Concatenation ";" of elements of (set of <relevance statement> file

Problem statement: how to write relevance that will read the attached file and output the data so that the password name is start of each new line similar to below and remove the white spaces between element such as
Last password change%09%09%09%09%09: Mar 23, 2012

rename file to listpasswd.pdf to .csv

Relevance would read the file and
output similar to below if possible without white spaces

Q: concatenation “;” of elements of (set of file path/listpasswd.csv")

A: Root,Last password change: Apr 01,
2014,Password expires: never,Password inactive: never,Account expires:
never,Minimum number of days between password change: 0,Maximum number of days
between password change: 99999,Number of days of warning before password
expires: 7; bin,Last password change: Mar 23, 2012,Password expires:
never,Password inactive: never,Account expires: never,Minimum number of days
between password change: 0,Maximum number of days between password change:
99999,Number of days of warning before password expires: 7;daemon,Last password
change: Mar 23, 2012,Password expires: never,Password inactive: never,Account
expires: never,Minimum number of days between password change: 0,Maximum number
of days between password change: 99999,Number of days of warning before
password expires: 7

The output below start and end of the data element per password name from the attached file. –
root , bin , daemon, etc are the password account name.

Such as below

q: lines of file “c:\listpasswd.csv”

A: root

A: Last password change%09%09%09%09%09: Apr 01, 2014

A: Password expires%09%09%09%09%09: never

A: Password inactive%09%09%09%09%09: never

A: Account expires%09%09%09%09%09%09: never

A: Minimum number of days between password change%09%09: 0

A: Maximum number of days between password change%09%09: 99999

A: Number of days of warning before password expires%09: 7

A: bin

A: Last password change%09%09%09%09%09: Mar 23, 2012

A: Password expires%09%09%09%09%09: never

A: Password inactive%09%09%09%09%09: never

A: Account expires%09%09%09%09%09%09: never

A: Minimum number of days between password change%09%09: 0

A: Maximum number of days between password change%09%09:
99999

A: Number of days of warning before password expires%09: 7

A: daemon

A: Last password change%09%09%09%09%09: Mar 23, 2012

A: Password expires%09%09%09%09%09: never

A: Password inactive%09%09%09%09%09: never

A: Account expires%09%09%09%09%09%09: never

A: Minimum number of days between password change%09%09: 0listpasswd.pdf (9.5 KB)

A: Maximum number of days between password change%09%09:
99999

A: Number of days of warning before password expires%09: 7

This seems like what you are looking for:

( concatenation " ; " of ( ( preceding text of first ":" of it as trimmed string & " = " & following text of first ":" of it as trimmed string ) | it) of (previous line of it; it; next line of it; next line of next line of it; next line of next line of next line of it; next line of next line of next line of next line of it; next line of next line of next line of next line of next line of it; next line of next line of next line of next line of next line of next line of it) ) of lines whose(it starts with "Last password change") of files "C:\temp\listpasswd.csv"

https://bigfix.me/relevance/details/3003609

You are the best jgstew for always your quick and brilliant responses. I just copied that in to my QNA and I am getting

syntax error - illegal character: ‘|’ - line 2 characters 21, 22

jgstew,

I followed your link and added as in the link from bigfix and created environment as showed in the link and it works great. Thanks so much for this.

jgstew

One quick question, is there any limitation with the number of accounts in the file as that would be unknown?

As long as the format of the file is consistent, it should work for an unlimited number of accounts.

The relevance grabs 1 line before “Last password change” plus that line, plus the 6 following lines, re-parses them and then concatenates them. This means the 8 lines that represent the info for the account must be grouped together in the file, without any blank lines in between. There could be blank lines between the entries for different accounts, that would not be an issue.

If the format of the file were to change, or if the format of the file is not the same on all endpoints, then the relevance would need to be adjusted.

So let me see if you can help me with the next step that I have. I am creating this action so that I can compare the first time that it runs to the next time that this runs and show the diff of the two.

I am using the following relevance to do that last step.

elements of (((set of substrings separated by “;” of concatenations of lines of file “c:\temp\pswwd.txt”) - (set of substrings separated by “;” of concatenations of lines of file “c:\temp\pswwd1.txt”) ) + ((set of substrings separated by “;” of concatenations of lines of file “c:\temp\pswwd1.txt”) - (set of substrings separated by “;” of concatenations of lines of file “c:\temp\pswwd.txt”) ))

So the difference of the two files are

File psswd.txt =
root ; Last password change = Apr 01, 2014 ; Password expires = never ; Password inactive = never ; Account expires = never ; Minimum number of days between password change = 0 ; Maximum number of days between password change = 99999 ; Number of days of warning before password expires = 7
bin ; Last password change = Mar 23, 2012 ; Password expires = never ; Password inactive = never ; Account expires = never ; Minimum number of days between password change = 0 ; Maximum number of days between password change = 99999 ; Number of days of warning before password expires = 7

… more data

2nd File pswwd1.txt =
bin ; Last password change = Mar 23, 2012 ; Password expires = never ; Password inactive = never ; Account expires = never ; Minimum number of days between password change = 0 ; Maximum number of days between
password change = 99999 ; Number of days of warning before password expires = 7

I removed the entire line starting with root to bin.

the output was

Number of days of warning before password expires = 7bin
bin
root

So I don’t think I explained the problem statement correctly up front.

the file starts with password account name with all the attributes following it until the next password account.

