I’m trying to get the result using xml with sample below:
if antivirus overall = 1 then “Yes” if antivirus overall = 0 then “No” else “For checking”
and so on for other item.
<?xml version="1.0" ?>
Antivirus
['off', 'off', 'on', 'on', 'on', 'on', 'off']
running
FTP Server Detection
Hard Drive Security
yes/OffPremises
1
/dev/sda2 is Luks encrypted
0
Firewall
iptables
ibm-firewall-rules-0:6.0.0-7.1.el6
running
ibm-firewall-rules
NFS Exports
stopped
['off', 'off', 'off', 'off', 'off', 'off', 'off']
Peer-to-peer Applications
Account Password Configuration
password required pam_passwdqc.so min=disabled,8,8,8,8 passphrase=0 enforce=users random=0
IBM-security-compliance-0:6.6-1.1.el6
Operating System
Open Client RHEL 66 3.60
Red Hat Enterprise Linux Workstation release 6.6 (Santiago)
yeswithceb
Samba Sharing
running
[3042, 3054]
samba-3.6.23-30.el6_7
/etc/samba/smb.conf
['off', 'off', 'on', 'on', 'on', 'on', 'off']
smbd -D
/usr/sbin/smbd
Screen Saver
True
True
richard
True
30
We cannot read your XML. Please edit your post, highlight all of the XML, and hit the “Preformatted Text” option (the button with an icon that looks like “</>” above the edit window).
Also, on what Operating System(s) is this needed, and what client version? The XML Inspectors availability varies by OS and client version.
Thanks for your quick revert!
IEM manager console running on Windows 2012 R2
BESclient 9.5 and 9.1.1257 installed on Red Hat Enterprise Linux Workstation release 6.6 and above
<?xml version="1.0" ?>
- <resultset>
- <result overall="1">
<test name="antivirus">Antivirus</test>
<detail name="chkconfig_rtvscand">['off', 'off', 'on', 'on', 'on', 'on', 'off']</detail>
<detail name="status_rtvscand">running</detail>
</result>
- <result overall="1">
<test name="ftp">FTP Server Detection</test>
</result>
- <result overall="1">
<test name="hdpass">Hard Drive Security</test>
<detail name="luksRequired">yes/OffPremises</detail>
<detail name="luksoverall">1</detail>
<detail name="luksEncrypted">/dev/sda2 is Luks encrypted</detail>
<detail name="hdoverall">0</detail>
</result>
+ <result overall="1">
<test name="iptables">Firewall</test>
<detail name="service_name">iptables</detail>
<detail name="package_match">ibm-firewall-rules-0:6.0.0-7.1.el6</detail>
<detail name="service">running</detail>
<detail name="package_want">ibm-firewall-rules</detail>
</result>
- <result overall="1">
<test name="nfs">NFS Exports</test>
<detail name="NfsStatus">stopped</detail>
<detail name="runlevels">['off', 'off', 'off', 'off', 'off', 'off', 'off']</detail>
</result>
- <result overall="1">
<test name="p2p">Peer-to-peer Applications</test>
</result>
- <result overall="1">
<test name="password">Account Password Configuration</test>
<detail name="pam_passwdqc">password required pam_passwdqc.so min=disabled,8,8,8,8 passphrase=0 enforce=users random=0</detail>
<detail name="package">IBM-security-compliance-0:6.6-1.1.el6</detail>
</result>
- <result overall="1">
<test name="oslevel">Operating System</test>
<detail name="cebImageName">Open Client RHEL 66 3.60</detail>
<detail name="osName">Red Hat Enterprise Linux Workstation release 6.6 (Santiago)</detail>
<detail name="Permitted">yeswithceb</detail>
</result>
+ <result overall="1">
<test name="samba">Samba Sharing</test>
<detail name="service">running</detail>
<detail name="smbdpid">[3042, 3054]</detail>
<detail name="package">samba-3.6.23-30.el6_7</detail>
<detail name="smbdconf">/etc/samba/smb.conf</detail>
<detail name="runlevels">['off', 'off', 'on', 'on', 'on', 'on', 'off']</detail>
<detail name="smbdcmd">smbd -D</detail>
<detail name="smbdexec">/usr/sbin/smbd</detail>
</result>
- <result overall="1">
<test name="screensaver">Screen Saver</test>
<detail name="SS01">True</detail>
<detail name="SS01Lock">True</detail>
<detail name="SS01Account">richard</detail>
<detail name="SS01Enabled">True</detail>
<detail name="SS01TimeOut">30</detail>
</result>
</resultset>
AlanM
August 16, 2016, 2:07pm
5
Hi Alan, Thanks for the reference.
