-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcaspercheck.sh
executable file
·385 lines (307 loc) · 10.9 KB
/
caspercheck.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
#!/bin/bash
#
# User-editable variables
#
# For the fileURL variable, put the complete address
# of the zipped Casper QuickAdd installer package
# fileURL="http://server_name_here.domain.com/quickadd_name_goes_here.zip"
# For the jss_server_address variable, put the complete
# fully qualified domain name address of your Casper server
jss_server_address="vm-corpcsp01.apptio.lan"
# For the jss_server_address variable, put the port number
# of your Casper server. This is usually 8443; change as
# appropriate.
jss_server_port="8443"
# For the log_location variable, put the preferred
# location of the log file for this script. If you
# don't have a preference, using the default setting
# should be fine.
log_location="/var/log/caspercheck.log"
#
# The variables below this line should not need to be edited.
# Use caution if doing so.
#
quickadd_dir="/Library/Application\ Support/caspersupport/quickadd"
quickadd_zip="/Library/Application\ Support/caspersupport/quickadd/quickadd.zip"
quickadd_installer="$quickadd_dir/quickadd.pkg"
quickadd_timestamp="$quickadd_dir/quickadd_timestamp"
#
# Begin function section
# =======================
#
# Function to provide custom curl options
myCurl () { /usr/bin/curl -k --retry 3 --silent --show-error "$@"; }
# Function to provide logging of the script's actions to
# the log file defined by the log_location variable
ScriptLogging(){
DATE=`date +%Y-%m-%d\ %H:%M:%S`
LOG="$log_location"
echo "$DATE" " $1" >> $LOG
}
CheckForNetwork(){
# Determine if the network is up by looking for any non-loopback network interfaces.
local test
if [[ -z "${NETWORKUP:=}" ]]; then
test=$(ifconfig -a inet 2>/dev/null | sed -n -e '/127.0.0.1/d' -e '/0.0.0.0/d' -e '/inet/p' | wc -l)
if [[ "${test}" -gt 0 ]]; then
NETWORKUP="-YES-"
else
NETWORKUP="-NO-"
fi
fi
}
CheckSiteNetwork (){
# CheckSiteNetwork function adapted from Facebook's check_corp function script.
# check_corp script available on Facebook's IT-CPE Github repo:
#
# check_corp:
# This script verifies a system is on the corporate network.
# Input: CORP_URL= set this to a hostname on your corp network
# Optional ($1) contains a parameter that is used for testing.
# Output: Returns a check_corp variable that will return "True" if on
# corp network, "False" otherwise.
# If a parameter is passed ($1), the check_corp variable will return it
# This is useful for testing scripts where you want to force check_corp
# to be either "True" or "False"
# USAGE:
# check_corp # No parameter passed
# check_corp "True" # Parameter of "True" is passed and returned
site_network="False"
ping=`host -W .5 $jss_server_address`
# If the ping fails - site_network="False"
[[ $? -eq 0 ]] && site_network="True"
# Check if we are using a test
[[ -n "$1" ]] && site_network="$1"
