[REVIEW README FIRST] - Unzip unified_unix_agent-macosx-XXXXX.zip into a temporary directory (eg: /Users/$ROB$/tmp/) - Open up a terminal window - cd to the the temp directory: $> cd unified_unix_agent-macosx.../ - Replace the file: cacert.pem with your own local version (if you're using a self-signed ssl cert for package deployment) - run: sh ./scripts/create_install_wrapper.sh This will create a deployable install_wrapper.sh script (with the agent archive embedded into it) that can be remotely deployed to hosts via ssh. See install_wrapper.sh -h for more usage info. The install_wrapper.sh: - Unzips the embedded agent - creates the local config - triggers the ./scripts/installer.sh The installer.sh: - create the user/group: _ocsng with an uid/gid of 3995 via the dscl command [see scripts directory] - install OCSNG.app to /Applications/OCSNG.app - copy the config file to /etc/ocsinventory - install a startup plist file to launchd - install ocsng.log to /var/log (viewable via the console utility) - call launchd to start the service Assuming you don't see any errors, you should be able to open up the console utility and view the /var/logs/ocsng.log file to verify the service started properly. Once installed, the agent should contact the server and upload an initial inventory, then go back to sleep. Notes: - You can't click on /Applications/OCSNG.app, it won't work (and thats the way its meant to be). Everything is called via LaunchD, the .app is just there "for show" in case it needs to be manually removed. - To uninstall the .app, use the uninstaller.sh script. This will kill the service, remove all the users that were added and remove all the files (no restart required). Additional Scripts: - dscl-addbash.sh will: :Modify the user _ocsng's Shell from /bin/false to /bin/bash :Generate a random (long) password for the user using /dev/random and shasum :Modify /etc/sudoers such that _ocsng has sudo, un-passworded access to the installer command *** THIS SCRIPT IS EXTREMELY DANGEROUS, REVIEW AND TEST (AND RETEST) BEFORE PUTTING INTO PRODUCTION *** It has been modified to ensure security of the system is not compromised. The trade off for installer functionality is that the _ocsng user has sudo (ie: root) access to the installer command without a password. If someone were to break into the _ocsng account, they'd have sudo access to the installer command... you have been warned. - Under Tiger (10.4), uid's < 500 will show up in the "Accounts" section of the System Preferences. If this is not desired, find the 'scripts/dscl-adduser.sh' script BEFORE CREATING THE INSTALL WRAPPER. Edit this script to customize the UID so it's below 500 and doesn't clash with any of your other system id's (395 should work in most cases). This "feature" doesn't seem to appear in 10.5 (leopard) regardless of ID.