This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Protection for Linux : Script to find or verify the installation of components

Hello everyone. 


Sophos protection for Linux installs multiple components, I see each and every location in /opt has binaries, However, I am not sure what components are installed. I understand that the components are installed as per our license, however, if there is a script to verify the installation of all the components, that would be a great help for us. 

Thank You.



This thread was automatically locked due to age.
Parents Reply Children
  • This is great, but I would like a bash script to verify that rather than me navigating to each location and checking to see if the file exists.


  • Hello Wanderer, 


    I can feel the pain in navigating to each location and verifying the files. I have created a custom bash script that should help you verify the files in each location. Also, the script checks the current condition of sophos-spl service.

    NOTE: Please note that break-fix or any kind of support for this script falls out of sophos support scope. Sophos support or any support services from Sophos do not apply to the script provided here.  

    Review the script before using. 


    #!/bin/bash
    SC="\e[31m"
    TC="\e[91m"
    EC="\e[0m"
    GRC="\e[32m"
    DIR1="/opt/sophos-spl/base/bin/versionedcopy"
    DIR2="/opt/sophos-spl/plugins/av/bin/avscanner"
    DIR3="/opt/sophos-spl/plugins/eventjournaler/bin/eventjournaler"
    DIR4="/opt/sophos-spl/plugins/runtimedetections/bin/runtimedetections"
    DIR5="/opt/sophos-spl/plugins/edr/bin/edr"
    DIR6="/opt/sophos-spl/plugins/liveresponse/bin/liveresponse"
    if [ -f "$DIR1" ];
    then
    	echo
    	echo -----------------------
    	echo Checking base component
    	echo -----------------------
    	echo
    	cat /opt/sophos-spl/base/VERSION.ini
    	echo
    	sleep 1
    else
    	echo -----------------------
            echo Checking base component
            echo -----------------------
    	echo 
    	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
    	echo -e $TC " $DIR1 not present"
    	echo -e $SC XXXXXXXXXXXXXXXXXXX $EC
    fi
    if [ -f "$DIR2" ];
    then
            echo
            echo --------------------------
            echo Checking avscanner plugin
            echo --------------------------
            echo
            cat /opt/sophos-spl/plugins/av/VERSION.ini
            echo
            sleep 1
    else
    
            echo --------------------------
            echo Checking avscanner plugin
            echo --------------------------
            echo
    	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
            echo -e $TC " $DIR2 not present"
    	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
    fi
    if [ -f "$DIR3" ];
    then
            echo
            echo ------------------------------
            echo Checking eventjournaler plugin
            echo ------------------------------
            echo
            cat /opt/sophos-spl/plugins/eventjournaler/VERSION.ini
            echo
            sleep 1
    else
    
            echo ------------------------------
            echo Checking eventjournaler plugin
            echo ------------------------------
            echo
    	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
            echo -e $TC " $DIR3 not present"
    	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
    fi
    if [ -f "$DIR4" ];
    then
            echo
            echo --------------------------------
            echo Checking runtimedetections plugin
            echo --------------------------------
            echo
            cat /opt/sophos-spl/plugins/runtimedetections/VERSION.ini
            echo
            sleep 1
    else
    
            echo --------------------------------
            echo Checking runtimedetections plugin
            echo --------------------------------
            echo
    	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC1
            echo -e $TC " $DIR4 not present"
    	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
    fi
    if [ -f "$DIR5" ];
    then
            echo
            echo -------------------
            echo Checking edr plugin
            echo -------------------
            echo
            cat /opt/sophos-spl/plugins/edr/VERSION.ini
            echo
            sleep 1
    else
    
            echo -------------------
            echo Checking edr plugin
            echo -------------------
            echo
    	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
            echo -e $TC " $DIR5 not present"
    	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
    fi
    if [ -f "$DIR6" ];
    then
            echo
            echo ----------------------------
            echo Checking liveresponse plugin
            echo ----------------------------
            echo
            cat /opt/sophos-spl/plugins/liveresponse/VERSION.ini
            echo
            sleep 1
    else
    
            echo ----------------------------
            echo Checking liveresponse plugin
            echo ----------------------------
            echo
    	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
            echo -e $TC " $DIR6 not present"
    	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
    fi
    sleep 2
    echo ---------------------------------
    echo Checking sopho-spl service status
    echo ---------------------------------
    systemctl list-unit-files > /tmp/splpresent
    if grep -q 'sophos-spl.service' /tmp/splpresent;
    then
            echo -e $GRC 'sophos-spl service present' $EC
            sleep 1
            echo Checking active status
            echo .
            sleep 1
            echo .
            sleep 1
            echo .
            systemctl status sophos-spl > /tmp/splsvcstatus
            sleep 1
            if grep -q 'Active: active' /tmp/splsvcstatus;  then
                    echo -e $GRC 'sophos-spl service is active' $EC
            elif grep -q 'Active: inactive' /tmp/splsvcstatus; then
                    echo -e $SC 'sophos-spl service is not active' $EC
            fi
    else
            systemctl status sophos-spl 2> /tmp/splnotfound
    
            if grep -q 'Unit sophos-spl.service could not be found' /tmp/splnotfound; then
                    echo -e $SC 'sophos-spl service could not be found' $EC
            fi
    fi
    
    
    
    

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

  • Ismail, This is next-level stuff.

    Wow, what an awe-inspiring amount of effort you have demonstrated. I am also so tremendously thankful to you.
    Appreciate it. :)