This space contains documentation for TrueSight Server Automation 8.9.03 and the later service packs for 8.9. For earlier releases, see BMC Server Automation 8.9.

Using commands in conditions

Configuration objects of type Command in a rule condition enable you to execute shell scripting commands and analyze their output. Use of the Command object type replaces the need to define a command or script during the creation of a configuration object through the Local Configuration Objects tab.

Before you begin

To support the execution of commands through Compliance rules, ensure that the ComponentTemplate.ExecuteCommand authorization is assigned to the template (through the Permissions panel during template creation or through the Permissions view).

Command syntax in rules

For a Command configuration object, use the following syntax in a rule condition:


If you need quotes in the Command string, note that very often single quotes work better than double quotes. 


"Command:cat /etc/passwd|wc -l".int
"Command:which rpcinfo".Out_Put

These examples contain the following elements:

ElementExample 1Example 2
Object typeCommandCommand
Object commandcat /etc/passwd|wc –lwhich rpcinfo
Command propertyIntOut_Put

The command property at the end of the string determines the type of command output to be analyzed by the rule condition. You can choose from the following available command properties:

Command property valueType of output to analyze

Standard output (stdout) of a command, textual output

IntInteger-type command output
MessageStandard error (stderr) textual output of a command
ExitcodeExit code output of a command

String list output of a command

Command exit codes

Every time you run a command, the command returns an exit status, also known as the return status or exit code. If the command was successful, the return status is 0. If the command was unsuccessful, the return status is 1 or some other non-zero value that can usually be interpreted as an error code.

To check for the exit status of the last command executed, you can use the $? string. This returns 0 for success, or an integer in the range of 1–255 for an error.


 Successful execution of the following command will return an exit status of 0. 

echo "hello"
echo $? 

In the following example, the command is unrecognized and execution will fail. Therefore, a non-zero exit status is returned.

echo $? 

Workaround for the grep command

During a Compliance Job or rule test for a condition that contains the grep command, if no match is found for the specified string, the exit code for the rule is 1 (an error code), and not 0 (the number of matches). For example, during analysis of the grep command in “Command:echo hello|grep hellox", an exit code of 1 is returned if no match is found, and this non-zero exit code is treated as an error.


The following conditions demonstrate the use of the grep command with the various types of output. All return an exit code of 1, and the rule result will be blank and non-compliant.

"Command:echo hello|grep hellox".Out_Put = "0"

"Command:echo hello|grep hellox".Int = 0

"Command:echo hello|grep hellox".Message = "0"

"Command:echo hello|grep -c hellox".Exitcode = 0

"Command:cat /etc/passwd|grep hellox".StringList contains "0"

The same behavior is true for a condition that contains grep -c, as in "Command:echo hello |grep -c hellow". As a result, the output is not stored in the Out_put (stdout) or Message (stderr) output types, and it cannot be converted into an integer value (Int output type).

For this reason, do not use grep as the last command in your condition if you do not want an exit code 1 to be returned whenever the command is unrecognized or executes with an error, or when the specified string is not found. As a workaround, you can add wc –l to the command, to return a counter. For example: echo hello|grep hellow|wc –l


For a condition with the following command:

"Command:rpm -qa| egrep -c 'hpsmh'".Out_put

Edit your condition to look like this:

"Command:rpm -qa| egrep 'hpsmh'| wc –l".Out_put

Remediating with commands

The Command object can also be used in combination with the remediate operator to execute a shell command as a remediation action at the end of compliance analysis. To use the Command object in this manner, specify the shell command without appending a property to it. This combination of operand and operator is typically used in a then statement within a conditional construct.

For example:

"Command:touch /etc/" remediate


Parts that are used in a condition are collected even before the condition is evaluated. Therefore, whenever you include a part in a condition with the purpose of setting information on the operating system, ensure that the line ends with a remediate operator. Use the remediate operator, for example, whenever you include commands such as touch, rm, cp, mv, sed, awk, any command with > or >>, or whenever you call a custom script or executable.

Command execution during Compliance analysis or rule testing

When a command is executed by a Compliance Job or during rule testing, TrueSight Server Automation performs the following steps:

  1. Creates a tmp directory on the Agent, within the RSCD directory.
  2. Copies a script file that contains the command from the Application Server to the Agent's tmp directory.
  3. Executes the script from the RSCD/tmp directory.
  4. After script execution, deletes the script file from the RSCD/tmp directory.

Related topics

Defining a basic condition
scriptutil: The Slightly Odd Duck
Summarized descriptions of Network Shell commands

Was this page helpful? Yes No Submitting... Thank you