5 Replies Latest reply on Apr 13, 2010 10:34 AM by Bill Bruncati

    Auditing /sbin directory

    Bill Bruncati

      Running BL 7.6 on Solaris 10.  I've created a component that contains the /sbin directory.

       

      There are two types of instances of  the component where the Master ( Au ) component

      has a complete copy of the sbin direcotory  in /golden_copies/os/..../....   ( please see screenshots) .

       

      The standard instance of the component just has regular /sbin.

       

      I can browse both sbin parts with no problems. However, when I audit the component , I get the expected

      results except to the sbin part.  sbin on the standard instance of the components is seen as an additional

      child. Therefore, all the files under it are listed in blue since there are seen by the audit as additional

      files.

       

      Please see the screenshots and let me know what I'm missing.

       

      Thanks,

      Bill

       

      sbin listing in Master component

      master component _sbin.jpg

       

      sbin listing on Target

      target component of sbin.jpg

       

      Audit of Master vs Target shows that target has a new child sbin and addtional blue files.

      However, I know both sbin directories match.

      results are seeing a child sbin and files in it as additiona.jpg

        • 1. Re: Auditing /sbin directory

          It seems that your target directory sbin contain an other sbin directory, that's it. By the way, could you provide the values of the properties for the commponent used as a master and thoses for the component used as a target?

           

          Thanks,

          Fred

          • 2. Re: Auditing /sbin directory
            Bill Bruncati

            Fred,

             

            Enclosing screenshots. As you can see, my Target /sbin listing does not show any child "sbin"

            directories.

             

            Also, attaching properties for Master and Target instances. Only difference in theit  properties is that

            the Master has some  preceding directories leading up to sbin.

             

            Basically, I have a Master server with a "/golden_copies" directory. . I've used this setup to successfully

            audit  target components versus their counterpart "golden copy"  component on the Master server.

             

            Thanks,

            Bill

             

            Target Live /sbin listing

            SCRI01 does not have sbin_sbin.jpg

             

            Master Instance Properties

             

            Master Instance Props.jpg

             

            Target Instance Properties. No leading "golden_copies" dir, therefore default to / .

             

            Target Instance Props.jpg

            • 3. Re: Auditing /sbin directory
              Bill Robinson

              I think you have some paths screwed up in there somewhere, maybe in the property instance setup.  I'm not sure what though.

              • 4. Re: Auditing /sbin directory
                Bill Bruncati

                Bill,

                Thanks. I think the problem is the initial /'s . I think NSH is interpreting those and looking for a hostname

                after // .

                 

                While I was looking around, I noticed files in /usr/sbin
                are linked back to /sbin. Therefore, I added /usr/sbin part to the template with no problem and will
                audit that.

                 

                Thanks,

                Bill

                • 5. Re: Auditing /sbin directory
                  Bill Bruncati

                  Just to clarify. I put a ticket in and Tim Biron's suggestion  helped clear up my

                  problem with extra  slashes .

                   

                  I had a number of Local Properties defined  in my Template. The extra slashes came about

                  when I would define my Parts with   ??Property1??/??Property2??/  .  The unfortunate effect

                  of this is that if the Property* isn't found , the slash stays there and can add to the path of

                  a file. For example //etc/hosts.

                   

                  The better way is to leave the slashes out of the Parts definition, and put them in the instance

                  definition.  This way, when the instance is found, the slashes are added, if not found , then you're

                  not adding extra slashes.

                   

                  For example.   Local Properties: Prop1 = /golden_dir1

                                                                 Prop2 = /golden_dir2

                   

                                         Au Instance = ??Prop1??Prop2??/etc/hosts

                                          Std Instance =    /etc/hosts

                   

                  Discovery =  /golden_dir1/golden_dir2/etc/hosts  for Au Instance

                                     /etc/hosts                                     for Std Instance