Defining a conditional construct

Conditional constructs are used in discovery signatures and compliance rules. Conditional constructs are used to organize basic conditions, loops, or nested conditional constructs in an If-then-elseif type of logical sequence to create complex expressions for evaluation.

A conditional construct can consist of basic conditions, loops, or other (nested) conditional constructs.

To create a conditional construct perform the following steps:

Step 1: Define an If... Then... End sequence

A conditional construct always begins with one If...Then...End sequence.

1. Click the drop-down arrow beside the New Condition icon and select the If... Then... End option.
2. Define a pair of conditions or loops for the If... Then... End sequence, in the following manner:
   1. Select the if line.
   2. Click the drop-down arrow beside the New Condition icon and select available condition types.

Double-click the then line and repeat steps b and c for the condition or loop that depends on the TRUE/FALSE outcome of the preceding condition or loop.

After the initial if-then block, you can insert any number of optional elseif-then blocks.

Finally, before the end of the full conditional construct, you can insert one last optional else statement, with a condition to be evaluated if all preceding if and elseif conditions returned FALSE values.

A conditional construct can be combined with basic conditions or nested within a loop. A conditional construct can also be enclosed within another conditional construct.

Step 2: Define a conditional construct

1. Define a pair of conditions or loops for the if-then block, in the following manner:
   1. Select the if line.
   2. Click the New Condition icon for a basic condition, or click the drop-down arrow beside this icon and select from the full range of available condition types.
      • Basic Condition
      • Foreach Loop, Count Loop, or Exists Loop for the loop of your choice
   3. In the displayed fields, define the condition as discussed in one of the following topics:
      • Defining-a-basic-condition
      • Defining-a-loop

   4. Double-click the then line and repeat steps b and c for the condition or loop that depends on the TRUE/FALSE outcome of the preceding condition or loop.

      A noteworthy example of a useful then statement is a Command configuration object in the LHS operand along with the remediate operator (and no RHS operand). This combination enables you to execute a shell command as a remediation action at the end of compliance analysis.

      Warning

      Parts that are used in a condition are collected even before the condition is evaluated. Therefore, whenever you include a part in a condition with the purpose of setting information on the operating system, ensure that the line ends with a remediate operator. Use the remediate operator, for example, whenever you include commands such as touch, rm, cp, mv, sed, awk, any command with > or >>, or whenever you call a custom script or executable.

2. (Optional) To insert an elseif-then block, select the line above where you want to insert it, and then click the drop-down arrow beside the New Condition icon and select the Elseif option. Then insert a pair of conditions — one after the elseif line and the other after the then line — as described in step 2 for the if-then block.
    Repeat this step for any number of elseif-then blocks that you want to create.
3. (Optional) To insert an else statement before the end line, use the Else option from the drop-down arrow beside the New Condition icon, and then insert one condition after the else line.