This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
BladeLogic Server Automation Suite
BMC BladeLogic Server Automation Suite
When running a compliance job, the job generates the following warning:
truncated data from job result for rule Find unauthorized SUID/SGID system executablesThe affected template and rule may vary. The target lists as failed in the run details and there is no server view created for the server.
This is due to a compliance rule finding too many non-compliant assets for BSA to process, hence the result is truncated.
In this example the compliance check found an overly high number of files or folders with SUID/SGID set, but any rule potentially capable of detecting large amounts of non-compliant assets can be affected by this.
There are a couple methods to address this issue:
Increase the value of ComplianceResultMaxNumberOfAssets in blasadmin:
blasadmin -s <instance name> set app ComplianceResultMaxNumberOfAssets <number>This may have a performance impact on the compliance job.
Alternatively to eliminate the warning, the number of assets impacted by the rule must be reduced. In the case of this particular rule you can this is done by excluding file system paths from the scan that are known to contain a large number of non-compliant assets. The local extended objects used by most CIS Compliance rules leverage the EXCLUDED_DIR server property to exclude specific paths from the scan.
For other Extended Objects that return a large number of results you must investigate how to reduce the number of results. For example, instead of listing out the non-compliant assets with the Extended Object you could change the EO to show a pass/fail state or a count of failed objects and perform the compliance rule check based on that output. Or split the Extended Object into separate parts.