}
#
# The update_quickadd function checks the timestamp of the fileURL variable and compares it against a locally
# cached timestamp. If the hosted file's timestamp is newer, then the Casper
# QuickAdd installer gets downloaded and extracted into the target directory.
#
# This function uses the myCurl function defined at the top of the script.
#
# update_quickadd () {
#
# # Get modification date of fileURL
#
# modDate=$(myCurl --head $fileURL 2>/dev/null | awk -F': ' '/Last-Modified/{print $2}')
#
# # Downloading Casper agent installer
#
# ScriptLogging "Downloading Casper agent installer from server."
#
# myCurl --output "$quickadd_zip" $fileURL
#
# # Check to make sure download occurred
#
# if [[ ! -f "$quickadd_zip" ]]; then
# ScriptLogging "$quickadd_zip not found. Exiting CasperCheck."
# ScriptLogging "======== CasperCheck Finished ========"
# exit 0
# fi
#
# # Verify that the downloaded zip file is a valid zip archive.
#
# zipfile_chk=`/usr/bin/unzip -tq $quickadd_zip > /dev/null; echo $?`
#
# if [ "$zipfile_chk" -eq 0 ]; then
# ScriptLogging "Downloaded zip file appears to be a valid zip archive. Proceeding."
# else
# ScriptLogging "Downloaded zip file appears to be corrupted. Exiting CasperCheck."
# ScriptLogging "======== CasperCheck Finished ========"
# rm "$quickadd_zip"
# exit 0
# fi
#
# # Create the destination directory if needed
#
# if [[ ! -d "$quickadd_dir" ]]; then
# mkdir "$quickadd_dir"
# fi
#
# # If needed, remove existing files from the destination directory
#
# if [[ -d "$quickadd_dir" ]]; then
# /bin/rm -rf "$quickadd_dir"/*
# fi
#
# # Unzip the Casper agent install into the destination directory
# # the uncompression process from the destination directory.
#
# /usr/bin/unzip "$quickadd_zip" -d "$quickadd_dir";/bin/rm -rf "$quickadd_dir"/__MACOSX
#
# # Rename newly-downloaded installer to be casper.pkg
#
# mv "$(/usr/bin/find $quickadd_dir -maxdepth 1 \( -iname \*\.pkg -o -iname \*\.mpkg \))" "$quickadd_installer"
#
# # Remove downloaded zip file
# if [[ -f "$quickadd_zip" ]]; then
# /bin/rm -rf "$quickadd_zip"
# fi
#
# # Add the quickadd_timestamp file to the destination directory.
# # This file is used to help verify if the current Casper agent
# # installer is already cached on the machine.
#
# if [[ ! -f "$quickadd_timestamp" ]]; then
# echo $modDate > "$quickadd_timestamp"
# fi
#
#
#}
CheckTomcat (){
# Verifies that the JSS's Tomcat service is responding via its assigned port.
tomcat_chk=`nc -z -w 5 $jss_server_address $jss_server_port > /dev/null; echo $?`
if [ "$tomcat_chk" -eq 0 ]; then
ScriptLogging "Machine can connect to $jss_server_address over port $jss_server_port. Proceeding."
else
ScriptLogging "Machine cannot connect to $jss_server_address over port $jss_server_port. Exiting CasperCheck."
ScriptLogging "======== CasperCheck Finished ========"
exit 0
fi
}
#CheckInstaller (){
#
## Compare timestamps and update the Casper agent
## installer if needed.
#
# modDate=$(myCurl --head $fileURL 2>/dev/null | awk -F': ' '/Last-Modified/{print $2}')
#
#if [[ -f "$quickadd_timestamp" ]]; then
# cachedDate=$(cat "$quickadd_timestamp")
#
#
# if [[ "$cachedDate" == "$modDate" ]]; then
# ScriptLogging "Current Casper installer already cached."
# else
# update_quickadd
# fi
#else
# update_quickadd
#fi
#
#}
InstallCasper () {
# Check for the cached Casper QuickAdd installer and run it
# to fix problems with Casper being able to communicate with
# the Casper server
if [[ ! -e "$quickadd_installer" ]] ; then
ScriptLogging "Casper installer is missing. Downloading."
/bin/rm -rf "$quickadd_timestamp"
update_quickadd
fi
if [[ -e "$quickadd_installer" ]] ; then
ScriptLogging "Casper installer is present. Installing."
/usr/sbin/installer -dumplog -verbose -pkg "$quickadd_installer" -target /
ScriptLogging "Casper agent has been installed."
fi
}
CheckCasper () {
# CheckCasper function adapted from Facebook's jamf_verify.sh script.
# jamf_verify script available on Facebook's IT-CPE Github repo:
# Link: https://github.com/facebook/IT-CPE
# Checking for the jamf binary
if [[ ! -f "/usr/sbin/jamf" ]]; then
ScriptLogging "Casper's jamf binary is missing. It needs to be reinstalled."
