Sophos Protection for Linux: Script to verify the installation of Sophos SPL components.

Disclaimer: Please contact Sophos Professional Services if you require assistance with your specific environment.

Overview

This article provides a bash script to find the versions of installed Sophos Protection Linux components and verify that all components are installed.  As Sophos Protection for Linux does not have a user interface to use to check this, you can use the script below instead. 

Applies to the following Sophos products and versions

Sophos Protection for Linux.

Code:

#!/bin/bash
SC="\e[31m"
TC="\e[91m"
EC="\e[0m"
GRC="\e[32m"
DIR1="/opt/sophos-spl/base/bin/versionedcopy"
DIR2="/opt/sophos-spl/plugins/av/bin/avscanner"
DIR3="/opt/sophos-spl/plugins/eventjournaler/bin/eventjournaler"
DIR4="/opt/sophos-spl/plugins/runtimedetections/bin/runtimedetections"
DIR5="/opt/sophos-spl/plugins/edr/bin/edr"
DIR6="/opt/sophos-spl/plugins/liveresponse/bin/liveresponse"
if [ -f "$DIR1" ];
then
	echo
	echo -----------------------
	echo Checking base component
	echo -----------------------
	echo
	cat /opt/sophos-spl/base/VERSION.ini
	echo
	sleep 1
else
	echo -----------------------
        echo Checking base component
        echo -----------------------
	echo 
	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
	echo -e $TC " $DIR1 not present"
	echo -e $SC XXXXXXXXXXXXXXXXXXX $EC
fi
if [ -f "$DIR2" ];
then
        echo
        echo --------------------------
        echo Checking avscanner plugin
        echo --------------------------
        echo
        cat /opt/sophos-spl/plugins/av/VERSION.ini
        echo
        sleep 1
else

        echo --------------------------
        echo Checking avscanner plugin
        echo --------------------------
        echo
	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
        echo -e $TC " $DIR2 not present"
	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
fi
if [ -f "$DIR3" ];
then
        echo
        echo ------------------------------
        echo Checking eventjournaler plugin
        echo ------------------------------
        echo
        cat /opt/sophos-spl/plugins/eventjournaler/VERSION.ini
        echo
        sleep 1
else

        echo ------------------------------
        echo Checking eventjournaler plugin
        echo ------------------------------
        echo
	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
        echo -e $TC " $DIR3 not present"
	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
fi
if [ -f "$DIR4" ];
then
        echo
        echo --------------------------------
        echo Checking runtimedetections plugin
        echo --------------------------------
        echo
        cat /opt/sophos-spl/plugins/runtimedetections/VERSION.ini
        echo
        sleep 1
else

        echo --------------------------------
        echo Checking runtimedetections plugin
        echo --------------------------------
        echo
	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC1
        echo -e $TC " $DIR4 not present"
	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
fi
if [ -f "$DIR5" ];
then
        echo
        echo -------------------
        echo Checking edr plugin
        echo -------------------
        echo
        cat /opt/sophos-spl/plugins/edr/VERSION.ini
        echo
        sleep 1
else

        echo -------------------
        echo Checking edr plugin
        echo -------------------
        echo
	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
        echo -e $TC " $DIR5 not present"
	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
fi
if [ -f "$DIR6" ];
then
        echo
        echo ----------------------------
        echo Checking liveresponse plugin
        echo ----------------------------
        echo
        cat /opt/sophos-spl/plugins/liveresponse/VERSION.ini
        echo
        sleep 1
else

        echo ----------------------------
        echo Checking liveresponse plugin
        echo ----------------------------
        echo
	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
        echo -e $TC " $DIR6 not present"
	echo -e $SC XXXXXXXXXXXXXXXXXXXX $EC
fi
sleep 2
echo ---------------------------------
echo Checking sopho-spl service status
echo ---------------------------------
rm -rf /tmp/splpresent
systemctl list-unit-files > /tmp/splpresent
if grep -q 'sophos-spl.service' /tmp/splpresent;
then
        echo -e $GRC 'sophos-spl service present' $EC
        sleep 1
        echo Checking active status
        echo .
        sleep 1
        echo .
        sleep 1
        echo .
        rm -rf /tmp/splsvcstatus
        systemctl status sophos-spl > /tmp/splsvcstatus
        sleep 1
        if grep -q 'Active: active' /tmp/splsvcstatus;  then
                echo -e $GRC 'sophos-spl service is active' $EC
        elif grep -q 'Active: inactive' /tmp/splsvcstatus; then
                echo -e $SC 'sophos-spl service is not active' $EC
        fi
else
        rm -rf /tmp/splnotfound
        systemctl status sophos-spl 2> /tmp/splnotfound

        if grep -q 'Unit sophos-spl.service could not be found' /tmp/splnotfound; then
                echo -e $SC 'sophos-spl service could not be found' $EC
        fi
fi

Run the Script to verify the installation of SPL components

NOTE: The components of Sophos Protection for Linux are installed according to the license. If your license is eligible to install all of the listed components and you do not see some present, please contact Sophos Support.

In Windows:

  1. If you are on a windows machine, open a notepad, copy the code, and save the file with an extension “.sh”
  2. Transfer it to any location in the Linux machine.
  3. Check the file permission by running the command
    root@ubuntus1:/tmp$ ls -l filename.sh
    -rw-rw-r-- root root 4395 Oct 10 20:35 filename.sh
  4. Change the file permission to add execute permission by running the below command
    root@ubuntus1:/tmp$ sudo chmod u+x filename.sh
  5. The permissions should look like
    root@ubuntus1:/tmp$ ls -l checkversion.sh
    -rwxrw-r-- root root 4395 Oct 10 20:35 filename.sh
  6. Now execute the file by entering ./filename.sh


In Linux

  1. If you are on a Linux machine, create a file by running the below command.
    touch filename.sh
  2. Edit the filename.sh using any editor of your choice like vi, vim or nano
  3. Save the file and change the file permission by following the below command
    sudo chmod u+x filename.sh
  4. Now execute the file by entering ./filename.sh


Script Output:
By running the script, it should display an output like the one seen in the screenshot below:
Note: The output is generated from a Linux machine running SPL version 1.2.0


 
If you are able to see the product name and the product version along with other build information, this confirms that the components are successfully installed.



Title formatting
[edited by: Qoosh at 12:06 AM (GMT -7) on 13 Oct 2022]