I don't think it's a blcli issue, it looks like it can't find a file - "cis-aix-mapping/mapping.xml"
is that file there, in the cis-compliance-content directory ? (or app compliance) ?
Yep, I had checked to see if it's there, and it is. I also changed all permissions of all the installation files to 777, but I still run into the same problem.
drwxrwxrwx 2 scraw mware 4096 Jan 29 01:05 .
drwxrwxrwx 72 scraw mware 4096 Jan 26 23:03 ..
-rwxrwxrwx 1 scraw mware 33609 Sep 11 03:04 mapping.xml
i just installed the content and i didn't have any issues. can you try re-downloading the zip?
I rechecked the files for the 7.4.5 templates and everything seems to have been downloaded and copied fine.
I tried opening several of the the mapping.xml files in my Windows explorer, and all of them always gave me this error:
+The XML page cannot be displayed
Cannot view XML input using style sheet. Please correct the error and then click the Refresh button, or try again later.
The system cannot locate the resource specified. Error processing resource 'file://bladelogic.com/dtds/Import-Mapping.dtd'....
<!DOCTYPE mapping SYSTEM "file://bladelogic.com/dtds/Import-Mapping.dtd">+
Is that the correct path for the dtd file? Is this the expected behavior for these xml files when they are opened for viewing?
Hi Bill - I figured out the problem. I was connecting to the app server via NSH instead of being directly logged onto the app server as bladmin.
Since it kept erroring whenever the blcli_execute was trying to run, I am assuming that NSH performance commands can only be run locally on the server?
i think you can still do it that way as long as you are getting mapped to root or bladmin (os users) on the appserver.
I've finally managed to get all but one compliace template install completed. The last script is giving me issues: load-pci-compliance-templates.nsh
Whenever I run it (with bladmin), I cannot get passed this call:
+Command execution failed. com.bladelogic.mfw.util.AccessDeniedException: Access Denied PropertyClass.Modify on DISA STIG Properties
ERROR: blcli_execute PropertyClass addProperty Class://SystemObject/DISA STIG Properties Unix Application Accounts returned error code. Result is: false
Error running content-loader-pdq.nsh
Error running pci-aix-install.nsh+
I did not have this problem in my test environment. Any idea what needs to be done to get rid of the access denied messages?
it looks like your user cannot create custom property classes, or does not have permission on the 'custom property class' area in the property dictionary.
what role are you running this under? check the authorizations granted to the role (something like PropertyClass.*) and the ACLs on the Property Dictionary
Yes the BLAdmins role did not have any access to those particular properties in the prop. dictionary. This was most likely because those templates already existed from a previous installation (they had other roles with permissions that were not default).
I needed to remove these properties and then run the install script again, which worked.