1 2 Previous Next 22 Replies Latest reply on Apr 23, 2019 4:26 AM by Ana Lorite Go to original post
      • 15. Re: Error updating TKU with an obsolete module pattern
        Ana Lorite

        Hi Andrew Waters

         

        Yes, I realized that. Thanks for your help.

         

        Ana.

        • 16. Re: Error updating TKU with an obsolete module pattern
          Ana Lorite

          Hi Bob Anderson

           

          First of all, thank for your time and your help.

           

          As I mentioned before, I realized my pattern was wrong and, the worst thing, very inefficient. So I thought the correct way could be to use the same tigger conditions. So thanks!

           

          And I had that question. One overriding pattern or two ones? I mean

           

          Pattern:

           

          from IBM.TivoliSecurityComplianceManager import TivoliSCMClient 1.0;

          from IBM.TivoliSecurityComplianceManager import TivoliSCMServer 1.0;

           

          pattern TivoliSecurityComplianceManagerOverrided 1.1

          """

          """

          overview

          tags overrided, Tivoli;

          overrides TivoliSCMClient,TivoliSCMServer;

          end overview;

           

          vs

           

          Pattern 1

           

          from IBM.TivoliSecurityComplianceManager import TivoliSCMClient 1.0;

           

          pattern TivoliSecurityComplianceManagerOverrided 1.1

          """

          """

          overview

               tags overrided, Tivoli;

               overrides TivoliSCMClient;

          end overview;

           

          Pattern 2

           

          from IBM.TivoliSecurityComplianceManager import TivoliSCMServer 1.0;

           

          pattern TivoliSecurityComplianceManagerOverrided 1.1

          """

          """

          overview

          tags overrided, Tivoli;

          overrides TivoliSCMServer;

          end overview;

           

          Thanks again for your help.

           

          Regards,

           

          Ana.

          • 17. Re: Error updating TKU with an obsolete module pattern
            Ana Lorite

            Hi Bernard Stern

             

            Thanks for your time and for your help. The thing is I don't want to modify the pattern but inactive it. And I suppose I can get it modifying it and doing nothing in the body statement.

             

            It's very interesting the process you describe but I have a question.

             

            The premise is:

             

            1. OTTB pattern
            2. CUSTOM pattern (the same version and discovery will show something like this:

                          

             

            Right?

             

            So, what will happen when I update the TKU? Will be the custom ones active??

             

            Thank you!!

             

            Regards,

             

            Ana.

            • 18. Re: Error updating TKU with an obsolete module pattern
              Ana Lorite

              Hi all,

               

              Finally, I defined two patterns like this:

               

              tpl 1.12 module BKGS.Override;

               

              metadata

                  [...]

              end metadata;

               

              from IBM.TivoliSecurityComplianceManager import TivoliSCMClient 1.0;

              from IBM.TivoliSecurityComplianceManager import TivoliSCMServer 1.0;

               

              pattern TivoliSCMClientOverrided 1.0

              """

              """

              overview

                   tags [...]

                   overrides TivoliSCMClient;

              end overview;

               

              triggers

              on process := DiscoveredProcess where cmd matches regex "(?i)\bjava(?:\.exe)?$"

                                                                          and

                                                                          (args matches regex "(?i)com\.ibm\.scm\.client\.SCMClient"

                                                                          or

                                                                          args matches regex "(?i)com/ibm/scm/client/SCMClient");

              end triggers;

              body

              log.info("overriding TivoliSCMClient. Do nothing");

              end body;

               

              end pattern;

               

               

              pattern TivoliSCMServerOverrided 1.0

              """

              """

              overview

                   tags [...]

                   overrides TivoliSCMServer;

              end overview;

               

                  triggers

                      on process := DiscoveredProcess where cmd matches regex "(?i)\bjava(?:\.exe)?$"

                                                                          and

                                                                          (args matches regex "(?i)com\.ibm\.jac\.server\.BootStrap"

                                                                          or

                                                                          args matches regex "(?i)com/ibm/jac/server/BootStrap");

                  end triggers;

              body

                   log.info("overriding TivoliSCMServer. Do nothing");

              end body;

              end pattern;

               

              But this overriding doesn't work. Let me share with you some logs:

               

              • Logs from IBM.TivoliSecurityComplianceManager.TivoliSCMClient pattern:

              engine.pattern.IBM.TivoliSecurityComplianceManager.TivoliSCMClient: INFO: IBM Tivoli Security Compliance Manager Client 5.1 on dascmpro02: SI created

               

              • Logs from BKGS.Override.TivoliSCMClientOverrided pattern:

              engine.pattern.BKGS.Override.TivoliSCMClient_Custom: INFO: overriding TivoliSCMClient. Do nothing

               

              So, the IBM.TivoliSecurityComplianceManager.TivoliSCMClient pattern is triggering and doing things.

               

              What is it wrong?

               

              Thanks in advance.

               

              Ana.

              • 19. Re: Error updating TKU with an obsolete module pattern
                Bernard Stern

                Hello Ana Lorite

                 

                Not exactly. Here you see there are 4 inactive BMC modules. For each of those, we have made a tiny modification like explained before.

                 

                pic1.png

                 

                The inactive BMC module looks like this:

                 

                pic2.png

                 

                Wheras the active CUSTOM module looks like this:

                 

                pic3.png

                We have 400+ modules we gather in a CUSTOM upload similarly to BMC in a ZIP archive. This an almost fully automated process:

                 

                1. Generate a new CUSTOM TKU ZIP archive, including the modification of the 4 BMC modules. See CUTUG - Custom TKU Update Generator

                2. Upload the CUSTOM TKU as you would do with a BMC TKU.

                 

                Whenever you upload a module with the same version, the last uploaded one gets active and the other ones are inactive.

                 

                So when I upload a new BMC TKU (monthly), the original BMC ASE Base discovery module gets activated, deactivating the slightly modified CUSTOM ASE Base discovery module. In this case I generate a new CUSTOM TKU ZIP (1 above) and upload it (2 above). This might sound a bit complicated but in fact it's all very simple given the right tools. For this part of the job I wrote another tool, see ATOS - ADDM TKUs On Steroids .

                 

                Hope this helps.

                 

                Bernard

                2 of 2 people found this helpful
                • 20. Re: Error updating TKU with an obsolete module pattern
                  Ana Lorite

                  Hi

                   

                  I cannot see the screen captures you attached I see something like this:

                   

                   

                  Very impressive tools!! Thank you very very much for sharing! I really appreciate this

                  • 21. Re: Error updating TKU with an obsolete module pattern
                    Bernard Stern

                    Oh! Thanks for notifying me. I uploaded them again, differently. Better so I think.

                    • 22. Re: Error updating TKU with an obsolete module pattern
                      Ana Lorite

                      It's perfect now.

                       

                      Thanks!!!

                      1 2 Previous Next