- Jamf Nation Community
- Products
- Jamf Pro
- Re: Extension Attribute for file path
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-18-2020 02:18 PM
Hey All,
I have been tasked with creating a smart group to see if an application is installed. The security application is FireEye. FireEye does have an application but it doesnt show in the applications as it is not suppose to. So I was going to create an extension attribute that will check the machine and see if it has the correct FireEye directory which should be /Library/FireEye/xagt/xagt.app . When doing so it does not pick up any machines. This is what I have so far:
!/bin/bash
############################################################
A script to collect information on if FireEye is currently installed
If FireEye is not installed then "Not Installed" will return back
############################################################
RE$ULT="Not Installed"
if [ -f "/Library/FireEye/xagt" ] ;
then
RE$ULT=$( /bin/defaults read "/Library/FireEye/xagt/xagt.app/Contents/info.plist" CFBundleName)
fi
echo "<result>$RE$ULT</result>"
Solved! Go to Solution.
Labels:
- Labels:
-
Composer
-
Policies
-
Smart groups
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-29-2020 12:45 PM
@sbanks & @Parveen.Virmani here is what I am using.
#!/usr/bin/env bash
#
#Description: EA to check FireEye EndPoint Security HX Agent Version.
#
RESULT="Not Installed"
if [ -f "/Library/FireEye/xagt/xagt.app/Contents/Info.plist" ] ; then
RESULT=$( defaults read /Library/FireEye/xagt/xagt.app/Contents/Info CFBundleVersion )
fi
echo "<result>$RESULT</result>"
Reply
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-18-2020 02:40 PM
Try -d instead of -f in this line.
if [ -f "/Library/FireEye/xagt" ] ;Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-18-2020 03:10 PM
So I ended up finding a script that works when I run it on my machine. **
#!/bin/sh
########################################################################
# A script to collect information on if FireEye is currently installed #
# If FireEye is not installed then "Not Installed" will return back #
########################################################################
#!/bin/sh
if [ -e /library/FireEye/xagt/xagt.app ]
then
echo "<result>True</result>"
else
echo "<result>False</result>"
fi**
But it does not report within the jamf console. It was successful on my machine. I ran sudo jamf recon, but it still doesnt report.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-19-2020 09:15 AM
Hello,
Library is lowercase in your script but I believe the path is /Library/FireEye/xagt/xagt.app.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-21-2020 05:25 AM
Hey,
on your first script -
RE**+$+**ULT="Not Installed"
if [ -f "/Library/FireEye/xagt" ] ;
then RE$ULT=$( /bin/defaults read "/Library/FireEye/xagt/xagt.app/Contents/info.plist" CFBundleName)
fi
echo "<result>$RE**+$+**ULT</result>"Do not use "$" in RESULT.
On second script - change "library" to "Library". It should be case sensitive.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-29-2020 07:52 AM
I am also not able to create smart for FireEye
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-29-2020 11:37 AM
This is what I am using.
#!/bin/bash
# to detect version of FireEye installed on OS X
if [ -f "/Library/Extensions/FireEye.kext/Contents/Info.plist" ] ; then
VERSION=$( defaults read "/Library/Extensions/FireEye.kext/Contents/Info.plist" CFBundleVersion )
else
VERSION="Not Installed"
fi
echo "<result>$VERSION</result>"
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-29-2020 12:45 PM
@sbanks & @Parveen.Virmani here is what I am using.
#!/usr/bin/env bash
#
#Description: EA to check FireEye EndPoint Security HX Agent Version.
#
RESULT="Not Installed"
if [ -f "/Library/FireEye/xagt/xagt.app/Contents/Info.plist" ] ; then
RESULT=$( defaults read /Library/FireEye/xagt/xagt.app/Contents/Info CFBundleVersion )
fi
echo "<result>$RESULT</result>"
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-30-2020 11:52 AM
You can also use the file command to see what type of file or folder you are dealing with to use the right test in the shells.
