Extension Attribute for file path

sbanks
New Contributor

Hey All,
I have been tasked with creating a smart group to see if an application is installed. The security application is FireEye. FireEye does have an application but it doesnt show in the applications as it is not suppose to. So I was going to create an extension attribute that will check the machine and see if it has the correct FireEye directory which should be /Library/FireEye/xagt/xagt.app . When doing so it does not pick up any machines. This is what I have so far:

!/bin/bash

############################################################

A script to collect information on if FireEye is currently installed

If FireEye is not installed then "Not Installed" will return back

############################################################

RE$ULT="Not Installed"

if [ -f "/Library/FireEye/xagt" ] ;

then RE$ULT=$( /bin/defaults read "/Library/FireEye/xagt/xagt.app/Contents/info.plist" CFBundleName)
fi

echo "<result>$RE$ULT</result>"

1 ACCEPTED SOLUTION

Surajit
New Contributor III

@sbanks & @Parveen.Virmani here is what I am using.

#!/usr/bin/env bash
#
#Description: EA to check FireEye EndPoint Security HX Agent Version.
#
RESULT="Not Installed"

if [ -f "/Library/FireEye/xagt/xagt.app/Contents/Info.plist" ] ; then
    RESULT=$( defaults read /Library/FireEye/xagt/xagt.app/Contents/Info CFBundleVersion )
fi

echo "<result>$RESULT</result>"

View solution in original post

8 REPLIES 8

m_donovan
Contributor III

Try -d instead of -f in this line.

if [ -f "/Library/FireEye/xagt" ] ;

sbanks
New Contributor

So I ended up finding a script that works when I run it on my machine. **

#!/bin/sh
########################################################################
# A script to collect information on if FireEye is currently installed #
# If FireEye is not installed then "Not Installed" will return back    #
########################################################################
#!/bin/sh
if [ -e /library/FireEye/xagt/xagt.app ]
then 
  echo "<result>True</result>"
else
  echo "<result>False</result>"
fi

**

But it does not report within the jamf console. It was successful on my machine. I ran sudo jamf recon, but it still doesnt report.

palmeida
New Contributor III

Hello,
Library is lowercase in your script but I believe the path is /Library/FireEye/xagt/xagt.app.

ukarulis
New Contributor II

Hey,

on your first script -

RE**+$+**ULT="Not Installed"

if [ -f "/Library/FireEye/xagt" ] ;

then RE$ULT=$( /bin/defaults read "/Library/FireEye/xagt/xagt.app/Contents/info.plist" CFBundleName)
fi

echo "<result>$RE**+$+**ULT</result>"

Do not use "$" in RESULT.

On second script - change "library" to "Library". It should be case sensitive.

Parveen_Virmani
New Contributor II

I am also not able to create smart for FireEye

Brett_Cox
New Contributor II

This is what I am using.

#!/bin/bash

# to detect version of FireEye installed on OS X

if [ -f "/Library/Extensions/FireEye.kext/Contents/Info.plist" ] ; then
    VERSION=$( defaults read "/Library/Extensions/FireEye.kext/Contents/Info.plist" CFBundleVersion )
else
    VERSION="Not Installed"
fi

echo "<result>$VERSION</result>"

Surajit
New Contributor III

@sbanks & @Parveen.Virmani here is what I am using.

#!/usr/bin/env bash
#
#Description: EA to check FireEye EndPoint Security HX Agent Version.
#
RESULT="Not Installed"

if [ -f "/Library/FireEye/xagt/xagt.app/Contents/Info.plist" ] ; then
    RESULT=$( defaults read /Library/FireEye/xagt/xagt.app/Contents/Info CFBundleVersion )
fi

echo "<result>$RESULT</result>"

View solution in original post

tlarkin
Honored Contributor

You can also use the file command to see what type of file or folder you are dealing with to use the right test in the shells.