Sierra 10.12.5 hangs

[m3ir]

HI , I running all scripts via jss on 10.12.5 machine with now problems beside the latest script "3_Security_Remediation.sh" , when it runs it just hangs on : "Running script 3_Security_Remediation.sh..." for few hours .

[kenglish6]

@m3ir - Can you tail /var/log/jamf.log on that device and report the result?

[m3ir]

Stuck in there as well : Tue Jul 04 11:04:03 m3ir’s MacBook Pro jamf[14319]: Checking for policies triggered by "recurring check-in" for user "m3ir"... Tue Jul 04 11:04:05 m3ir’s MacBook Pro jamf[14319]: Executing Policy 3_Security_Remediation.sh

running the script locally works tho :/

[kenglish6]

Okay, what if you run the policy via terminal and a manual policy trigger? Then you can see the feedback live.

Not that it should make a huge difference, but there is an updated repo for CIS for 10.12 - are you using that? https://github.com/jamfprofessionalservices/CIS-for-macOS-Sierra

[m3ir]

Thanks! https://github.com/jamfprofessionalservices/CIS-for-macOS-Sierra seems to work . just one more question , now when I have all the logs in JSS , how/where can I view them ? and more important what , what is the right way to use this information ?

Kind Regards ,

[kenglish6]

You can look at the policy, then the Logs button in the bottom right, and see the output per client. Typically, the policy logs themselves are not very interesting, because you'd set up the 2.5 and 2.6 extension attributes to keep tabs on things via inventory/smart group.

So: You periodically run 2_Security_Audit_Compliance.sh via policy for an audit and recon, create a smart group against the extension attribute in 2.6_Audit_Count.sh being greater than 0, then run 3_Security_Remediation.sh against members of that smart group. That way you only end up modifying clients that require an update, rather than brute force blasting down policy compliance all the time to everyone.

Hope that helps!