Help with Forescout Extension Attribute Script

johnklimeck
Contributor II

Need to find out what Macs have Forescout and which do not.

So I have the beginnings of a extension attribute script, if Forescout is installed, the /var/root/Forescout directory will exist, if not, the Forescout dir will not exist.

If it exists = return "Installed"
if it does not exist = return "Not Installed"

I have thus far, which I know is wrong, what to do with the result command?

#!/bin/sh

#Check to see if Forescout SecureConnect is installed
if [ -d "/var/root/Forescout" ]
then
    echo "Installed"
else
    echo "Not Installed"
result='echo'
echo "<result>$result</result>"
else
echo "<result>Not installed</result>"
fi

Thx is advance,

j

8 REPLIES 8

kstrick
Contributor III
#!/bin/sh

#Check to see if Forescout SecureConnect is installed
if [ -d "/var/root/Forescout" ]
then
    echo "<result>Installed</result>"
else
    echo "<result>Not Installed</result>"
fi

johnklimeck
Contributor II

kstrick (Spock)

You are awesome. Works great. Now I can finally know what machines to push to.

Quick trivia,

what / who is this?

b895f973ffb84a6082918b87246164e1

kstrick
Contributor III

Looks like Spock's pet "Sehlat"

johnklimeck
Contributor II

You got it

zedd
New Contributor II

This is a late to this post but we have been recently been having a lot of problems with Forescout (I cant stand this application). While this extension attribute does determine that has had the package pushed to it, it does not mean that Forscout is running, the underlying issue with Forescout application on the Mac. We have almost all our environment with Forescout installed, but over half dont have it running. If Forescout service stops, the only way to get it running again is by reboot (which is infuriating, I am experimenting with a launchDaemon to get it started again but not having much luck.) pushing the package is not such a good idea I have found out.

Here is the extension attribute I wrote. It identifies if the forescout process is running. When you run a "ps aux | grep SecureConnector" there are several processes that you can look for but this is the one I chose. 2ba59396cc6d42629d45b6787a384e1c

cindy_jimenez
New Contributor II

I created an extension attribute for ForeScout based on the above posting but while the script works fine and a running a verbose recon shows it is running with no errors. The console is not showing any results for the extension attribute though. Any ideas? This is for JAMF 9.101.0, machines running both High Sierra and Sierra.

easyedc
Valued Contributor II

@cindy.jimenez Post your EA script. FWIW we use a pre-shared key for our fore scout authentication. Am I to infer you're using their .app?

Sanchi
Contributor

IF its of any use and you're using the ForeScout SecureConnector.app I use this to detect if its installed and the version. Theres no current requirement where I work to check if its actually running though.

#!/bin/bash
version=$(defaults read "/Applications/ForeScout SecureConnector.app/Contents/Info.plist" CFBundleShortVersionString)

if [[ -f "/Applications/ForeScout SecureConnector.app/Contents/Info.plist" ]]; then
        result="$version"
    else
        result="Not Installed"
fi
echo "<result>${result}</result>"

exit 0