I've come to realize that how my brain thinks Rule conditions should work isn't the way they actually work.
If I had to guess, because it's failing and succeeding, it's assuming fail and not proceeding beyond the second IF. Off the top of my head I'm not sure what a better way might be. You can verify by trying this with something that completely succeeds.
In your case 1st IF is success...so it proceeds for second IF and here the given condition is failed thats why the remaining rules were grayed out.
I would have done the same with some little modifications.
??target.os_version?? contains 6 AND
Extended object Entry:proc_mount**".Name conatins ":/" AND
just add rest 4 compliance rule here
there is no need of IF statement
In your case if all the condition satisfies then server will be complaint else non-complaint.
I hope you are looking for the same.
Blas - I don't think the multiple IFs make any difference (I experience the same greyness when combining). As far as I'm aware both IF's are succeeding, if they were not compliant they would be red and bold.
what you mentioning is applies only for rules other than if statement. try removing IF you will get the desired result. failing of IF statement will never be BOLD and RED. It just gray out.
As per my experience IF only grays out.
we have a scenario for syslog compliance check and we are looking if a specific entry is present in server
Assume server1 doesnot have syslog.
this rules is compliant for a server that doesnot even had syslog.conf file. as here if statement is not satisfied rest of the statements were just skipped(grayed out). Here server1 is compliant.
then I just removed IF condition and merged all the rules. Now if a server does not have syslog conf then the server is non-compliant which is a expected result. Here server1 is non-compliant.
have you tried as below
does this approach grays out ? I dont think so. It will only result as either compliant/ non-compliant.
":/" exists and still it results as non-compliant then try modifying the rule .one thing for sure if you use IF statement then it will gray out for the server where the IF clause is failed to satisfy.
can you post output of your EO for any one server
In your screenshot, the rules are failing but they are getting processed. It says that your extended object entry doesn't exist.
Have you tried:
or proc_mount//** name contains :/