Using commands in conditions

Configuration objects of type Command in a rule condition enable you to execute shell scripting commands and analyze their output. Use of the Command object type replaces the need to define a command or script during the creation of a configuration object through the Local Configuration Objects tab.

Before you begin

To support the execution of commands through Compliance rules, ensure that the ComponentTemplate.ExecuteCommand authorization is assigned to the template (through the Permissions panel during template creation or through the Permissions view).

Command syntax in rules

For a Command configuration object, use the following syntax in a rule condition:
"objectType:objectCommand".CommandProperty

Note

If you need quotes in the Command string, note that very often single quotes work better than double quotes. 

Examples:

"Command:cat /etc/passwd|wc -l".int
"Command:which rpcinfo".Out_Put

These examples contain the following elements:

ElementExample 1Example 2
Object typeCommandCommand
Object commandcat /etc/passwd|wc –lwhich rpcinfo
Command propertyIntOut_Put

The command property at the end of the string determines the type of command output to be analyzed by the rule condition. You can choose from the following available command properties:

Command property valueType of output to analyze
Out_Put

Standard output (stdout) of a command, textual output

IntInteger-type command output
MessageStandard error (stderr) textual output of a command
ExitcodeExit code output of a command
StringList

String list output of a command

Command exit codes

Every time you run a command, the command returns an exit status, also known as the return status or exit code. If the command was successful, the return status is 0. If the command was unsuccessful, the return status is 1 or some other non-zero value that can usually be interpreted as an error code.

To check for the exit status of the last command executed, you can use the $? string. This returns 0 for success, or an integer in the range of 1–255 for an error.

Examples

 Successful execution of the following command will return an exit status of 0. 

echo "hello"
echo $? 

In the following example, the command is unrecognized and execution will fail. Therefore, a non-zero exit status is returned.

hello
echo $? 

Workaround for the grep command

During a Compliance Job or rule test for a condition that contains the grep command, if no match is found for the specified string, the exit code for the rule is 1 (an error code), and not 0 (the number of matches). For example, during analysis of the grep command in “Command:echo hello|grep hellox", an exit code of 1 is returned if no match is found, and this non-zero exit code is treated as an error.

Examples

The following conditions demonstrate the use of the grep command with the various types of output. All return an exit code of 1, and the rule result will be blank and non-compliant.

"Command:echo hello|grep hellox".Out_Put = "0"

"Command:echo hello|grep hellox".Int = 0

"Command:echo hello|grep hellox".Message = "0"

"Command:echo hello|grep -c hellox".Exitcode = 0

"Command:cat /etc/passwd|grep hellox".StringList contains "0"

The same behavior is true for a condition that contains grep -c, as in "Command:echo hello |grep -c hellow". As a result, the output is not stored in the Out_put (stdout) or Message (stderr) output types, and it cannot be converted into an integer value (Int output type).

For this reason, do not use grep as the last command in your condition if you do not want an exit code 1 to be returned whenever the command is unrecognized or executes with an error, or when the specified string is not found. As a workaround, you can add wc –l to the command, to return a counter. For example: echo hello|grep hellow|wc –l

Example

For a condition with the following command:

"Command:rpm -qa| egrep -c 'hpsmh'".Out_put

Edit your condition to look like this:

"Command:rpm -qa| egrep 'hpsmh'| wc –l".Out_put



Command execution during Compliance analysis or rule testing

When a command is executed by a Compliance Job or during rule testing, BMC Server Automation performs the following steps:

  1. Creates a tmp directory on the Agent, within the RSCD directory.
  2. Copies a script file that contains the command from the Application Server to the Agent's tmp directory.
  3. Executes the script from the RSCD/tmp directory.
  4. After script execution, deletes the script file from the RSCD/tmp directory.

Related topics

Defining a basic condition
scriptutil: The Slightly Odd Duck
Summarized descriptions of Network Shell commands

Was this page helpful? Yes No Submitting... Thank you

Comments