I would like to leave a marker on my Linux servers to indicate which baselines have been applied. Is there a way to determine within a running task the name of the baseline, or ID, that is being applied?
@dang, for what purpose? Centralized reporting of patches and/or vulnerabilities is one of the key features of an endpoint management/security solution like BigFix.
I understand, but I’d rather not diverge this discussion from the initial question.
It’s an interesting question, and one for which we don’t really have anything out-of-the-box, but I’m looking in to it.
We don’t have anything I could find with the built-in inspectors, but a new line of inquiry opens up if we inspect the ActionHistory.db database on the client directly with the SQLite inspectors. Here’s a sample ActionScript I was able to test out:
delete __appendfile
appendfile {id of action} executed at {now}
appendfile {concatenation "%0d%0a" of (name of it & ": " & concatenation "; " of values of it) of headers of action}
appendfile Origin Fixlet ID: {origin fixlet id of action as string | "None"}
appendfile Parent Action ID:
appendfile {("Parent ID: " & it as string) of columns "ActionID" of rows whose (exists substrings separated by "," whose (it as integer = id of action) of (column "SubIDs" of it as string)) of statement "select ActionID, SubIDs from ACTION_HISTORY" of sqlite database of file "__Global\ActionHistory.db" of data folder of client}
appendfile Parent Origin Fixlet ID:
appendfile Origin Fixlet ID: {(origin fixlet id of it as string | "None") of actions ((it as string as integer) of columns "ActionID" of rows whose (exists substrings separated by "," whose (it as integer = id of action) of (column "SubIDs" of it as string)) of statement "select ActionID, SubIDs from ACTION_HISTORY" of sqlite database of file "__Global\ActionHistory.db" of data folder of client) }
appendfile Parent Action Headers:
appendfile {concatenation "%0d%0a" of (name of it & ": " & concatenation "; " of values of it) of headers of actions ((it as string as integer) of columns "ActionID" of rows whose (exists substrings separated by "," whose (it as integer = id of action) of (column "SubIDs" of it as string)) of statement "select ActionID, SubIDs from ACTION_HISTORY" of sqlite database of file "__Global\ActionHistory.db" of data folder of client) }
delete "c:\actioninfo.txt"
copy __appendfile c:\actioninfo.txt
This results in an actioninfo.txt file at C:\ with the following content:
9176 executed at Mon, 14 Dec 2020 15:44:38 -0600
Subject: Action Information Collection - Save
X-Action-Component-Type: Group SubAction
X-Classify-Subsequent-Relevance: Targeting
X-Relevant-When: exists site "CustomSite_HCL-2dLab-2dServices-2dTest"
X-Classify-Subsequent-Relevance: Applicability
X-Relevant-When: not exists file "c:\actioninfo.txt"
X-Success-Criteria: OriginalRelevance
x-group-error-policy: ContinueOnError
X-Fixlet-ID: 9176
action-end-time: Wed, 16 Dec 2020 15:44:19
site-context: http://BES-Dev-Root:52311/cgi-bin/bfgather.exe/CustomSite_HCL-2dLab-2dServices-2dTest
Origin Fixlet ID: 9176
Parent Action ID:
Parent ID: 9174
Parent Origin Fixlet ID:
Origin Fixlet ID: None
Parent Action Headers:
MIME-Version: 1.0
Character-Set: windows-1252
X-Action-Component-Type: Group Header
X-Classify-Subsequent-Relevance: Targeting
X-Relevant-When: true
X-Classify-Subsequent-Relevance: Applicability
X-Relevant-When: exists site "CustomSite_HCL-2dLab-2dServices-2dTest"
X-Fixlet-ID: 9174
X-BigFix-Minimum-Required-Client-Version: 7.0.0.0
X-Report-Criteria: IsOrWasTargeted
action-active-user-requirement: None
action-retry-limit: 0
action-retry-delay: 1 hour
action-try-limit: 1
locking-exempt: 0
action-distributor: actionsite
action-end-time: Wed, 16 Dec 2020 15:44:19
action-ui-name: Baseline with Action Info
action-issuer-name: mo
action-ui-remote-consoles: 1
I think the headers “site-context” on the action, and “action-distributor” and “action-ui-name” on the parent may be useful. I was a little surprised not to find a value for “Origin Fixlet ID” of the Baseline action, but I think we’re in undocumented territory and I’m not sure what to expect.
I think the only things you’d need to change to start testing this on Linux would be to change the delete and copy commands to use UNIX paths instead of c:\actioninfo.txt.
2 Likes
Wow, That is awesome. Thank you.