Skip to main content
Question

Help with Forescout Extension Attribute Script


Forum|alt.badge.img+12

Need to find out what Macs have Forescout and which do not.

So I have the beginnings of a extension attribute script, if Forescout is installed, the /var/root/Forescout directory will exist, if not, the Forescout dir will not exist.

If it exists = return "Installed"
if it does not exist = return "Not Installed"

I have thus far, which I know is wrong, what to do with the result command?

#!/bin/sh

#Check to see if Forescout SecureConnect is installed
if [ -d "/var/root/Forescout" ]
then
    echo "Installed"
else
    echo "Not Installed"
result='echo'
echo "<result>$result</result>"
else
echo "<result>Not installed</result>"
fi

Thx is advance,

j

8 replies

Forum|alt.badge.img+9
  • Valued Contributor
  • 187 replies
  • July 23, 2015
#!/bin/sh

#Check to see if Forescout SecureConnect is installed
if [ -d "/var/root/Forescout" ]
then
    echo "<result>Installed</result>"
else
    echo "<result>Not Installed</result>"
fi

Forum|alt.badge.img+12
  • Author
  • Contributor
  • 134 replies
  • July 23, 2015

kstrick (Spock)

You are awesome. Works great. Now I can finally know what machines to push to.

Quick trivia,

what / who is this?


Forum|alt.badge.img+9
  • Valued Contributor
  • 187 replies
  • July 23, 2015

Looks like Spock's pet "Sehlat"


Forum|alt.badge.img+12
  • Author
  • Contributor
  • 134 replies
  • July 23, 2015

You got it


Forum|alt.badge.img+5
  • New Contributor
  • 2 replies
  • October 25, 2016

This is a late to this post but we have been recently been having a lot of problems with Forescout (I cant stand this application). While this extension attribute does determine that has had the package pushed to it, it does not mean that Forscout is running, the underlying issue with Forescout application on the Mac. We have almost all our environment with Forescout installed, but over half dont have it running. If Forescout service stops, the only way to get it running again is by reboot (which is infuriating, I am experimenting with a launchDaemon to get it started again but not having much luck.) pushing the package is not such a good idea I have found out.

Here is the extension attribute I wrote. It identifies if the forescout process is running. When you run a "ps aux | grep SecureConnector" there are several processes that you can look for but this is the one I chose.


Forum|alt.badge.img+5

I created an extension attribute for ForeScout based on the above posting but while the script works fine and a running a verbose recon shows it is running with no errors. The console is not showing any results for the extension attribute though. Any ideas? This is for JAMF 9.101.0, machines running both High Sierra and Sierra.


easyedc
Forum|alt.badge.img+16
  • Esteemed Contributor
  • 623 replies
  • March 15, 2018

@cindy.jimenez Post your EA script. FWIW we use a pre-shared key for our fore scout authentication. Am I to infer you're using their .app?


Forum|alt.badge.img+7
  • Contributor
  • 49 replies
  • March 26, 2019

IF its of any use and you're using the ForeScout SecureConnector.app I use this to detect if its installed and the version. Theres no current requirement where I work to check if its actually running though.

#!/bin/bash
version=$(defaults read "/Applications/ForeScout SecureConnector.app/Contents/Info.plist" CFBundleShortVersionString)

if [[ -f "/Applications/ForeScout SecureConnector.app/Contents/Info.plist" ]]; then
        result="$version"
    else
        result="Not Installed"
fi
echo "<result>${result}</result>"

exit 0

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings