(imported topic written by ev475)
Two separate issues. Was wondering if anybody else has run into these and/or if SCM developers can correspond with me as to a possible solution. Defining “hang” as making no movement past the same scriptlet for over 2 hours.
ONE)
Site - SCM Checklist for DISA STIG on AIX 6.1
Task - Deploy and Run Security Checklist AIX 6.1
Traceable to scriptlet: globalfind
ps -ef | grep SCM
root 602116 393400 0 13:09:22 - 0:00 sh ./run_SCM.sh
ps -ef | grep 602116
root 540828 602116 0 13:09:23 - 0:00 /bin/sh ./runme.sh -g
root 602116 393400 0 13:09:22 - 0:00 sh ./run_SCM.sh
ps -ef | grep 540828
root 540828 602116 0 13:09:23 - 0:00 /bin/sh ./runme.sh -g
root 606416 540828 0 13:09:23 - 0:00 /bin/sh ./util/globalfind
The shell script attempts to isolate the UNIX “find” command to specific filesystem types (variable EXCLUDEFS). Based on manual, command-line runs of the code, however, I believe that it still manages to include filesystems such as NFS automounts which lead to extensive search times on some of our servers.
TWO)
Manual run of /var/opt/BESClient/SCM/runme.sh on an AIX 5.3 client.
Hangs on scriplet: GEN003220
#ps -ef | grep runme
root 25188 66922 0 14:08:46 pts/1 0:00 /bin/sh ./runme.sh
#ps -ef | grep 25188
root 25188 66922 0 14:08:46 pts/1 0:00 /bin/sh ./runme.sh
root 68794 25188 0 14:34:40 pts/1 0:00 sh ./AIX/3/GEN003220.detect
The log shows the following:
#cd /var/opt/BESClient/SCM/mytmp/results
#more GEN003220.detect.log
./AIX/3/GEN003220.detect
60
: sk: 0403-012 A test command parameter is not valid
.
./AIX/3/GEN003220.detect
60
: test: 0403-004 Specify a parameter with this comma
nd.
./AIX/3/GEN003220.detect
60
: test: 0403-004 Specify a parameter with this comma
nd.
Killing the scriptlet terminates the entire runme:
#kill -9 68794
/var/opt/BESClient/SCM:./runme.sh
A scriptlet returned an unexpected return value, cannot continue