Jackpot Checker ExtAttr / Fixer Script

Question

#!/bin/sh # Extension Attribute for JSS # Checking for Jackpot vulnerability # DOES NOT fix, designed for placement into a smart group which does, # useful in cases where affected instance accounting is desired POS="1" NEG="0" # Check that Office 2011 exits if [ -d /Applications/Microsoft Office 2011 ]; then # Check omnipresent folder for instances of write access (should be 2) W=`ls -l /Applications/Microsoft Office 2011/ | grep Office | tr -cd w | wc -c` if [ $W -gt 2 ]; then echo $POS else echo $NEG fi else echo $NEG fi Script to tie to smart group: #!/bin/sh # Jackpot Fix, tied to smart group of affected Macs # ensure root:admin ownership chown -R root:admin /Applications/Microsoft Office 2011 # remove write access from others chmod -R o-w /Applications/Microsoft Office 2011

rmanly · Answer

Try not to parse ls. It will break on far more common things than stat variations on different platforms.
http://mywiki.wooledge.org/ParsingLs

#!/bin/bash

pos="<result>1</result>"
neg="<result>0</result>"

if [[ $(stat -f "%SLp" "/Applications/Microsoft Office 2011/Office" 2> /dev/null) != 'r-x' ]]; then
    echo "${pos}"
else
    echo "${neg}"
fi

EDIT: Forgot to check if it is there first otherwise it is a false positive XD but you could also only scope it to a Smart Group for machines that have office installed...

#!/bin/bash

pos="<result>1</result>"
neg="<result>0</result>"

if [[ -d "/Applications/Microsoft Office 2011/Office" ]]; then
    if [[ $(stat -f "%SLp" "/Applications/Microsoft Office 2011/Office" 2> /dev/null) != 'r-x' ]]; then
        echo "${pos}"
    else
        echo "${neg}"
    fi
else
    echo "${neg}"
fi

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded