slack - :lock: Security Health Status.sh

# This is the script content of a Jamf Pro Extension Attribute called
# "slack - :lock: Security Health Status"
# Because it has "slack -" in its title, our /jamf Slack app will display the output of its results in each Mac's health summary report.
# It checks to see if the Mac has SIP and FV enabled and is running the required 3rd party AV agent 
# Based on the results, it displays the appropriate emoji and also provides appropriate links to relevant kb articles or Jamf Self Service policies.
# Author: @taniacomputer
# Last modified: 4/12/2019

#!/bin/bash

# Self Service URL for the 3rd party antivirus agent
AV_URL="jamfselfservice://content?entity=policy&id=123&action=execute"
summary=""

# Item 1: System Integrity Protection Status
sip_status=$(csrutil status | grep "enabled")
if [[ -z "$sip_status" ]] 
then
	summary="$summary
⚠️ SIP (System Integrity Protection) is disabled
Please contact #ops to resolve ASAP.
<https://support.apple.com/en-au/HT204899|About SIP>"
else
	summary="$summary
✅ SIP (System Integrity Protection) is enabled
<https://support.apple.com/en-au/HT204899|About SIP>"
fi

# Item 2: FV Status
encryptCheck=$(fdesetup status | grep "FileVault is On.")
if [[ -z "$encryptCheck" ]] 
then
summary="$summary
⚠️ FileVault is disabled
Please contact #ops to resolve
<https://support.apple.com/en-au/HT204837|About FileVault>"
else
summary="$summary
✅ FileVault is enabled
<https://support.apple.com/en-au/HT204837|About FileVault>"
fi

# Item 3: AntiVirus Agent Status
av_running=$(launchctl list | grep com.example_av.daemon)
if [[ -z "$av_running" ]]
then
summary="$summary
⚠️ AV Agent not running.
<$AV_URL|Install>"
else
summary="$summary
✅ AV Agent running.
<$AV_URL|Reinstall>"
fi

echo "<result>$summary</result>"