Skip to main content
Question

Scripting an Extension Attribute Help


Forum|alt.badge.img+4

Hello all! I am pretty new to scripting, and I'm having an issue creating an extension attribute I need. Usually I'm able to get these, but I'm having problems here.

We have edited /etc/pam.d/sudo to include the string "pam_smartcard.so" in it for some work we are doing. I'm trying to create an EA that will let me know if that string has been added to sudo, or not. The following:

grep "pam_smarcard.so" /etc/pam.d/sudo | awk '{print NR}'

...works to return a 1 if that addition has been made, or no return if that addition wasn't added to sudo.

Any idea how to script that and have the result either be Enabled if 1, or Disabled if no return?

Thanks for any help, I feel like this is super easy and I'm just missing some little thing with the numerous attempts I've tried. This is my first attempt as a grep command EA, usually I just do a readout of a plist file using read.

9 replies

Forum|alt.badge.img+4
  • Author
  • Contributor
  • 15 replies
  • April 6, 2017

Example of what I've tried:

!/usr/bin/env bash

######################################################

A script to collect if PIVSudoEnable is enabled or disabled

If PIVSudoEnable is not installed "Disabled" will return back

######################################################

RESULT=$( grep “pam_smartcard.so” /etc/pam.d/sudo | awk ‘{print NR}' )

if $RESULT = 1: echo "<result>Enabled</result>"
else: echo "<result>Disabled</result>"
fi


bpavlov
Forum|alt.badge.img+18
  • Esteemed Contributor
  • 1206 replies
  • April 6, 2017
!/usr/bin/bash

######################################################

A script to collect if PIVSudoEnable is enabled or disabled

If PIVSudoEnable is not installed "Disabled" will return back

######################################################

RESULT=$( grep “pam_smartcard.so” /etc/pam.d/sudo | awk ‘{print NR}' )

if [[ $RESULT = 1 ]]; then
echo "<result>Enabled</result>"
else
echo "<result>Disabled</result>"
fi

Just fixed the syntax issues. Give it a try.


Forum|alt.badge.img+4
  • Author
  • Contributor
  • 15 replies
  • April 6, 2017

Thanks for the response!

I copied that and gave it a shot, but the EA is still showing as blank after a few recons.


chris_kemp
Forum|alt.badge.img+20
  • Jamf Heroes
  • 339 replies
  • April 6, 2017

Is that a backtick in front of the {print NR} statement? Maybe a typo?


Forum|alt.badge.img+4
  • Author
  • Contributor
  • 15 replies
  • April 6, 2017

Oh jeez. Yes, yes it is. That was it, haha.

thanks and good eyes! You guys rock!


Forum|alt.badge.img+31
  • Honored Contributor
  • 2721 replies
  • April 6, 2017
#!/usr/bin/env python

with open('/etc/pam.d/sudo') as f:
    lines = readlines(f)
    if "pam_smartcard.so" in lines:
        print "<result>enabled</result>"
    else:
        print "<result>disabled</result>"

f.close()

Don't have ability to test but you could do something like this in Python


Forum|alt.badge.img+31
  • Honored Contributor
  • 2721 replies
  • April 6, 2017

double post for some reason, so ignore this


mm2270
Forum|alt.badge.img+16
  • Legendary Contributor
  • 7880 replies
  • April 6, 2017

Just a quick note. If all you were doing is grepping to see if a line exists in a file, there's no need to count up the lines with awk. Unless it was important to know if there was more than one entry. If all you're looking for is the existence of any match, something like this would be enough:

#!/bin/sh

if [[ $(grep "pam_smartcard.so" /etc/pam.d/sudo) ]]; then
    echo "<result>enabled</result>"
else
    echo "<result>disabled</result>"
fi

This is because the if/then is really performing a test and sees what the exit result is (0 = "success" or not 0 = "failed") The if implies 'if the following test is true/successful, do something, else if it's false/failed, do something else'


Forum|alt.badge.img+7

Thanks for the clear explanation @mm2270 I used your lines for something else I was cooking up. But what if I would like to count how many times it found it. How would I go about that?


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings