Nessus Agent recipe w/ postinstall script

[skoobasteeve]

I created this recipe to go along with my download recipe. It adds a script to the policy in JAMF that enrolls the system with your company's Nessus tenant immediately after install. It requires the user to fill in the first three variables in the script.

This is my first time writing a recipe with a script so let me know if there's anything I missed.

Thank you!

[homebysix]

The recipe looks good.

% ./validate_recipes.py Nessus\ Agent/Nessus\ Agent*.recipe
------------------------------------------------------
 Testing recipe: Nessus Agent/Nessus Agent.jss.recipe 
------------------------------------------------------
OK

However you might want to consider what happens if the pkg file doesn't install correctly. Do you still want the script to run? In its current state, the script would produce this output upon failed installation:

% bash Nessus\ Agent/Nessus\ Agent\ PostInstall.sh 
Nessus Agent/Nessus Agent PostInstall.sh: line 7: /Library/NessusAgent/run/sbin/nessuscli: No such file or directory
Tenable Agent already installed and linked!
Exiting...

That could be misleading, so you might want to check for the existence of the nessuscli binary first.

[skoobasteeve]

@homebysix Good idea. I added a quick installation check to the top of the script that exits if Nessus doesn't exist on the machine.

[homebysix]

Thanks!

[skoobasteeve]

@homebysix Now that I'm trying to run this thing from an override, I'm hitting a bit of a wall. The user needs to pass values into the script for KEY, HOST, and PORT to make the policy work properly. I can make the script use JAMF parameters but I'm not sure how to pass values to those parameters at the recipe level. Obviously they could just run a copy of the script from their RecipeOverrides folder but it's not clear that needs to happen since the script file isn't included in the override.

What's the recommended way to accomplish this?

[homebysix]

Hi @skoobasteeve - That's a good callout. At this time, you'd need to make a copy of the Nessus Agent.jss.recipe (with a different identifier) and have it refer to a customized copy of the Nessus Agent PostInstall.sh script (with a different filename). Then you'd create an override of your new recipe (again, with a different filename).

It would be easier to handle customization like this if the script name was customizable via an input variable like other arguments of JSSImporter. But if you're getting to that level of customization, you may want to explore the more flexible JamfUploader family of recipes. This jss-recipes repo does not have long to live.

[skoobasteeve]

Thanks @homebysix, I've been getting familiar with JamfUploader this morning and it seems like great project. The example recipes are really straightforward.

Are the JamfUploader recipes being uploaded within the same repos or will there be a unified repo like jss-recipes?

[homebysix]

Many JamfUploader recipes are in this repo: https://github.com/autopkg/grahampugh-recipes/tree/main/Jamf_Recipes