- Jamf Nation Community
- Products
- Jamf Pro
- Code42 Incydr Extension Attributes for Deployment ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Code42 Incydr Extension Attributes for Deployment and Agent Health
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-15-2022 02:32 PM
Disclaimer, while I work for Code42 software, these were built for internal use and are not part of the product.
Hey, I wanted to share some extension attribute scripts I created for Code42 Incydr (Professional, Enterprise, Horizon, and Gov F2. - or more generically the Code42-AAT.app). A shoutout to @MLBZ521, as I used some logic from their scripts. A bit more specifically. there is logic built into these for local logging if you need that. I hope others can find these useful.
First is a script to validate that the Configuration Profile that is required to run the app is in place. This is a great pre-deployment check to make sure the application will run properly after install.
#!/bin/bash
# set -x
##############################################################################################################
# Script Name: incydr_mdm_check.sh
# By: Perrin Bishop-Wright / Created: 8/16/2022
# Version: 1.0.1 / Updated: 8/16/2022 / By: PBW
#
# Description: This script checks to see if the macOS endpoints (macOS 11 and higher) has the proper MDM settings for Code42 Incydr
# applicatoin (Code42-AAT.app) - Professional, Enterprise, Horizon, and Gov F2.
##############################################################################################################
## If capturing local logs specify the path below. If not change "locally_log" to false.
locally_log="false"
local_logs="/opt/ManagedFrameworks/EA_History.log"
write_to_log() {
# Arguments
# $1 = (str) Message that will be written to a log file
local message="${1}"
if [[ "${locally_log}" == "true" ]]; then
if [[ ! -e "${local_logs}" ]]; then
bin/mkdir -p "$( /usr/bin/dirname "${local_logs}" )"
/usr/bin/touch "${local_logs}"
fi
time_stamp=$( /bin/date +%Y-%m-%d\ %H:%M:%S )
echo "${time_stamp}: ${message}" >> "${local_logs}"
fi
}
report_result() {
# Arguments
# $1 = (str) Message that will be written to a log file
local message="${1}"
## If capturing local logs specify the message. If not comment out the line below.
write_to_log "C42 MDM Status: ${message}"
## JAMF Extension Attribute direction. If not comment out the line below.
echo "<result>${message}</result>"
exit 0
}
PlistBuddy_Helper() {
# Helper function to interact with plists.
# Arguments
# $1 = (str) action to perform on the plist
# The "print" action expects to work text (passed to PlistBuddy via stdin), which can be generated via "print_xml"
# $2 = (str) Path to plist or generated xml
# $3 = (str) Key or key path to read
# $4 = (str) Type that will be used for the value
# $5 = (str) Value to be set to the passed key
local action="${1}"
local plist="${2}"
local key="${3}"
local type="${4}"
local value="${5}"
# Delete existing values if required
if [[ "${action}" = "print_xml" ]]; then
/usr/libexec/PlistBuddy -x -c "print" "${plist}" 2> /dev/null
elif [[ "${action}" = "print" ]]; then
/usr/libexec/PlistBuddy -c "Print :${key}" /dev/stdin <<< "${plist}" 2> /dev/null
elif [[ "${action}" = "add" ]]; then
# Configure values
/usr/libexec/PlistBuddy -c "Add :${key} ${type} ${value}" "${plist}" > /dev/null 2>&1 || /usr/libexec/PlistBuddy -c "Set :${key} ${value}" "${plist}" > /dev/null 2>&1
elif [[ "${action}" = "delete" ]]; then
/usr/libexec/PlistBuddy -c "Delete :${key} ${type}" "${plist}" > /dev/null 2>&1
elif [[ "${action}" = "clear" ]]; then
/usr/libexec/PlistBuddy -c "clear ${type}" "${plist}" > /dev/null 2>&1
fi
}
#Check if MDM is active
tccdbVersion=$( /usr/bin/sqlite3 "/Library/Application Support/com.apple.TCC/TCC.db" "select value from admin where key == 'version';" )
#tccdbVersion="15"
#Read MDM Database
tcc_mdm_db=$( PlistBuddy_Helper "print_xml" "/Library/Application Support/com.apple.TCC/MDMOverrides.plist" )
#Check for Full Disk Access
mdm_fda_enabled=$( PlistBuddy_Helper "print" "${tcc_mdm_db}" "com.code42.agent.extension:kTCCServiceSystemPolicyAllFiles:Allowed" )
#Check for Accessability
mdm_acc_enabled=$( PlistBuddy_Helper "print" "${tcc_mdm_db}" "com.code42.agent.extension:kTCCServiceAccessibility:Allowed" )
echo "$tccdbVersion"
if [[ "$tccdbVersion" < "19" ]]; then
report_result "No MDM"
elif [[ "${tccdbVersion}" > "19" && "${mdm_fda_enabled}" = 1 && "${mdm_acc_enabled}" = 1 ]]; then
report_result "Profile is Good";
elif [[ "${tccdbVersion}" > "19" && "${mdm_fda_enabled}" -ne 1 && "${mdm_acc_enabled}" = 1 ]]; then
report_result "Full Disk Access is not set";
elif [[ "${tccdbVersion}" > "19" && "${mdm_fda_enabled}" = 1 && "${mdm_acc_enabled}" -ne 1 ]]; then
report_result "Accessibility is not set";
elif [[ "${tccdbVersion}" > "19" && "${mdm_fda_enabled}" -ne 1 && "${mdm_acc_enabled}" -ne 1 ]]; then
report_result "No PPPC Set";
fi
Second is a script to check that the System Extension is in a good state.
