At Acorn, we have a standard set of base applications that we push out to all of our client computers. These include but are not limited to Adobe Acrobat Reader, Adobe Flash Player, and Java. These applications are typically the target of malware applications and as such, require constant updating. I will describe our the system that I have developed to keep our client computers up-to-date.
We have a publically accessible web server that hosts the MSI packages for each of the base applications. We host the MSI files within a folder named deploy. Periodically we will update the MSI files, which we then upload to the deploy folder.
There is a file called spider.php which is setup as a cronjob to run daily. spider.php traverses through the deploy folder and all subfolders to generate a listing of all files which it stores in a file that it generates named files.txt. Below is a sample files.txt:
#directory#acrobatreader files.txt #directory#flashplayer #directory#java spider.php acrobatreader/Setup.ini acrobatreader/acroread.msi acrobatreader/acroread.mst flashplayer/flash_player_active_x32.msi flashplayer/flash_player_active_x64.msi flashplayer/flash_player_plugin_x32.msi flashplayer/flash_player_plugin_x64.msi #directory#java/java_x32 #directory#java/java_x64 java/java_x32/Data1.cab java/java_x32/java_x32.msi java/java_x64/Data1.cab java/java_x64/java_x64.msi
#m h dom m dow file 00 * * * * /usr/local/bin/php /usr/local/www/data/baseapps/deploy/spider.php
Each customer server has a scheduled task that runs each night to download the latest versions of the MSI packages. The script is a powershell script which downloads the files.txt file, parses it for which files to download, and then downloads each file. The script is named updatebaseapps.ps1.
$baseurl = "http://server.address.goes.here/baseapps/deploy/" #Base URL for where the applications are located
$filelist = "files.txt" #The list of all files to download
$root = "D:\location\to\baseapps\share\goes\here\software\deploy\" #Destination folder on the customer's server
$source = $baseurl + "/" + $filelist
$destination = $root + "\" + $filelist
if (Test-Path $root) {
rm -r $root
}
#Make the root path folder
mkdir $root
#Create a new WebClient object to download the files
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($source, $destination)
#Parse the files.txt file and download each file that is included in it
Get-Content $destination | Foreach-Object {
#If it's a directory
if ($_.Contains("#directory#")) {
$_ = $_.Replace("#directory#", "")
$_ = $_.Replace("/", "\")
$dir = $root + $_
#Make the folder if it doesn't exist
if (-not (Test-Path $_)) {
#write-host "Creating Directory: " $dir
mkdir $dir
}
}
else {
$URL = $baseurl + $_
$file = $_.Replace("/", "\")
$fullfile = $root + $file
write-host "Downloading:" $URL
$wc.DownloadFile($URL, $fullfile)
}
}
Lastly, we have a group policy that applies to all customer workstations and laptops to push out the new MSI packages.