search

jc0b / jamf_protect

A Jamf Protect module for MunkiReport
0 stars 0 forks source link

Problem running this module #3

Closed jelockwood closed 3 weeks ago

jelockwood commented 4 weeks ago

@jc0b I am currently building and testing MunkiReport-PHP 5.8.0 and we already have Jamf Pro and Jamf Protect in use. I have therefore already added Tuxudo's Jamf (Pro) module and I am trying to add your Jamf Protect module.

I am however getting an error from your module on my test client as follows.

    Running jamf_protect.py
    jamf_protect.py Error: Traceback (most recent call last):
  File "/usr/local/munkireport/scripts/jamf_protect.py", line 95, in <module>
    main()
  File "/usr/local/munkireport/scripts/jamf_protect.py", line 83, in main
    result = get_jp_data()
  File "/usr/local/munkireport/scripts/jamf_protect.py", line 24, in get_jp_data
    out['connection_identifier'] = output_json['Connection']['identifier']
KeyError: 'Connection'
WARNING: jamf_protect.py return code: 1

Unsurprisingly this results in an empty record in MunkiReport.

Note: I have MacAdmins managed python 3 installed - version 3.10.9 which works fine for all the other MunkiReport modules.

I don't know if it is related but your module looks a bit 'strange' in the MunkiReport Module Marketplace option in the admin website as follows. MunkiReport 2

Other modules only have a single line and no 'custom override' entry.

The Jamf Protect binary is functioning on the same test Mac as per the following example

sh-3.2# protectctl info
+--------------------------------------------------+
| General                                          |
+--------------------------------------------------+
| Uptime        | 1d 1h 45m 21s                    |
| Version       | 6.1.1.6                          |
| Install Type  | System Extension                 |
| Status        | Protected                        |
| Tenant        | mycompany.protect                  |
| Plan ID       | 1                                |
| Plan Hash     | 0a8f7da3c50772ea7557643e5c6d2a7c |
| Log Level     | Error                            |
| Last Check-in | 2024-09-10T10:12:19Z             |
| Last Insights | 2024-09-10T10:12:19Z             |
+---------------+----------------------------------+

Any ideas what is going wrong?

jc0b commented 4 weeks ago

Hi @jelockwood! Glad to see this module is still getting some use.

Could you get me the (sanitized) output of the following command on your test client? /usr/local/bin/protectctl info --json I am no longer a Jamf Protect customer, so can't test this myself.

In terms of the module marketplace - I don't know what causes this, but I've seen this before with other modules. I believe it's just cosmetic.

jelockwood commented 4 weeks ago

Here is the output.

sh-3.2# protectctl info --json
{
  "Connection" : {
    "identifier" : "B8C4712B-3AD1-xxxx-B640-62775D8DF3AF",
    "protocol" : "MQTT",
    "state" : "Connected"
  },
  "Crashes" : {
    "files" : [

    ]
  },
  "Diagnostics" : "Disabled",
  "InstallType" : "systemExtension",
  "LastCheckin" : 1725963139.198798,
  "LastInsightsSync" : 1725963139.198798,
  "LogLevel" : "error",
  "Monitors" : {
    "click" : {
      "actionsTaken" : {

      },
      "running" : true,
      "stats" : {
        "events" : 0,
        "matched" : 0,
        "rules" : 1
      }
    },
    "diskArbitration" : {
      "actionsTaken" : {

      },
      "running" : false,
      "stats" : {
        "events" : 0,
        "matched" : 0,
        "rules" : 0
      }
    },
    "download" : {
      "actionsTaken" : {

      },
      "running" : true,
      "stats" : {
        "events" : 1,
        "matched" : 0,
        "rules" : 2
      }
    },
    "execAuth" : {
      "actionsTaken" : {

      },
      "running" : true,
      "stats" : {
        "custom" : {
          "blocked" : 0,
          "cdHashes" : 0,
          "sha1" : 0,
          "sha256" : 0,
          "signingIDs" : 0,
          "teamIDs" : 0
        },
        "events" : 99717,
        "signatureFeed" : {
          "blocked" : 0,
          "matched" : 0,
          "mode" : 2,
          "version" : "20712"
        }
      }
    },
    "file" : {
      "actionsTaken" : {
        "CacheFile" : 5,
        "Report" : 5
      },
      "running" : true,
      "stats" : {
        "events" : 441112,
        "matched" : 5,
        "rules" : 96
      }
    },
    "gateKeeper" : {
      "actionsTaken" : {

      },
      "running" : true,
      "stats" : {
        "events" : 0,
        "matched" : 0,
        "rules" : 3
      }
    },
    "keylogger" : {
      "actionsTaken" : {

