- Jamf Nation Community
- Products
- Jamf Pro
- Casper Check Scripting Help
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Casper Check Scripting Help
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-16-2017 11:33 AM
I'm writing a script to remove our old casper check files and replace them with the new and updated versions (switching JSS's).
Can Cat be used in one script twice to create two different files? When running my first instance of Cat it tries running the contents of the script. Maybe I missed a space somewhere? The second instance of Cat runs fine.
echo "Creating new Script"
# Create Casper Check Script
/bin/cat <<EOF >/Library/Scripts/caspercheck.sh
#!/bin/bash
#
# User-editable variables
#
# For the fileURL variable, put the complete address
# of the zipped Casper QuickAdd installer package
fileURL="myfileserver"
# For the jss_server_address variable, put the complete
# fully qualified domain name address of your Casper server
jss_server_address="myjss"
# For the jss_server_address variable, put the port number
# of your Casper server. This is usually 8443; change as
# appropriate.
jss_server_port="8443"
# For the log_location variable, put the preferred
# location of the log file for this script. If you
# don't have a preference, using the default setting
# should be fine.
log_location="/var/log/caspercheck.log"
#
# The variables below this line should not need to be edited.
# Use caution if doing so.
#
quickadd_dir="/var/root/quickadd"
quickadd_zip="$quickadd_dir/quickadd.zip"
quickadd_installer="$quickadd_dir/casper.pkg"
quickadd_timestamp="$quickadd_dir/quickadd_timestamp"
#
# Begin function section
# =======================
#
# Function to provide custom curl options
myCurl () { /usr/bin/curl -k -L --retry 3 --silent --show-error "$@"; }
# Function to provide logging of the script's actions to
# the log file defined by the log_location variable
ScriptLogging(){
DATE=`date +%Y-%m-%d %H:%M:%S`
LOG="$log_location"
echo "$DATE" " $1" >> $LOG
}
CheckForNetwork(){
# Determine if the network is up by looking for any non-loopback network interfaces.
local test
if [[ -z "${NETWORKUP:=}" ]]; then
test=$(ifconfig -a inet 2>/dev/null | sed -n -e '/127.0.0.1/d' -e '/0.0.0.0/d' -e '/inet/p' | wc -l)
if [[ "${test}" -gt 0 ]]; then
NETWORKUP="-YES-"
else
NETWORKUP="-NO-"
fi
fi
}
CheckSiteNetwork (){
# CheckSiteNetwork function adapted from Facebook's check_corp function script.
# check_corp script available on Facebook's IT-CPE Github repo:
#
# check_corp:
# This script verifies a system is on the corporate network.
# Input: CORP_URL= set this to a hostname on your corp network
# Optional ($1) contains a parameter that is used for testing.
# Output: Returns a check_corp variable that will return "True" if on
# corp network, "False" otherwise.
# If a parameter is passed ($1), the check_corp variable will return it
# This is useful for testing scripts where you want to force check_corp
# to be either "True" or "False"
# USAGE:
# check_corp # No parameter passed
# check_corp "True" # Parameter of "True" is passed and returned
site_network="False"
ping=`host -W .5 $jss_server_address`
# If the ping fails - site_network="False"
[[ $? -eq 0 ]] && site_network="True"
# Check if we are using a test
[[ -n "$1" ]] && site_network="$1"
}
#
# The update_quickadd function checks the timestamp of the fileURL variable and compares it against a locally
# cached timestamp. If the hosted file's timestamp is newer, then the Casper
# QuickAdd installer gets downloaded and extracted into the target directory.
#
# This function uses the myCurl function defined at the top of the script.
#
update_quickadd () {
# Create the destination directory if needed
if [[ ! -d "$quickadd_dir" ]]; then
mkdir "$quickadd_dir"
fi
# If needed, remove existing files from the destination directory
if [[ -d "$quickadd_dir" ]]; then
/bin/rm -rf "$quickadd_dir"/*
fi
# Get modification date of fileURL
modDate=$(myCurl --head $fileURL 2>/dev/null | awk -F': ' '/Last-Modified/{print $2}')
# Downloading Casper agent installer
ScriptLogging "Downloading Casper agent installer from server."
myCurl --output "$quickadd_zip" $fileURL
# Check to make sure download occurred
if [[ ! -f "$quickadd_zip" ]]; then
ScriptLogging "$quickadd_zip not found. Exiting CasperCheck."
ScriptLogging "======== CasperCheck Finished ========"
exit 0
fi
# Verify that the downloaded zip file is a valid zip archive.
zipfile_chk=`/usr/bin/unzip -tq $quickadd_zip > /dev/null; echo $?`
if [ "$zipfile_chk" -eq 0 ]; then
ScriptLogging "Downloaded zip file appears to be a valid zip archive. Proceeding."
else
ScriptLogging "Downloaded zip file appears to be corrupted. Exiting CasperCheck."
ScriptLogging "======== CasperCheck Finished ========"
rm "$quickadd_zip"
exit 0
fi
# Unzip the Casper agent install into the destination directory
# and remove the __MACOSX directory, which is created as part of
# the uncompression process from the destination directory.
/usr/bin/unzip "$quickadd_zip" -d "$quickadd_dir";/bin/rm -rf "$quickadd_dir"/__MACOSX
# Rename newly-downloaded installer to be casper.pkg
mv "$(/usr/bin/find $quickadd_dir -maxdepth 1 ( -iname *.pkg -o -iname *.mpkg ))" "$quickadd_installer"
# Remove downloaded zip file
if [[ -f "$quickadd_zip" ]]; then
/bin/rm -rf "$quickadd_zip"
fi
# Add the quickadd_timestamp file to the destination directory.
# This file is used to help verify if the current Casper agent
# installer is already cached on the machine.
if [[ ! -f "$quickadd_timestamp" ]]; then
echo $modDate > "$quickadd_timestamp"
fi
}
CheckTomcat (){
# Verifies that the JSS's Tomcat service is responding via its assigned port.
tomcat_chk=`nc -z -w 5 $jss_server_address $jss_server_port > /dev/null; echo $?`
if [ "$tomcat_chk" -eq 0 ]; then
ScriptLogging "Machine can connect to $jss_server_address over port $jss_server_port. Proceeding."
else
ScriptLogging "Machine cannot connect to $jss_server_address over port $jss_server_port. Exiting CasperCheck."
ScriptLogging "======== CasperCheck Finished ========"
exit 0
fi
}
CheckInstaller (){
# Compare timestamps and update the Casper agent
# installer if needed.
modDate=$(myCurl --head $fileURL 2>/dev/null | awk -F': ' '/Last-Modified/{print $2}')
if [[ -f "$quickadd_timestamp" ]]; then
cachedDate=$(cat "$quickadd_timestamp")
if [[ "$cachedDate" == "$modDate" ]]; then
ScriptLogging "Current Casper installer already cached."
else
update_quickadd
fi
else
update_quickadd
fi
}
CheckBinary (){
# Identify location of jamf binary.
#
# If the jamf binary is not found, this check will return a
# null value. This null value is used by the CheckCasper
# function, in the "Checking for the jamf binary" section
# of the function.
jamf_binary=`/usr/bin/which jamf`
if [[ "$jamf_binary" == "" ]] && [[ -e "/usr/sbin/jamf" ]] && [[ ! -e "/usr/local/bin/jamf" ]]; then
jamf_binary="/usr/sbin/jamf"
elif [[ "$jamf_binary" == "" ]] && [[ ! -e "/usr/sbin/jamf" ]] && [[ -e "/usr/local/bin/jamf" ]]; then
jamf_binary="/usr/local/bin/jamf"
elif [[ "$jamf_binary" == "" ]] && [[ -e "/usr/sbin/jamf" ]] && [[ -e "/usr/local/bin/jamf" ]]; then
jamf_binary="/usr/local/bin/jamf"
fi
}
InstallCasper () {
# Check for the cached Casper QuickAdd installer and run it
# to fix problems with Casper being able to communicate with
# the Casper server
if [[ ! -e "$quickadd_installer" ]] ; then
ScriptLogging "Casper installer is missing. Downloading."
/bin/rm -rf "$quickadd_timestamp"
update_quickadd
fi
if [[ -e "$quickadd_installer" ]] ; then
ScriptLogging "Casper installer is present. Installing."
