Topic
  • 3 replies
  • Latest Post - ‏2014-10-25T02:56:48Z by JasonWalker
yakyak
yakyak
2 Posts

Pinned topic Analyses for a Service Not present

‏2014-05-08T16:52:34Z |

Recently we deployed Power Broker an want to do an Analyses against servers where the Service is not present. I've looked all through BF but can't find this analyses for Solaris / Unix. Any help creating an Alalyses would be much appreciated. the Service for Power Broker is named lwsmd and is in the directory /opt/pbis/sbin/

 

  • JasonWalker
    JasonWalker
    51 Posts
    ACCEPTED ANSWER

    Re: Analyses for a Service Not present

    ‏2014-10-25T02:56:48Z  
    • yakyak
    • ‏2014-10-23T13:46:34Z

    Sorry for the delay in response.

    I was able to run the following Analyses

    exists process whose (name of it as string as lowercase = "lwsmd")

    Now I have an issue where we have several hosts that have more then 15 characters in the hostname. These hosts cannot join AD but have the software installed and are reporting to my analyses for lwsmd as "True"

    Now I'm trying to write an analyses that would report back "False" if there was no response to the following command in the Domain= field. If the host has successfully joined AD the Domain= field will display the domain ourdomain.this.gov

    root@d0-hostname15+# /opt/pbis/bin/domainjoin-cli query

    Name = hostname15+
    Domain = 

    You can approach this a couple of different ways.  The simplest check might be to use BigFix itself to check the hostname length - you could use this in a Fixlet relevance or Analysis property -

    length of hostname > 15
    

    Otherwise, you could create a Task to execute the domainjoin-cli command, save the output to a file, and then parse the results of the file in an Analysis.  Forgive me if this needs some tweaking, I don't have a Linux host in front of me right now -

    // Relevance:
    (it contains "solaris" or it contains "unix") of name of operating system as lowercase
    AND
    exists file "/opt/pbis/bin/domainjoin-cli"
    
    //ActionScript
    
    delete __createfile
    createfile until <eof>
        #!/bin/sh
        /opt/pbis/bin/domainjoin-cli query > /{data folder of client}/domainjoin-cli-query.out
    <eof>
    
    delete domainjoin-query.sh
    waithidden chmod +x domainjoin-query.sh
    waithidden /bin/sh domainjoin-query.sh
    

    Then, you could have an Analysis parse the output file -

    // Relevance:
    
    (it contains "solaris" or it contains "unix") of name of operating system as lowercase
    AND
    exists file "domainjoin-cli-query.out" of data folder of client
    
    // Parse Results - maybe you want this in a Fixlet Relevance, or as an Analysis Result
    
    exists (lines of file "domainjoin-cli-query.out" of data folder of client) whose (it contains "Domain" AND it as trimmed string = "Domain =")
    

     

  • jgstew
    jgstew
    410 Posts

    Re: Analyses for a Service Not present

    ‏2014-05-15T13:59:26Z  

     

    Could you just look if the file exists?  or also check if the process is running?

     

  • yakyak
    yakyak
    2 Posts

    Re: Analyses for a Service Not present

    ‏2014-10-23T13:46:34Z  
    • jgstew
    • ‏2014-05-15T13:59:26Z

     

    Could you just look if the file exists?  or also check if the process is running?

     

    Sorry for the delay in response.

    I was able to run the following Analyses

    exists process whose (name of it as string as lowercase = "lwsmd")

    Now I have an issue where we have several hosts that have more then 15 characters in the hostname. These hosts cannot join AD but have the software installed and are reporting to my analyses for lwsmd as "True"

    Now I'm trying to write an analyses that would report back "False" if there was no response to the following command in the Domain= field. If the host has successfully joined AD the Domain= field will display the domain ourdomain.this.gov

    root@d0-hostname15+# /opt/pbis/bin/domainjoin-cli query

    Name = hostname15+
    Domain = 
  • JasonWalker
    JasonWalker
    51 Posts

    Re: Analyses for a Service Not present

    ‏2014-10-25T02:56:48Z  
    • yakyak
    • ‏2014-10-23T13:46:34Z

    Sorry for the delay in response.

    I was able to run the following Analyses

    exists process whose (name of it as string as lowercase = "lwsmd")

    Now I have an issue where we have several hosts that have more then 15 characters in the hostname. These hosts cannot join AD but have the software installed and are reporting to my analyses for lwsmd as "True"

    Now I'm trying to write an analyses that would report back "False" if there was no response to the following command in the Domain= field. If the host has successfully joined AD the Domain= field will display the domain ourdomain.this.gov

    root@d0-hostname15+# /opt/pbis/bin/domainjoin-cli query

    Name = hostname15+
    Domain = 

    You can approach this a couple of different ways.  The simplest check might be to use BigFix itself to check the hostname length - you could use this in a Fixlet relevance or Analysis property -

    length of hostname > 15
    

    Otherwise, you could create a Task to execute the domainjoin-cli command, save the output to a file, and then parse the results of the file in an Analysis.  Forgive me if this needs some tweaking, I don't have a Linux host in front of me right now -

    // Relevance:
    (it contains "solaris" or it contains "unix") of name of operating system as lowercase
    AND
    exists file "/opt/pbis/bin/domainjoin-cli"
    
    //ActionScript
    
    delete __createfile
    createfile until <eof>
        #!/bin/sh
        /opt/pbis/bin/domainjoin-cli query > /{data folder of client}/domainjoin-cli-query.out
    <eof>
    
    delete domainjoin-query.sh
    waithidden chmod +x domainjoin-query.sh
    waithidden /bin/sh domainjoin-query.sh
    

    Then, you could have an Analysis parse the output file -

    // Relevance:
    
    (it contains "solaris" or it contains "unix") of name of operating system as lowercase
    AND
    exists file "domainjoin-cli-query.out" of data folder of client
    
    // Parse Results - maybe you want this in a Fixlet Relevance, or as an Analysis Result
    
    exists (lines of file "domainjoin-cli-query.out" of data folder of client) whose (it contains "Domain" AND it as trimmed string = "Domain =")