- Jamf Nation Community
- Products
- Jamf Pro
- Re: Proofpoint Extension attribute
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Proofpoint Extension attribute
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-01-2022 03:55 PM
Jamfsters,
am trying to setup an extension Attribute that will tell me if proofpoint is running on the system. After looking at the activity monitor is under logger (4599) I am new to scritpts can someone point me in the right direction?
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-02-2022 05:48 AM
Without knowing a lot about Proofpoint myself, I suggest looking for the daemon. If the daemon is running, the client should be running. Below is an EA I tossed together for SSH, just replace the SSH daemon with whatever Proofpoints daemon is called.
Reaching out to the vendor on this one is probably the best option. They probably have a terminal command that will give the client status, you could wrap that in to an EA for JAMF. If the vendors client status command is one line you could replace what is in the ( ) brackets below with that command and this same EA will work. Just adjust the variable name to fit the use case.
#!/bin/bash
Daemon_Status=$(sudo launchctl list | grep "com.openssh.sshd")
if [[ $Daemon_Status != '' ]]
then
echo "echo <result>Daemon Active</result>"
else
echo "<result>Daemon Not Active</result>"
fi
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-02-2022 10:43 AM
If you are referring to ProofPoint ObserveIT, I have two Extension Attributes. One for the agent and another for the agent updater.
#!/usr/bin/env bash
##############################################################################
# A script to collect the version of Proofpoint ObserveIT currently installed.#
# If Proofpoint ObserveIT is not installed "Not Installed" will return back #
##############################################################################
RESULT="Not Installed"
if [ -f "/etc/omonitor/version" ] ; then
RESULT=$( /bin/cat /etc/omonitor/version )
fi
/bin/echo "<result>$RESULT</result>"#!/usr/bin/env bash
##############################################################################
# A script to collect the version of Proofpoint ObserveIT Updater currently installed.#
# If Proofpoint ObserveIT updater is not installed "Not Installed" will return back #
##############################################################################
RESULT="Not Installed"
if [ -f "/Library/ITUpdater/updater/plist/updater.Info.plist" ] ; then
RESULT=$( /usr/libexec/PlistBuddy -c Print /Library/ITUpdater/updater/plist/updater.Info.plist | grep CFBundleVersion | cut -d '=' -f2 | xargs )
fi
/bin/echo "<result>$RESULT</result>"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-23-2023 01:20 AM
While using the script to collect the ProofPoint version, it fails with the error "line 10: syntax error near unexpected token 'fi'
#!/usr/bin/env bash ############################################################################## # A script to collect the version of Proofpoint ObserveIT currently installed.# # If Proofpoint ObserveIT is not installed "Not Installed" will return back # ############################################################################## RESULT="Not Installed" if [ -f "/etc/omonitor/version" ] ; then RESULT=$( /bin/cat /etc/omonitor/version ) fi /bin/echo "<result>$RESULT</result>"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-08-2024 04:28 AM
A bit late to the party but amended your script to this one:
#!/bin/zsh
##############################################################################
# A script to collect the version of Proofpoint ObserveIT currently installed.#
# If Proofpoint ObserveIT is not installed "Not Installed" will return back #
##############################################################################
RESULT="Not Installed"
if [ -e "/Library/PEA/agent" ] ; then
RESULT=$(/Library/PEA/agent/oitcons -pkginfo | awk 'NR==3 {print $NF}')
fi
/bin/echo "<result>$RESULT</result>"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
EA could work, but a better way might be updating Inventory Collection (Computer management >> Inventory collection >> Software) to include:
/Library/PEA
This will pull the version (Info.plist) for ITProtector.app
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Those are just for the agent itself, not the updater. Per the vendor's instructions, we deploy the agent updater, then the agent itself comes down from the proofpoint console.
