Relevance for custom script

I have an installation for Carbon Black that I am trying to use BigFix to help with deploying. The installer is pretty basic you just run the sh file and it does everything else. I have tested this and it works but I can’t get my relevance correct. The machine I have already installed this on is still showing as relevant. If I try to change anything then I get no Linux servers relevant.

Here is what I have as my action. I think this is all pretty self explanatory. I am just pulling the installation package down from a local web server and then extracting and running the sh file. I am also touching the /root/carbonblack_installed to use as the relevance. If this file exists then the application has been installed. But this is also my problem as the relevance doesn’t appear to be working correctly.

#!/bin/sh
cd /tmp
curl -O http://local_web_installation_server/CarbonBlackLinuxInstaller-v6.1.7.10053-Default_Group.tar.gz
tar xvf CarbonBlackLinuxInstaller-v6.1.7.10053-Default_Group.tar.gz
sh CarbonBlackClientSetup-linux-v6.1.7.10053.sh
touch /root/carbonblack_installed
rm -rf /tmp*

Relevance
(version of client >= “6.0.0.0”) AND ((exists true whose (if true then (exists (operating system) whose (it as string as lowercase contains “Linux” as lowercase)) else false)) AND (not (exists true whose (if true then (exists “/root/carbonblack_installed”) else false))))

Is there a better way to do this? My way isn’t working.
Thanks

Are you able to get to look at the client logs? I know some versions of CarbonBlack Enterprise Protect, not knowing what CarbonBlack product you are working with here, have a pre-requisite on the Linux kernel version and will fail to install, even when executed directly from the shell script if the kernel version isn’t supported.

Yes I can look at the client logs. I am working with our InfoSec/CSOC group and they see the server I ran this fixlet on in their dashboard, or whatever the CarbonBlack console is. So, it appears it is working but in BIgFix it still shows as being relevant even though the /root/carbonblack_installed file is present as well.

See if the RPM exists. If it does then maybe use that instead of the existence of a file, eg (for Cb Protect…adjust the version to match any version you are working with)

not exists package "b9agent" whose (version of it >= "7.2.4-1611") of rpm

1 Like

You are checking for the existence of the string “/root/carbonblack_installed”, and the string does indeed exist. You should check for the file or folder (I’m not sure which it creates) as in

(not (exists true whose (if true then (exists file “/root/carbonblack_installed”) else false)))

1 Like

Using that appears to clear up my problem. Guess I’ll stick with this method more often.
not exists package “cbsensor” whose (version of it >= “6.1.7.10053-1”) of rpm