1 2 Previous Next 16 Replies Latest reply on Oct 31, 2014 10:40 AM by Joe Piotrowski

    grammar file for /etc/rc.tcpip

      Hi Experts,

       

      I am looking to do some compliance check for /etc/rc.tcpip (AIX). But not able to find a way to properly parse file content and write rule for it.

      Tried using couple of grammar files but no luck. can anyone point me correct grmamar file and correct rule syntax ?

      Below line is present in file.

       

      start /usr/sbin/snmpd "$src_running"

       

      I need to write rule to check if these entries exist or not.

      This is what I have tried so far.

      grammar file:line.gm/generic.gm

       

       

       

      compliance result:compliant

      expected result: non-compliant

       

      Kindly suggest...

        • 1. Re: grammar file for /etc/rc.tcpip
          Bill Robinson

          Why not one of the name space ones ?

          • 2. Re: grammar file for /etc/rc.tcpip

            I didn't get that what you mean by namespace. Can you explain a bit ?

            • 3. Re: grammar file for /etc/rc.tcpip
              Bill Robinson

              There are other grammars that might work for this format.  I think the ‘name space’ grammar is one that may work.

              • 4. Re: grammar file for /etc/rc.tcpip

                parsed output of file

                 

                rule editor has no option to refer to value1. Am I doing something wrong here ?

                 

                how do I compare whats the value there in value1 columns ?

                • 5. Re: grammar file for /etc/rc.tcpip
                  Joe Piotrowski

                  You do need to be careful when the Name values are the same. In your case many of the Name values = start. Another option, if you're looking for a specific entry, is to not parse the file, and just do a search for that string.

                   

                  To clarify, are you simply looking to see if this file contains this string:

                  start /usr/sbin/snmpd "$src_running"

                  • 6. Re: grammar file for /etc/rc.tcpip

                    To clarify, are you simply looking to see if this file contains this string:

                    start /usr/sbin/snmpd "$src_running"


                    Yes I am.

                    • 7. Re: grammar file for /etc/rc.tcpip
                      Bill Robinson

                      Use the ‘file.contents’ contains ?

                      • 8. Re: grammar file for /etc/rc.tcpip
                        Joe Piotrowski

                        OK, parsing certain types of files and running conditional rules against them can get tricky in some situations. IMO, this is one of them. Parsing a file breaks it up into a Name > Value1 > Value2 > etc structure. However, if the Name value isn't unique, this can cause problems with the conditions you are using. For example, your output looks like this:

                         

                        Name     Value1         Value2

                        sleep     $interval

                        start     /usr/sbin/syslogd     "$src_running"

                        start     /usr/lib/sendmail     "$src_running"

                        start     /usr/sbin/inetd     "$src_running"

                        start     /usr/sbin/snmpd     "$src_running"

                         

                        If you parse the file in this way, you can do a check within Value1 for /usr/sbin/snmpd and it might come back compliant. But what if your file looks like this?

                         

                        Name     Value1         Value2

                        sleep     $interval

                        start     /usr/sbin/syslogd     "$src_running"

                        start     /usr/lib/sendmail     "$src_running"

                        start     /usr/sbin/inetd     "$src_running"

                        stop     /usr/sbin/snmpd     "$src_running"

                         

                        Then your logic no longer works. And adding an additional check like Name = start AND Value1 = /usr/sbin/snmpd won't necessarily work because that will come back as valid also, because some Names do equal start.

                         

                        IMO, your best bet is to just treat these file contents as single text strings, and do NOT parse it. And then all of the text falls under the Name field. And simply do logic like:

                        Name starts with start /usr/sbin/snmpd "$src_running"

                        • 9. Re: grammar file for /etc/rc.tcpip
                          Joe Piotrowski

                          I forgot to mention that you would choose "Grammar file: whole line as record grammar (generic)" if you want the entire line brought in as a string and not parsed.

                          • 10. Re: grammar file for /etc/rc.tcpip
                            Don Kim

                            A few suggestions here:

                            1. Use extended object: use awk to change the way it is displayed awk '{ print $2, $1, $3 }' will print the unique path column first, then start/stop/ column, then $src_running column last.

                            2. Try "whole line as grammar" file then in rule **/usr/sbin/syslogd** contains ...... string you are looking for.

                            1 of 1 people found this helpful
                            • 11. Re: grammar file for /etc/rc.tcpip

                              @Joe

                               

                              I have already tried using generic grammar file and tried to implement below logic but there is no option like does not starts with/does not contains.

                              "Configuration File Entry:/etc/rc.tcpip.Name" does not starts with start /usr/sbin/snmpd "$src_running"

                               

                              it doesnot worked out for me.

                               

                              Then I modified a bit as below and it worked

                               

                              foreach "Configuration File Entry:/etc/rc.tcpip//**"

                                 @Name@ does not start with "start /usr/sbin/snmpd ""$src_running"""

                              end

                               

                              I hope this is a good approach to deal with such files or let me if there is a better to do it.

                              1 of 1 people found this helpful
                              • 12. Re: grammar file for /etc/rc.tcpip

                                Don Kim

                                I also thought of creating EO for this but then this can be handled using configuration files. So kept EO as an last option.

                                Finally I have done as below. Hope this make sense though it is checking against all the entry present in the file.

                                 

                                 

                                please suggest if my logic in going to fail in some scenario.

                                • 13. Re: grammar file for /etc/rc.tcpip
                                  Bill Robinson

                                  if you are just looking to see if the file contains something, why won't the File Contents type work for a file, not config file ?

                                  • 14. Re: grammar file for /etc/rc.tcpip
                                    Monoj Padhy

                                    @Bill

                                     

                                    I think Manas is looking for does not contain logic. So he needs to use does not contains logic.

                                    Does not contains logic will only work if the string is not available in the file.

                                     

                                    file.contents does not contains logic will be always non-compliant in both the below cases.

                                    start /usr/sbin/snmpd "$src_running"

                                    #start /usr/sbin/snmpd "$src_running"-- incorrect result as per his requirement

                                    1 2 Previous Next