Ubuntu client - file/process/service version relevance

I’m having some trouble with some linux machines that were recently brought into our environment. We traditionally have been a Windows only shop so this may be purely down to my own lack of knowlege.

We run an AV product called EndGame which we can detect a service for and the version of the executable from Windows without a problem.

In the ubuntu machines, I can only get an analysis to report that the service is running but I am not able to get a version to report back. We opened a ticket with vendor and apparently the only way to display the version from the client OS is to run “sudo/usr/sbin/esensor --version”

I’m only aware of the basics for analysis like version of “file” or version of service “service”, I cannot figure out how to get this command converted to use in an analysis for reporting and I am wondering if Sudo is getting in the way or there is a way to call the version in the same fashion as from the guest os terminal.

Any insights are greatly appreciated!

When a specific inspector is not available, an option could be to let Bigfix run the command and parse the command output. First create a task to submit the command as shown in the folowing example (untested !):

delete /tmp/version.sh
createfile until myend
#!/bin/sh
/usr/sbin/esensor --version >> /tmp/version.txt
myend
move __createfile /tmp/version.sh
wait chmod +x /tmp/version.sh
wait /tmp/version.sh

The above action will create the file /tmp/version.txt with the version of your AV.
Now you can create a property that reads the file line and report the value in the BigFic Console. The following example (untested !) show the relevance of the property:

lines of file "/tmp/version.txt

I can’t be more precise here as I don’t know the actual output of the command, if it returns multiple strings, then you have to refine the “lines of file” inspector.

Hope it helps.

2 Likes

This is tremendously helpful! It’s not pretty but it should give us the information we want. Thank you!