Merge PR#7 from koalatee

remove default python, allow option for bash Plus: From @MLBZ521 * Check if $python_path exists, if it doesn't fall back to `defaults read` * Add full path to binaries * Add a value check for $filter_state for the result from `defaults read`
2026-02-03 14:03:26 +00:00 · 2021-05-07 16:44:52 -07:00
parent 5985e0f5a4 f9c0632242
commit 29fe619ea2
1 changed files with 18 additions and 7 deletions
--- a/Attributes/jamf_ea_CrowdStrikeStatus.sh
+++ b/Attributes/jamf_ea_CrowdStrikeStatus.sh
@@ -4,7 +4,7 @@
 ###################################################################################################
 # Script Name:  jamf_ea_CrowdStrikeStatus.sh
 # By:  Zack Thompson / Created:  1/8/2019
-# Version:  2.4.0 / Updated:  3/16/2021 / By:  ZT
+# Version:  2.4.2 / Updated:  5/7/2021 / By:  ZT
 #
 # Description:  This script gets the configuration of the CrowdStrike Falcon Sensor, if installed.
 #
@@ -16,7 +16,8 @@ echo "Checking the Crowd Strike configuration..."
 ## Set variables for your environment

 # Set path to a Python3 framework
-python_path="/opt/ManagedFrameworks/Python.framework/Versions/Current/bin/python3"
+# If left blank, default shell will be used
+python_path=""

 # Set whether you want to remediate the Network Filter State
 # Only force enables if running macOS 11.3 or newer
@@ -237,23 +238,33 @@ fi
 if [[ $( /usr/bin/bc <<< "${csMajorMinorVersion} < 6.11" ) -eq 1 ]]; then

    # Get Network Filter State
-    # shellcheck disable=SC2016
-    filter_state=$( "${python_path}" -c 'import plistlib
+    if [[ -e "${python_path}" ]]; then
+
+        # shellcheck disable=SC2016
+        filter_state=$( "${python_path}" -c 'import plistlib
 with open("/Library/Preferences/com.apple.networkextension.plist", "rb") as plist:
    plist_contents = plistlib.load(plist)

 object_index = plist_contents.get("$objects").index("com.crowdstrike.falcon.App") + 1
 print(plist_contents.get("$objects")[object_index]["Enabled"])')

-    if [[ "${filter_state}" == "False" ]]; then
+    else
+
+        filter_state=$( /usr/bin/defaults read /Library/Preferences/com.apple.networkextension | /usr/bin/awk "/com.crowdstrike.falcon.App/,/identifier/" | /usr/bin/grep "Enabled" | /usr/bin/sed "s/[^0-9]//g" )
+
+    fi
+
+    if [[ "${filter_state}" == "False" || "${filter_state}" == "0" ]]; then

        if [[ "${remediate_network_filter}" == "true" ]]; then

            # Only force enable the network filter if running macOS 11.3 or newer
            if [[ $( /usr/bin/bc <<< "${osMajorVersion} >= 11" ) -eq 1 && $( /usr/bin/bc <<< "${osMinorPatchVersion} >= 3" ) -eq 1  ]]; then

-                "${falconctl}" enable-filter
+                # shellcheck disable=SC2034
+                enable_filter_results=$( "${falconctl}" enable-filter )
                cs_filter_exit_code=$?
+                # echo "enable_filter_results:  ${enable_filter_results}"

                if [[ $cs_filter_exit_code -ne 0 ]]; then

@@ -444,4 +455,4 @@ else

 fi

-exit 0
+exit 0