Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Overview
This article provides a bash script to find the versions of installed Sophos Protection Linux components and verify that all components are installed. As Sophos Protection for Linux does not have a user interface to use to check this, you can use the script below instead.
Applies to the following Sophos products and versions
Sophos Protection for Linux.
Code:
#!/bin/bash
SC="\e[31m"
TC="\e[91m"
EC="\e[0m"
GRC="\e[32m"
DIR1="/opt/sophos-spl/base/bin/versionedcopy"
DIR2="/opt/sophos-spl/plugins/av/bin/avscanner"
DIR3="/opt/sophos-spl/plugins/eventjournaler/bin/eventjournaler"
DIR4="/opt/sophos-spl/plugins/runtimedetections/bin/runtimedetections"
DIR5="/opt/sophos-spl/plugins/edr/bin/edr"
DIR6="/opt/sophos-spl/plugins/liveresponse/bin/liveresponse"
if [ -f "$DIR1" ];
then
echo
echo -----------------------
echo Checking base component
echo -----------------------
echo
cat /opt/sophos-spl/base/VERSION.ini
echo
sleep 1
else
echo -----------------------
echo Checking base component
echo -----------------------
echo
echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
echo -e $TC " $DIR1 not present"
echo -e $SC XXXXXXXXXXXXXXXXXXX $EC
fi
if [ -f "$DIR2" ];
then
echo
echo --------------------------
echo Checking avscanner plugin
echo --------------------------
echo
cat /opt/sophos-spl/plugins/av/VERSION.ini
echo
sleep 1
else
echo --------------------------
echo Checking avscanner plugin
echo --------------------------
echo
echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
echo -e $TC " $DIR2 not present"
echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
fi
if [ -f "$DIR3" ];
then
echo
echo ------------------------------
echo Checking eventjournaler plugin
echo ------------------------------
echo
cat /opt/sophos-spl/plugins/eventjournaler/VERSION.ini
echo
sleep 1
else
echo ------------------------------
echo Checking eventjournaler plugin
echo ------------------------------
echo
echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
echo -e $TC " $DIR3 not present"
echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
fi
if [ -f "$DIR4" ];
then
echo
echo --------------------------------
echo Checking runtimedetections plugin
echo --------------------------------
echo
cat /opt/sophos-spl/plugins/runtimedetections/VERSION.ini
echo
sleep 1
else
echo --------------------------------
echo Checking runtimedetections plugin
echo --------------------------------
echo
echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC1
echo -e $TC " $DIR4 not present"
echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
fi
if [ -f "$DIR5" ];
then
echo
echo -------------------
echo Checking edr plugin
echo -------------------
echo
cat /opt/sophos-spl/plugins/edr/VERSION.ini
echo
sleep 1
else
echo -------------------
echo Checking edr plugin
echo -------------------
echo
echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
echo -e $TC " $DIR5 not present"
echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
fi
if [ -f "$DIR6" ];
then
echo
echo ----------------------------
echo Checking liveresponse plugin
echo ----------------------------
echo
cat /opt/sophos-spl/plugins/liveresponse/VERSION.ini
echo
sleep 1
else
echo ----------------------------
echo Checking liveresponse plugin
echo ----------------------------
echo
echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
echo -e $TC " $DIR6 not present"
echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
fi
sleep 2
echo ---------------------------------
echo Checking sopho-spl service status
echo ---------------------------------
rm -rf /tmp/splpresent
systemctl list-unit-files > /tmp/splpresent
if grep -q 'sophos-spl.service' /tmp/splpresent;
then
echo -e $GRC 'sophos-spl service present' $EC
sleep 1
echo Checking active status
echo .
sleep 1
echo .
sleep 1
echo .
rm -rf /tmp/splsvcstatus
systemctl status sophos-spl > /tmp/splsvcstatus
sleep 1
if grep -q 'Active: active' /tmp/splsvcstatus; then
echo -e $GRC 'sophos-spl service is active' $EC
elif grep -q 'Active: inactive' /tmp/splsvcstatus; then
echo -e $SC 'sophos-spl service is not active' $EC
fi
else
rm -rf /tmp/splnotfound
systemctl status sophos-spl 2> /tmp/splnotfound
if grep -q 'Unit sophos-spl.service could not be found' /tmp/splnotfound; then
echo -e $SC 'sophos-spl service could not be found' $EC
fi
fi
Run the Script to verify the installation of SPL components
NOTE: The components of Sophos Protection for Linux are installed according to the license. If your license is eligible to install all of the listed components and you do not see some present, please contact Sophos Support.
In Windows:
- If you are on a windows machine, open a notepad, copy the code, and save the file with an extension “.sh”
- Transfer it to any location in the Linux machine.
- Check the file permission by running the command
root@ubuntus1:/tmp$ ls -l filename.sh
-rw-rw-r-- root root 4395 Oct 10 20:35 filename.sh - Change the file permission to add execute permission by running the below command
root@ubuntus1:/tmp$ sudo chmod u+x filename.sh - The permissions should look like
root@ubuntus1:/tmp$ ls -l checkversion.sh
-rwxrw-r-- root root 4395 Oct 10 20:35 filename.sh - Now execute the file by entering ./filename.sh
In Linux
- If you are on a Linux machine, create a file by running the below command.
touch filename.sh - Edit the filename.sh using any editor of your choice like vi, vim or nano
- Save the file and change the file permission by following the below command
sudo chmod u+x filename.sh - Now execute the file by entering ./filename.sh
Script Output:
By running the script, it should display an output like the one seen in the screenshot below:
Note: The output is generated from a Linux machine running SPL version 1.2.0
If you are able to see the product name and the product version along with other build information, this confirms that the components are successfully installed.
Updated disclaimer
[edited by: Qoosh at 9:29 PM (GMT -7) on 31 Mar 2023]