4 Replies Latest reply: Oct 16, 2017 8:15 AM by lsunday RSS

if/then/else conditions

lsunday Novice
Visibility: Open to anyone

I've read many of the if/then/else conditions discussed in the forum and the Tenable documentation regarding this condition, however I have not been

successful retrieving the desire results.  What I am attempting to do is as follows:

I have various Solaris systems which have different system version numbers, to include many configurations differences.  I need to create an IF condition in the

audit file that will identify which system the scan is launch against and THEN run a type CMD_EXEC in order to receive the system’s configuration result. 

ELSE I am running the scan against another system version.  For example:

<if>

<condition type  : “or”>

type                     : CMD_EXEC

description         : “some text”

info                      : “some text”

cmd                     : “grep -i <System Version> <from the file location> | awk –F’ ‘ ‘{print $3 }’”

expect                 : “<System version>

</condition>

<then>

type                     : CMD_EXEC

description         : “some text”

info                      : “some text”

cmd                     : “This is the command that needs to be ran on this system”

expect                 : “This is what I expect back to determine if the check passed or failed”

</then>

<else>

type                     : CMD_EXEC

description         : “some text”

info                      : “some text”

cmd                     : “This is the command that needs to be ran on the other system version”

expect                 : “This is what I expect back to determine if the check passed or failed”

</else>

</if>

 

Any assistance would be greatly appreciated.

 

Larry S

 

  • Re: if/then/else conditions
    cstreck Guru

    The only things I see with what you pasted....

    • Missing the wrapping <check_type:"Unix"></check_type> around the structure.
    • Appear to be using unicode double prime quotes instead of ascii double quotes.
    • Missing a double quote at the end of the first expect.

     

    If you want to post specific commands and expects, we may be able to be more direct in the assistance.

     

    -chad

    • Re: if/then/else conditions
      lsunday Novice

      Chad, Thank you so much for your response.  This is somewhat what it looks like:

      tag then start my if statement?

       

      Larry

      • Re: Re: if/then/else conditions
        cstreck Guru

        Here is an example of a working audit.

         

        <check_type:"Unix">
        <if>
        <condition type:"AND">
          <custom_item>
            type                : FILE_CONTENT_CHECK
            description         : "Solaris 11 is installed"
            file                : "/etc/release"
            regex               : "^[\\s]+Oracle[\\s]+Solaris[\\s]"
            expect              : "^[\\s]+Oracle[\\s]+Solaris[\\s]+11"
          </custom_item>
        </condition>
        <then>
          <custom_item>
            type                : CMD_EXEC
            description         : "Solaris 11 - Restrict Core Dumps to Protected Directory"
            cmd                 : "/usr/bin/coreadm | /usr/bin/egrep -e 'init core file pattern'"
            expect              : "[\\s:]core[\\s]*$"
          </custom_item>
        </then>
        <else>
          <custom_item>
            type                : CMD_EXEC
            description         : "NOT Solaris 11 - Restrict Core Dumps to Protected Directory"
            cmd                 : "/usr/bin/coreadm | /usr/bin/egrep -e 'init core file pattern'"
            expect              : "[\\s:]core[\\s]*$"
          </custom_item>
        </else>
        </if>
        </check_type>
        

         

        -chad