Hey all,
Hoping you all can shed some light. Essentially, I'm trying to create an extension attribute to simply pull the agent version and build info.
So I'm following the above article related to its extension attribute setup. Deployment is going well but getting Jamf to acknowledge via the setup of an extension attribute is rough for me.
Namely in the Nessus Agent Version and Build info:
I'm going awry somewhere so any help would be appreciated if possible.
It looks like they have an EA listed in that article for the version
#!/bin/sh
# Check to see if Nessus Agent is installed
NessusAgentInstalled="$(ls /Library/NessusAgent/run/sbin/ | grep nessuscli)"
if [ "$NessusAgentInstalled" != "nessuscli" ]
then
echo "<result>N/A</result>"
else
NessusAgentVersion="$(/Library/NessusAgent/run/sbin/nessuscli -v | awk 'NR==1{print $3 " " $4 " " $5}')"
echo "<result>$NessusAgentVersion</result>"
fi
If that is not getting you the right info, you can play with the line:
NessusAgentVersion="$(/Library/NessusAgent/run/sbin/nessuscli -v | awk 'NR==1{print $3 " " $4 " " $5}')"
and change the awk as needed.
For Nessus Agent Service Status EA, try this:
#!/bin/sh
# Check to see if Nessus Agent is running
NessusAgentRunning="$(sudo launchctl list com.tenablesecurity.nessusagent | grep "PID" | awk '{ print $1 }' | tr -d '\\"')"
if [ "$NessusAgentRunning" = "PID" ]
then
echo "<result>Running</result>"
else
echo "<result>Stopped</result>"
fi
For Nessus Agent Version EA, try this:
#!/bin/sh
# Check to see if Nessus Agent is installed
NessusAgentInstalled="$(ls /Library/NessusAgent/run/sbin/ | grep nessuscli)"
if [ "$NessusAgentInstalled" != "nessuscli" ]
then
echo "<result>N/A</result>"
else
NessusAgentVersion="$(/Library/NessusAgent/run/sbin/nessuscli -v | awk 'NR==1{print $3 " " $4 " " $5}')"
echo "<result>$NessusAgentVersion</result>"
fi
For Nessus Agent Installation Status EA, try this:
#!/bin/sh
# Check to see if Nessus Agent is installed
NessusAgentInstalled="$(ls /Library/NessusAgent/run/sbin/ | grep nessuscli)"
if [ "$NessusAgentInstalled" != "nessuscli" ]
then
echo "<result>Not Installed</result>"
else
echo "<result>Installed</result>"
fi
First off, I'm surprised no-one has mentioned this yet, but the main issue with the EA you posted, is that it's not an EA. Extension Attributes only work if some string or result of a command is output (usually echoed) between <result> and </result> tags. Otherwise the EA for your Macs will remain blank in your console forever.
But outside of that, if you still need some help in getting a working EA together, I'll post the old ones I used to use as well. We no longer use Nessus where I am, but when we did, this was the Extension Attribute I had for the version:
#!/bin/sh
nessus_agent_cli_path="/Library/NessusAgent/run/sbin/nessuscli"
if [ -e "$nessus_agent_cli_path" ]; then
nessus_agent_version=$("$nessus_agent_cli_path" -v 2>&1 | awk -F\\) '/Nessus Agent/{print $NF}' | xargs)
else
nessus_agent_version="N/A"
fi
echo "<result>$nessus_agent_version</result>"
I also had this EA for capturing its status, as in Installed (Running + Connected etc.) or what the status was. I have no idea if this even works anymore with the current Nessus agent version, but you can try it in case it interests you.
