Hi,
Do you know how to wirte a fixlet in order to disable a service in Linux? the process is located at /etc/rc.d/init.d/xxx
The main goal is that xxx keeps disabled even if the server is rebooted.
One option is to create a fixlet as follow:
Relevance: exists process whose (name of it = “procname”)
Action:
if {exists process whose (name of it = “vsftpd”)}
delete __createfile
delete __Local/stopit
createfile until __EOF
#!/bin/sh
/etc/init.d/vsftpd stop
__EOF
move __createfile __Local/stopit
wait /bin/sh __Local/stopit
endif
You may want to atomatically reapply the fixlet whenever it becomes relevant again (see Execution tab)
In the above example the action stops the “ftp” demon you have to replace the name to match your service name in /etc/rc.d/init.d
I’ve created a Fixlet with a SH Action and a relevance:
SH Action script:
!/bin/sh
systemctl stop servicename && systemctl disable servicename
Relevance:
((name of operating system as lowercase contains “red hat”) AND (version of operating system > “6”)) AND (exists running service “servicename”)
I can see that the service was disabled, but the process stills active, do you see anything wrong?
If you tried it outside of BigFix, does systemctl stop servicename actually stop the service? Do the processes go away?
What you’re doing looks correct to me (assuming this is a ‘systemd’ type service and you have the servicename correct).
In fact the way that you’re using the && operator implies that the systemctl disable won’t actually execute unless the systemctl stop is successful. You may want to put those on separate lines so that the disable executes even if the stop fails - for instance if the service is enabled, but not actually running, I’m not sure whether the stop command would throw a non-zero exit code and prevent the disable from running.
systemctl stop works ok on the server. Good thought on the different line. Now I’m seeing the fixlet as “not relevant” which is weird cuz it was applicable for 3000 servers yesterday.