9 Replies Latest reply on Jan 20, 2010 12:00 PM by Stephan Looney

    Need help with Compliance Rule

    Vinnie Lima

      Hi,

       

      Here's what I am trying to do but having some trouble wrapping my head around this scenario: I want to check on a server for a specific DLL with a specific MD5 checksum exists.  Other equally-named DLLs with different MD5 checksums may exist as well, but that is ok - as long as the DLL with the MD5 checksum is there, no need to fail compliance.  Only fail compliance if a server DOES NOT contain once instance of the specific DLL matching the specific MD5 checksum.

       

       

      Is the approach to create one rule named "Check on DLL MD5"  and have multiple conditions matching the non-interesting condition above? If so, any suggestions on how to capture those conditions?

       

       

      Thanks for any help.  Currently I have one rule checking for the specific DLL File Part with specific MD5 checksum.  But even for servers that meet such condition, other DLLs that exist on the system which do not match the MD5 checksum are causing this compliance rule to fail. I can't find a way to meet the primary condition while ignoring the other DLLs which do not meet the condition all while ensuring at least ONE DLL with the specific MD5 checksum criteria is met.

       

      If I put an "OR" statement in the same rule to cater to the other DLLs which I dont want to bother with, then a server that may not have the DLL I am after will end up passing the compliance check.

       

      If you are confused - join me

       

      Thanks.

        • 1. Re: Need help with Compliance Rule

          Are you using the "At least one must exist" option?

          • 2. Re: Need help with Compliance Rule
            Vinnie Lima

            I am using:

             

            File "blahblah NAME.DLL" Must Exist AND Light Checksum = "checksum size"

             

            Using the "At Least ONE object must exist on the target AND all objects must match the additional criteria below"

             

            This works in detecting if the specific DLL I am after exists.  But it fails the compliance check as there are more than one samename DLLs found in the Snapshot but contain different checksum size.

             

            Message was edited by: Vinnie Lima

            • 3. Re: Need help with Compliance Rule
              Bill Robinson

              what about using the 'is one of', 'contains' or 'substring of' operators instead of equals?

              • 4. Re: Need help with Compliance Rule
                Vinnie Lima

                Is the comparison 'one of' going to provide different behavior than "equals to"?  My understanding is that it will still have other DLLs which do not match a pre-defined list of checksums to cause the compliance rule to fail.

                 


                Besides - I dont want to have to populate all of the possible checksums as I don't know what DLL may pop up in a managed system.  I just want the compliance to PASS if at least ONE of the expected DLLs appear on the server.

                 

                I'll test it anyway to see if the behavior changes.....

                • 5. Re: Need help with Compliance Rule
                  Bill Robinson

                  is one of probably won't do it.  the others might, or you might have to nest some conditions together.  i'm not sure there's a direct way to say basically find a match and stop.

                   

                  what about something like name = foo.dll and checksum = blah where atleast one must be true?

                  • 6. Re: Need help with Compliance Rule
                    Vinnie Lima

                    Tried "is one of" and "contains" and "substring of" and didnt change the results.

                     

                    Your suggestion is what I need but how do I configure it on BL as a rule?

                    • 7. Re: Need help with Compliance Rule
                      Bill Robinson

                      I think you say:

                       

                      File

                       

                      /foo/bar/*.dll

                       

                      one may exist and must meet:

                       

                      Name = blah.dll

                      checksum = blah

                       

                      match all.

                      • 8. Re: Need help with Compliance Rule
                        Vinnie Lima

                        The only option for the Compliance Condition that mirrors what you are saying below is:

                         

                        Selection Criteria:

                         

                        Type:  "File"

                         

                        Wildcarded Path:  ??TARGET.WINDIR??/path/to/**/BLAH.dll

                         

                        Compliance Conditions:

                         

                        "At least ONE object must exist on the target AND all objects must match the additional criteria below:"

                         

                        "Match any of the following conditions:"

                         

                        "Light Checksum equals abcd123"

                         

                         

                        The condition above causes every object that meets the search criteria (in this case, BLAH.dll) but does NOT match the light checksum to be picked up and ends up causing the rule to fail.

                         

                        Remember - all DLLs I am checking for are of the same name, but different instances of them have different MD5 checksums. (e.g. many BLAH.dll's are resident in subdirectories).

                         

                        I think the problem is with the Compliance Condition "AND all objects must match the additional criteria below".  You can't simply check for a single file with a single condition.

                         

                        Unless there is some way of handling this through a nested conditional statement as individual conditions in the same rule.

                        • 9. Re: Need help with Compliance Rule

                          Vinne- I have done some testing with this and seem to be having some success.

                          I created a CT that collects ??TARGET.WINDIR??

                          created a compliance rule from that part that has the following conditions

                          Type:File

                          WildCarded Path:??TARGET.WINDIR??/**/file.foo

                          Compliance Conditions:At least one object must exist on the target and all objects must match the additional criteria below:

                          Match "any" of hte following conditions:

                          Light CheckSum -->equals-->cd64ead87809abc930e69aa053c2043c

                           

                          on my target server I have two folders with file.foo like this /c/windows/myfolder/file.foo and /c/windows/copy of myfolder/file.foo the later has the file with the matching checksum where as the first does not (I reversed these as well to see if it was successful as a result of checking in alphabetical order) and my compliance passed....

                           

                          Can you give that a go?

                          1 of 1 people found this helpful