      },
      "running" : false,
      "stats" : {
        "events" : 0,
        "matched" : 0,
        "rules" : 0
      }
    },
    "mrt" : {
      "actionsTaken" : {

      },
      "running" : true,
      "stats" : {
        "events" : 0,
        "matched" : 0,
        "rules" : 1
      }
    },
    "offlineLicense" : {
      "actionsTaken" : {

      },
      "running" : false,
      "stats" : {
        "events" : 0
      }
    },
    "process" : {
      "actionsTaken" : {

      },
      "running" : true,
      "stats" : {
        "events" : 77570,
        "matched" : 0,
        "rules" : 49
      }
    },
    "screenshot" : {
      "actionsTaken" : {

      },
      "running" : false,
      "stats" : {
        "events" : 0,
        "matched" : 0,
        "rules" : 0
      }
    },
    "unifiedLogging" : {
      "actionsTaken" : {

      },
      "running" : false,
      "stats" : {
        "matched" : 0,
        "predicates" : 0
      }
    },
    "usb" : {
      "actionsTaken" : {

      },
      "running" : true,
      "stats" : {
        "events" : 10,
        "matched" : 0,
        "rules" : 1
      }
    }
  },
  "Plan" : {
    "autoUpdate" : true,
    "Configuration" : [
      {
        "Enabled" : false,
        "Mode" : "Disabled",
        "Name" : "Advanced Threat Controls",
        "UUID" : "5b8a2426-cba3-xxxx-9688-982c54545f3c"
      },
      {
        "Enabled" : false,
        "Mode" : "Disabled",
        "Name" : "Tamper Prevention",
        "UUID" : "9d523b8e-c527-xxxx-8768-92243b55e0b6"
      }
    ],
    "LogLevel" : "error",
    "planHash" : "0a8f7da3c50772ea7557643e5c6d2a7c",
    "planId" : "1",
    "telemetry" : "Disabled"
  },
  "PlanHash" : "0a8f7da3c50772ea7557643e5c6d2a7c",
  "PlanID" : "1",
  "Status" : "Protected",
  "Tenant" : "mycompany.protect",
  "UploadQueue" : {
    "JamfCloud" : 0
  },
  "Uptime" : 98390.34959292412,
  "Version" : "6.1.1.6"
}
jc0b commented 4 weeks ago

Thanks @jelockwood! I think I'll need some more information, because the JSON is what the code expects, so there must be something else up with this.

The first one is easy: what's the path to the protectctl binary? You can check this with which protectctl. It should be /usr/local/bin/protectctl.

The second one is a bit more involved - can you add a print statement on line 19 of the script? The line should be print(unused_error), with the indentation matching the line above.

Please also then add another line on line 23. The contents of the line should be: print(output_json), with the indentation matching the line above.

Once this is done, please run Munkireport and send me the (sanitized) output like you did before. This will tell me what data the script is actually getting when it tries to get the data from Jamf Protect, and (if applicable) what error it's getting from Jamf Protect.

jc0b commented 4 weeks ago

I have a tentative fix for this that I've tested as working by writing a little Jamf Protect emulator - I'll issue a new release.

jc0b commented 4 weeks ago

Give v2.0.1 a go, should resolve the issue. Thanks for reporting!

jelockwood commented 4 weeks ago

@jc0b I am getting the following error from composer

  Problem 1
    - Root composer.json requires jc0b/jamf_protect ^2.0.1 -> satisfiable by jc0b/jamf_protect[v2.0.1].
    - jc0b/jamf_protect v2.0.1 requires php ^7.0 -> your php version (8.3.11) does not satisfy that requirement.

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.
Running update with --no-dev does not mean require-dev is ignored, it just means the packages will not be installed. If dev requirements are blocking the update you have to resolve those problems.
jc0b commented 3 weeks ago

Oops, yeah my bad. I issued a re-release which should resolve this, thanks for checking!

jelockwood commented 3 weeks ago

@jc0b Thanks for that, the composer update ran successfully, I re-downloaded the resulting client installer package from my MunkiReport and ran it on my test Mac to update the client, I ran munkireport-runner and this time had no errors and after the upload I can now see valid data in MunkiReport.

So your module is now fixed. 😄

As it happens I still have an issue with tuxudo/jamf which is a module for reporting Jamf Pro data. Do you use this module yourself?

jc0b commented 3 weeks ago

No @jelockwood, I do not use the Jamf module, as we're looking to sunset munkireport at some point within our org. You're best off opening an issue there.

jelockwood commented 3 weeks ago

@jc0b Yes I have already started discussing with the author of that module. I can understand moving away from MunkiReport - apart from anything else I am unable to connect it to our Active Directory server. However in my case it has the benefit of being able to run on an air-gapped network which pretty much all alternatives being cloud based cannot. (I have/will have two separate MR setups.) Thanks for your help though.