InstallCasper
fi
# Verifying Permissions
/usr/bin/chflags noschg /usr/sbin/jamf
/usr/bin/chflags nouchg /usr/sbin/jamf
/usr/sbin/chown root:wheel /usr/sbin/jamf
/bin/chmod 755 /usr/sbin/jamf
# Verifies that the JSS is responding to a communication query
# by the Casper agent. If the communication check returns a result
# of anything greater than zero, the communication check has failed.
# If the communication check fails, reinstall the Casper agent using
# the cached installer.
jss_comm_chk=`/usr/sbin/jamf checkJSSConnection > /dev/null; echo $?`
if [[ "$jss_comm_chk" -eq 0 ]]; then
ScriptLogging "Machine can connect to the JSS on $jss_server_address."
elif [[ "$jss_comm_chk" -gt 0 ]]; then
ScriptLogging "Machine cannot connect to the JSS on $jss_server_address."
ScriptLogging "Reinstalling Casper agent to fix problem of Casper not being able to communicate with the JSS."
InstallCasper
fi
# Checking if machine can run a manual trigger
# This section will need to be edited if the policy
# being triggered has different options than the policy
# described below:
#
# Trigger: iscasperup
# Plan: Run Script iscasperonline.sh
#
# The iscasperonline.sh script contains the following:
#
# | #!/bin/sh
# |
# | echo "up"
# |
# | exit 0
#
jamf_policy_chk=`/usr/sbin/jamf policy -trigger iscasperup | grep "Script result: up"`
# If the machine can run the specified policy, exit the script.
if [[ -n "$jamf_policy_chk" ]]; then
ScriptLogging "Casper enabled and able to run policies"
# If the machine cannot run the specified policy,
# reinstall the Casper agent using the cached installer.
elif [[ ! -n "$jamf_policy_chk" ]]; then
ScriptLogging "Reinstalling Casper agent to fix problem of Casper not being able to run policies"
InstallCasper
fi
}
#
# End function section
# ====================
#
# The functions and variables defined above are used
# by the section below to check if the network connection
# is live, if the machine is on a network where
# the Casper JSS is accessible, and if the Casper agent on the
# machine can contact the JSS and run a policy.
#
# If the Casper agent on the machine cannot run a policy, the appropriate
# functions run and repair the Casper agent on the machine.
#
ScriptLogging "======== Starting CasperCheck ========"
# Wait up to 60 minutes for a network connection to become
# available which doesn't use a loopback address. This
# condition which may occur if this script is run by a
# LaunchDaemon at boot time.
#
# The network connection check will occur every 5 seconds
# until the 60 minute limit is reached.
ScriptLogging "Checking for active network connection."
CheckForNetwork
i=1
while [[ "${NETWORKUP}" != "-YES-" ]] && [[ $i -ne 720 ]]
do
sleep 5
NETWORKUP=
CheckForNetwork
echo $i
i=$(( $i + 1 ))
done
# If no network connection is found within 60 minutes,
# the script will exit.
if [[ "${NETWORKUP}" != "-YES-" ]]; then
ScriptLogging "Network connection appears to be offline. Exiting CasperCheck."
fi
if [[ "${NETWORKUP}" == "-YES-" ]]; then
ScriptLogging "Network connection appears to be live."
# Sleeping for 120 seconds to give WiFi time to come online.
ScriptLogging "Pausing for two minutes to give WiFi and DNS time to come online."
sleep 120
CheckSiteNetwork
if [[ "$site_network" == "False" ]]; then
ScriptLogging "Unable to verify access to site network. Exiting CasperCheck."
fi
if [[ "$site_network" == "True" ]]; then
ScriptLogging "Access to site network verified"
CheckTomcat
# CheckInstaller
CheckCasper
fi
fi
ScriptLogging "======== CasperCheck Finished ========"
exit 0