Skip to main content
Solved

Script exits with failed status code, but does not output error to variable


atomason
Forum|alt.badge.img+7

Good Afternoon!

I'm not sure if someone could help me figure out what is going on with this. We are currently deploying the CrowdStrike Falcon Sensor in our environment, and have a policy that pushes out the install package and a script. The install package works without issue, but we are having some issues with the script.

When the endpoint is licensed already, the script returns a failed status code and a status message as to why it failed in Jamf ("ERROR: The machine is already licensed"), but does not return that message in the script so we can tell it to succeed in the case that it is already licensed.

 

#!/bin/sh # THIS SCRIPT LICENSES THE CROWDSTRIKE FALCON SENSOR RESULT=$(/Applications/Falcon.app/Contents/Resources/falconctl license "$4") echo " OUTPUT: ${RESULT} "

 

Which results in the following:

Script result: Error: This machine is already licensed OUTPUT:

 

Any idea what is going on here?

Best answer by mm2270

atomason wrote:

Hey Fluffy.

Thanks for the reply! I tried that and various other approaches, but it was completely inconsistent. For instance, if the command succeeded then ${RESULT} would have a value, but if it failed then it would be an empty variable. I'm convinced that CrowdStrike is not handling output to "stderr" and "stdout" in their sensor correctly causing issues with this script.


I was also going to suggest redirecting stderr to stdout, as that usually does the trick with such commands.

If that's not working, another approach you could try is to run the command but tee the output to a local tmp log file, then in your script check that log file for the result, and act accordingly.

/Applications/Falcon.app/Contents/Resources/falconctl license "$4" 2>&1 | tee > /tmp/falconinstall.log if [[ $(grep "The machine is already licensed" /tmp/falconinstall.log) ]]; then echo "Already licensed. Exiting." exit 0 fi

 

View original
Did this topic help you find an answer to your question?

9 replies

Bol
Forum|alt.badge.img+11
  • Contributor
  • 276 replies
  • May 1, 2022

Does this give you the output you are after?

echo "OUTPUT: ${RESULT}"

Bol
Forum|alt.badge.img+11
  • Contributor
  • 276 replies
  • May 1, 2022

Sorry it looks like you may already have the same but im not sure if the formatting in your post skewed it?


atomason
Forum|alt.badge.img+7
  • Author
  • Contributor
  • 10 replies
  • May 1, 2022
Bol wrote:

Does this give you the output you are after?

echo "OUTPUT: ${RESULT}"

Hey Bol! That does not make a difference in the output for me. I have actually tried to format this several different ways with the same result. For whatever reason $RESULT is empty after the command is executed, but Jamf still manages to get the output. The line:

Script result: Error: This machine is already licensed

Is caught by Jamf in the policy logs, but not in the output of $RESULT.

 


atomason
Forum|alt.badge.img+7
  • Author
  • Contributor
  • 10 replies
  • May 1, 2022
Bol wrote:

Sorry it looks like you may already have the same but im not sure if the formatting in your post skewed it?


Nope that formatting is intentional. POSIX should have no trouble with the multi-line echo.


Fluffy
Forum|alt.badge.img+10
  • Honored Contributor
  • 209 replies
  • May 2, 2022

I believe what you would want to do is redirect stderr to stdout. I'm unable to test this myself, but you could try the following:

#!/bin/sh # THIS SCRIPT LICENSES THE CROWDSTRIKE FALCON SENSOR RESULT=$(/Applications/Falcon.app/Contents/Resources/falconctl license "$4" 2>&1) echo " OUTPUT: ${RESULT} "

 


atomason
Forum|alt.badge.img+7
  • Author
  • Contributor
  • 10 replies
  • May 2, 2022
Fluffy wrote:

I believe what you would want to do is redirect stderr to stdout. I'm unable to test this myself, but you could try the following:

#!/bin/sh # THIS SCRIPT LICENSES THE CROWDSTRIKE FALCON SENSOR RESULT=$(/Applications/Falcon.app/Contents/Resources/falconctl license "$4" 2>&1) echo " OUTPUT: ${RESULT} "

 


Hey Fluffy.

Thanks for the reply! I tried that and various other approaches, but it was completely inconsistent. For instance, if the command succeeded then ${RESULT} would have a value, but if it failed then it would be an empty variable. I'm convinced that CrowdStrike is not handling output to "stderr" and "stdout" in their sensor correctly causing issues with this script.


Forum|alt.badge.img+16
  • Legendary Contributor
  • 7880 replies
  • Answer
  • May 4, 2022
atomason wrote:

Hey Fluffy.

Thanks for the reply! I tried that and various other approaches, but it was completely inconsistent. For instance, if the command succeeded then ${RESULT} would have a value, but if it failed then it would be an empty variable. I'm convinced that CrowdStrike is not handling output to "stderr" and "stdout" in their sensor correctly causing issues with this script.


I was also going to suggest redirecting stderr to stdout, as that usually does the trick with such commands.

If that's not working, another approach you could try is to run the command but tee the output to a local tmp log file, then in your script check that log file for the result, and act accordingly.

/Applications/Falcon.app/Contents/Resources/falconctl license "$4" 2>&1 | tee > /tmp/falconinstall.log if [[ $(grep "The machine is already licensed" /tmp/falconinstall.log) ]]; then echo "Already licensed. Exiting." exit 0 fi

 


atomason
Forum|alt.badge.img+7
  • Author
  • Contributor
  • 10 replies
  • May 6, 2022
mm2270 wrote:

I was also going to suggest redirecting stderr to stdout, as that usually does the trick with such commands.

If that's not working, another approach you could try is to run the command but tee the output to a local tmp log file, then in your script check that log file for the result, and act accordingly.

/Applications/Falcon.app/Contents/Resources/falconctl license "$4" 2>&1 | tee > /tmp/falconinstall.log if [[ $(grep "The machine is already licensed" /tmp/falconinstall.log) ]]; then echo "Already licensed. Exiting." exit 0 fi

 


I ended up going this route simply because it works. I'm still not sure what the exact issue was, but I suspect that CrowdStrike is not properly handling 'stdout' and 'stderr' messages.


Forum|alt.badge.img+4
  • Contributor
  • 13 replies
  • February 7, 2024
mm2270 wrote:

I was also going to suggest redirecting stderr to stdout, as that usually does the trick with such commands.

If that's not working, another approach you could try is to run the command but tee the output to a local tmp log file, then in your script check that log file for the result, and act accordingly.

/Applications/Falcon.app/Contents/Resources/falconctl license "$4" 2>&1 | tee > /tmp/falconinstall.log if [[ $(grep "The machine is already licensed" /tmp/falconinstall.log) ]]; then echo "Already licensed. Exiting." exit 0 fi

 


Can I ask, is this bit of code simply appended to the end of the script that installs the license? I am having the same problem, which isn't really a problem as crowdstrike is actually deployed but it is reporting to me a failure, which causes me to have to track it down. Thanks.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings