Defining a conditional construct
Conditional constructs are used in discovery signatures and compliance rules. Conditional constructs are used to organize basic conditions, loops, or nested conditional constructs in an If-then-elseif type of logical sequence to create complex expressions for evaluation.
A conditional construct can consist of basic conditions, loops, or other (nested) conditional constructs.
You cannot use loops while creating a conditional construct for a discovery signature. For more information, see Creating a component signature.
To create a conditional construct perform the following steps:
Step 1: Define an If... Then... End sequence
A conditional construct always begins with one If...Then...End sequence.
- Click the drop-down arrow beside the New Condition icon and select the If... Then... End option.
- Define a pair of conditions or loops for the If... Then... End sequence, in the following manner:
- Select the if line.
- Click the drop-down arrow beside the New Condition icon and select available condition types.
|Basic Condition||Defining a basic condition|
|Foreach Loop, Count Loop, or Exists Loop||Defining a loop|
After the initial if-then block, you can insert any number of optional elseif-then blocks.
Finally, before the end of the full conditional construct, you can insert one last optional else statement, with a condition to be evaluated if all preceding if and elseif conditions returned FALSE values.
A conditional construct can be combined with basic conditions or nested within a loop. A conditional construct can also be enclosed within another conditional construct.
Step 2: Define a conditional construct
Define a pair of conditions or loops for the if-then block, in the following manner:
- Select the if line.
Click the New Condition icon for a basic condition, or click the drop-down arrow beside this icon and select from the full range of available condition types.
- Basic Condition
- Foreach Loop, Count Loop, or Exists Loop for the loop of your choice
- In the displayed fields, define the condition as discussed in one of the following topics:
A noteworthy example of a useful then statement is a Command configuration object in the LHS operand along with the remediate operator (and no RHS operand). This combination enables you to execute a shell command as a remediation action at the end of compliance analysis.
Parts that are used in a condition are collected even before the condition is evaluated. Therefore, whenever you include a part in a condition with the purpose of setting information on the operating system, ensure that the line ends with a remediate operator. Use the remediate operator, for example, whenever you include commands such as
awk, any command with
>>, or whenever you call a custom script or executable.
- (Optional) To insert an elseif-then block, select the line above where you want to insert it, and then click the drop-down arrow beside the New Condition icon and select the Elseif option. Then insert a pair of conditions — one after the elseif line and the other after the then line — as described in step 2 for the if-then block.
Repeat this step for any number of elseif-then blocks that you want to create.
- (Optional) To insert an else statement before the end line, use the Else option from the drop-down arrow beside the New Condition icon, and then insert one condition after the else line.