.sh Asset scan script

KyleEricson
Valued Contributor II

I have an sh script that won't work if I upload to jamf pro so I have to download it and then run it via jamf process. What is the best way to do this?

Here is the script

#!/bin/sh

############ Server details ############

hostName="MSD69"
portNo="443"
protocol="https"

############ Server details ############

SUPPORT="assetexplorer-support@manageengine.com"
PRODUCT="AssetExplorer"

COMPUTERNAME=`hostname`
OUTPUTFILE="$COMPUTERNAME.xml"


main()
{
    echo "##### Scanning Started #####"
        echo "<?xml version="1.0" encoding="UTF-8" ?><DocRoot>" >$OUTPUTFILE
    constructXML "ComputerName" "hostname"
    constructXML "OS_Category" "uname -s"
    echo "<Hardware_Info>" >>$OUTPUTFILE
    constructXML "OS_Category" "sw_vers"
    constructXML "Memory_Information" "sysctl hw.physmem"
    constructXML "Memory_Information" "sysctl hw.usermem"
    constructXML "Memory_Informationw" "sysctl hw.memsize"
    constructXML "Memory_Information" "sysctl vm.swapusage"
    constructXML "Computer_Information" "hostname"
    constructXML "Computer_Information" "hostname -s"
    constructXML "CPU_Information" "system_profiler SPHardwareDataType"
    constructXML "Disk_Space" "df -k"
    constructXML "NIC_Info" "/sbin/ifconfig"
    #-----------Last logged in user name -----------
    constructXML "Last_logged_user" "last | awk '{print $1 " " $3}'"
    #-------------Chipset, VRAM, Monitor display type, resolution---------------------
    constructXML "Monitoranddisplayinfo" "/usr/sbin/system_profiler SPDisplaysDataType"
    #--------------Sound card -----------------------------
    constructXML "SoundCardinfo" "/usr/sbin/system_profiler SPAudioDataType"         
    #---------------Memory modules----------------------
    constructXML "MemoryInfo" "/usr/sbin/system_profiler SPMemoryDataType"           
    #--------------Physical drives-------------------------
    constructXML "PhysicaldrivesInfo" "/usr/sbin/system_profiler SPParallelATADataType"     
    #--------------Harddisk info if no data is available in SPParallelATADataType------------
    constructXML "HarddrivesInfo" "/usr/sbin/system_profiler SPSerialATADataType"           
    #----------------Printer Info-----------------------
    constructXML "Printer_Info" "/usr/sbin/system_profiler SPPrintersDataType -xml"           
    echo "</Hardware_Info>" >>$OUTPUTFILE
    echo "<Software_Info>" >>$OUTPUTFILE
    constructXML "Installed_Softwares" "system_profiler SPApplicationsDataType"
    echo "</Software_Info>" >>$OUTPUTFILE
    echo "</DocRoot>" >>$OUTPUTFILE
    echo "##### Scanning completed #####"
    #echo $data
    pushData
}

constructXML()
{
    ##Need to replace the < into &lt; , > into &gt; and & into &amp;#####
    echo "<$1><command>$2</command><output><![CDATA[">>$OUTPUTFILE
    eval $2 >> $OUTPUTFILE 2>&1
    echo "]]></output></$1>" >>$OUTPUTFILE
}

pushData()
{
        data=$(cat $OUTPUTFILE)
        eval "type curl > /dev/null 2>&1"

        if [ $? -ne 0 ]
        then
                echo "curl is not installed, so could not post the scan data to $PRODUCT, You can import the  $COMPUTERNAME.xml available in the current directory into $PRODUCT using Stand Alone Workstations Audit. Executing the curl command will lead to the installation."
                exit 1
        fi

    curl --header "Content-Type: text/xml" --data-binary @$OUTPUTFILE "$protocol://$hostName:$portNo/discoveryServlet/WsDiscoveryServlet?COMPUTERNAME=$COMPUTERNAME"
        if [ $? -ne 0 ]
        then
           echo "$PRODUCT is not reachable. You can import the  $COMPUTERNAME.xml available in the current directory into $PRODUCT using Stand Alone Workstations Audit. For further queries, please contact $SUPPORT."
        else
           rm -rf $OUTPUTFILE
           echo "Successfully scanned the system data, Find this machine details in $PRODUCT server."
        fi
}


main $*
Read My Blog: https://www.ericsontech.com
3 REPLIES 3

mm2270
Legendary Contributor III

Haven't done anything but peruse the script very lightly, but can you explain why it doesn't work when run from a Jamf policy, if you understand the reason why?

KyleEricson
Valued Contributor II

No idea I created a policy with this script and this is the error I get.
If I look in logs on JAMF PRO it just says pending, it's like it never even tried to run.

There was an error.
Message has no content

Read My Blog: https://www.ericsontech.com

mm2270
Legendary Contributor III

So it looks like this is some kind of asset collection script. I've seen similar things with tools like Flexera.
I should just mention that the script uses eval which is generally frowned upon by bash aficionados. I sometimes think the concerns over eval, although real, tend to be a little overblown myself, but there is a risk when using it that it creates some vulnerabilities in the script, because eval allows for bad or dirty code to be executed without being validated or sanitized. In best case "problem" scenarios it can lead to errors because of incorrect parsing. In worst case scenarios, bad code can be run that can do damage to the system. I don't really think either of those would happen based on what I see in that script, but I did want to mention the use of eval in it, so you can make a more informed decision about it.

In any event, short of contacting the vendor/creator of the script and asking them if they would know what to modify to make it a deployable script through a management tool, you would need to use the API to download it. This is assuming you don't just package up the script and deploy it to a hidden location on each device and then call the script from there in a policy, which might make some sense depending on how you want to go about this. I would not do the latter if this was a one time run item. But if it's something you need to run like weekly or so, then "installing" the script to a local directory on each machine and running it from there could make sense.

Outside of that, using the API, you would do something like this, changing all relevant pieces, like the API username + password, Jamf Pro URL and the script ID.

curl -H "Accept: text/xml" -sfku "${apiusername}:${apipassword}" https://your.jamfpro.server.com/JSSResource/scripts/id/${scriptID} | xpath '/script/script_contents/text()'

The above would extract just the script contents. But you'll need to pipe that into a local file and then make it executable. Add this onto the curl line, changing path and script name of course.

 > /path/to/script.sh

Then...

chmod +x /path/to/script.sh

From there you should be able to test if it worked by running the script in Terminal: /path/to/script.sh