/usr/sbin/installer -dumplog -verbose -pkg "$quickadd_installer" -target /
ScriptLogging "Casper agent has been installed."
fi
}
CheckCasper () {
# CheckCasper function adapted from Facebook's jamf_verify.sh script.
# jamf_verify script available on Facebook's IT-CPE Github repo:
# Link: https://github.com/facebook/IT-CPE
# Checking for the jamf binary
CheckBinary
if [[ "$jamf_binary" == "" ]]; then
ScriptLogging "Casper's jamf binary is missing. It needs to be reinstalled."
InstallCasper
CheckBinary
fi
# Verifying Permissions
/usr/bin/chflags noschg $jamf_binary
/usr/bin/chflags nouchg $jamf_binary
/usr/sbin/chown root:wheel $jamf_binary
/bin/chmod 755 $jamf_binary
# Verifies that the JSS is responding to a communication query
# by the Casper agent. If the communication check returns a result
# of anything greater than zero, the communication check has failed.
# If the communication check fails, reinstall the Casper agent using
# the cached installer.
jss_comm_chk=`$jamf_binary checkJSSConnection > /dev/null; echo $?`
if [[ "$jss_comm_chk" -eq 0 ]]; then
ScriptLogging "Machine can connect to the JSS on $jss_server_address."
elif [[ "$jss_comm_chk" -gt 0 ]]; then
ScriptLogging "Machine cannot connect to the JSS on $jss_server_address."
ScriptLogging "Reinstalling Casper agent to fix problem of Casper not being able to communicate with the JSS."
InstallCasper
CheckBinary
fi
# Checking if machine can run a manual trigger
# This section will need to be edited if the policy
# being triggered has different options than the policy
# described below:
#
# Trigger: iscasperup
# Plan: Run Script iscasperonline.sh
#
# The iscasperonline.sh script contains the following:
#
# | #!/bin/sh
# |
# | echo "up"
# |
# | exit 0
#
jamf_policy_chk=`$jamf_binary policy -trigger iscasperup | grep "Script result: up"`
# If the machine can run the specified policy, exit the script.
if [[ -n "$jamf_policy_chk" ]]; then
ScriptLogging "Casper enabled and able to run policies"
# If the machine cannot run the specified policy,
# reinstall the Casper agent using the cached installer.
elif [[ ! -n "$jamf_policy_chk" ]]; then
ScriptLogging "Reinstalling Casper agent to fix problem of Casper not being able to run policies"
InstallCasper
CheckBinary
fi
}
#
# End function section
# ====================
#
# The functions and variables defined above are used
# by the section below to check if the network connection
# is live, if the machine is on a network where
# the Casper JSS is accessible, and if the Casper agent on the
# machine can contact the JSS and run a policy.
#
# If the Casper agent on the machine cannot run a policy, the appropriate
# functions run and repair the Casper agent on the machine.
#
ScriptLogging "======== Starting CasperCheck ========"
# Wait up to 60 minutes for a network connection to become
# available which doesn't use a loopback address. This
# condition which may occur if this script is run by a
# LaunchDaemon at boot time.
#
# The network connection check will occur every 5 seconds
# until the 60 minute limit is reached.
ScriptLogging "Checking for active network connection."
CheckForNetwork
i=1
while [[ "${NETWORKUP}" != "-YES-" ]] && [[ $i -ne 720 ]]
do
sleep 5
NETWORKUP=
CheckForNetwork
echo $i
i=$(( $i + 1 ))
done
# If no network connection is found within 60 minutes,
# the script will exit.
if [[ "${NETWORKUP}" != "-YES-" ]]; then
ScriptLogging "Network connection appears to be offline. Exiting CasperCheck."
fi
if [[ "${NETWORKUP}" == "-YES-" ]]; then
ScriptLogging "Network connection appears to be live."
# Sleeping for 120 seconds to give WiFi time to come online.
ScriptLogging "Pausing for two minutes to give WiFi and DNS time to come online."
sleep 120
CheckSiteNetwork
if [[ "$site_network" == "False" ]]; then
ScriptLogging "Unable to verify access to site network. Exiting CasperCheck."
