Script contains invalid reference to /usr/sbin Alert is inaccurate

andrewseago
Contributor

After looking through the scripts that were red flagged post upgrade to 9.81 it appears that the alert is inaccurate at best and does not have an obvious way to have it recheck. cee892b58d1b45e1a2aec8a959d45034

10 REPLIES 10

mm2270
Legendary Contributor III

Its odd that it would have flagged that script, if in fact the image above is how the script was pre upgrade. But just click the Dismiss button to the far right of the alert section on top. The alert will go away.

b48b0455f5e146758035071676c5a98c

Aziz
Valued Contributor

That's weird @mm2270, I never had a "Dismiss" option... I just cloned the script and it went away.

mm2270
Legendary Contributor III

Huh, really? That is weird. I've seen 2 JSS's now upgraded to either 9.8 or 9.81 and in both cases any alerts about the binary references always had the Dismiss button there we could click to make the message go away. Not sure why it wouldn't be showing up for everyone else's JSS.

john_miller
Contributor

Hey @andrewseago

Thanks for posting this. I'm not sure what the scan saw in the script that thought it needed updating. The scan looks at literal text vs actually executing something and analyzing it's output. We can take a look at it here.

Regarding rescanning - we didn't add a rescan function in. We basically wanted it to scan it once, show where there is potential changes needed, and then stop scanning. The decision was mostly made to not add the expense of scanning on a regular basis. Our thoughts were that changing the path is top of mind for this short time frame, but then won't need to happen again so didn't want to add functionality to continuously scan.

Let us know if there are some other issues we need to look into there. Thanks!

mm2270
Legendary Contributor III

@john.miller Any ideas on why some folks would not be seeing a "Dismiss" button in the bar with the alert message? I have seen it in every case of a script or policy needing to be updated. I found that I needed to click that even after changing the invalid references. My assumption is because of what you just mentioned, that the JSS does not rescan for the invalid references so there's no way for it to auto clear after the fact. Hence the need for the dismiss button. But if some folks aren't seeing that, how would they get rid of the messages?

RobertHammen
Valued Contributor II

I had one like that where the script wasn't wrong. I dismissed it.

There should have been a "re-check" command/button to make sure you'd gotten everything.

I think these are the MySQL commands they are using. Don't try this if you're not comfortable with the MySQL command-line interface:

select script_id, file_name from scripts where script_contents like "%/usr/sbin/jamf%";

select policy_id, name from policies where run_command like "%/usr/sbin/jamf%";

john_miller
Contributor

Hey @mm2270

Correct. The dismissal is explicit, and would need to get hit even after resolving the issues. We're looking into why some folks aren't seeing it.

joshuasee
Contributor III

For those of us who have this problem and are somewhat comfortable with hacking, can any give the URL structure of the dismiss button?

simon_heers
New Contributor
New Contributor

On not seeing the dismiss button:

https://jamfnation.jamfsoftware.com/discussion.html?id=17278

jaharmi
Contributor

Has anyone else noticed the notification appear when both /usr/sbin/jamf and /usr/local/bin/jamf appear in the script? That’s a slightly different kind of inaccuracy.

Fwiw, in current testing I’ve seen the “Dismiss” button, but I wasn’t watching out for it specifically.