How to confirm running system process

k3vmo
Contributor

We use posture assessment and I need to check for a process on the corporate assets when they want to connect through VPN. I created a simple system process that does nothing. It only gets installed on corporate assets.

To see whether it's running - I would run a check to see if it's there:

#!/bin/bash
PROCESS=myapp
number=$(ps aux | grep -v grep | grep -ci $ProcessName)

if [ $number -gt 0 ]
    then
        echo Running;
fi

Assuming the 'running is 'true' how can I report that back?

Ultimately I want a policy that shows me how many systems in the full scope are running this. I am requesting assistance on how to show the number of systems that come back as 'Running'.

Those not running would need verified the custom process added is working.

Essentially a quick look on my dashboard to see if 100% of the systems have 'myapp' running

9 REPLIES 9

sdagley
Honored Contributor II

@k3vmo You're need to create what's known as an Extension Attribute, and you'll find many examples on Jamf Nation. Keep in mind however that information is only collected when a Mac reports its inventory, which normally wouldn't be more than once a day. Is that going to be up to date enough for you?

mm2270
Legendary Contributor II

Like @sdagley mentioned, you could write an Extension Attribute to report back if the app is running or not, but also as mentioned, it only gets populated at Inventory collection time, so it's most definitely not an up to the moment report on what's running on your assets.

Just curious, but as you mentioned the app does nothing, would it be just as valid to report on whether the app is installed, versus running or not? Does it have to running? It seems the goal is to see which Macs are designated as corporate assets to allow them on VPN or not. If that's the main goal, checking for the existence of the app might be sufficient, and may not even require creating an Extension Attribute depending on the path where it gets installed.

k3vmo
Contributor

@sdagley - Yes, once a day is plenty.

It's just a dummy process - something so I can identify it by name that an outside user wouldn't have installed.

In my case I want it to be running. I'm doing this based on company requirements.

There are two parts here: My script gives line 5: [: -gt: unary operator expected. Not sure what I missed

I understand the EA concept - I'm having difficulty finding an existing example that would work for me

I'm stuck on how I'd report XX percent of systems are showing: Running

Does that clarify it further?

mm2270
Legendary Contributor II

@k3vmo All EAs follow the same general format, which is that whatever it is you want reported needs to be echoed out between <result> and </result> tags.

So somewhere in the script, typically toward the end, you would do something like

echo "<result>$result</result>"

Where $result would be either "Running" or "Not Running" or something along those lines.

As for reporting on percentage running vs not, that's a bit harder. There's nothing in Jamf that is going to show you an exact percentage for things like inventory data. It can be done with policies complete vs failed vs pending, by using the dashboard, but that doesn't apply to something like an inventory report. Best I can offer is you can have 2 reports, those with it running and those without, and then use a simple math calculation to figure out the percentage.

Edit: BTW, you can avoid using grep -v grep in your script by using ps axc | grep -ci "$ProcessName" instead.

k3vmo
Contributor

So like a smart group? for

#!/bin/sh
if commandtoshowifrunning; then
  exit 0
else
 exit 1
fi

One group for the clean exit and one for not?

mm2270
Legendary Contributor II

Well, I was thinking you'd still want to create the Extension Attribute that records running or not running rather than relying on an exit code. From there, those values (Running / Not Running) show up in inventory and can be used as the basis to build your Smart Groups. One for Running and one for Not Running, or however you choose to set up your EA values.
Once all your devices have reported in, which could take several days or more, you'll be able to compare the totals for each group and come up with a percentage of good vs not.

sdunbar
Contributor

We use the following to create a EA, for example OneDrive

#!/bin/bash

# check for process
PROCESS=$( pgrep OneDrive )

#see if process is running
if [[ -z "$PROCESS" ]]; then
        RESULT="Not Running"
    else
        RESULT="Running"
fi

#report results
echo "<result>${RESULT}</result>"

Taken from https://www.jamf.com/jamf-nation/discussions/19307/smart-group-based-on-process-name

tcandela
Valued Contributor

@mm2270 @sdagley You guys are saying that an EA doesn't populate until inventory is run on each computer but when i create or use an existing EA they are all getting pre populated with a default response and once inventory takes place on the computer the EA stays the same if thats the same EA or gets another EA based on the inventory check.
Why am i seeing the EA all pre populating immediately?
If its a YES/NO EA for example it will pre populate all macs with NO. then once a mac runs inventory that EA will either change or stay the same based on the inventory result

sdagley
Honored Contributor II

@tcandela If your EA is a String data type it should be blank for any Mac that hasn't yet run an Inventory. It sounds like you're running into one of the know PIs regarding incorrect EA behavior. You might want to contact Jamf support and let them know.