/build/static/layout/Breadcrumb_cap_w.png

Enable Mac Application Layer Firewall via k1000

I'm very new to remote mac management via the k1000. I just created a script via the Security Policy wizard, and have attached the correct (test) macbook air to the list of deployment machines. I'm recieveing this error in the logs. Any input would be greatly appreciated. Thanks!

 

Log for Mac ALF Settings on MacBookAir[ Show All ]

Started: 06/30/2013 14:05:55
Finished: 06/30/2013 14:05:55
Elapsed Time: 0 second
Status: 3

Output Log

File exists: /usr/libexec/ApplicationFirewall/socketfilterfw
File exists: /Library/Preferences/com.apple.alf.plist
Launched Process: PlistBuddy
Launched Process: PlistBuddy
Launched Process: PlistBuddy
ProcessOps_LaunchProgram: Launch failed: 1 exitCode=1

Activity Log

Checking if file exists: /usr/libexec/ApplicationFirewall/socketfilterfw
Checking if file exists: /Library/Preferences/com.apple.alf.plist
Launching program: '/usr/libexec/PlistBuddy' '-c 'Set :globalstate 0' /Library/Preferences/com.apple.alf.plist' wait='true'
Launching program: '/usr/libexec/PlistBuddy' '-c 'Set :loggingenabled 0' /Library/Preferences/com.apple.alf.plist' wait='true'
Launching program: '/usr/libexec/PlistBuddy' '-c 'Set :stealthenabled 0' /Library/Preferences/com.apple.alf.plist' wait='true'
Launching program: '/usr/bin/killall' 'socketfilterfw' wait='true'
Asked 11 years ago 2188 views
0 Comments   [ + ] Show comments

Answers (2)

Posted by: dblaire@shutterfly.com 11 years ago
Senior White Belt
1

Okay, it looks like Kace is attempting to launch the plistbuddy process. From what i'm reading (and i cold be wrong) there is no plistbuddy in 10.8... hence the "Run Failure" that i keep seeing in the logs. 

Now, after testing, I am able to push this script to my 10.8 macbook air. Thanks for the effort and help jknox.

Comments:
  • Sorry, hadn't had a chance to test it out yet. Submit a support ticket so a bug can be generated. Seems like a new script will need to be written. - jknox 11 years ago
Posted by: jknox 11 years ago
Red Belt
0

What version of OS X is this running on? What version of the K1000 agent?

What options did you select for the firewall on the security policy?

Does it work if you execute the commands manually?

Enable debug, deploy the policy and see if the logs give you any further detail: http://www.kace.com/support/resources/kb/article/how-to-enable-debug-logs-on-the-kace-k1000-client-kbox-client-deployment

Comments:
  • OSX Version: 10.8.4
    K1000 Agent: 5.4.5315
    AMP Agent: 6

    Below is the Raw XML Data of the script
    ---------------------------------------------------------------
    <?xml version="1.0" encoding="utf-8" ?>
    <kbots xmlns="http://kace.com/Kbots.xsd">
    <kbot>

    <config name="Mac ALF Settings" type="policy" id="150" version="1372626269" description="Application Layer Firewall Settings (Created by the KACE Configurator)">

    <execute disconnected="true" logged_off="true">
    <event name="BOOTUP" />
    </execute>

    </config>

    <compliance>

    <verify on_failure="break" attempts="2">

    <file_exists path="/usr/libexec/ApplicationFirewall" file="socketfilterfw" />
    <file_exists path="/Library/Preferences" file="com.apple.alf.plist" />

    <on_verify_success>
    <launch_program path="/usr/libexec" program="PlistBuddy" wait="true" parms="-c 'Set :globalstate 0' /Library/Preferences/com.apple.alf.plist" />
    <launch_program path="/usr/libexec" program="PlistBuddy" wait="true" parms="-c 'Set :loggingenabled 0' /Library/Preferences/com.apple.alf.plist" />
    <launch_program path="/usr/libexec" program="PlistBuddy" wait="true" parms="-c 'Set :stealthenabled 0' /Library/Preferences/com.apple.alf.plist" />
    <launch_program path="/usr/bin" program="killall" wait="true" parms="socketfilterfw" />
    </on_verify_success>

    <on_verify_failure>
    <log_message type="status" message="Application Layer Firewall (10.5 and higher) not found." />

    <on_remediation_success>
    </on_remediation_success>

    <on_remediation_failure>
    </on_remediation_failure>

    </on_verify_failure>

    </verify>

    </compliance>

    </kbot>
    </kbots>
    ------------------------------------------------------------------- - dblaire@shutterfly.com 11 years ago
    • Did the debug logs show anything? - jknox 11 years ago
  • I dont see any obvious failures.


    Log for Application Layer Firewall Settings on MacBookAir [ Show All ]
    Started: 07/01/2013 14:15:35
    Finished: 07/01/2013 14:15:35
    Elapsed Time: 0 second
    Status: 3
    Output Log
    File exists: /usr/libexec/ApplicationFirewall/socketfilterfw
    File exists: /Library/Preferences/com.apple.alf.plist
    Launched Process: PlistBuddy
    Launched Process: PlistBuddy
    Launched Process: PlistBuddy
    ProcessOps_LaunchProgram: Launch failed: 1 exitCode=1
    Activity Log
    Checking if file exists: /usr/libexec/ApplicationFirewall/socketfilterfw
    Checking if file exists: /Library/Preferences/com.apple.alf.plist
    Launching program: '/usr/libexec/PlistBuddy' '-c 'Set :globalstate 1' /Library/Preferences/com.apple.alf.plist' wait='true'
    Launching program: '/usr/libexec/PlistBuddy' '-c 'Set :loggingenabled 0' /Library/Preferences/com.apple.alf.plist' wait='true'
    Launching program: '/usr/libexec/PlistBuddy' '-c 'Set :stealthenabled 0' /Library/Preferences/com.apple.alf.plist' wait='true'
    Launching program: '/usr/bin/killall' 'socketfilterfw' wait='true'
    Debug Log
    Running kbot: runkbot 150 1372713250
    Validating kbot xml
    Kbot xml /Library/Application Support/Dell/KACE/data/kbots_cache/150-1372713190_expanded.xml, Validation Success
    Kbot Config Info - Start
    id=150 name=Application Layer Firewall Settings version=1372713190 type=policy
    execute disconnected=true logged_off=true
    execute events BOOTUP
    Kbot Config Info - Finish
    runkbot ----- launching [command='/usr/libexec/PlistBuddy' parms='-c 'Set :globalstate 1' /Library/Preferences/com.apple.alf.plist' wait='true'] -----
    runkbot ----- completed [result=1 exitCode=0] -----
    runkbot ----- launching [command='/usr/libexec/PlistBuddy' parms='-c 'Set :loggingenabled 0' /Library/Preferences/com.apple.alf.plist' wait='true'] -----
    runkbot ----- completed [result=1 exitCode=0] -----
    runkbot ----- launching [command='/usr/libexec/PlistBuddy' parms='-c 'Set :stealthenabled 0' /Library/Preferences/com.apple.alf.plist' wait='true'] -----
    runkbot ----- completed [result=1 exitCode=0] -----
    runkbot ----- launching [command='/usr/bin/killall' parms='socketfilterfw' wait='true'] -----
    runkbot ----- completed [result=1 exitCode=1] ----- - dblaire@shutterfly.com 11 years ago
  • Is there any way this could be a permissions issue?

    Thanks,
    Doug - dblaire@shutterfly.com 11 years ago

Posted by:

dblaire@shutterfly.com Senior White Belt
Ninja since: 11 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

KACE Product Support Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