Are you just wanting to repair patches? I am working on a document that lists out the switches on mac. One thing I am noticing is that you are using ldpatch, but mac uses vulscan as well.
Yes we just want to repair patches from a custom group.
from my mac client (ldpatch is a link to vulscan)
ldpatch -> ./vulscan
i got these commands from a scheduled tasks 'custom script' section. im assuming this is what the agent is executing, i just cant seem to run it manually.
Here are some switches:
vulscan [-v version] [/repair <vulnerability or group name>] [/coreserver=<coreservername>] [/softwareupdate] /changebehaviors < /agentbehavior=filename | /ob:rebootbehavior=filename [/taskid=###] [/policyfile] [/scanfilter]
My article should be published today. I will link it to you as soon as it is done.