Blank file with BigFix

vk.khurava 2021-02-09 10:18:06 UTC #1

Hi,

I am trying to run below task & its working fine in execution but using BigFix its generating blank file however when I am logging into machine locally & trying to run it then its generating file with values, I tried with many ways but no luck.

Tested on RHEL 7 & Centos 8.

delete __createfile
delete /tmp/OpenfileLimit.sh
delete /tmp/openFile.output

createfile until E_O_F

#!/bin/bash

#########################
## Script 1
## Date 21st Jan 2021
##############################################
LIMIT_FILE_LOCATION=/etc/security
LIMITS_FILE=$LIMIT_FILE_LOCATION/limits.conf
BACK_FOLDER=/tmp
TEMP_FILE=$BACK_FOLDER/myTmpLimits.txt
LIMIT_D_DIR=$LIMIT_FILE_LOCATION/limits.d
OUTPUT_FILE=/tmp/openFile.output
echo >$OUTPUT_FILE

BACK_FOLDER=/tmp/opfbak
#mkdir -p $BACK_FOLDER

SOFT_FILE_ENTRY=false
HARD_FILE_ENTRY=false

#check ulimit
UMILIT_VAL=`ulimit -n`
echo "ULIMIT VAL: $UMILIT_VAL"

if [ $UMILIT_VAL -lt 8040 ] ; then
	echo "=======> File process : $file"
	#clean backup
	echo "list all files : find $LIMIT_D_DIR -maxdepth 1 -type f  "
	while read -r file; do
		echo "Taking Backup of file "
		FILE_NAME=`basename $file`
		#Process file
		### Append whatever you need to the temporary file.
		SOFT_VAL=`grep -e "^\*.*soft.*nofile " $FILE_NAME | awk '{{if ($4 < 8040) print $4;}'`
		echo "SOFT VAL : $SOFT_VAL"
		if [[ -z $SOFT_VAL  ]]  ; then	
			if grep -e "^\*.*soft.*nofile " $TEMP_FILE ; then
				echo "found soft value defined in $file"
                		SOFT_FILE_ENTRY=true;
			fi
		fi
		HARD_VAL=`grep -e "^\*.*hard.*nofile " $FILE_NAME | awk '{{if ($4 < 8040) print $4;}'`
		echo "Hard val : $HARD_VAL"
		if [[ -z $HARD_VAL  ]]   ; then
			if grep -e "^\*.*hard.*nofile " $TEMP_FILE ; then
				echo "hard value defined in file $file"
                		HARD_FILE_ENTRY=true;
			fi
		fi
	done < <( find $LIMIT_D_DIR -maxdepth 1 -type f )
else
    SOFT_FILE_ENTRY=true
    HARD_FILE_ENTRY=true
fi
echo "--------Final---------"
echo "Open file linit Hard Found= $HARD_FILE_ENTRY"
echo "Open file linit Soft Found= $SOFT_FILE_ENTRY"

if [[ $HARD_FILE_ENTRY == "false"  ]] ; then
    echo "False" > $OUTPUT_FILE
else
    echo "True" > $OUTPUT_FILE
fi
if [[ $SOFT_FILE_ENTRY == "false"  ]] ; then
    echo "False" > $OUTPUT_FILE
else
    echo "True" > $OUTPUT_FILE
fi


E_O_F

//move & modify createfile to allow execution
move __createfile /tmp/OpenfileLimit.sh
wait chmod 755 /tmp/OpenfileLimit.sh

run /tmp/OpenfileLimit.sh

wait sleep 2

if {not exists file "/var/opt/BESClient/openFile.output"}
exit 10
endif

cmcannady 2021-02-09 16:48:18 UTC #2

It’s important to note that while the BESClient runs as root on NIX endpoints, it does not run with the full environment of root. So when you execute a script like what you’ve generated via createfile, you have to execute as follows:

wait sudo su - root -c "cd /tmp; ./OpenfileLimit.sh"

Please try the above in place of your present run statement and let me know how it turns out.

vk.khurava 2021-02-10 04:58:11 UTC #3

it worked in single shot but I want to understand more about above command execution, I understand cd /tmp; ./OpenfileLimit.sh and even tried this way too, something like below.

appendfile cd /tmp
appendfile ./OpenfileLimit.sh
move __appendfile run.sh
chmod 755 run.sh
wait /bin/sh run.sh

but mine didnt worked, and I guess the way you have putted sudo su - root -c seems solved the issue.

Please provide more info on wait sudo su - root -c

JasonWalker 2021-02-10 05:54:45 UTC #4

The key piece is probably sourcing the root user’s environment (.login, .profile, maybe .bashrc) that sets up the shell’s environment variables. Even $PATH may not be as.you expect, so maybe the ulimit binary was not in the path.

Using sudo - spawns a login shell for the user. You could get the same effect from
run /bin/bash --login /tmp/OpenfileLimit.sh

See https://www.gnu.org/software/bash/manual/html_node/Bash-Startup-Files.html

vk.khurava 2021-02-10 06:19:51 UTC #5

Many thanks @JasonWalker & @cmcannady I got the point !