown -R ${CURRENT_USER}:staff /Applications/zluri.app
echo "ZLURI_PROCESS count: $ZLURI_PROCESS"
echo "OSQUERY_PROCESS count: $OSQUERY_PROCESS"
echo "CURRENT_USER: $CURRENT_USER"
# zluri not running
if [[ $ZLURI_PROCESS -eq 0 ]] && [[ $OSQUERY_PROCESS -eq 0 ]]
then
echo "app not running, will open zluri agent"
# open -a /Applications/zluri.app # open the agent if not running
su -l "$current_user" -c 'open /Applications/zluri.app'
if [ $? -ne 0 ]; then
echo "Failed to open zluri.app, checking logs for more details..."
log show --predicate 'eventMessage contains "zluri.app"' --info --last 30m
exit 1
fi
else
echo "already running"
fi
- To set up the agent runner script, Go to Commands:
- Click on "+".
Click on the Command:
In the Name, you have to mention agent-runner
Under Run As: select Root
Under Type: select Mac
- Copy and paste the above runner script in place of the Command.
Under Launch Event.
Event: Run as Repeating
Command Repeats By: Minute
Repeat every: 10 minutes
- Under Options, the Timeout after must be 120 seconds or more, depending on the number of machines in your organization.
- Finally, click on save.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article