Proofpoint Extension attribute

PCDoc
New Contributor

Jamfsters, 

am trying to setup an extension Attribute that will tell me if proofpoint is running on the system.  After looking at the activity monitor is under logger  (4599) I am new to scritpts can someone point me in the right direction?

6 REPLIES 6

AJPinto
Esteemed Contributor

Without knowing a lot about Proofpoint myself, I suggest looking for the daemon. If the daemon is running, the client should be running. Below is an EA I tossed together for SSH, just replace the SSH daemon with whatever Proofpoints daemon is called.

 

Reaching out to the vendor on this one is probably the best option. They probably have a terminal command that will give the client status, you could wrap that in to an EA for JAMF. If the vendors client status command is one line you could replace what is in the ( ) brackets below with that command and this same EA will work. Just adjust the variable name to fit the use case.

 

#!/bin/bash

Daemon_Status=$(sudo launchctl list | grep "com.openssh.sshd")


if [[ $Daemon_Status != '' ]]
then
	echo "echo <result>Daemon Active</result>"
else
	echo "<result>Daemon Not Active</result>"
fi

 

daniel_behan
Contributor III

If you are referring to ProofPoint ObserveIT, I have two Extension Attributes.  One for the agent and another for the agent updater.

#!/usr/bin/env bash
##############################################################################
# A script to collect the version of Proofpoint ObserveIT currently installed.#
# If Proofpoint ObserveIT  is not installed "Not Installed" will return back  #
##############################################################################

RESULT="Not Installed"

if [ -f "/etc/omonitor/version" ] ; then
  RESULT=$( /bin/cat /etc/omonitor/version )
fi
/bin/echo "<result>$RESULT</result>"
#!/usr/bin/env bash
##############################################################################
# A script to collect the version of Proofpoint ObserveIT Updater currently installed.#
# If Proofpoint ObserveIT updater is not installed "Not Installed" will return back  #
##############################################################################

RESULT="Not Installed"

if [ -f "/Library/ITUpdater/updater/plist/updater.Info.plist" ] ; then
  RESULT=$( /usr/libexec/PlistBuddy -c Print /Library/ITUpdater/updater/plist/updater.Info.plist | grep CFBundleVersion | cut -d '=' -f2 | xargs )
fi
/bin/echo "<result>$RESULT</result>"

 

santy_nextg
New Contributor

@daniel_behan

While using the script to collect the ProofPoint version, it fails with the error "line 10: syntax error near unexpected token 'fi'

#!/usr/bin/env bash
##############################################################################
# A script to collect the version of Proofpoint ObserveIT currently installed.#
# If Proofpoint ObserveIT  is not installed "Not Installed" will return back  #
##############################################################################

RESULT="Not Installed"

if [ -f "/etc/omonitor/version" ] ; then
  RESULT=$( /bin/cat /etc/omonitor/version )
fi
/bin/echo "<result>$RESULT</result>"

A bit late to the party but amended your script to this one:

#!/bin/zsh
##############################################################################
# A script to collect the version of Proofpoint ObserveIT currently installed.#
# If Proofpoint ObserveIT  is not installed "Not Installed" will return back  #
##############################################################################

RESULT="Not Installed"

if [ -e "/Library/PEA/agent" ] ; then
  RESULT=$(/Library/PEA/agent/oitcons -pkginfo | awk 'NR==3 {print $NF}')
fi
/bin/echo "<result>$RESULT</result>"

markdmatthews
Contributor

EA could work, but a better way might be updating Inventory Collection (Computer management >> Inventory collection >> Software) to include:

/Library/PEA

This will pull the version (Info.plist) for ITProtector.app

daniel_behan
Contributor III

Those are just for the agent itself, not the updater.  Per the vendor's instructions, we deploy the agent updater, then the agent itself comes down from the proofpoint console.