Help

Help with Forescout Extension Attribute Script

johnklimeck
Contributor II

Posted on ‎07-22-2015 05:31 PM

Need to find out what Macs have Forescout and which do not.

So I have the beginnings of a extension attribute script, if Forescout is installed, the /var/root/Forescout directory will exist, if not, the Forescout dir will not exist.

If it exists = return "Installed"
if it does not exist = return "Not Installed"

I have thus far, which I know is wrong, what to do with the result command?

#!/bin/sh

#Check to see if Forescout SecureConnect is installed
if [ -d "/var/root/Forescout" ]
then
    echo "Installed"
else
    echo "Not Installed"
result='echo'
echo "<result>$result</result>"
else
echo "<result>Not installed</result>"
fi

Thx is advance,

j

Reply
8 REPLIES 8

kstrick
Contributor III

Posted on ‎07-22-2015 05:38 PM 

#!/bin/sh

#Check to see if Forescout SecureConnect is installed
if [ -d "/var/root/Forescout" ]
then
    echo "<result>Installed</result>"
else
    echo "<result>Not Installed</result>"
fi
0 Kudos
Reply

johnklimeck
Contributor II

Posted on ‎07-22-2015 05:47 PM

kstrick (Spock)

You are awesome. Works great. Now I can finally know what machines to push to.

Quick trivia,

what / who is this?

b895f973ffb84a6082918b87246164e1

0 Kudos
Reply

kstrick
Contributor III

Posted on ‎07-22-2015 06:02 PM

Looks like Spock's pet "Sehlat"

0 Kudos
Reply

johnklimeck
Contributor II

Posted on ‎07-22-2015 06:12 PM

You got it

0 Kudos
Reply

zedd
New Contributor II

Posted on ‎10-25-2016 07:46 AM

This is a late to this post but we have been recently been having a lot of problems with Forescout (I cant stand this application). While this extension attribute does determine that has had the package pushed to it, it does not mean that Forscout is running, the underlying issue with Forescout application on the Mac. We have almost all our environment with Forescout installed, but over half dont have it running. If Forescout service stops, the only way to get it running again is by reboot (which is infuriating, I am experimenting with a launchDaemon to get it started again but not having much luck.) pushing the package is not such a good idea I have found out.

Here is the extension attribute I wrote. It identifies if the forescout process is running. When you run a "ps aux | grep SecureConnector" there are several processes that you can look for but this is the one I chose. 2ba59396cc6d42629d45b6787a384e1c

Reply

cindy_jimenez
New Contributor II

Posted on ‎03-14-2018 03:40 PM

I created an extension attribute for ForeScout based on the above posting but while the script works fine and a running a verbose recon shows it is running with no errors. The console is not showing any results for the extension attribute though. Any ideas? This is for JAMF 9.101.0, machines running both High Sierra and Sierra.

0 Kudos
Reply

easyedc
Valued Contributor II

Posted on ‎03-15-2018 05:59 AM

@cindy.jimenez Post your EA script. FWIW we use a pre-shared key for our fore scout authentication. Am I to infer you're using their .app?

0 Kudos
Reply

Sanchi
Contributor

Posted on ‎03-26-2019 10:59 AM

IF its of any use and you're using the ForeScout SecureConnector.app I use this to detect if its installed and the version. Theres no current requirement where I work to check if its actually running though.

#!/bin/bash
version=$(defaults read "/Applications/ForeScout SecureConnector.app/Contents/Info.plist" CFBundleShortVersionString)

if [[ -f "/Applications/ForeScout SecureConnector.app/Contents/Info.plist" ]]; then
        result="$version"
    else
        result="Not Installed"
fi
echo "<result>${result}</result>"

exit 0
0 Kudos
Reply