Linux custom compliance script returning null
raymix opened this issue · 2 comments
Hi folks
I noticed you guys have some Linux script samples uploaded here, so I am hoping you can shed some light. I've spent hours on this issue, but can't figure out how to get custom compliance script working on Ubuntu 20.04.
I found some logs for Intune app under /var/log/syslog but its output is not helpful.
Tried following your script example, but the Intune app returns null values, what am I missing here?
detection.sh
#!/bin/bash
#set -x
(
set -e
echo "{"testVar", "True"}"
)
ERROR_CODE=$?
if [ $ERROR_CODE -ne 0 ]; then
echo "There was an error. Please restart the script or contact your admin if the error persists."
exit $ERROR_CODE
fi
rules.json
{
"Rules":[
{
"SettingName":"testVar",
"Operator":"IsEquals",
"DataType":"Boolean",
"Operand":true,
"MoreInfoUrl":"https://bing.com",
"RemediationStrings":[
{
"Language": "en_US",
"Title": "test value: {ActualValue}",
"Description": "test description"
}
]
}
]
}
result:
Hey,
I had the same issue and fixed it as following:
detection.sh (output has to be JSON format)
... echo '{"testVar": "True"}' ...
rules.json
... "DataType":"String", "Operand":"True", ....
And i agree, the logging is really bad.
EDIT 13/02/2023: Microsoft has added official code examples last week, that are well explained.
@AdminOf: Thanks for your input, works after replacing comma with colon in bash output
Also, I completely forgot to install MS Edge, which was a mandatory requirement... and probably cause me to miss that during many trials and errors.
Thankfully we are not limited to using single quotes with echo, meaning that output can be efficiently generated using variables instead.
Troubleshooting and working examples:
Prerequisites: Microsoft Intune and MS Edge: https://github.com/microsoft/shell-intune-samples/blob/master/Linux/Misc/Enrollment%20Prep%20Script/LinuxIntuneEnrollmentPrep.sh
Limitations:
- If you are getting
nullvariables in title or description, make sure MS Edge is installed - If you are still getting
null, please remember that scripts run in much older#!/bin/dashor "POSIX-compatible" environment. Functions, arrays or appending do not work the same way it does in bash, so do yourself a favor and get shellcheck. It comes as a VSCode extension, if you're on Windows. - There is a rate limit to amount of refreshes you can do. If at some point it stops rendering issue text, close the Intune app and wait about 15-30 minutes.
- Refresh usually takes few seconds, but short refreshes with error means you are likely to be rate limited and seeing cached error.
- After uploading .sh and .json files to Intune, give it a minute to "burn in", changes are not exactly instant
- Might need to hit refresh couple of times for changes to show up
- If changes do not show up, try restarting Intune app. Often times it required me to log in again.
detection.sh
#!/bin/dash
#set +x
serviceStatus1="Running"
serviceStatus2="Not running"
serviceStatus3="Missing"
(
set -e
echo "{\"Service1\":\"$serviceStatus1\",\"Service2\":\"$serviceStatus2\",\"Service3\":\"$serviceStatus3\"}"
)rules.json
{
"Rules":[
{
"SettingName":"Service1",
"Operator":"IsEquals",
"DataType":"String",
"Operand":"Running",
"MoreInfoUrl":"https://bing.com",
"RemediationStrings":[
{
"Language": "en_US",
"Title": "Service1: {ActualValue}",
"Description": "Please contact IT to resolve"
}
]
},
{
"SettingName":"Service2",
"Operator":"IsEquals",
"DataType":"String",
"Operand":"Running",
"MoreInfoUrl":"https://bing.com",
"RemediationStrings":[
{
"Language": "en_US",
"Title": "Service2: {ActualValue}",
"Description": "Please contact IT to resolve"
}
]
},
{
"SettingName":"Service3",
"Operator":"IsEquals",
"DataType":"String",
"Operand":"Running",
"MoreInfoUrl":"https://bing.com",
"RemediationStrings":[
{
"Language": "en_US",
"Title": "Service3: {ActualValue}",
"Description": "Service is {ActualValue}!\nPlease run below command to resolve this:\n\nsudo apt install -y fortune && fortune"
}
]
}
]
}Screenshot:
