- Jamf Nation Community
- Products
- Jamf Pro
- Re: Script exits with failed status code, but does...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-29-2022 09:57 AM
Good Afternoon!
I'm not sure if someone could help me figure out what is going on with this. We are currently deploying the CrowdStrike Falcon Sensor in our environment, and have a policy that pushes out the install package and a script. The install package works without issue, but we are having some issues with the script.
When the endpoint is licensed already, the script returns a failed status code and a status message as to why it failed in Jamf ("ERROR: The machine is already licensed"), but does not return that message in the script so we can tell it to succeed in the case that it is already licensed.
#!/bin/sh
# THIS SCRIPT LICENSES THE CROWDSTRIKE FALCON SENSOR
RESULT=$(/Applications/Falcon.app/Contents/Resources/falconctl license "$4")
echo "
OUTPUT:
${RESULT}
"
Which results in the following:
Script result: Error: This machine is already licensed
OUTPUT:
Any idea what is going on here?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-03-2022 10:07 PM
I was also going to suggest redirecting stderr to stdout, as that usually does the trick with such commands.
If that's not working, another approach you could try is to run the command but tee the output to a local tmp log file, then in your script check that log file for the result, and act accordingly.
/Applications/Falcon.app/Contents/Resources/falconctl license "$4" 2>&1 | tee > /tmp/falconinstall.log
if [[ $(grep "The machine is already licensed" /tmp/falconinstall.log) ]]; then
echo "Already licensed. Exiting."
exit 0
fi
Reply
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-01-2022 06:15 AM
Does this give you the output you are after?
echo "OUTPUT: ${RESULT}"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-01-2022 09:58 AM
Hey Bol! That does not make a difference in the output for me. I have actually tried to format this several different ways with the same result. For whatever reason $RESULT is empty after the command is executed, but Jamf still manages to get the output. The line:
Script result: Error: This machine is already licensed
Is caught by Jamf in the policy logs, but not in the output of $RESULT.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-01-2022 06:16 AM
Sorry it looks like you may already have the same but im not sure if the formatting in your post skewed it?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-01-2022 09:59 AM
Nope that formatting is intentional. POSIX should have no trouble with the multi-line echo.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-02-2022 08:17 AM
I believe what you would want to do is redirect stderr to stdout. I'm unable to test this myself, but you could try the following:
#!/bin/sh
# THIS SCRIPT LICENSES THE CROWDSTRIKE FALCON SENSOR
RESULT=$(/Applications/Falcon.app/Contents/Resources/falconctl license "$4" 2>&1)
echo "
OUTPUT:
${RESULT}
"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-02-2022 09:50 AM
Hey Fluffy.
Thanks for the reply! I tried that and various other approaches, but it was completely inconsistent. For instance, if the command succeeded then ${RESULT} would have a value, but if it failed then it would be an empty variable. I'm convinced that CrowdStrike is not handling output to "stderr" and "stdout" in their sensor correctly causing issues with this script.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-03-2022 10:07 PM
I was also going to suggest redirecting stderr to stdout, as that usually does the trick with such commands.
If that's not working, another approach you could try is to run the command but tee the output to a local tmp log file, then in your script check that log file for the result, and act accordingly.
/Applications/Falcon.app/Contents/Resources/falconctl license "$4" 2>&1 | tee > /tmp/falconinstall.log
if [[ $(grep "The machine is already licensed" /tmp/falconinstall.log) ]]; then
echo "Already licensed. Exiting."
exit 0
fi
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-06-2022 06:51 AM
I ended up going this route simply because it works. I'm still not sure what the exact issue was, but I suspect that CrowdStrike is not properly handling 'stdout' and 'stderr' messages.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-07-2024 08:42 AM
Can I ask, is this bit of code simply appended to the end of the script that installs the license? I am having the same problem, which isn't really a problem as crowdstrike is actually deployed but it is reporting to me a failure, which causes me to have to track it down. Thanks.
