Mac OS X Shell Script

(imported topic written by SystemAdmin)

I’m attempting to run a shell script with BES Client (6.0.9.55) on Mac OS X (10.4.10) that outputs to a file and then retreive the results through a property. The script is proof of concept only:

#!/bin/sh

rm findme.txt

traceroute xxx.xxx.xxx.xxx> findme.txt

  • Am I on the right track with the “Execute it, Retrieve it later” approach?

  • (*nix newbie alert!!!) Is there a better location I should use for the output file (and what’s the BigFix language to get me there)?

  • What is the BF language to retreive the file created in the “\Library\Application Support\BigFix\BES Agent__BES Data\actionsite” folder? I tried “content of file “findme.txt” of client folder of current site” but that returns “”.

Thanks,

Rames

(imported comment written by Doug_Coburn)

Hi Rames,

That script should work so I don’t see a problem with that aspect of it. What I would recommend though is renaming the file to __findme.txt as this should keep it from being deleted. After that it is pretty easy to retrieve the information via a retrieved property with something like:

if (exists file ((pathname of client folder of site “ActionSite” as string) & “/__findme.txt”)) then (lines of file ((pathname of client folder of site “ActionSite” as string) & “__findme.txt”)) else (“No Trace”)

Let me know if you have any questions,

Doug

(imported comment written by SystemAdmin)

Perfect! Thank you for your assistance. As it turns our we have had a few of our Macs stolen and a couple of them are still reporting in occasionally. The problem is they’re using private IP addresses. So … we thought we’d get the computers to perform a traceroute back to us so we can pass along their ISP addresses to the detective we’re working with. Here’s what we ended up with in case anyone is interested …

Task:

Relevance:

(it contains “mac os x”) of (name of operating system as lowercase)

Action: Script Type: sh

#!/bin/sh

rm __findme.txt

date > __findme.txt

system_profiler SPHardwareDataType >> __findme.txt

traceroute 204.129.123.250 >> __findme.txt

Execution:

Repeat every 6 hours

Analyses:

Relevance:

(it contains “mac os x”) of (name of operating system as lowercase) and exists file ((pathname of client folder of site “ActionSite” as string) & “/__findme.txt”)

Property:

if (exists file ((pathname of client folder of site “ActionSite” as string) & “/__findme.txt”)) then (lines of file ((pathname of client folder of site “ActionSite” as string) & “/__findme.txt”)) else (“No Trace”)

(imported comment written by SystemAdmin)

Another thread (http://forum.bigfix.com/viewtopic.php?id=2112) reminded me to post this follow up. We were able to recover a stolen computer using BigFix but not in the manner you might imagine.

I was not directly involved in the conversation with local law enforcement but we provided information that should have been sufficient (dates, times, serial numbers, and traceroutes back to us from a stolen computer that was put online). I was told the ISP (a large well known provider) told the detectives they could not provide account information based on the information provided.

So, we put together a task that displayed a message on the computer (Stolen Computer Alert! This computer was stolen from xxxxxx. In order to avoid prosecution call xxx-xxxx immediately) then would shutdown the computer once the message was acknowledged. We got a call within hours and had our computer back the next day.

(imported comment written by BenKus)

That is very nice… Thanks for posting rames…

(imported comment written by SystemAdmin)

I should mention “they” said it was a craigs list purchase and they didn’t know it was stolen when the bought it. I’ll have to find out if our asset tag was still attached :slight_smile:

(imported comment written by SystemAdmin)

rames

So, we put together a task that displayed a message on the computer (Stolen Computer Alert! This computer was stolen from xxxxxx. In order to avoid prosecution call xxx-xxxx immediately) then would shutdown the computer once the message was acknowledged. We got a call within hours and had our computer back the next day.

Brilliant!