Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 36 replies
  • Subscribers 1 subscriber
  • Views 105090 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mac OS - pre-configuring Autoupdate

QC

We have quite a number of Macs (not surprising at a university) but no official Mac support. Nevertheless we offer Sophos for Macs (in a downloadable .zip archive).  

When Sophos is installed on a Mac on our network it connects to the management server from where it gets the update policy (the CIDs contain the correct mrinit.conf for RMS to work). Of course this does not work if the Mac is used at home. For windows PCs putting sauconf.xml placed in the appropriate directory does the trick. There are some articles in the knowledgebase but usually a Mac is required with which you can configure the CID (if I understand correctly). I believe no magic is actually involved and the configuration is stored somewhere in a .plist file (XML format). I suspect that the catalogues are involved and configcid.exe does not support a CID for OSX.

Or is there a "simple" way to pre-configure autoupdate (even if it's unsupported)? sau.plist looks suspicous  :smileywink:

Christian

:518


This thread was automatically locked due to age.
  • 0

    com.sophos.sau.plist

    is the file your looking for.

    I installed the Macintosh SUM updater and customized the depo for my local primary update site.

    The syntax is rather involved, so I'd recommend you install Mac SUM and create one yourself, it would be nice if it were documented though, this fragment will not be enough.  The SUM updater will also not let you modify the update sources until after the CID is first populated from Sophos, so you need the credentials for your account.

    Passwords also automatically get obfuscated as well, so its probably best to use Mac SUM when creating the .plist parameters list file. There after it can be copied if it doesn't change.

     <key>PrimaryServerType</key>
     <integer>1</integer>
     <key>PrimaryServerURL</key>
     <string>http://myupdate.server.edu/SophosUpdate/CIDs/S000/ESCOSX</string>
     <key>PrimaryServerUserName</key>

    It is in [ Sophos Anti-Virus.mpkg\Contents\Packages\SophosAU.mpkg\Contents\Resources\com.sophos.sau.plist ]

    :1617
  • 0

    Thanks. I'd already suspected com.sophos.sau.plist which I had used before (How to change Sophos AutoUpdate credentials on a Mac). Reading your post I decided to simply put it into the Resources folder (which also contains sau.plist). Then zipped the CID, copied to the Mac, unzipped and opened/installed the .mpkg. Voilà - up and running with the correct update locations and credentials.

    Thanks again

    Christian

    :1640
  • 0

    That's actually clever.

    Use a preconfigured system to tweak the credentials and make the com. file then copy it to the proper location.

    I actually went to the trouble of installing Mac SUM and figuring out you had to update the CID before you could even modify it.

    That cost me a lot of time.

    Now that we know the path, I prefer your method.

    Thanks for your insite. It will save me time later.

    :2355
  • 0

    hi forum

    for those interested. i use the following script to preconfigure the "official" sophos for mac

    download with preconfigured update settings.

    #!/bin/sh

    # install current sophos and configure update settings
    # run script (check filename or mountpoint if script fails)
    # remove current install with:
    # sudo installer -pkg "/Library/Sophos Anti-Virus/Remove Sophos Anti-Virus.pkg" -target /
    # test new install with savosx71sa-custom.dmg

    #convert download image to read/write format
    hdiutil convert -format UDRW -o ./savosx71sa-uncompressed.dmg ./savosx71sa.dmg
    sleep 2

    #mount uncompressed read/write image
    hdiutil mount ./savosx71sa-uncompressed.dmg
    sleep 2

    #copy custom update settings to package
    cp "/Library/Preferences/com.sophos.sau.plist" "/Volumes/Sophos Anti-Virus OS X 10.4+/Sophos Anti-Virus.mpkg/Contents/Packages/SophosAU.mpkg/Contents/Resources/"
    sync

    #unmount read/write image
    hdiutil eject "/Volumes/Sophos Anti-Virus OS X 10.4+"
    sleep 2

    #convert back to compressed read-only image
    hdiutil convert -format UDZO -o savosx71sa-custom.dmg -ov savosx71sa-uncompressed.dmg

    kind regards

    remo

    :3609
  • 0

    Hello there,

    Very interesting discussion. I am using version 8 for Mac. I have opened the Sophos*.mpkg file and can not find the plist file that you mention. Has it been removed in version 8. My goal is to automatically to attach the primary location update server.

    :39687
  • 0

    hi sodos

    in my opinion trying to modify the mpkg is now a bad idea. (because of the new gatekeeper functionality)

    the workaround at our site was to include a post install "clickable" script in the dmg which copies

    the preconfigured plist and restarts the auto update.

    kind regards

    remo

    :39689
  • 0

    We preconfigured a sophos package for osx by adding a com.sophos.sau.plist to it and and now the package is being blocked by gatekeeper on mountain lion because it is not coming from a trusted source.  How can I get around this without having to the user run a script to change the information?

    :42368
  • 0

    Hello __-__ (quite a name :smileyvery-happy:),

    I have practically no experience with Macs and Gatekeeper in  particular. All I can say is that there are quite a few ML clients which "appear" in the Unassigned group with the correct AU configuration obtained from the plist. What we make available is - as said in a previous post - the zipped up CID (with the custom plist). Users download it, open the archive and click the mpkg. Guess I would have heard if gatekeeper gets in the way.

    Christian 

    :42412
  • 0

    Thanks for the reply Christian,

    We are downloading the file as a .dmg file rather than a zip, but we have the same problem using a .zip.  Our users are downloading the file from an HTTP location.  It would seem that apple doesn't trust our http location that users are downloading the file from.  How do your userd download the installer?  From a website, or a network share?

    :42488
  • 0
    Hello __-__,

    HTTPS (with basic auth) from our website.

    Christian
    :42490