3 Replies Latest reply on Aug 3, 2009 9:14 AM by Matt Kreger

    How to check for specific config file entries (and only those entries)

    Matt Kreger

      I am trying to write a compliance job that ensures that my BL app servers exist in the exports file and that no other entries exist.  I sort of have it working with these two rules:


      Configuration File Entry /usr/lib/rsc/exports//* Must Not Exist
      and
      (Configuration File Entry /usr/lib/rsc/exports//20.5.204.30 Must Exist AND (Value1 as String (All OS) = "rw")) AND (Configuration File Entry /usr/lib/rsc/exports//20.5.204.31 Must Exist AND (Value1 as String (All OS) = "rw"))

       

      And exceptions to the first rule for the two object paths in the second rule

       

      Problem is, I can only apply exceptions to discovered components and I don't want to have to redefine them every time I do a discovery with this component template.  I want to define the compliance rule and then batch discovery, snapshot, and compliance jobs so I don't have to keep messing with it.

       

      Can you tell me the right way to accomplish this?

       

      Extra credit: Is there a property that defines the rsc folder location so I can create one template that checks all platforms at ??TARGET.RSC_FOLDER??/exports

       

      Thanks very much!

       

      Matt

        • 1. Re: How to check for specific config file entries (and only those entries)
          Bill Robinson

          Extra credit first - there's no prop for this, but it's going to be either ??TARGET.WINDIR??/rsc or /usr/lib/rsc if it's windows or unix.

           

          Can you clarify this statement a bit:

           

          "Problem is, I can only apply exceptions to discovered components and I don't want to have to redefine them every time I do a discovery with this component template.  I want to define the compliance rule and then batch discovery, snapshot, and compliance jobs so I don't have to keep messing with it."

           

          What exceptions are you trying to define, and why?  Are you trying to sort of 'pre-define' exceptions to servers before the CJ runs ?

          • 2. Re: How to check for specific config file entries (and only those entries)

            Depending on your needs, you might want to consider just using an md5sum of the entire file instead.  It probably accomplishes the same goal, and does so more simply.  You could do it with a snapshot/audit very easily, but I generally use a component template.

             

            Here's what I usually do:

            - calculate the md5sum of the file on each platform (probably one for UNIX/Linux, and one for Windows)

                 - use the md5sum command in NSH to do this

            - define two custom (or, maybe a local) properties e.g.: EXPORTS_UNIX, EXPORTS_WINDOWS

            - set the property value to the md5 hash for each exports file

            - Make a rule that tests whether it is a UNIX/Linux OS, and requires the md5 hash to equal the ??EXPORTS_UNIX??; if not, require the value of ??EXPORTS_WINDOWS??

            - Something like this:

            (((OS=(RedHat|Solaris|HP-UX|AIX) AND (/usr/lib/rsc/exports must exist AND checksum = ??EXPORTS_UNIX??) OR ((OS=Windows) AND (??TARGET.WINDIR??/rsc/exports must exist AND checksum =??EXPORTS_WINDOWS??)))

            • 3. Re: How to check for specific config file entries (and only those entries)
              Matt Kreger

              After playing around with this for a while, I fianlly came up with one rule that does exactly what I want.  The first two simply check that an entry exists for each of the mandatory BL App servers.  The third checks that all entries match the allowed list (to cover optional entries), and the fourth makes sure they are all set to RW.

               

              (

              (??TARGET.OS?? = "Solaris") OR (??TARGET.OS?? = "Linux")

                   AND (Configuration File Entry /usr/lib/rsc/exports//20.5.204.30 Must Exist)

                   AND (Configuration File Entry /usr/lib/rsc/exports//20.5.204.31 Must Exist)

                   AND (Configuration File Entry /usr/lib/rsc/exports//* Must Exist AND

                        ((Name = "20.5.204.30") OR (Name = "20.5.204.31") OR (Name = "20.5.204.36"))

                   AND (Configuration File Entry /usr/lib/rsc/exports//* Must Exist AND (Value1 as String (All OS) = "rw"))

              )

               

              OR

              (

              (??TARGET.OS?? = "Windows")

                   AND (Configuration File Entry ??TARGET.WINDIR??/rsc/exports//20.5.204.30 Must Exist)

                   AND (Configuration File Entry ??TARGET.WINDIR??/rsc/exports//20.5.204.31 Must Exist)

                   AND (Configuration File Entry ??TARGET.WINDIR??/rsc/exports//* Must Exist AND

                        ((Name = "20.5.204.30") OR (Name = "20.5.204.31") OR (Name = "20.5.204.36")))

                   AND (Configuration File Entry ??TARGET.WINDIR??/rsc/exports//* Must Exist AND (Value1 as String (All OS) = "rw"))

              )

               

              Thanks,

              Matt