0

I am in the process of setting up an MDM system (Mosyle) to manage our fleet of Mac's. As part of the set up, we are loading apps to deploy to the fleet of Mac's via the MDM.

Sophos Endpoint is what this thread is regarding, I have found instructions for how to deploy this via JAMF Pro, however we are using Mosyle so I have had to loosely follow these instructions but regardless following the same principles -

https://docs.sophos.com/central/Customer/help/en-us/PeopleAndDevices/ProtectDevices/EndpointProtection/MacDeployment/index.html

Following this guide, I have managed make the app deployable. This is tested and does work - Happy days! Essentially it runs through a script, that utilizes curl to pull the application from Sophos repository to the local machine and install accordingly. However I would like to further adapt this....

What I am ideally after is for this script top run periodically, say once a day and to essentially do the following:

  1. Scan the /Applications folder to verify if Sophos Endpoint is installed on the machine, if so - EXIT, if not installed - Proceed with remaining script.
  2. Download and Install Sophos.

Below is the current script in its entirety (all besides the curl URL for confidentiality purposes) this script does stage 2 of the above, so essentially what i am looking for is some script before the Download / Install lines to check for any pre-existing installs...

#!/bin/bash
SOPHOS_DIR="/Users/Shared/Sophos_Install"
mkdir $SOPHOS_DIR
cd $SOPHOS_DIR

# Installing Sophos
curl -L -O "https://api-cloudstation-us-east-2.prod.hydra.sophos.com/api/download/localinstall/SophosInstall.zip"
unzip SophosInstall.zip
chmod a+x $SOPHOS_DIR/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer
chmod a+x $SOPHOS_DIR/Sophos\ Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
sudo $SOPHOS_DIR/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --quiet
rm -rf $SOPHOS_DIR
exit 0

I am very new to the bash scripting world, I have had a little browse but havent been too successful in making anything quite work for this and was wondering if anybody had any further input?

If there is any further info I can provide to help make this a bit clearer please do let me know :)

Thank you for taking the time to read this! Happy Friday! Mike

As per main body, I have managed to make the app deployable but struggling to place some script in front of it to determine if the software is already installed, and if so to not proceed with the download / install of Sophos.

Barmar
  • 741,623
  • 53
  • 500
  • 612
user21327554
  • 1
  • 1
  • 2
    Always quote your variables. Filenames can contain whitespace, and your commands won't work properly if that happens. – Barmar Mar 03 '23 at 17:36
  • 2
    If you don't know how to write an `if` statement to test if a file or directory already exists, you need to read a shell scripting tutorial. SO is not a tutoring service, you need to learn the basics. – Barmar Mar 03 '23 at 17:37
  • 1
    What you mean by "scan the /Application"? If you know the name of the file or folder where Sophos is installed, you can check it using an `if` statement, as Barmar suggests. Recall that shell scripts use square brackets to invoke the (internal) `test` command, like `if [ -f /my/installed/file ]; then exit; fi`. – Ale Mar 03 '23 at 18:08
  • And if I understand your situation correctly (TLDR), as you are connecting from a central machine to "node" machines, one of the simplest and secure method for running tests on nodes is to use an `ssh` connection. Getting `ssh` setup is usually a task for a sys-admin, and depending on your organizations security culture can be a headache to get working. Allow time and start researching about this general topic (connecting to nodes) and the more specific `ssh` or whatever is allowed. (nfs-mounting the nodes?(nah!)) Good luck! – shellter Mar 03 '23 at 18:19

1 Answers1

0

Disclaimer: I'm not familiar with that MDM system at all, but here are some suggestions.

Unless your MDM has another way to set that up, to run tasks periodically, you probably would need to setup a cron job. See this answer for instructions on how to do that.

Within the script, you can use du -d 1 to list all the files immediately under /Applications ("-d 1" meaning depth of 1).

If you're just looking for a file of a particular name, then you could simply pipe that output into grep, like so:

du -d 1 /Applications | grep "SomeAppName.app"

If grep finds a matching string in that list, it will return that line, else it will return nothing. So what we can do is check if the return value of the above is empty, and if it isn't, we will exit the script.

searchResult=$(du -d 1 /Applications | grep "SomeAppName.app")
[ -z $searchResult ] || exit # Exit if application installed

Put the rest of your script under that and that should do the job.

EDIT:

If you want to check the version, you can extract it from the Info.plist file. However since CFBundleShortVersionString is difficult to compare, instead we can extract the CFBundleVersion, which is a number and can be easily compared against some other number.

versionWithTags=$(grep -A -1 "CFBundleVersion" /path/to/Info.plist | tail -1)

The above will return something like <string>429000149</string>. You can get rid of those tags with shell string manipulation alone.

versionTrimmed=${versionWithTags#*<string>}
version=${versionTrimmed%</string>*}

Now the $version will have the value of 429000149. You can then simply do:

[ $version -ge $minimumRequiredVersion ] && exit 0
Serge
  • 359
  • 2
  • 13
  • Thank you so much for this! I now have something that works which is amazing! Just onhe more thing, over the weekend I had found that I am able to obtain the exact product version by utilizing the following command line: defaults read /Applications/Sophos/Sophos\Endpoint.app/Contents/Info.plist CFBundleShortVersionString This returns literally the product version in this format: 10.4.7 Is there a simple line to put beneath that in order for it to exit if returning any lower values, and to proceed if that value is not met? Thak you so much for you rhelp on this!! MIke – user21327554 Mar 06 '23 at 13:19
  • Thank you so much everyone for your input and help with this, I really appreciate it! First post here - very helpful community!!! – user21327554 Mar 08 '23 at 09:18