Closed jelockwood closed 3 weeks ago
Hi @jelockwood! Glad to see this module is still getting some use.
Could you get me the (sanitized) output of the following command on your test client?
/usr/local/bin/protectctl info --json
I am no longer a Jamf Protect customer, so can't test this myself.
In terms of the module marketplace - I don't know what causes this, but I've seen this before with other modules. I believe it's just cosmetic.
Here is the output.
sh-3.2# protectctl info --json
{
"Connection" : {
"identifier" : "B8C4712B-3AD1-xxxx-B640-62775D8DF3AF",
"protocol" : "MQTT",
"state" : "Connected"
},
"Crashes" : {
"files" : [
]
},
"Diagnostics" : "Disabled",
"InstallType" : "systemExtension",
"LastCheckin" : 1725963139.198798,
"LastInsightsSync" : 1725963139.198798,
"LogLevel" : "error",
"Monitors" : {
"click" : {
"actionsTaken" : {
},
"running" : true,
"stats" : {
"events" : 0,
"matched" : 0,
"rules" : 1
}
},
"diskArbitration" : {
"actionsTaken" : {
},
"running" : false,
"stats" : {
"events" : 0,
"matched" : 0,
"rules" : 0
}
},
"download" : {
"actionsTaken" : {
},
"running" : true,
"stats" : {
"events" : 1,
"matched" : 0,
"rules" : 2
}
},
"execAuth" : {
"actionsTaken" : {
},
"running" : true,
"stats" : {
"custom" : {
"blocked" : 0,
"cdHashes" : 0,
"sha1" : 0,
"sha256" : 0,
"signingIDs" : 0,
"teamIDs" : 0
},
"events" : 99717,
"signatureFeed" : {
"blocked" : 0,
"matched" : 0,
"mode" : 2,
"version" : "20712"
}
}
},
"file" : {
"actionsTaken" : {
"CacheFile" : 5,
"Report" : 5
},
"running" : true,
"stats" : {
"events" : 441112,
"matched" : 5,
"rules" : 96
}
},
"gateKeeper" : {
"actionsTaken" : {
},
"running" : true,
"stats" : {
"events" : 0,
"matched" : 0,
"rules" : 3
}
},
"keylogger" : {
"actionsTaken" : {
},
"running" : false,
"stats" : {
"events" : 0,
"matched" : 0,
"rules" : 0
}
},
"mrt" : {
"actionsTaken" : {
},
"running" : true,
"stats" : {
"events" : 0,
"matched" : 0,
"rules" : 1
}
},
"offlineLicense" : {
"actionsTaken" : {
},
"running" : false,
"stats" : {
"events" : 0
}
},
"process" : {
"actionsTaken" : {
},
"running" : true,
"stats" : {
"events" : 77570,
"matched" : 0,
"rules" : 49
}
},
"screenshot" : {
"actionsTaken" : {
},
"running" : false,
"stats" : {
"events" : 0,
"matched" : 0,
"rules" : 0
}
},
"unifiedLogging" : {
"actionsTaken" : {
},
"running" : false,
"stats" : {
"matched" : 0,
"predicates" : 0
}
},
"usb" : {
"actionsTaken" : {
},
"running" : true,
"stats" : {
"events" : 10,
"matched" : 0,
"rules" : 1
}
}
},
"Plan" : {
"autoUpdate" : true,
"Configuration" : [
{
"Enabled" : false,
"Mode" : "Disabled",
"Name" : "Advanced Threat Controls",
"UUID" : "5b8a2426-cba3-xxxx-9688-982c54545f3c"
},
{
"Enabled" : false,
"Mode" : "Disabled",
"Name" : "Tamper Prevention",
"UUID" : "9d523b8e-c527-xxxx-8768-92243b55e0b6"
}
],
"LogLevel" : "error",
"planHash" : "0a8f7da3c50772ea7557643e5c6d2a7c",
"planId" : "1",
"telemetry" : "Disabled"
},
"PlanHash" : "0a8f7da3c50772ea7557643e5c6d2a7c",
"PlanID" : "1",
"Status" : "Protected",
"Tenant" : "mycompany.protect",
"UploadQueue" : {
"JamfCloud" : 0
},
"Uptime" : 98390.34959292412,
"Version" : "6.1.1.6"
}
Thanks @jelockwood! I think I'll need some more information, because the JSON is what the code expects, so there must be something else up with this.
The first one is easy: what's the path to the protectctl
binary? You can check this with which protectctl
. It should be /usr/local/bin/protectctl
.
The second one is a bit more involved - can you add a print statement on line 19 of the script?
The line should be print(unused_error)
, with the indentation matching the line above.
Please also then add another line on line 23. The contents of the line should be:
print(output_json)
, with the indentation matching the line above.
Once this is done, please run Munkireport and send me the (sanitized) output like you did before. This will tell me what data the script is actually getting when it tries to get the data from Jamf Protect, and (if applicable) what error it's getting from Jamf Protect.
I have a tentative fix for this that I've tested as working by writing a little Jamf Protect emulator - I'll issue a new release.
@jc0b I am getting the following error from composer
Problem 1
- Root composer.json requires jc0b/jamf_protect ^2.0.1 -> satisfiable by jc0b/jamf_protect[v2.0.1].
- jc0b/jamf_protect v2.0.1 requires php ^7.0 -> your php version (8.3.11) does not satisfy that requirement.
Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.
Running update with --no-dev does not mean require-dev is ignored, it just means the packages will not be installed. If dev requirements are blocking the update you have to resolve those problems.
Oops, yeah my bad. I issued a re-release which should resolve this, thanks for checking!
@jc0b Thanks for that, the composer update ran successfully, I re-downloaded the resulting client installer package from my MunkiReport and ran it on my test Mac to update the client, I ran munkireport-runner and this time had no errors and after the upload I can now see valid data in MunkiReport.
So your module is now fixed. 😄
As it happens I still have an issue with tuxudo/jamf which is a module for reporting Jamf Pro data. Do you use this module yourself?
No @jelockwood, I do not use the Jamf module, as we're looking to sunset munkireport at some point within our org. You're best off opening an issue there.
@jc0b Yes I have already started discussing with the author of that module. I can understand moving away from MunkiReport - apart from anything else I am unable to connect it to our Active Directory server. However in my case it has the benefit of being able to run on an air-gapped network which pretty much all alternatives being cloud based cannot. (I have/will have two separate MR setups.) Thanks for your help though.
@jc0b I am currently building and testing MunkiReport-PHP 5.8.0 and we already have Jamf Pro and Jamf Protect in use. I have therefore already added Tuxudo's Jamf (Pro) module and I am trying to add your Jamf Protect module.
I am however getting an error from your module on my test client as follows.
Unsurprisingly this results in an empty record in MunkiReport.
Note: I have MacAdmins managed python 3 installed - version 3.10.9 which works fine for all the other MunkiReport modules.
I don't know if it is related but your module looks a bit 'strange' in the MunkiReport Module Marketplace option in the admin website as follows.
Other modules only have a single line and no 'custom override' entry.
The Jamf Protect binary is functioning on the same test Mac as per the following example
Any ideas what is going wrong?