Wednesday, 28 September 2011

New Web Filter - Bloxx and sendLogon deployment on OS X

So we've now got a new web filtering system which needs testing on the Macs and then deploying. The new system is currently running alongside the old, the later of which will slowly be phased out.

The new system does come with one small bonus for the Apple Macs as it works alongside a program called "sendLogon" which sends the credentials of the user to the server and automatically authenticating them to use the internet. This sendLogon was downloaded here, and comes with instructions:

Running sendLogon automatically on Mac OSX
You need to take the following steps:

1) Download the Send Logon program from to the desktop.
2) Browse to ‘Applications->Utilities’ and run the ‘Terminal’ application.
3) Type ‘cd ~/Desktop’.
4) Type 'tar zxvf sendLogon_osx_10.4.universal.tar.gz'.
5) Type ‘sudo cp sendLogon /usr/bin’ and enter your password when prompted.
6) Type ‘sudo nano /usr/bin/’.
7) Enter the following lines:


/usr/bin/sendLogon 3898 $1

8) When finished, press ctrl-o followed by return, to save the file.
9) Press ctrl-x to exit.
10) Run the following commands to set the correct permissions on the utility and login script:

sudo chmod 755 /usr/bin/
sudo chmod 755 /usr/bin/sendLogon

11) Run the following command:

sudo defaults write LoginHook /usr/bin/

The sendLogon utility should now run for every user that logs on.
This all worked splendidly. Our server address is XXX.XXX.XXX.21. The proxy settings are XXX.XXX.XXX.23 port 8080 though. Just need to remember that the computer has to be in the list of this filter system as using the sendLogon program (took me 20 mins before I remembered this!).

To deploy this the idea is to create a pkg file which copies the two files and sendLogon to /usr/bin and also sends the command for the LoginHook.

Note that all the Macs I will run this on do not have any login scripts which run from the computer and hence it doesn't matter if you overwrite the file. For those who do have login scripts then they will need to append to this file, which isn't too hard.

I will use the Iceberg App to create the pkg file and run it through the task server to deploy to all computer suites and staff machines.

We did have a choice whether to control the LoginHook from the Xserver or just have the clients controled locally. We chose the later as ICT Services do not control the Xserver, which is just used for the one Directorate.

I shall note in a later post how I created the pkg file.

No comments:

Post a Comment