1 Reply Latest reply on Oct 29, 2008 12:25 AM by Owen Edwards

    CIS AIX compliance templates - problems....

      I'm trying to test a simple subset (version 7.4.5) of the compliance templates on AIX.


      Firstly, the OS_VERSION/OS_RELEASE are erroneously being reported as "0-08", when in fact it should be "5.3".

      If I perform a 'validation' on the component, it returns:


      (??TARGET.OS_VERSION?? "0-08" is one of ["4.3", "5.2", "5.1", "5.3"]) AND (??TARGET.OS?? "AIX" = "AIX")


      I'm not sure that this is relevant to the problem below, but it's still an issue, as I don't know how to force BL to see something different as the fields are not editable...

      Perhaps the method IBM uses to report the OS version has changed since the template was made??

      The AIX command "oslevel -r" returns '5300-08'.


      Secondly, I'm trying a simple remediation on the '/etc/motd' file, which is part of package 9.1

      I've found that at least one part of that remediation package was missing, when compared with the 7.4.3 version, so I've added that part - it was the crucial part which actually does the "chmod" and "chown" commands....


      However, the remediation still does not work - at stage 3 of deployment, I get the error "Source file not found: 1", /etc/motd


      Having looked at the remediation job, I wouldn't have thought that it needed a copy of /etc/motd as a 'package', as it's simply running a couple of commands to change ownership/permissions....


      Can anyone shed any light on any of the above???



        • 1. Re: CIS AIX compliance templates - problems....

          I have found one significant bug within Bladelogic that is contributing to this problem - at least to a degree.


          If I look at the properties of an AIX server, 3 of them show:


          OS_PATCHLEVEL 0-08 String false true true true Operating System Version


          There are several other variants that are returned, depending on how many times I click 'verify'....


          All the different values are derivatives of the Operating System version string which is 5300-08 - ie. AIX 5.3, Technology Level 08.


          So whatever the command is that the sensor for the AIX agent is running, it doesn't correctly parse the results and return the correct value.


          What concerns me the most is that the value that gets returned can change from one moment to the next. I don't even understand how that could possibly happen - running the same static command(s) should always return the same values....


          I have tested the same scenario with a Windows and a ESX agent and it does not seem to occur, so appears to be AIX only at this stage.


          A bug report is required here.