4 Replies Latest reply on Aug 18, 2011 6:48 AM by Snowman

    method for scheduling Mac scan and detect



      Recently we've been working with the LD9 SP2 client, trying to see if it has reached a stage where it's suitable for deployment.
      It does seem to have improved some, but I'm coming across a stumbling block with Scan and Repair.
      Basically, we'd like one schedule for scan (daily or weekly) and one schedule for repair (weekly or monthly). This general approach was suggested in another thread.
      The problem is that I don't see a way to do this through the Mac agent configuration dialog -- I only see a set of options to schedule a scan -- nothing to specify different kinds of tasks or to schedule a repair that would invoke a command like this:
      /Library/Application Support/LANDesk/bin/vulscan /repair "vulnerability=all"
      I suppose we could manually edit the file /Library/Application Support/LANDesk/data/ldcron.xml in the client installer to insert a scheduled task for the repair. But before I do that I wanted to see if I'm missing a better way to accomplish this.
        • 1. Re: method for scheduling Mac scan and detect

          Did you ever get somewhere with this?  I was wondering the same thing myself.  Ugghh

          • 2. Re: method for scheduling Mac scan and detect


            Following up on this: We've gotten a little farther, but still not to a workable point. We created a shell script called 'ldpatch' within the LD bin directory. This calls vulscan with the appropriate repair argument:


            /Library/Application Support/LANDesk/bin/vulscan /repair "vulnerability=all"


            We then inserted a line in the ldcron.xml config file to run this script on a schedule. It does start, but the process pauses and puts a dialog box on the Mac GUI as shown in the attachment. The process won't proceed until someone answers the dialog box. The log file is included below.


            We've been waiting for the Mac LD client to work properly for years, and in my opinion it's still not really usable for a university environment. For lab settings where large numbers of machines may be unattended, something like this makes the product unusable; I don't want dozens of machines sitting idle with no one logged in and with a dialog box preventing the patching process from taking place. It just doesn't make sense to me that the client would display this dialog box when no one is logged into the machine.


            Perhaps I'm missing something, like a switch to the vulscan command that would bypass this dialog?


            Log file:


            Wed Aug 10 10:31:20 2011 [00105] ldcron : Executing scheduled event (id:105): /Library/Application\ Support/LANDesk/bin/ldpatch

            Wed Aug 10 10:31:20 2011 [00105] ldcron : Next scheduled execution  (id:105): /Library/Application\ Support/LANDesk/bin/ldpatch   Time:Thu Aug 11 11:21:13 2011

            Wed Aug 10 10:31:20 2011 [00147] vulscan : Patch started.

            Wed Aug 10 10:31:21 2011 [00147] vulscan : Repairing vulnerability all.

            Wed Aug 10 10:31:21 2011 [00147] vulscan : GetPatchesForVulnerability(all)

            Wed Aug 10 10:31:21 2011 [00147] vulscan : Downloading the patch http://BLAH.EDU/LDLogon/patch/SecUpd2010-005.dmg sdclient 2011-08-10 10:31:21 Final result = 229638144

            Wed Aug 10 10:31:21 2011 [00147] vulscan : Finish downloading 1 webPatch(es).

            Wed Aug 10 10:39:17 2011 [00054] ldremote : Attempt to send to unauthenticated client.

            [ wait here indefinitely, until someone logs into the GUI -- and then the process continues ]

            Wed Aug 10 10:43:15 2011 [00147] vulscan : Processing 1 webPatches.

            Wed Aug 10 10:43:15 2011 [00147] vulscan : Dealing webPatch SecUpd2010-005.dmg.

            Wed Aug 10 10:43:15 2011 [00184] sdclient : execute: 'echo "Y" | /usr/bin/hdiutil attach -mount required -noidme -nobrowse -plist '/Library/Application Support/LANDesk/sdcache/SecUpd2010-005.dmg''

            • 3. Re: method for scheduling Mac scan and detect

              Good workaround shodgesgt,

              Its unfortunate you had to go through all this trouble though. A product with a price tag like LANDesk should have all of this baked in and stable but its never been the case. I've heard from customers and support staff that they're working on it but I've been hearing that for years.

              Now that Remote Desktop is broken after moving to Lion, I'm giving LANDesk till the end of this month (August 2011) to get it together. If there aren't improvements or at least a release date, I'm uninstalling the LANDesk agent from all (200+) of our MACs and moving to ARD (Apple Remote Desktop).

              Centrally managed patch management is no longer a nice to have feature for MACs, its a necessity.

              • 4. Re: method for scheduling Mac scan and detect

                You could go to Manage Scripts in the LDMS console and then click on New Local Scheduler Configuration Script and set those tasks up and then deploy it to your agents.