1 Reply Latest reply on Jun 8, 2016 7:48 AM by Bill Robinson

    How to create compliance rule for a script via extended object for HP-UX Server

    Orwin Lopes

      I am creating a custom based HP-UX template. i have a rule which checks the root PATH integrity. The script is below. How can i run it on all the HP-UX Servers & get the output of the script to match the compliance condition. In this case the compliant condition is when the output of the script is null. I am aware that we can create extended object but not sure how it should be done with which grammar file to create.

       

      if [ "`echo $PATH | /bin/grep :: `" != "" ]; then

      echo "Empty Directory in PATH (::)"

      fi

      if [ "`echo $PATH | /bin/grep :$`" != "" ]; then

      echo "Trailing : in PATH"

      fi

      p=`echo $PATH | /bin/sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g'`

      set -- $p

      while [ "$1" != "" ]; do

      if [ "$1" = "." ]; then

      echo "PATH contains ."

      shift

      continue

      fi

      if [ -d $1 ]; then

      dirperm=`/bin/ls -ldH $1 | /bin/cut -f1 -d" "`

      if [ `echo $dirperm | /bin/cut -c6 ` != "-" ]; then

      echo "Group Write permission set on directory $1"

      fi

      if [ `echo $dirperm | /bin/cut -c9 ` != "-" ]; then

      echo "Other Write permission set on directory $1"

      fi

      dirown=`ls -ldH $1 | awk '{print $3}'`

      if [ "$dirown" != "root" ] ; then

      echo $1 is not owned by root

      fi

      else

      echo $1 is not a directory

      fi

      shift

      done

        • 1. Re: How to create compliance rule for a script via extended object for HP-UX Server
          Bill Robinson

          what will your rule be ?  if the output of the script is not 'null' it should fail the check ?  you many want to have it echo something like "no finding" so you know you have a good result.

           

          anyway - you can do a couple things:

          1 - convert the script to use nexec of the relevant parts, save this on the file server somewhere and use a 'central execution' like nsh -c //fileserver/yourscript.nsh ??TARGET.HOST??

          2 - have this script work w/ scriptutil and do it in a similar way - central execution, etc

          3 - write a nsh wrapper that extracts the bit above, copies it to the target and nexec's it.

           

          in all cases you can probably use the 'single line as record' grammar.  but the grammar really depends on the output and the rule you want to create.

          1 of 1 people found this helpful