#!/bin/bash
# set -x
##############################################################################################################
# Script Name: incydr_sys-ext_check.sh
# By: Perrin Bishop-Wright / Created: 8/19/2022
# Version: 1.0.0 / Updated: 8/19/2022 / By: PBW
#
# Description: This script checks to see if the macOS endpoint has the proper System Extension status for Code42 Incydr
# applicatoin (Code42-AAT.app) - Professional, Enterprise, Horizon, and Gov F2.
##############################################################################################################
## If capturing local logs specify the path below. If not change "locally_log" to false.
locally_log="true"
local_logs="/opt/ManagedFrameworks/EA_History.log"
write_to_log() {
# Arguments
# $1 = (str) Message that will be written to a log file
local message="${1}"
if [[ "${locally_log}" == "true" ]]; then
if [[ ! -e "${local_logs}" ]]; then
bin/mkdir -p "$( /usr/bin/dirname "${local_logs}" )"
/usr/bin/touch "${local_logs}"
fi
time_stamp=$( /bin/date +%Y-%m-%d\ %H:%M:%S )
echo "${time_stamp}: ${message}" >> "${local_logs}"
fi
}
report_result() {
# Arguments
# $1 = (str) Message that will be written to a log file
local message="${1}"
## If capturing local logs specify the message. If not comment out the line below.
write_to_log "C42 SysExt Status: ${message}"
## JAMF Extension Attribute direction. If not comment out the line below.
echo "<result>${message}</result>"
exit 0
}
sys_ext_ctl=$(systemextensionsctl list | grep 9YV9435DHD | awk -F' ' {'print $6'})
echo "$sys_ext_ctl"
if [[ "$sys_ext_ctl" == "[activated enabled]" ]]; then
report_result "[activated enabled]"
elif [[ "$sys_ext_ctl" == "[terminated waiting to uninstall on reboot]" ]]; then
report_result "[terminated waiting to uninstall on reboot]";
#elif [[ "$sys_ext_ctl" == "$sys_ext_ctl" ]]; then
# report_result "$sys_ext_ctl";
elif [[ "$sys_ext_ctl" = "" ]]; then
report_result "No System Extension";
fi
Third is to grab the date of the last time the application sent data to the Incydr authority.
#!/bin/bash
# set -x
##############################################################################################################
# Script Name: incydr_lasttransmit.sh
# By: Perrin Bishop-Wright / Created: 8/16/2022
# Version: 1.0.1 / Updated: 9/13/2022 / By: PBW
#
# Description: This script checks to see if the macOS endpoints (macOS 11 and higher) has the proper MDM settings for Code42 Incydr
# applicatoin (Code42-AAT.app) - Professional, Enterprise, Horizon, and Gov F2.
##############################################################################################################
## If capturing local logs specify the path below. If not change "locally_log" to false.
locally_log="false"
local_logs="/opt/ManagedFrameworks/EA_History.log"
write_to_log() {
# Arguments
# $1 = (str) Message that will be written to a log file
local message="${1}"
if [[ "${locally_log}" == "true" ]]; then
if [[ ! -e "${local_logs}" ]]; then
bin/mkdir -p "$( /usr/bin/dirname "${local_logs}" )"
/usr/bin/touch "${local_logs}"
fi
time_stamp=$( /bin/date +%Y-%m-%d\ %H:%M:%S )
echo "${time_stamp}: ${message}" >> "${local_logs}"
fi
}
report_result() {
# Arguments
# $1 = (str) Message that will be written to a log file
local message="${1}"
## If capturing local logs specify the message. If not comment out the line below.
write_to_log "C42 Last Transmit: ${message}"
## JAMF Extension Attribute direction. If not comment out the line below.
echo "<result>${message}</result>"
exit 0
}
last_transmit=$(grep "message_tran | Transmitted" /Library/Application\ Support/Code42-AAT/Data/logs/code42-aat.log |tail -1 | awk '{print $1}')
report_result "$last_transmit"
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-01-2023 09:25 AM
This is great! Thank you!
Small edits:
In your second script:
bin/mkdir -p "$( /usr/bin/dirname "${local_logs}" )"should be:
/bin/mkdir -p "$( /usr/bin/dirname "${local_logs}" )"
And for the last script. Code42 AAT moved their logs:
last_transmit=$(grep "message_tran | Transmitted" /Library/Application\ Support/Code42-AAT/Data/logs/code42-aat.log |tail -1 | awk '{print $1}')to
last_transmit=$(grep "message_tran | Transmitted" /Library/Application\ Support/Code42-AAT/logs/code42-aat.log |tail -1 | awk '{print $1}')
