ConfigCID Support for non Windows CIDs

Hi Eniac,

We've recently implemented a successful relay and also got the MACOSX clients working too.

My initial answer is that you don't need to use CONFIGCID, as just changing the mrinit.conf file manually and installing SAV for OSX applies the changes.

This can then be packaged up, etc.

However I'm not Mac person. So tomorrow I'll ask our Mac guy to answer this and how to automate the set-up  - on the basis that he has time.

:)

RL

Whoops, not a good idea to post this on my phone. Her it is again in readable format :smileyhappy:

This is a two part process and the outcome will be a full offline mpkg with the avrelay details inside along with the, auto update locations, encrypted credentials for auto autopdate and the scanning preferences.

Part 1- Changing the mrinit.conf

1.Create a folder called Installs in /Temp. Grab sophos from server share to a mac and put it in /Temp/Installs

2.Purchase composer from JAMF software this is an invaluable tool for packaging and can be purchased individually from the suite and is inexpensive.

3.Drag the /Temp/Installs in to the composer window and click on the convert to source button.

4. In the search box type mrinit.conf and the program will search for the location where it is.

5. I'm going by memory to the location of mrinit.conf so I apologise if this is incorrect

Open terminal, elevate to root user and type

vi /Library/Application\ Support/JAMF/Composer/Sources/Installs/ROOT/Temp/Installs/Sophos\ Anti-Virus.mpkg/Contents/Packages/SophosRMS.pkg/Contents/Resources/mrinit.conf

6.Press key I to go in to insert mode

Change the av relay address by using the arrow key to go down to the bottom line and delete your current entry and input your desired relay address but still keep it with the quotes and press enter so there line underneath

Press escape to come out of insert mode

Hold the shift key and press : key

Type wq! To save the changes and press enter.

7. In composer click build package and save it to the desktop and it will be called Installs.pkg

8. Right click on Installs.pkg and select show package contents and double click Archive.pax which will uncompress the files and you can then move the uncompressed Sophos Anti-Virus.mpkg to the Desktop etc. This is the file with the modified mrinit.conf

Part 2 - test machine

Just using the package with the modified mrinit.conf is not enough because if you just use this and install it on a machine the scanning and autoupdate credentials will be blank and is not any good if you are needing an offline installer.

What you can do however is to install the package on a test machine, make your changes in regards to the scanning settings ie Scan inside Archived files and set the autoupdate locations and credentials.

1. Install the Newly created Sophos Anti-Virus.mpkg to a test machine.

2. Make your changes to the update locations, credentials and scanning settings

3. Copy /Library/Preferences/com.sophos.sau.plist to usb key etc

4. Copy /Library/Preferences/com.sophos.sav.plist to usb key etc

5. Got back to you machine with composer. With composer open, on the right hand side you can expand all the directories to add files in there.

6. In Composer from the top expand /Temp/Installs/Sophos Anti-Virus.mpkg/Contents/Packages/SophosAU.pkg/Contents/Resources/

7. Copy the com.sophos.sau.plist to that location.

8. Change the permissions of the com.sophos.sau.plist to match the other file permissions in that location I think it was owner root:admin 700. You can do this in an interface on composer.

9. In Composer from the top expand /Temp/Installs/Sophos Anti-Virus.mpkg/Contents/Packages/SophosAV.pkg/Contents/Resources/

10. Copy the com.sophos.sav.plist to that location.

11. Change the permissions of the com.sophos.sav.plist to match the other file permissions in that location I think it was  owner root:admin 700. You can do this in an interface on composer.

12. Rename the Package in Composer to some thing else so you will not get confused eg Relay_Sophos_Anti-Virus_v1.0

13. Build the package Relay_Sophos_Anti-Virus_v1.0 and save it to the desktop

14. Right click on the Relay_Sophos_Anti-Virus_v1.0.pkg on the desktop and select show package contents.

15. Double click the Archive.pax and this should uncompress and you can then drill down and copy the newly created Sophos Anti-Virus.mpkg you might want to rename it to something unique before copying and pasting to the desktop to avoid confusion.

16. Done you now have a full Sophos Anti-Virus.mpkg with the relay, auto update encryped credentials and scanning settings.

PS

Definitely the full CasperSuite is worth looking in to and worth it. The guys at JAMF Software are geniuses!

hi RL

thanks a lot for your reply - very "in detail" description :)

the problem i would like to circumvent is to automate the changes to mrinit.conf

only with the sophos autoupdate feature. here is the process that works for windows:

normally mrinit.conf is created on install and is never changed.

to distribute a modification you can:

1.) put mrinit.conf in rms subdirectory

2.) run configcid.exe to include the file in the autoupdate process

3.) on next update the new mrinit.conf is downloaded and installed on every client

4.) client contacts new sec and is "migrated" to the new database

is something similiar also possible with macos x? (without the need of running

a script or install on every client by hand)

kind regards

remo

Hello remo,

I had no troubles "preconfiguring" the ESCOSX CIDs for an initial install using a rather simple approach outlined in the thread Mac OS - pre-configuring Autoupdate - no special tools required and it works for us.

And while I have been able to run configcid.exe on a Mac CID (simply copying the "missing" cidsync.upd from the root directory, it then says there's nothing to do for mrinit.custom which one can create and then it says Adding entry) it doesn't re-initialize the RMS component as on Windows.

On the other hand some mechanism for updating the RMS component between releases obviously exists. In the light of lorribot's post I think it's be a good idea to improve the manageability of Macs (and probably Linux as well) - especially the ability of "moving around" the clients (or replacing/"splitting"/"merging" the servers).

Oh, and thanks for the feedback

Christian

Hi Christian and Remo

Yes that is basically the same thing i am doing except i think my way is easier in regards to create the package and push out to the client machine and there is no need to go to each machine and copy the com.sophos.sau.plist to it.

My instructions are in detail because following the instructions any one can create this now and there was no point me providing half or incomplete steps because that doesn't help anyone.

Composer can be used for many packaging need in MAC OSX and is a must for any Mac administrator.

As you can see in my steps when you copy the com.sophos.sau.plist and along with the com.sophos.sav.plist file to the relevant resource locations with in the mpkg through composer stated in my steps, when the final package is built and  gets installed on the Mac osx clients the com.sophos.sau.plist and com.sophos.sav.plist settings get installed on the client and you don't have to manually go to each machine and copy these manually stated in the other thread.

This is also good because this allows you to make the mpkg a full offline installer and doesn't need to wait to contact the server to get the update details.

Remo there isn't a simple command you can do like in windows OS and this is because of the way pkgs and mpkgs are handled by the OS.

There are other ways but they are much more complicated, longer and i will just end up confusing you.

TK

hi forum

german support gave me the following information regarding this topic.

migrating macosx client from one sec to another is not possible with mrinit.custom as in windows.

(with mrinit.conf)

the only options you have is either edit the local router.config or uninstall / reinstall with the right mrinit.conf.

kind regards

remo