Relevance to query a list of Linux computers where a particular account exist

HI All,

I need a relevance to return a list of Linux clients where an account name “yyyy” exists.

Thanks,
dn6116

You would first want relevance that would return all accounts on Linux computers and put that into an analysis property or a property. There may be one that already exists. Try this:

unique values of names of local users

For applicability or True / False result you would take the relevance from above and add a whose filter so it would be True if the account exists. See this example: https://www.bigfix.me/relevance/details/3021194

Then for reporting, you would use session relevance to get the set of computers where that particular account exists.


Related:

Thanks for the quick response.
Probably I should explain a bit more.
I want to use IEM CLI to get the list of computers where the account exists so I can build a HTML …

Cheers,
Dan

Hi James,

I’ve created an analysis as recommended but the property result has on some servers. I think “local users” operator is available only on the new client version.
Not sure whether I can extract the info from web reports or not.

Cheers,
Dan

Dan,

You might be right. I checked the reference and it looks like Local User creation method was introduced in 9.5.0.311 for the Linuxes.
https://developer.bigfix.com/relevance/reference/user.html#local-user-user

You might try to use the more generalized Users, which goes back to the 8.x vintages of BigFix.

unique values of names of users

Hi Brolly33,

Thanks for the recommendation.
I found that all our clients have a custom property “LocalUsers” which contains all users from /etc/passwd files. Not sure from which analysis this property was created (built-it???).

I tried to use “whose” as a filter as recommended by James but it seems not working
My filter:
(name of it) of bes computers whose (value of results from (BES Property “LocalUsers”) of it contains “xxxxx”)

Any suggestions?

Thanks,
Dan

The “users” and “local users” inspectors on Linux only reflected the users that had client UI’s which is why I fixed the local users to give the true information of all the local users so its unlikely the “users” inspector will get you what you need before 9.5.

Yet another reason to upgrade :slight_smile:

2 Likes

I have not read through the entire thread but maybe something like this?

Q: if exists file ("/etc/passwd") whose (exists line whose (it contains “operator:x”) of it) then “useraccount operator present” else "useraccount operator not present"
A: useraccount operator present
T: 432

That should work and is the basis of the local users inspector in the newer versions.