#!/bin/sh
## Path to the Nessus Agent CLI
nessus_cli_path="/Library/NessusAgent/run/sbin/nessuscli"
if [ -e "$nessus_cli_path" ]; then
## If installed, get a printout of the full status of the agent
agent_running_status=$("$nessus_cli_path" agent status 2>&1 | awk -F': ' '/Running:/{print $NF}')
agent_connected_status=$("$nessus_cli_path" agent status 2>&1 | awk -F': ' '/Link status/{print $NF}')
## If agent is running and connected, result is Installed
if [[ "$agent_running_status" == "Yes" ]] && [[ "$agent_connected_status" =~ "Connected" ]]; then
result="Installed"
## If either the agent is not connected or not running, print back those results
elif [[ "$agent_running_status" != "Yes" ]] || [[ ! "$agent_connected_status" =~ "Connected" ]]; then
result="Running: $agent_running_status, Connected: $agent_connected_status"
fi
else
result="Not Installed"
fi
## Send the final result back to the Jamf server
echo "<result>$result</result>"
For Nessus Agent Service Status EA, try this:
#!/bin/sh
# Check to see if Nessus Agent is running
NessusAgentRunning="$(sudo launchctl list com.tenablesecurity.nessusagent | grep "PID" | awk '{ print $1 }' | tr -d '\\"')"
if [ "$NessusAgentRunning" = "PID" ]
then
echo "<result>Running</result>"
else
echo "<result>Stopped</result>"
fi
For Nessus Agent Version EA, try this:
#!/bin/sh
# Check to see if Nessus Agent is installed
NessusAgentInstalled="$(ls /Library/NessusAgent/run/sbin/ | grep nessuscli)"
if [ "$NessusAgentInstalled" != "nessuscli" ]
then
echo "<result>N/A</result>"
else
NessusAgentVersion="$(/Library/NessusAgent/run/sbin/nessuscli -v | awk 'NR==1{print $3 " " $4 " " $5}')"
echo "<result>$NessusAgentVersion</result>"
fi
For Nessus Agent Installation Status EA, try this:
#!/bin/sh
# Check to see if Nessus Agent is installed
NessusAgentInstalled="$(ls /Library/NessusAgent/run/sbin/ | grep nessuscli)"
if [ "$NessusAgentInstalled" != "nessuscli" ]
then
echo "<result>Not Installed</result>"
else
echo "<result>Installed</result>"
fi
Hey @mvu, your advice did just the trick!
It looks like they have an EA listed in that article for the version
#!/bin/sh
# Check to see if Nessus Agent is installed
NessusAgentInstalled="$(ls /Library/NessusAgent/run/sbin/ | grep nessuscli)"
if [ "$NessusAgentInstalled" != "nessuscli" ]
then
echo "<result>N/A</result>"
else
NessusAgentVersion="$(/Library/NessusAgent/run/sbin/nessuscli -v | awk 'NR==1{print $3 " " $4 " " $5}')"
echo "<result>$NessusAgentVersion</result>"
fi
If that is not getting you the right info, you can play with the line:
NessusAgentVersion="$(/Library/NessusAgent/run/sbin/nessuscli -v | awk 'NR==1{print $3 " " $4 " " $5}')"
and change the awk as needed.
Hey @bizzaredm,
I manipulated the values like you suggested (changed to 4,5,6 from 3,4,5) and it outputted what I needed.
Thanks again!
For Nessus Agent Service Status EA, try this:
#!/bin/sh
# Check to see if Nessus Agent is running
NessusAgentRunning="$(sudo launchctl list com.tenablesecurity.nessusagent | grep "PID" | awk '{ print $1 }' | tr -d '\\"')"
if [ "$NessusAgentRunning" = "PID" ]
then
echo "<result>Running</result>"
else
echo "<result>Stopped</result>"
fi
For Nessus Agent Version EA, try this:
#!/bin/sh
# Check to see if Nessus Agent is installed
NessusAgentInstalled="$(ls /Library/NessusAgent/run/sbin/ | grep nessuscli)"
if [ "$NessusAgentInstalled" != "nessuscli" ]
then
echo "<result>N/A</result>"
else
NessusAgentVersion="$(/Library/NessusAgent/run/sbin/nessuscli -v | awk 'NR==1{print $3 " " $4 " " $5}')"
echo "<result>$NessusAgentVersion</result>"
fi
For Nessus Agent Installation Status EA, try this:
#!/bin/sh
# Check to see if Nessus Agent is installed
NessusAgentInstalled="$(ls /Library/NessusAgent/run/sbin/ | grep nessuscli)"
if [ "$NessusAgentInstalled" != "nessuscli" ]
then
echo "<result>Not Installed</result>"
else
echo "<result>Installed</result>"
fi
Thank you, @mvu!
This worked like a charm
Hey everyone. I tried several/all of these solutions above and I am not having much luck. Either I am not getting hardly any version information or more importantly my results are coming back that the tenable agent is installed on all of my fleet which is not true. Any ideas of what is happening?
Hey everyone. I tried several/all of these solutions above and I am not having much luck. Either I am not getting hardly any version information or more importantly my results are coming back that the tenable agent is installed on all of my fleet which is not true. Any ideas of what is happening?
Which EA are you trying to use? Can you paste in the script?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.