IBM BigFix Patch: Content Modification: Patches for Mac OS X (v435) published 2018-07-13

Content in Patches for Mac OS X site has been modified.

New/Updated Fixlet:
UPDATE Safari 11.1.2 - ElCapitan (10.11.6 Client) (ID: 98140766)
UPDATE Safari 11.1.2 - macOS Sierra (10.12.6 Client) (ID: 98140767)
UPDATE iTunes 12.8 Available (Client) (ID: 65141931)
Security Update 2018-004 (10.11.6 Client) (ID: 10110024)
Security Update 2018-004 (10.12.6 Client) (ID: 10120017)
UPDATE macOS High Sierra 10.13.6 Available (ID: 10130014)
UPDATE MacOS High Sierra 10.13.6 Available (Combo) (ID: 10130015)

Published site version:
Patches for Mac OS X, version 435

Reasons for Update:
Apple released newer Security Updates
Apple released a newer version of Safari
Apple released a newer version of iTunes

Actions to Take:
Gathering of the site will automatically show the updates made.

Application Engineering Team
IBM BigFix

And for the patch UPDATE MacOS High Sierra 10.13.6 Available (Combo) (ID: 10130015)

This is the relevance statement and the High Sierra Update should not applicable to machines less than 10.13:

(exists string “ProductVersion” whose (it as string = “10.11” OR (it as version >= “10.11.1” AND it as version < “10.13.6”)) of dictionary of it) of file “/System/Library/CoreServices/SystemVersion.plist”

For the MacOS High Sierra 10.13.6 Available (Combo) Fixlet, the relevance used was this:

(exists string “ProductVersion” whose (it as string = “10.13” OR (it as version >= “10.13.1” AND it as version < “10.13.5”)) of dictionary of it) of file “/System/Library/CoreServices/SystemVersion.plist”

It should be fixed in Patches for Mac OS X v436

So I found this post because I am looking to apply the ID 10130015 Fixlet which is the 10.13.6 (Combo) but for some reason the relevance is not allowing systems to be identified as an applicable computer. I am certainly as novice to BigFix. The MAC itself wants to install the 10.13.6 (Combo) from the app store so I am confident that it needs the fixlet.

What I don’t know is how to debug the Relevance. There is 2 relevance statements:

(name of operating system = “Mac OS X”) AND (if exists property “in proxy agent context” then (not in proxy agent context) else true) AND (if exists property “android” of type “operating system” then (not android of operating system) else true)

(exists string “ProductVersion” whose (it as string = “10.13” OR (it as version >= “10.13.1” AND it as version < “10.13.6”)) of dictionary of it) of file “/System/Library/CoreServices/SystemVersion.plist”

I would appreciate any help.

Thanks,

Todd

Keep in mind that BigFix only provides updates for within the same major version. If you’re trying to upgrade to a new major version (e.g. upgrade 10.12 to 10.13), it will not work.

This just checks that you are on a Mac and you are not connected through a proxy agent.

This checks the version of the OS by looking at the /System/Library/CoreServices/SystemVersion.plist file for the ProductVersion key. Additionally, this limits our check to Mac OS X 10.13 only.

Z,
Thanks for the prompt reply the system is version 10.13.5. and below is the contents of the plist file.

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs$ ProductBuildVersion 17F77 ProductCopyright 1983-2018 Apple Inc. ProductName Mac OS X ProductUserVisibleVersion 10.13.5 ProductVersion 10.13.5

What do you get if you run this relevance: string "ProductVersion" of dictionary of file "/System/Library/CoreServices/SystemVersion.plist"

Also, you should make sure your Mac endpoint is actually reporting back to the BES Server because just by looking at what you provided, it should’ve become relevant.

Z,
I’m sorry to be a novice, but I don’t know what you mean by “:run this relevance.” How do I run it? I can copy the fixlet to a custom fixlet and replace the relevance with your string. Is that what you propose?

Also, I checked and the MAC is checking in regularly.

Todd

You will need to either create an analysis in the BES Console or use the QnA tool and then put that relevance in. That relevance will reveal what it is expecting from the ProductVersion key in the plist file. The alternative is to take the original Fixlet and make an analysis or use QnA against each relevance of that Fixlet to see exactly which relevance statement is coming up as false. A custom Fixlet will not help because custom Fixlets are meant to evaluate if things are relevant or not (aka true or false) only and if relevant, run the action.

In case you’re not aware,

  • An analysis basically runs relevance against computers and return the results. See the doc for more information.
  • QnA is a client-side tool that can run relevance locally on the machine. See the doc for more information.

You should seriously consider reading the documentation and look at training videos. It will help you understand how to use BigFix and perform a lot more troubleshooting.

Z,
Again I appreciate your patience with me. I am very open to training videos and documentation. I have tried to locate good training but I always seem to find inconsistencies. Anyway, I feel that I am using up my time you and I do appreciate it very much.

Lastly, I did run the QnA on the MAC and it also returned the following:

A:10.13.5
T: 314

Thanks

If the Fixlet is not coming back as relevant, then you should run each relevance statement individually to see which one is the one that’s causing the issue.