2 Replies Latest reply on Mar 19, 2015 8:20 PM by Bill Robinson

    Local Config File with different Grammar than Global config file

    Mike Reider

      Hi all, we have a global config file , for example /etc/sysctl.conf with a grammar of name=value

      gm1.png

       

      this works for basic compliance when parsing this file's contents.

      Now we are trying to build a compliance template to periodically check this file on each host and make sure there are no out-of-band entries or deletions from this file. The grammar will work (and compliance run will return with a pass/fail) only if the out of band change is in the name=value format like this:

       

      cat /etc/sysctl.conf

       

      net.ipv4.conf.all.accept_redirects=0

      net.ipv4.conf.default.secure_redirects=0

      net.ipv4.conf.all.secure_redirects=0

      mike123

      net.ipv4.conf.default.send_redirects=0

      net.ipv4.conf.all.send_redirects=0

      vm.swappiness=0

      kernel.core_pattern=/var/core/core.%h.%e.%p

      kernel.exec-shield=1

      newchange=BLAH

       

      But if the change is not in the name=value format, the change is invisible to the grammar and the Snapshot does not detect any new changes to this file.

      net.ipv4.conf.default.send_redirects=0

      net.ipv4.conf.all.send_redirects=0

      vm.swappiness=0

      kernel.core_pattern=/var/core/core.%h.%e.%p

      kernel.exec-shield=1

      newchange    BLAH   //does not get detected by grammar

       

       

      So in this case we are not interested in the values, but rather the Content changes to the file.

      I thought I can create a local Config File object on the component template and give it an auto_* grammar which will treat everything as text and therefore see any changes, but I cant add a Local config file entry if the same one exists in Global (I dont understand the reasoning behind this, the whole point of Local vs Global is that you should be able to add whatever you want as local objects/local instances of global files..).

      gm2.png

       

      I tried 'hacking' it by creating a Local property of ETC (/etc/) and adding a local config file as ??ETC??sysctl.conf but it doesnt see the file (doenst convert ??ETC?? to /etc/)