Jamf Nation Community

sbanks · ‎05-18-2020

Hey All,
I have been tasked with creating a smart group to see if an application is installed. The security application is FireEye. FireEye does have an application but it doesnt show in the applications as it is not suppose to. So I was going to create an extension attribute that will check the machine and see if it has the correct FireEye directory which should be /Library/FireEye/xagt/xagt.app . When doing so it does not pick up any machines. This is what I have so far:

!/bin/bash

############################################################

A script to collect information on if FireEye is currently installed

If FireEye is not installed then "Not Installed" will return back

############################################################

RE$ULT="Not Installed"

if [ -f "/Library/FireEye/xagt" ] ;

then RE$ULT=$( /bin/defaults read "/Library/FireEye/xagt/xagt.app/Contents/info.plist" CFBundleName)
fi

echo "<result>$RE$ULT</result>"

Surajit · ‎06-29-2020

@sbanks & @Parveen.Virmani here is what I am using.

#!/usr/bin/env bash
#
#Description: EA to check FireEye EndPoint Security HX Agent Version.
#
RESULT="Not Installed"

if [ -f "/Library/FireEye/xagt/xagt.app/Contents/Info.plist" ] ; then
    RESULT=$( defaults read /Library/FireEye/xagt/xagt.app/Contents/Info CFBundleVersion )
fi

echo "<result>$RESULT</result>"

View solution in original post

m_donovan · ‎05-18-2020

Try -d instead of -f in this line.

if [ -f "/Library/FireEye/xagt" ] ;

sbanks · ‎05-18-2020

So I ended up finding a script that works when I run it on my machine. **

#!/bin/sh
########################################################################
# A script to collect information on if FireEye is currently installed #
# If FireEye is not installed then "Not Installed" will return back    #
########################################################################
#!/bin/sh
if [ -e /library/FireEye/xagt/xagt.app ]
then 
  echo "<result>True</result>"
else
  echo "<result>False</result>"
fi

**

But it does not report within the jamf console. It was successful on my machine. I ran sudo jamf recon, but it still doesnt report.

palmeida · ‎05-19-2020

Hello,
Library is lowercase in your script but I believe the path is /Library/FireEye/xagt/xagt.app.

ukarulis · ‎05-21-2020

Hey,

on your first script -

RE**+$+**ULT="Not Installed"

if [ -f "/Library/FireEye/xagt" ] ;

then RE$ULT=$( /bin/defaults read "/Library/FireEye/xagt/xagt.app/Contents/info.plist" CFBundleName)
fi

echo "<result>$RE**+$+**ULT</result>"

Do not use "$" in RESULT.

On second script - change "library" to "Library". It should be case sensitive.

Parveen_Virmani · ‎06-29-2020

I am also not able to create smart for FireEye

Brett_Cox · ‎06-29-2020

This is what I am using.

#!/bin/bash

# to detect version of FireEye installed on OS X

if [ -f "/Library/Extensions/FireEye.kext/Contents/Info.plist" ] ; then
    VERSION=$( defaults read "/Library/Extensions/FireEye.kext/Contents/Info.plist" CFBundleVersion )
else
    VERSION="Not Installed"
fi

echo "<result>$VERSION</result>"

Surajit · ‎06-29-2020

@sbanks & @Parveen.Virmani here is what I am using.

#!/usr/bin/env bash
#
#Description: EA to check FireEye EndPoint Security HX Agent Version.
#
RESULT="Not Installed"

if [ -f "/Library/FireEye/xagt/xagt.app/Contents/Info.plist" ] ; then
    RESULT=$( defaults read /Library/FireEye/xagt/xagt.app/Contents/Info CFBundleVersion )
fi

echo "<result>$RESULT</result>"

tlarkin · ‎06-30-2020

You can also use the file command to see what type of file or folder you are dealing with to use the right test in the shells.

Jamf Nation Community

Extension Attribute for file path

!/bin/bash

############################################################

A script to collect information on if FireEye is currently installed

If FireEye is not installed then "Not Installed" will return back

############################################################