Help

Smart group based on existence of a file?

Go to solution
AVmcclint
Honored Contributor

Posted on β€Ž09-28-2015 12:59 PM

We've got some security software that only consists of a single binary in /sbin and a launch daemon in /Library/LaunchDaemons Some of the installs were done by our security team manually (outside of Casper) and I've been asked to make it deployable. I need to make a smart group to manage which computers don't already have it and to make sure the software isn't re-installed on top of an existing install, but I can't figure out how to set criteria to look for the presence of either of those files. Does anyone have any pointers?

  • (yes, I realize that this software won't work in El Capitan because it installs to /sbin, but we're waiting several months before upgrading anything)
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
bkramps
New Contributor III

Posted on β€Ž09-28-2015 01:05 PM

@AVmcclint , we do something similar and the best way I have found is to create an extension attribute for the presence of the file. The Ext Attribute could be similar to this

#!/bin/sh
if [ -e /sbin/filename ]
then 
  echo "<result>True</result>"
else
  echo "<result>False</result>"
fi

Then you build a Smart Group based on that Attribute True or False value.

View solution in original post

14 REPLIES 14

Go to solution
mm2270
Legendary Contributor III

Posted on β€Ž09-28-2015 01:04 PM

You'll need to use an Extension Attribute script to locate the files and report back a simple result like "Installed" or "Not Installed" and then create the Smart Group from that criteria, using the correct result term sent back to the JSS.

While Casper Suite does capture running services, which should include the LaunchDaemon, its not possible to use those as Smart Group criteria.
My bad. It is possible to use Running Services as Smart Group criteria, so it might be possible to look for the existence of the LaunchDaemon, but if you also need to check on the file in /sbin/ then I would still probably use an Extension Attribute for this.

Edit 2: So FWIW, I just out of curiosity tried using the Running Services criteria in a Smart Group. I made the mistake of clicking the ellipses button (...) to choose from a list, and hung my browser up as it valiantly (but hopelessly) tried to load what must have been thousands of possible processes to choose from. Just something to note if you ever decide to use that. Type the process name in manually, don't try to choose it from a list. ;-)

0 Kudos

Go to solution
bkramps
New Contributor III

Posted on β€Ž09-28-2015 01:05 PM

@AVmcclint , we do something similar and the best way I have found is to create an extension attribute for the presence of the file. The Ext Attribute could be similar to this

#!/bin/sh
if [ -e /sbin/filename ]
then 
  echo "<result>True</result>"
else
  echo "<result>False</result>"
fi

Then you build a Smart Group based on that Attribute True or False value.

Go to solution
CAJensen01
Contributor

Posted on β€Ž09-28-2015 01:08 PM

Your ea script would look like:

#!/bin/bash

[ -f /tmp/file.txt ] && result="Yes" || result="No"

echo "<result>$result</result>"

Flags explained:
-e: Returns true value, if file exists
-f: Return true value, if file exists and regular file
-r: Return true value, if file exists and is readable
-w: Return true value, if file exists and is writable
-x: Return true value, if file exists and is executable
-d: Return true value, if exists and is a directory

Edit: already beaten!

0 Kudos

Go to solution
monaronyc
Contributor

Posted on β€Ž02-01-2017 10:29 AM

@bkramps Would you be so kind as to elaborate on exactly how to create the Smart Group with this script? I'm pulling my hair out with this!

0 Kudos

Go to solution
stevewood
Honored Contributor II
Honored Contributor II

Posted on β€Ž02-01-2017 10:37 AM

@monaronyc once you've created your Extension Attribute using the script that @bkramps posted, you would create a Smart Group looking for the result you want from that EA.

For example, if your Extension Attribute is called "My File Exists" or whatever, your Smart Group would look for true values in that EA:

8dfbbe469fa045409015d2fb3f226c36

Or if you wanted to know about that file missing, you could set the value to False.

Go to solution
monaronyc
Contributor

Posted on β€Ž02-01-2017 11:46 AM

@stevewood OH MAN! I totally missed that part! PHOOEY! I've been trying to grasp all this. I think I've got it then. So I created an EA with the script. I then created a Smart Group with the criteria you mentioned. Got that! So now how does that script get pushed so we see the results?

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on β€Ž02-01-2017 11:49 AM

EA scripts are run during an inventory collection. They are automatically picked up by all managed Macs the next time they submit new inventory and run each time after, updating any results.

0 Kudos

Go to solution
stevewood
Honored Contributor II
Honored Contributor II

Posted on β€Ž02-01-2017 11:49 AM

@monaronyc the script in the EA does not get pushed out. When a machine does an Inventory update (via jamf recon or via your daily inventory update), the EA script will run and populate the data.

If you want to see if it is working, on a machine that has the file open Terminal and sudo jamf recon. Once the recon is done check the Smart Group.

Go to solution
monaronyc
Contributor

Posted on β€Ž02-01-2017 12:15 PM

Oh, Perfect! I'll try it now!

0 Kudos

Go to solution
monaronyc
Contributor

Posted on β€Ž02-02-2017 05:52 AM

Morning guys! I am sorry to say it didn't work. Even with the Recon. EA set up looks like this:

Display name: Search
Description: Yada Yada
Data Type: String
Inventory Display: General
input Type: Script

And the script in the macOS box is:

!/bin/bash

[ -f /Library/LaunchDaemons/com.tanium.taniumclient.plist ] && result='Yes' || result='No'
echo "<result>$result</result>"

Any thoughts?

0 Kudos

Go to solution
stevewood
Honored Contributor II
Honored Contributor II

Posted on β€Ž02-02-2017 07:05 AM

@monaronyc what is the result you are getting in the EA, blank or a yes/no answer? If you enter that script into a .sh file on the computer and run it from the computer manually, not via an EA, what is your result? Have you verified that the plist file is in existence?

I copied what you have above into an EA, placed a file named com.tanium.taniumclient.plist in that file path, and then did a recon on my machine. The EA comes back with a Yes if the file is there and a No if I delete the file and recon again.

0 Kudos

Go to solution
monaronyc
Contributor

Posted on β€Ž02-02-2017 07:26 AM

@stevewood Yes! Funny you should ask. When I double click the .sh file on my desktop I get a return of Yes in Terminal, file exists. And yes the .plist file is definitely there in the LaunchDaemons folder. When I copy and paste the script into EA, we get nothing after the Recon. The field for this EA in Inventory > General is blank. And i have to tell you... I'm noticing all the other EA's that are there by default are also blank. For instance the ARD fields which we use on a daily basis are all blank. Maybe we have something greater going on here with our environment. Something may need to be reconfigured maybe?

0 Kudos

Go to solution
mm2270
Legendary Contributor III

Posted on β€Ž02-02-2017 07:32 AM

Maybe we have something greater going on here with our environment.

That's been my thought since yesterday. I don't see any reason why inventory collections are not gathering the info correctly. You may want to get with your Jamf TAM to see what may be going on. I think something is up with your JSS.

0 Kudos

Go to solution
etarasula
New Contributor II

Posted on β€Ž05-10-2021 03:14 PM

Super useful post!!!! Thanks a ton!!!

0 Kudos