fi
if [[ "$site_network" == "True" ]]; then
ScriptLogging "Access to site network verified"
CheckTomcat
CheckInstaller
CheckCasper
fi
fi
ScriptLogging "======== CasperCheck Finished ========"
exit 0
EOFThe output I receive in terminal at this section is"
Password:
Unloading Old Daemon
Removing Launch Daemon
Removing Old Script
Creating new Script
Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]
[-R number] [-m flag] hostname [server]
-a is equivalent to -v -t ANY
-c specifies query class for non-IN data
-C compares SOA records on authoritative nameservers
-d is equivalent to -v
-l lists all hosts in a domain, using AXFR
-i IP6.INT reverse lookups
-N changes the number of dots allowed before root lookup is done
-r disables recursive processing
-R specifies number of retries for UDP packets
-s a SERVFAIL response should stop query
-t specifies the query type
-T enables TCP/IP mode
-v enables verbose output
-w specifies to wait forever for a reply
-W specifies how long to wait for a reply
-4 use IPv4 query transport only
-6 use IPv6 query transport only
-m set memory debugging flag (trace|record|usage)
UnZip 6.00 of 20 April 2009, by Info-ZIP. Maintained by C. Spieler. Send
bug reports using http://www.info-zip.org/zip-bug.html; see README for details.
Usage: unzip [-Z] [-opts[modifiers]] file[.zip] [list] [-x xlist] [-d exdir]
Default action is to extract files in list, except those in xlist, to exdir;
file[.zip] may be a wildcard. -Z => ZipInfo mode ("unzip -Z" for usage).
-p extract files to pipe, no messages -l list files (short format)
-f freshen existing files, create none -t test compressed archive data
-u update files, create if necessary -z display archive comment only
-v list verbosely/show version info -T timestamp archive to latest
-x exclude files that follow (in xlist) -d extract files into exdir
modifiers:
-n never overwrite existing files -q quiet mode (-qq => quieter)
-o overwrite files WITHOUT prompting -a auto-convert any text files
-j junk paths (do not make directories) -aa treat ALL files as text
-C match filenames case-insensitively -L make (some) names lowercase
-X restore UID/GID info -V retain VMS version numbers
-K keep setuid/setgid/tacky permissions -M pipe through "more" pager
See "unzip -hh" or unzip.txt for more help. Examples:
unzip data1 -x joe => extract all files except joe from zipfile data1.zip
unzip -p foo | more => send contents of foo.zip via pipe into program more
unzip -fo foo ReadMe => quietly replace existing ReadMe if archive file newer
/usr/bin/find: illegal option -- m
usage: find [-H | -L | -P] [-EXdsx] [-f path] path ... [expression]
find [-H | -L | -P] [-EXdsx] -f path [path ...] [expression]
usage: nc [-46AacCDdEFhklMnOortUuvz] [-K tc] [-b boundif] [-i interval] [-p source_port] [--apple-delegate-pid pid] [--apple-delegate-uuid uuid]
[-s source_ip_address] [-w timeout] [-X proxy_version]
[-x proxy_address[:port]] [hostname] [port[s]]Other than this the script itself seems to work. My second instance of cat is as follows and works fine.
# Step #1: Write the plist file and place it in the correct location
# (If you need to adjust the plist, do it right here within lines
# 11-27.)
if [ -e "$daemon" ]
then
echo "$daemon already exists"
else
echo "Writing job plist to /Library/LaunchDaemons/com.company.caspercheck.plist..."
/bin/cat <<EOM >/Library/LaunchDaemons/com.company.caspercheck.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.company.caspercheck</string>
<key>ProgramArguments</key>
<array>
<string>sh</string>
<string>/Library/Scripts/caspercheck.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>590400</integer>
</dict>
</plist>
EOM
fi
# Step #2: Change file's owner, group, and permissions
# (The plist needs to be owned by root and not world/other writable for
# launchd to even run it as a system daemon.)
echo "Changing permissions on job definition..."
/usr/sbin/chown root:wheel /Library/LaunchDaemons/com.company.caspercheck.plist
/bin/chmod 755 /Library/LaunchDaemons/com.company.caspercheck.plist
# Step #3: Load the job into system's launchd
# (Remember: to unload this script you need to use launchctl as root,
# otherwise you'll be unloading (unsuccessfully) your regular user's
# jobs.)
echo "Loading job into launch controller and starting it..."
/bin/launchctl load /Library/LaunchDaemons/com.company.caspercheck.plist
/bin/launchctl start /Library/LaunchDaemons/com.company.caspercheck.plist
Labels:
- Labels:
-
Scripts
0 REPLIES 0
