A method to check for a value and take an action with a jamf policy

We Came Across The West Sea

We have a need to use login hooks to change some settings and build a specific user environment on some of our devices, but because they are enrolled in jamfpro this overwrites the login hooks setting. To overcome this I created a package that has modifed login and logout hooks that calls what we want then calls what jamf wants.

We Used Our Hands For Guidance

So simple enough when the device gets built a package copies the replacement loginhook scripts down and replaces the jamf ones. Job done. Well maybe for a while anyway.

Like A Dry Tree Seeking Water

That is until the device gets re-enrolled by someone or jamf gets upgraded. Either of these replaces the management framework and breaks the scripts that are used.

So how to fix this, by magic? My name isn’t David Copperfield so no, I’ll just use the mighty Bash.

An Angel Came From Outside

Whilst this happens the jamf agent still works so polices can still be deployed so self healing is a doddle.

Our modified loginhook file has a line to call our script so all that is needed is to check for the existence of the line and send a jamf event trigger to deploy the package if it’s not.

He Spoke Of Brothers Many

Lets get to the nitty gritty then. I decided to write a script that could be used to;

  • check the existence of a file
  • check the existence of a text string in the file
  • have a check value, exists or not exists
  • trigger a policy
  • all the options settable in the policy allowing reuse without changing the script

Wine And Women Song A Plenty

firstly lets get the variables in

# fileNameToCheck  is the full path and the file name
fileNameToCheck="$4"
# the string to look for
textToCheck="$5"
# call a policy based upon the result
policyTriggerToCall="$6"
#echo "$6"
# what number represents an invalid state required to 
# trigger the policy. if value is there the answer is 1
# if not then the value is 0. Set this to be the opposite value to whatever is valid.
isInValid="$7"

Fairly self explanitory except maybe $7. This one is used after a grep -c statement so if $5 is there the result is 1.  If you need to check for the text not being there to trigger the policy set this to 0. If you want the text to not be there set it to 0.

He Began To Write A Chapter

So lets check the file exists, fairly crucial.

checkFileExists(){
	if [ ! -f "$fileNameToCheck" ]; then
		takeAction
		exit 0
	fi
}

So if the file doesn’t even exist this is hard set to call the policy.

Now lets check the text state

checkFile() {
# checks the file and returns answer as a 1 or 0
trueOrFalse=$(cat "$fileNameToCheck" | grep -c "$textToCheck")
}

Now to check if it needs to do something

isValid() {
	if [ "$isInValid" == "$trueOrFalse" ]; then
		takeAction
	else
		echo "check for $textToCheck passed, NFA"
	fi

}

So that’s all the checking done.

Nice ‘N’ Sleazy Does It

Time to do some stuff now if required.

takeAction() {
# put whatever action you need in here

# calls the policy as a separate process and allows the script to exit 
 secho "Doing the action bit... hang tight!"
$jamfBinary policy -event $policyTriggerToCall &

}

So thats it really. The actual lines calling it are simple enough

checkFileExists

checkFile

isValid

I set it up in a policy to run daily as a check and self fix when required.

Does It Every Time

As usual the full script is in my github site with the extra bits not mentioned in this article.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s