Jamfsters,
am trying to setup an extension Attribute that will tell me if proofpoint is running on the system. After looking at the activity monitor is under logger (4599) I am new to scritpts can someone point me in the right direction?
Question
Proofpoint Extension attribute
+3
+26Without knowing a lot about Proofpoint myself, I suggest looking for the daemon. If the daemon is running, the client should be running. Below is an EA I tossed together for SSH, just replace the SSH daemon with whatever Proofpoints daemon is called.
Reaching out to the vendor on this one is probably the best option. They probably have a terminal command that will give the client status, you could wrap that in to an EA for JAMF. If the vendors client status command is one line you could replace what is in the ( ) brackets below with that command and this same EA will work. Just adjust the variable name to fit the use case.
#!/bin/bash
Daemon_Status=$(sudo launchctl list | grep "com.openssh.sshd")
if [[ $Daemon_Status != '' ]]
then
echo "echo <result>Daemon Active</result>"
else
echo "<result>Daemon Not Active</result>"
fi
If you are referring to ProofPoint ObserveIT, I have two Extension Attributes. One for the agent and another for the agent updater.
#!/usr/bin/env bash
##############################################################################
# A script to collect the version of Proofpoint ObserveIT currently installed.#
# If Proofpoint ObserveIT is not installed "Not Installed" will return back #
##############################################################################
RESULT="Not Installed"
if [ -f "/etc/omonitor/version" ] ; then
RESULT=$( /bin/cat /etc/omonitor/version )
fi
/bin/echo "<result>$RESULT</result>"#!/usr/bin/env bash
##############################################################################
# A script to collect the version of Proofpoint ObserveIT Updater currently installed.#
# If Proofpoint ObserveIT updater is not installed "Not Installed" will return back #
##############################################################################
RESULT="Not Installed"
if [ -f "/Library/ITUpdater/updater/plist/updater.Info.plist" ] ; then
RESULT=$( /usr/libexec/PlistBuddy -c Print /Library/ITUpdater/updater/plist/updater.Info.plist | grep CFBundleVersion | cut -d '=' -f2 | xargs )
fi
/bin/echo "<result>$RESULT</result>"
+1While using the script to collect the ProofPoint version, it fails with the error "line 10: syntax error near unexpected token 'fi'
#!/usr/bin/env bash ############################################################################## # A script to collect the version of Proofpoint ObserveIT currently installed.# # If Proofpoint ObserveIT is not installed "Not Installed" will return back # ############################################################################## RESULT="Not Installed" if [ -f "/etc/omonitor/version" ] ; then RESULT=$( /bin/cat /etc/omonitor/version ) fi /bin/echo "<result>$RESULT</result>"
While using the script to collect the ProofPoint version, it fails with the error "line 10: syntax error near unexpected token 'fi'
#!/usr/bin/env bash ############################################################################## # A script to collect the version of Proofpoint ObserveIT currently installed.# # If Proofpoint ObserveIT is not installed "Not Installed" will return back # ############################################################################## RESULT="Not Installed" if [ -f "/etc/omonitor/version" ] ; then RESULT=$( /bin/cat /etc/omonitor/version ) fi /bin/echo "<result>$RESULT</result>"
A bit late to the party but amended your script to this one:
#!/bin/zsh
##############################################################################
# A script to collect the version of Proofpoint ObserveIT currently installed.#
# If Proofpoint ObserveIT is not installed "Not Installed" will return back #
##############################################################################
RESULT="Not Installed"
if [ -e "/Library/PEA/agent" ] ; then
RESULT=$(/Library/PEA/agent/oitcons -pkginfo | awk 'NR==3 {print $NF}')
fi
/bin/echo "<result>$RESULT</result>"
+17EA could work, but a better way might be updating Inventory Collection (Computer management >> Inventory collection >> Software) to include:
/Library/PEA
This will pull the version (Info.plist) for ITProtector.app
Those are just for the agent itself, not the updater. Per the vendor's instructions, we deploy the agent updater, then the agent itself comes down from the proofpoint console.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.