Script exits with failed status code, but does not output error to variable

atomason
New Contributor III

Good Afternoon!

I'm not sure if someone could help me figure out what is going on with this. We are currently deploying the CrowdStrike Falcon Sensor in our environment, and have a policy that pushes out the install package and a script. The install package works without issue, but we are having some issues with the script.

When the endpoint is licensed already, the script returns a failed status code and a status message as to why it failed in Jamf ("ERROR: The machine is already licensed"), but does not return that message in the script so we can tell it to succeed in the case that it is already licensed.

 

#!/bin/sh
# THIS SCRIPT LICENSES THE CROWDSTRIKE FALCON SENSOR

RESULT=$(/Applications/Falcon.app/Contents/Resources/falconctl license "$4")

echo "

OUTPUT:

${RESULT}

"

 

Which results in the following:

Script result: Error: This machine is already licensed

OUTPUT:

 

Any idea what is going on here?

1 ACCEPTED SOLUTION

mm2270
Legendary Contributor III

I was also going to suggest redirecting stderr to stdout, as that usually does the trick with such commands.

If that's not working, another approach you could try is to run the command but tee the output to a local tmp log file, then in your script check that log file for the result, and act accordingly.

/Applications/Falcon.app/Contents/Resources/falconctl license "$4" 2>&1 | tee > /tmp/falconinstall.log

if [[ $(grep "The machine is already licensed" /tmp/falconinstall.log) ]]; then
    echo "Already licensed. Exiting."
    exit 0
fi

 

View solution in original post

9 REPLIES 9

Bol
Valued Contributor

Does this give you the output you are after?

echo "OUTPUT: ${RESULT}"

atomason
New Contributor III

Hey Bol! That does not make a difference in the output for me. I have actually tried to format this several different ways with the same result. For whatever reason $RESULT is empty after the command is executed, but Jamf still manages to get the output. The line:

Script result: Error: This machine is already licensed

Is caught by Jamf in the policy logs, but not in the output of $RESULT.

 

Bol
Valued Contributor

Sorry it looks like you may already have the same but im not sure if the formatting in your post skewed it?

atomason
New Contributor III

Nope that formatting is intentional. POSIX should have no trouble with the multi-line echo.

Fluffy
Contributor III

I believe what you would want to do is redirect stderr to stdout. I'm unable to test this myself, but you could try the following:

#!/bin/sh
# THIS SCRIPT LICENSES THE CROWDSTRIKE FALCON SENSOR

RESULT=$(/Applications/Falcon.app/Contents/Resources/falconctl license "$4" 2>&1)

echo "

OUTPUT:

${RESULT}

"

 

atomason
New Contributor III

Hey Fluffy.

Thanks for the reply! I tried that and various other approaches, but it was completely inconsistent. For instance, if the command succeeded then ${RESULT} would have a value, but if it failed then it would be an empty variable. I'm convinced that CrowdStrike is not handling output to "stderr" and "stdout" in their sensor correctly causing issues with this script.

mm2270
Legendary Contributor III

I was also going to suggest redirecting stderr to stdout, as that usually does the trick with such commands.

If that's not working, another approach you could try is to run the command but tee the output to a local tmp log file, then in your script check that log file for the result, and act accordingly.

/Applications/Falcon.app/Contents/Resources/falconctl license "$4" 2>&1 | tee > /tmp/falconinstall.log

if [[ $(grep "The machine is already licensed" /tmp/falconinstall.log) ]]; then
    echo "Already licensed. Exiting."
    exit 0
fi

 

atomason
New Contributor III

I ended up going this route simply because it works. I'm still not sure what the exact issue was, but I suspect that CrowdStrike is not properly handling 'stdout' and 'stderr' messages.

MrR0g3rs
New Contributor III

Can I ask, is this bit of code simply appended to the end of the script that installs the license? I am having the same problem, which isn't really a problem as crowdstrike is actually deployed but it is reporting to me a failure, which causes me to have to track it down. Thanks.