All Action Scripts are failing on RHEL6

(imported topic written by kbrammer)

I have a RHEL6 machine subscribed to my test environment, and I am trying to test the CIS RHEL6 Benchmark content.

I tried running the task “RHEL6 Enterprise Deploy and Execute Scanning Scripts” on the machine and it errored.

So I copied the task and started truncating it near the top. While an empty script is successfully executed, every single non-empty script errors out.

This short script fails, with or without the delete:

delete /etc/opt/BESClient/detect_scripts0.txt

createfile until __EOF

text text text

__EOF

move __createfile /etc/opt/BESClient/detect_scripts0.txt

A delete statement by itself also fails, whether or not the file and its directory exist, and fails even when the directory is world writeable, or when I use my own home directory (which I make world writable).

Every single script fails, except the empty script.

And there’s no debugger to run on the unix targets.

I’m not sure what the problem is here. There are no clues except that a simple file creation doesn’t work.

Any idea what the problem might be?

(imported comment written by kbrammer)

It dawned on me that I can go to the log files on the client and maybe see what is going on. It looks like the cause might be a versioning issue: “GatherActionMV command received. Version difference, gathering action site.”

I should probably use BigFix console to push a version update to the client?

At 16:34:45 -0500 -

GatherActionMV command received. Version difference, gathering action site.

At 16:34:48 -0500 - actionsite (http://10.6.71.60:52311/cgi-bin/bfgather.exe/actionsite)

Downloaded ‘http://10.6.71.60:52311/bfmirror/bfsites/manydirlists_1/__diffsite_23c1b78afe8d17b64e5572d7af014b17e6189b52_to_775ea0a75e300e34f175504dbe9b24e5b0da74ac’ as ‘__TempUpdateFilename’

At 16:34:50 -0500 - actionsite (http://10.6.71.60:52311/cgi-bin/bfgather.exe/actionsite)

Gather::SyncSiteByFile merging files - count: 2

At 16:34:50 -0500 -

Successful Synchronization with site ‘actionsite’ (version 1801) - ‘http://10.6.71.60:52311/cgi-bin/bfgather.exe/actionsite

GatherHashMV command received.

At 16:34:51 -0500 - mailboxsite (http://10.6.71.60:52311/cgi-bin/bfgather.exe/mailboxsite1572019)

Downloaded ‘http://10.6.71.60:52311/mailbox/files/2a/47/2a47c2d13e9fa347f28e3978f19587662f8e6bfc’ as ‘Action 1297.fxf’

Gather::SyncSiteByFile adding files - count: 1

At 16:34:51 -0500 -

Successful Synchronization with site ‘mailboxsite’ (version 10) - ‘http://10.6.71.60:52311/cgi-bin/bfgather.exe/mailboxsite1572019

Processing action site.

At 16:34:51 -0500 - mailboxsite (http://10.6.71.60:52311/cgi-bin/bfgather.exe/mailboxsite1572019)

Relevant - TEST RHEL6 Enterprise Deploy and Execute Scanning Scripts (fixlet:1297)

At 16:35:00 -0500 -

Report posted successfully

At 16:35:16 -0500 -

GatherActionMV command received. Version difference, gathering action site.

At 16:35:19 -0500 - actionsite (http://10.6.71.60:52311/cgi-bin/bfgather.exe/actionsite)

Downloaded ‘http://10.6.71.60:52311/bfmirror/bfsites/manydirlists_1/__diffsite_775ea0a75e300e34f175504dbe9b24e5b0da74ac_to_176b1b0ef1b284f707225ced782648f4d0025ac9’ as ‘__TempUpdateFilename’

At 16:35:20 -0500 - actionsite (http://10.6.71.60:52311/cgi-bin/bfgather.exe/actionsite)

Gather::SyncSiteByFile merging files - count: 1

At 16:35:21 -0500 -

Successful Synchronization with site ‘actionsite’ (version 1803) - ‘http://10.6.71.60:52311/cgi-bin/bfgather.exe/actionsite

(imported comment written by kbrammer)

Just to take a stab at my own question here. I think this is what happens when you try to use production unix clients with a trial server. The problem is that there is no other option. You cannot push clients out to unix boxes (that I know of) and there is no separate client installation for a trial version unix CLIENTs. For organizations with a completely separated dev environment, there is no option for developing and testing fixlet content for unix platforms outside of production.

my script is ok for unix

//Actions de Instalación de Unix
delete __createfile
delete "/var/opt/BESClient/__BESData/actionsite/myscript.sh"
createfile until _EOF
#!/bin/bash
Resultado=rpm -qa |grep "java-1.6.0-openjdk-1.6.0.0-1.45.1.11.1.el6.x86_64"
if [ -z “$Resultado” ]
then
exit 0
else
echo "rpm -e java-1.6.0-openjdk-1.6.0.0-1.45.1.11.1.el6.x86_64"
fi
Resultado1=rpm -qa |grep "java-1.6.0-openjdk-1.6.0.0-1.45.1.11.1.el6.x86_64"

if [ -z “$Resultado1” ]
then
exit 0
else
exit 123
fi
_EOF
move __createfile /var/opt/BESClient/__BESData/actionsite/myscript.sh

//Si necesitamos permisos en el script
wait chmod 777 “/var/opt/BESClient/__BESData/actionsite/myscript.sh”
//Si queremos ejecutarlo con sh y no con bash, si no solo wait myscript.sh
wait /var/opt/BESClient/__BESData/actionsite/myscript.sh