Menu Close

Sophos Endpoint Scripted Install

Leverage Jamf Pro Script Parameters to automate a multi-Sub-Estate installation of Sophos Endpoint

Background

During our monthly Sophos vendor meeting last week, we learned about updated documentation for Installing Endpoint Protection on Macs.

The most intriguing information was the addition of a vendor-signed Configuration Profile to ease the sometimes confusing requirements for macOS Big Sur 11 and later.

Deployment Tools Folder

The new Deployment Tools folder included:

  • Read Me First.txt
  • Install Sophos Script.txt
  • Sophos Endpoint.mobileconfig

Drawing inspiration from the vendor-supplied script, we were off to try out a scripted installation of Sophos Endpoint.

Goals

Our first goal was a single script which could install Sophos Endpoint for any one of our multiple Sub-Estates: A perfect job for a Jamf Pro Script Parameter.

However, we needed to ensure if the Script Parameter wasn’t supplied, that we’d still have a working installation when the script completed.

Next, we wanted to validate the installation was successful, which we do by inspecting the com.sophos.sav.plist‘s OnAccessRunning value.

Sub-Estate URLs

Follow the Download installer instructions and document the URLs for each of your Sub-Estates.

Jamf Pro > Settings > Computer Management > Scripts

Options

Create a new script in Jamf Pro and include the following in the Options > Parameter 4 field:

Sub-Estate [ Sub-Estate 1 | Sub-Estate 2 | Sub-Estate 3 (default) | Sub-Estate 4 ]

Script

Copy-pasta the script, modifying the sophosCentralURL variables to match your Sub-Estate URLs.

#!/bin/bash

####################################################################################################
#
# ABOUT
#
# Sophos Endpoint Scripted Install
#
# Reference: https://snelson.us/2022/08/sophos-endpoint-scripted-install/
#
####################################################################################################
#
# HISTORY
#
# Version 1.0.0, 05-Aug-2022, Dan K. Snelson (@dan-snelson)
#   Original version
#
####################################################################################################



####################################################################################################
#
# VARIABLES
#
####################################################################################################

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Global Variables
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

scriptVersion="1.0.0"
scriptResult="v${scriptVersion}; "
tempDirectory="/private/var/tmp/SophosEndpoint"



# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Check for a specified "Sub-Estate" setting (Parameter 4); defaults to "Sub-Estate 3"
# Options: ( Sub-Estate 1 | Sub-Estate 2 | Sub-Estate 3 | Sub-Estate 4 )
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

if [[ "${4}" != "" ]] && [[ "${subEstate}" == "" ]]; then
    subEstate="${4}"
    scriptResult+="Using \"${subEstate}\" as the Sophos Central Sub-Estate; "
else
    subEstate="Sub-Estate 3"
    scriptResult+="Parameter 4 is blank; using \"${subEstate}\" as the Sophos Central Sub-Estate; "
fi



case "${subEstate}" in

    "Sub-Estate 1" )
            sophosCentralURL="https://api-cloudstation-us-east-2.sophos.com/api/download/NWxW1o9ezB07XquznpBjz/SophosInstall.zip"
            ;;

    "Sub-Estate 2" )
            sophosCentralURL="https://api-cloudstation-us-east-1.sophos.com/api/download/qwZiIUu2ipY9hC8T01UmI/SophosInstall.zip"
            ;;

    "Sub-Estate 3" )
            sophosCentralURL="https://api-cloudstation-us-east-3.sophos.com/api/download/j8e6n7n5y3099/SophosInstall.zip"
            ;;

    "Sub-Estate 4" | * )
            sophosCentralURL="https://api-cloudstation-us-east-4.sophos.com/api/download/QsAW3hCKRn8Cw62oyXHc0/SophosInstall.zip"
            ;;


esac



####################################################################################################
#
# PROGRAM
#
####################################################################################################

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Logging preamble
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

echo "Sophos Endpoint: Scripted Installation (${scriptVersion})"
echo "Using \"${subEstate}\" as the Sophos Central Sub-Estate"



# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Delete / Create Temporary Directory
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

scriptResult+="Delete Temporary Directory … "
/bin/rm -Rf "${tempDirectory}"

scriptResult+="Create Temporary Directory … "
/bin/mkdir "${tempDirectory}"



# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Download and unzip installer
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

scriptResult+="Downloading … "
/usr/bin/curl --location --silent "${sophosCentralURL}" -o "${tempDirectory}/SophosCentralInstall.zip"

scriptResult+="Expanding … "
/usr/bin/unzip -q "${tempDirectory}/SophosCentralInstall.zip" -d "${tempDirectory}"

sleep "15"



# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Update Permissions
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

scriptResult+="Update Permissions … "
/bin/chmod a+x "${tempDirectory}/Sophos Installer.app/Contents/MacOS/Sophos Installer"
/bin/chmod a+x "${tempDirectory}/Sophos Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper"



# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Install
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

scriptResult+="Install … "
${tempDirectory}/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --quiet

sleep "60"



# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Validate Sophos Endpoint RTS Files
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

scriptResult+="Validate Sophos Endpoint RTS Files … "

RESULT="Not Installed"

if [[ -d /Applications/Sophos/Sophos\ Endpoint.app ]]; then
    if [[ -f /Library/Preferences/com.sophos.sav.plist ]]; then
        sophosOnAccessRunning=$( /usr/bin/defaults read /Library/Preferences/com.sophos.sav.plist OnAccessRunning )
        case ${sophosOnAccessRunning} in
            "0" ) RESULT="Disabled" ;;
            "1" ) RESULT="Enabled" ;;
             *  ) RESULT="Unknown" ;;
        esac
    else
        RESULT="Not Found"
    fi
fi

scriptResult+="Result: ${RESULT}; "



# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Delete Temporary Directory
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

scriptResult+="Delete Temporary Directory … "
/bin/rm -Rf "${tempDirectory}"



# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Exit
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

scriptResult+="Goodbye!"

echo "${scriptResult}"

exit 0

Jamf Pro > Computers > Policies > Scripts

Create Sub-Estate-specific policies in Jamf Pro, add the script and enter the desired Sub-Estate name.

Posted in Jamf Pro, macOS, Scripts, Sophos Endpoint, Tips & Tricks

Related Posts