Jamf Nation Community

jubei · ‎04-17-2015

So a strange thing is happening post 10.10.3. My extension attribute that returns the version of Cisco AnyConnect is broken. It appears that 10.10.2 clients are checking in and reporting the correct version. Since I have policies tied to this, I need to get it working.

Here's the extension attribute code:

#!/bin/sh

#Check to see if Cisco AnyConnect is installed
$plist="/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Info.plist"

if [[ -f $plist ]]; then    
    result=`/usr/bin/defaults read /Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Info.plist CFBundleShortVersionString`
    echo "<result>$result</result>"
else
    echo "<result>Not installed</result>"
fi

If I run this as a script, it fails as well. It appears that it's failing because the

if -f

statement is broken. I thought it might be permissions but it fails even running with sudo. What's strange is, I have a similar extension attribute for checking the McAfee version that I got from JAMF. That one is working. The only thing that's different is, the McAfee app sits in /Applications. I moved the Cisco app to the /Applications folder thinking that could have something to do with it and that too fails.

Even stranger - if I run

result=`/usr/bin/defaults read /Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Info.plist CFBundleShortVersionString`

echo $result

that works perfectly!

Has anyone run into something like this?

mm2270 · ‎04-17-2015

Hi.

I see you're using a combination of both double quotes and backslashes in this variable

$plist="/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Info.plist"

This isn't going to work, and I'm surprised it ever did. You want to use either one or the other, not both. The backslashes are needed to escape spaces if you don't surround the path in double quotes, but would be unnecessary if you are surrounding it in quotes. The way it is now, its not seeing the plist file because you are actually telling it the backslashes are literal characters in the path to the plist (which isn't true of course), so as you guessed, its failing on the if -f syntax.
I would suggest dropping all the backslashes and go with the double quotes, but removing the start and end double quotes should also work. So, something like this instead-

$plist="/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Info.plist"

Hope that helps.

jubei · ‎04-17-2015

I had tried both ways thinking the same as you. It fails even with it just in quotes or with a backslash. Btw, I should say that I cleaned up that code before posting it and actually added the backslashes inside the quotes during my testing. Before I posted it, it was just in quotes (I copied the code from the McAfee Extension Attrib from JAMF).

Even if I put that one $plist line in terminal it fails:

If I just run the defaults read:

mm2270 · ‎04-17-2015

Alright, I'm seeing the actual issue now (didn't catch it before). You set the variable as a variable before its actually a variable :)
What I mean is, set it like:
plist="/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Info.plist"
You don't need the $ in front of the name for that line because that is defining or declaring the variable. Once you use it in the if [ -f statement, THEN put the $ in front of it.

Here's the modified script

#!/bin/sh

#Check to see if Cisco AnyConnect is installed
plist="/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Info.plist"

if [[ -f "$plist" ]]; then    
    result=`/usr/bin/defaults read /Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app/Contents/Info.plist CFBundleShortVersionString`
    echo "<result>$result</result>"
else
    echo "<result>Not installed</result>"
fi

Besides all this, I didn't think to even ask, but is there a reason you're capturing the version in an EA instead of just relying on built in application inventory? AnyConnect lives in the main /Applications folder, so it will be part of the standard app inventory

jubei · ‎04-17-2015

@mm2270 I am a complete dummy! Holy cow...I've been scripting in BASH for many years I assure you and that one typo.....thank you! Also, I blame Powershell where you do have to declare a variable with a $. I frequently go between both languages.

As for why it's an extension attribute...I thought that was the only way to get the version in a reportable fashion in the first screen of an account, no? I kind of look at it as a snapshot. I created a smart group from it out of habit too. Again, dumb move. I forgot that I could do Application Title and Application Version in a smart group. I just corrected my mistake. Thank you again!

jhbush · ‎04-17-2015

I'm not sure why I do it this way, but here's another version.

#!/bin/sh

if [ -d /Applications/Cisco ] ; then
    RESULT=$( cat /opt/cisco/anyconnect/ACManifestVPN.xml | grep "file version" | awk '{print $2}' | cut -d= -f2 | sed 's/"//g' )
    echo "<result>$RESULT</result>"
else
    echo "<result>Not Installed</result>"
fi

mm2270 · ‎04-18-2015

Hi Jason,

Just in case you're interested, if you want to pull the version from that xml file, you don't need to use all those commands. One awk pointed at the file can do it. Like this-

awk -F'"' '/file version/{print $2}' /opt/cisco/anyconnect/ACManifestVPN.xml

On my Mac, that returns:
3.1.04074

jhbush · ‎04-18-2015

@mm2270 thanks most appreciated.

Jamf Nation Community

Cisco AnyConnect Version Extension Attribute broken in 10.10.3