So the requirement is to compare password account and attributes to and if something changes either with the attribute (s) or that a new password account is created or deleted the compare process shows that.

Does that explain in detail the requirement for you?

Which means that the password account and all attributes are created as a single line so that if any change occurs in the password account such as modification, deletion or new password account created so that the compare output will be

entire password account and all attributes that changed

So what I should of seen in the example of the two files was as this line was deleted.

root ; Last password change = Apr 01, 2014 ; Password expires = never ; Password inactive = never ; Account expires = never ; Minimum number of days between password change = 0 ; Maximum number of days between password change = 99999 ; Number of days of warning before password expires = 7

So there is an existing file on the system, and you want to be able to detect when it changes?

In that case, you should make a copy of the file with a timestamp in the name whenever it is changed, then diff that with the real file using relevance.

The relevance I gave above was more about parsing the file into something that could be used easily for reporting the current state. If you store the history of that property over time, you would diff the results with themselves. Otherwise you would copy the file on the endpoint itself and diff that with the original.

You would need a task that would run on the endpoint to make a copy of the file if the copy didn’t exist, or the copy didn’t match the original. Then you would need a relevance property to report on this.

the requirement is to show only what has changed , not that the file has changed. So the reason for the original request was to from the unix command

cut -f 1 -d: /etc/passwd | xargs -n 1 -I {{} bash -c “echo {{} ; chage -l {{}” > /opt/BESClient/listpasswd.csv

Take the output and format it so that from account in the password file and all the attributes of the account like this

root ; Last password change = Apr 01, 2014 ; Password expires = never ;
Password inactive = never ; Account expires = never ; Minimum number of
days between password change = 0 ; Maximum number of days between
password change = 99999 ; Number of days of warning before password
expires = 7

Show it as a single line so each account starts as a new line so that if something changes in the account attribute or the account is deleted the entire account would show in the compare process.

Hope that is clear. I am not comparing the file changed but what specifically changed as in the comparison relevance that I showed earlier.

So the relevance above will take the file in the format you gave and put it into 1 line per account.

The part of showing what changed is what I don’t get. You need 2 different files to compare to tell what is different. It doesn’t matter how the file is compared, you just need multiple things to compare.

jgstew,

The nerc cip requirement is run the file on day 1 and run the file on day 30 and compare the two files and show only the difference between the two files.

Step 1: run the unix command
cut -f 1 -d: /etc/passwd | xargs -n 1 -I {{} bash -c “echo {{} ; chage -l {{}” > /opt/BESClient/listpasswd.csv

Step 2: format the data

( concatenation " ; " of ( ( preceding text of first “:” of it as trimmed string & " = " & following text of first “:” of it as trimmed string ) | it) of (previous line of it; it; next line of it; next line of next line of it; next line of next line of next line of it; next line of next line of next line of next line of it; next line of next line of next line of next line of next line of it; next line of next line of next line of next line of next line of next line of it) ) of lines whose(it starts with “Last password change”) of files “C:\temp\listpasswd.csv”

Step 3: Compare the 2 file runs and show what has changed similar to below

elements of (((set of substrings separated by “;” of concatenations of lines of file “c:\temp\pswwd.txt”) - (set of substrings separated by “;” of concatenations of lines of file “c:\temp\pswwd1.txt”) ) + ((set of substrings separated by “;” of concatenations of lines of file “c:\temp\pswwd1.txt”) - (set of substrings separated by “;” of
concatenations of lines of file “c:\temp\pswwd.txt”) ))

Step 4 Results

Nothing changed = none
If password account is deleted or added then

root ; Last password change = Apr 01, 2014 ; Password expires = never ;
Password inactive = never ; Account expires = never ; Minimum number of
days between password change = 0 ; Maximum number of days between
password change = 99999 ; Number of days of warning before password
expires = 7

if attribute changed then same complete account with the attribute change. I have been showing the original and then the changed version so they could see what changed in the relevance above.

root ; Last password change = Apr 01, 2014 ; Password expires = never ;
Password inactive = never ; Account expires = never ; Minimum number of
days between password change = 0 ; Maximum number of days between
password change = 99999 ; Number of days of warning before password
expires = 7