Ubuntu client - file/process/service version relevance

I’m having some trouble with some linux machines that were recently brought into our environment. We traditionally have been a Windows only shop so this may be purely down to my own lack of knowlege.

We run an AV product called EndGame which we can detect a service for and the version of the executable from Windows without a problem.

In the ubuntu machines, I can only get an analysis to report that the service is running but I am not able to get a version to report back. We opened a ticket with vendor and apparently the only way to display the version from the client OS is to run “sudo/usr/sbin/esensor --version”

I’m only aware of the basics for analysis like version of “file” or version of service “service”, I cannot figure out how to get this command converted to use in an analysis for reporting and I am wondering if Sudo is getting in the way or there is a way to call the version in the same fashion as from the guest os terminal.

Any insights are greatly appreciated!

When a specific inspector is not available, an option could be to let Bigfix run the command and parse the command output. First create a task to submit the command as shown in the folowing example (untested !):

delete /tmp/version.sh
createfile until myend
/usr/sbin/esensor --version >> /tmp/version.txt
move __createfile /tmp/version.sh
wait chmod +x /tmp/version.sh
wait /tmp/version.sh

The above action will create the file /tmp/version.txt with the version of your AV.
Now you can create a property that reads the file line and report the value in the BigFic Console. The following example (untested !) show the relevance of the property:

lines of file "/tmp/version.txt

I can’t be more precise here as I don’t know the actual output of the command, if it returns multiple strings, then you have to refine the “lines of file” inspector.

Hope it helps.


This is tremendously helpful! It’s not pretty but it should give us the information we want. Thank you!