forked from UoE-macOS/jss
-
Notifications
You must be signed in to change notification settings - Fork 0
/
coreapp-sophos.sh
179 lines (158 loc) · 5.98 KB
/
coreapp-sophos.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
#!/bin/bash
###################################################################
#
# Script to install Sophos Antivirus from local infratructure and
# configure autoupdate.
#
# This script is intended to be run on the JSS, with $4 - $7
# being provided by the policy that includes this script.
#
# Date: "Thu 6 Apr 2018 12:07:13 BST"
# Version: 0.1.8
# Origin: https://github.com/UoE-macOS/jss.git
# Released by JSS User: dsavage
#
##################################################################
TEMP_DIR="/Library/Application Support/JAMF/tmp/sophos"
INSTALL_PROGRAM="Sophos Installer.app/Contents/MacOS/tools/InstallationDeployer"
# These variables are passed via the JSS
UPDATE_SERVER="$4"
INSTALL_FILE="$5"
## Update every x UPDATE_INTERVALs
UPDATE_FREQUENCY="$6"
## In minutes, so 1440 is 24 hours
UPDATE_INTERVAL="$7"
# Create temporary work area if it doesn't exist
[ ! -d "${TEMP_DIR}" ] && mkdir -p "${TEMP_DIR}"
# Make sure it's empty
rm -rf "${TEMP_DIR}"/*
SOPHOS_SRV_TST=`/usr/bin/curl -l ${UPDATE_SERVER}/${INSTALL_FILE} | grep "404"`
[ ! "${SOPHOS_SRV_TST}" == "Binary file (standard input) matches" ] && exit 253;
download_verify() {
# Rather than try to keep up with Sophos upgrades, download the newest version from the local source
/usr/bin/curl "${UPDATE_SERVER}/${INSTALL_FILE}" > "${TEMP_DIR}/${INSTALL_FILE}"
# The Sophos installer is 214664 at present.
minimumsize=20000
actualsize=$(du -k "${TEMP_DIR}/${INSTALL_FILE}" | cut -f 1)
echo $actualsize
if [ $actualsize -gt $minimumsize ]; then
logger "$0: Downloaded Sophos installer, unzipping."
cd "${TEMP_DIR}"
unzip "${INSTALL_FILE}"
else
echo "$0: Failed to download Sophos, invalid filesize: $actualsize, file location may have changed."
exit 254
fi
}
fix_autoupdate_plist() {
cat > /Library/Preferences/com.sophos.sau.plist <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>LastUpdated</key>
<string></string>
<key>OverrideCredentialsForSaas</key>
<integer>0</integer>
<key>PrimaryServerProxy</key>
<integer>0</integer>
<key>PrimaryServerProxyPort</key>
<integer>8080</integer>
<key>PrimaryServerProxyURL</key>
<string></string>
<key>PrimaryServerType</key>
<integer>1</integer>
<key>PrimaryServerURL</key>
<string>${UPDATE_SERVER}</string>
<key>SecondaryServer</key>
<false/>
<key>SecondaryServerProxy</key>
<integer>0</integer>
<key>SecondaryServerProxyPort</key>
<integer>8080</integer>
<key>SecondaryServerProxyURL</key>
<string></string>
<key>SecondaryServerType</key>
<integer>0</integer>
<key>SecondaryServerURL</key>
<string></string>
<key>UpdateFrequency</key>
<integer>${UPDATE_FREQUENCY}</integer>
<key>UpdateInterval</key>
<integer>${UPDATE_INTERVAL}</integer>
<key>UpdateLogIntoFile</key>
<false/>
<key>UpdateLogIntoSyslog</key>
<false/>
<key>UpdateOnConnection</key>
<false/>
<key>UpdateUnits</key>
<integer>2</integer>
</dict>
</plist>
EOF
## Kick the config demon so that it picks up settings
/usr/bin/killall -HUP SophosConfigD
}
# Check if Sophos has been previously installed
if [ -f "/Applications/Sophos Anti-Virus.app/Contents/MacOS/Sophos Anti-Virus" ]
then
version=`defaults read "/Applications/Sophos Anti-Virus.app/Contents/Info" CFBundleShortVersionString`
compare_version=`echo "$version" | awk -F "." '{print $1$2}'`
if [ $compare_version -ge 96 ]
then
# Disable web protection - it leaks information and slows down web browsing
defaults write /Library/Preferences/com.sophos.sav.plist WebProtectionFilteringEnabled -bool false
defaults write /Library/Preferences/com.sophos.sav.plist WebProtectionScanningEnabled -bool false
logger "$0: Found Sophos version 9.6.x + installed - will not attempt reinstall"
fix_autoupdate_plist
exit 0
else
logger "$0: Sophos < 9.6 found - will attempt to re-install"
# First make sure we can get a valid Sophos download
download_verify
# Run Sophos' uninstall process to allow a clean version to be applied.
SophosInstaller=`find "/Library/Application Support/Sophos" -type d -name "Installer.app"`
"${SophosInstaller}"/Contents/MacOS/tools/InstallationDeployer --remove
# Scrub the autoupdate cache and lockfile in preparation for our new installation
rm -f /Library/Caches/com.sophos.sau/CID/cidsync.upd
rm -f /Library/Caches/com.sophos.sau/sophosautoupdate.plist
rm -f /Library/Preferences/com.sophos.sau.plist.lockfile
sleep 1
rm -dfR /Library/Caches/com.sophos.sau
fi
else
logger "$0: No previous sophos installation detected. Will attempt install."
download_verify
fi
# Install Sophos
# Inexplicably this ends up non-executable
chmod +x "${TEMP_DIR}/${INSTALL_PROGRAM}"
"${TEMP_DIR}/${INSTALL_PROGRAM}" --install
if [ "$?" == 0 ]
then
echo "$0: Installed Sophos"
fix_autoupdate_plist
## Clean up after ourselves
rm -rf "${TEMP_DIR}"
# Reset the com.sophos.sav file, just incase
if test -e "/Library/Preferences/com.sophos.sav.plist"
then
version=`defaults read /Applications/Sophos\ Anti-Virus.app/Contents/Info CFBundleShortVersionString | awk -F "." '{print $1}'`
if [ $version == 9 ]
then
# Disable web protection
defaults write /Library/Preferences/com.sophos.sav.plist WebProtectionFilteringEnabled -bool false
defaults write /Library/Preferences/com.sophos.sav.plist WebProtectionScanningEnabled -bool false
fi
fi
## Update Sophos
/usr/local/bin/SophosUpdate
exit 0
else
echo "$0: Failed to install Sophos. Error Code: ${?}"
# Don't clean up: allow support staff to try to work our what went wrong!
# The script will clean up the temp area on its next invocation so we
# don't need to worry about filling up the disk.
exit 255
fi