Can you also provide sample base.
As we need to determine if
if antivirus = 1 then “Yes” if antivirus = 0 then “No” else “For Checking”
I edited your post to format the XML as preformatted code.
Thanks Jason! Please help me on this or someone who can enlighten me.
leewei
August 16, 2016, 4:50pm
9
@Richard , I have typed out a few example statements for you.
q: lines of file "c:\temp\av.xml"
A: <?xml version="1.0" ?>
A: <resultset>
A: <result overall="0">
A: <test name="antivirus">Antivirus</test>
A: <detail name="chkconfig_rtvscand">['off', 'off', 'on', 'on', 'on', 'on', 'off']</detail>
A: <detail name="status_rtvscand">running</detail>
A: </result>
A: <result overall="1">
A: <test name="ftp">FTP Server Detection</test>
A: </result>
A: <result overall="1">
A: <test name="hdpass">Hard Drive Security</test>
A: <detail name="luksRequired">yes/OffPremises</detail>
A: <detail name="luksoverall">1</detail>
A: <detail name="luksEncrypted">/dev/sda2 is Luks encrypted</detail>
A: <detail name="hdoverall">0</detail>
A: </result>
A: <result overall="1">
A: <test name="iptables">Firewall</test>
A: <detail name="service_name">iptables</detail>
A: <detail name="package_match">ibm-firewall-rules-0:6.0.0-7.1.el6</detail>
A: <detail name="service">running</detail>
A: <detail name="package_want">ibm-firewall-rules</detail>
A: </result>
A: </resultset>
A:
q: node names of first child of xml document of file "c:\temp\av.xml"
A: xml
q: node values of attributes of selects "/resultset/result/test" of xml document of file "c:\temp\av.xml"
A: antivirus
A: ftp
A: hdpass
A: iptables
q: (node name of it, node value of it) of attributes of selects "/resultset/result" of xml document of file "c:\temp\av.xml"
A: overall, 0
A: overall, 1
A: overall, 1
A: overall, 1
q: (if (it = "1") then ("Yes") else (if (it = "0") then ("No") else ("For Checking"))) of node value of attribute of selects "/resultset/result" whose (node value of attribute of first child of it = "antivirus") of xml document of file "c:\temp\av.xml"
A: No
Thanks so much Lee! This is great!
Hi Lee,
Will the script also work with RHEL 6.x client?
Thanks!
AlanM
August 16, 2016, 6:16pm
12
If you look at the pages I gave you ( https://developer.bigfix.com/relevance/reference/xml-dom-node.html ) they show the minimum version of the platform that has the inspector.
The XML inspectors will behave differently on different platforms though so you have to test this yourself.
Yes Alan I already read it. based on the link, do we need to upgrade IEM endpoint manager to 9.2.x or latest version for the script to work?
Thanks!
AlanM
August 16, 2016, 7:58pm
14
Any version lower than 9.2.7 on Linux will not have the inspectors present. So currently we have 9.2.7 and 9.2.8, and the 9.5.x versions
Do we need additional license when upgrading to higher version since we currently have 9.1.1257?
AlanM
August 17, 2016, 1:56am
16
I’d contact your sales contact for any licensing questions
Richard
August 17, 2016, 10:44am
17
Thanks Alan! We’ll seek advise from license department then.
Richard
August 24, 2016, 12:19pm
18
Reviving this topic. help anyone.
Since we don’t have a plan yet for upgrade to 9.2.x is there away to get the same output without using xml inpsector? Are there any other way to do it?
Thanks in advance!
Sure, in the end this is a text parsing problem.
If you really can’t do that, then you’re back to parsing text.
<result overall="1">
<test name="antivirus">Antivirus</test>
<detail name="chkconfig_rtvscand">['off', 'off', 'on', 'on', 'on', 'on', 'off']</detail>
<detail name="status_rtvscand">running</detail>
</result>
You can probably do this withing something like…(if it="1" then "Yes" else if it="0" then "No" else it) of (preceding text of first "%22" of following text of last "<result overall=%22" of preceding text of first "<test name=%22antivirus%22>" of concatenation of lines of file "result.xml"|"For Checking")
(I don’t have a setup here to test, but I think something along those lines should work)
