Skip to main content

Hey All,
I have been tasked with creating a smart group to see if an application is installed. The security application is FireEye. FireEye does have an application but it doesnt show in the applications as it is not suppose to. So I was going to create an extension attribute that will check the machine and see if it has the correct FireEye directory which should be /Library/FireEye/xagt/xagt.app . When doing so it does not pick up any machines. This is what I have so far:



!/bin/bash



############################################################


A script to collect information on if FireEye is currently installed



If FireEye is not installed then "Not Installed" will return back



############################################################


RE$ULT="Not Installed"



if [ -f "/Library/FireEye/xagt" ] ;



then
RE$ULT=$( /bin/defaults read "/Library/FireEye/xagt/xagt.app/Contents/info.plist" CFBundleName)
fi



echo "<result>$RE$ULT</result>"

Try -d instead of -f in this line. 



if [ -f "/Library/FireEye/xagt" ] ;

So I ended up finding a script that works when I run it on my machine.
**



#!/bin/sh

########################################################################

# A script to collect information on if FireEye is currently installed #

# If FireEye is not installed then "Not Installed" will return back    #

########################################################################

#!/bin/sh

if [ -e /library/FireEye/xagt/xagt.app ]

then 

  echo "<result>True</result>"

else

  echo "<result>False</result>"

fi


**



But it does not report within the jamf console. It was successful on my machine. I ran sudo jamf recon, but it still doesnt report.

Hello,
Library is lowercase in your script but I believe the path is /Library/FireEye/xagt/xagt.app.

Hey,



on your first script - 



RE**+$+**ULT="Not Installed"



if [ -f "/Library/FireEye/xagt" ] ;



then RE$ULT=$( /bin/defaults read "/Library/FireEye/xagt/xagt.app/Contents/info.plist" CFBundleName)

fi



echo "<result>$RE**+$+**ULT</result>"


Do not use "$" in RESULT.



On second script - change "library" to "Library". It should be case sensitive.

I am also not able to create smart for FireEye

This is what I am using.



#!/bin/bash



# to detect version of FireEye installed on OS X



if [ -f "/Library/Extensions/FireEye.kext/Contents/Info.plist" ] ; then

    VERSION=$( defaults read "/Library/Extensions/FireEye.kext/Contents/Info.plist" CFBundleVersion )

else

    VERSION="Not Installed"

fi



echo "<result>$VERSION</result>"

@sbanks & @Parveen.Virmani here is what I am using.



#!/usr/bin/env bash

#

#Description: EA to check FireEye EndPoint Security HX Agent Version.

#

RESULT="Not Installed"



if [ -f "/Library/FireEye/xagt/xagt.app/Contents/Info.plist" ] ; then

    RESULT=$( defaults read /Library/FireEye/xagt/xagt.app/Contents/Info CFBundleVersion )

fi



echo "<result>$RESULT</result>"

You can also use the file command to see what type of file or folder you are dealing with to use the right test in the shells.

Reply


Terms & ConditionsCookie settings