Firefox CCK2 lockdown Casper Extension Attributes

Hey everyone. On another recent project, I had a secondary education client running Firefox, and they wanted to have the customisations installed. Typically I’d fire up CCK2, build them, package the finished product and push this out, as per my blog.

This time, partially because they were using Casper, I wanted a method that would automatically detect if the CCK2 items were not installed, and add these Macs into a smart group. That way (as long as my lockdowns worked); we could deploy the updates to Firefox and have the lockdowns installed without repackaging Firefox each time.

After packaging the lockdowns, I still needed a system that could know when these were missing and put the devices into a group to reapply the CCK. Casper has a cool thing called Extension Attributes (EAs) that, if you can script what you need, Casper can check for it.

After an hour spent writing and testing I created the below EA to accomplish what I needed.

Extension Attribute Configuration

Here’s my EA configuration:

firefox customisations Extension Attribute Configuration

Display Name: An arbitrary value, but it is what’s shown in each computer record so make sure that the results of your EA make sense with it.
Description: Again, arbitrary. Stick what you want here.
Data Type: Use “String” because this will reply with a yes or no, although you could tweak it for 1/0 or true/false.
Inventory Display: Where you want it to go. When you get a fair few EAs, sometimes it’s cleaner to stick them in their own area.
Input Type: Script.

Extension Attribute Script

Here’s my script:

firefox extension script

This breaks down as:

Line 1 The shebang. Lets the device know it’s a bash script
Lines 3, 4 and 5 The directory and two files we are deploying for CCK2. I have loaded them as variables for ease of script re-use and reading
Line 8 This runs a multi-input “if” statement. The use of the double pipes (“||”) denotes “or”. If you swapped these for double ampersands (“&&”) is would denote “and”. So this line says “(if directory ‘$distDir’ does NOT exist) or (if file ‘$overrideFile’ does NOT exist) or (if file ‘$autoconfigFile’ does NOT Exist), do then section between “then” and “else”.
Line 10 and 13 Command line feedback for troubleshooting.
Line 11 Echo into the Casper EA the word “No”. Essentially if any of those items are missing, then at least part of the customisations are missing, and the whole lot should be reinstalled.
Line 14 Echo into the Casper EA the word “Yes”. If none of those items are missing, then the customisations should be in place and working fine.
Line 15 Close the “if” statement.
Line 17 Exit the script.

Usage

So each time one of the client devices submits a recon / runs an inventory it will return a “Yes” or a “No” to its computer record in the Casper JSS. How is this useful?

Well, the next step is to create a computer smart group based on the following check:

“Does the EA ‘Firefox Customisations installed’ = ‘No’”

and this will pick up all the devices that need the CCK2 lockdown installed.

Create a new policy, set it to a frequency of ‘on-going’, scope it to this group and have it re-deploy your packaged CCK2 lockdowns. Job Done!

Next time you push out an update Firefox install, to be honest, I would also manually re-push out my lockdowns in the same policy, but either way, once the Mac runs a recon it will detect the missing lockdown and reinstall it.

Read how to lockdown Firefox 35 using CCK2 and Casper Extension Attributes.

Summary

There you go. I hope it helps someone out and saves you some time.

At some point, I’ll document and share how to do this with Munki too, so the Munki Admins have something to play with!

As always, if you have any questions, queries or comments, let us know below, and I’ll try to respond to and delve into as many as I can.

Leave a Reply

Your email address will not be published. Required fields are marked *