Scheduling specific checks
You can create a custom action to run a subset of checks on your own schedule.
About this task
The default behavior for a UNIX deployment is to run the scripts as a single batch. However, you can also run any subset of the checks on your own defined schedule. Each time that you do, the batch that you deploy overwrites any previous batch commands. The runme.sh master script provides a ‘-F’ option, which takes a file name as its argument. It has the following form:
./runme.sh -F <FILE>
This command causes runme.sh to run only the set of checks that are specified in <FILE>. This file is a 7-bit ASCII file with UNIX newlines that contains a list of the specific checks you want to run, as follows:
GEN000020
GEN000480
GEN000560To select a specific script and run schedule, create a custom action. This action creates the file that contains the list of checks and deploys it to Endpoint Manager clients. This action is similar to the creation of a custom parameter file.
Procedure
- In the console, go to to access the Take Action dialog.
- To run the action on computers with a custom relevance clause, click the Applicability tab and select ...the following relevance clause evaluates to true..
- In the text box, enter a relevance clause to identify the
subset of computers you want to target.For example, to restrict the action to Solaris 10 systems, enter the following expression:
name of operating system = “SunOS 5.10 (not exists last active time of it or (now - last active time of it) > (15 *minute)) of action - Click the Action Script tab to create
a script that copies your file onto target computers. Click the second
button and enter a script like the one in the following screen capture.
- This script creates the target directory with the file
that contains the checks that you want to run and moves the file into
the appropriate directory. You can copy and paste the following sample
script that specifies three checks, GEN000020, GEN000480, and GEN000560.
// create a script that will create the necessary directory delete __appendfile appendfile #!/bin/sh appendfile mkdir –p ../../scm_preserve/SunOS/5.10 delete createdir.sh move __appendfile createdir.sh wait /bin/sh ./createdir.sh // create the file containing the checks that you wish to run delete __appendfile appendfile GEN000020 appendfile GEN000480 appendfile GEN000560 delete ../../scm_preserve/SunOS/5.10/daily.txt move __appendfile ../../scm_preserve/SunOS/5.10/daily.txt - Run the runme.sh script with the –F option. Modify the
Deploy and Run Security Checklist task to run the script.
- Find and select the Deploy and Run Security Checklist task.
- Click Take Action
- In the Target tab, then select the endpoints.
- Click the Action Script tab. Modify the Action Script to make runme.sh use the –F option and point to the file that contains the check list. The file in the example is named daily.txt.
- You can copy, paste, and modify the following sample script.
prefetch DISA.zip sha1:99c90759cc496c506222db55bd864eba4063b955 size:108089 http://software.bigfix.com/download/SCM/SunOS-20080417.zip delete __appendfile delete run_SCM.sh appendfile #!/bin/sh if {exists folder ((pathname of parent folder of parent folder of folder (pathname of client folder of current site)) & "/SCM")} appendfile rm -rf {((pathname of parent folder of parent folder of folder (pathname of client folder of current site)) & "/SCM")} endif appendfile mv __Download/DISA.zip {((pathname of parent folder of parent folder of folder (pathname of client folder of current site)))} appendfile cd {((pathname of parent folder of parent folder of folder (pathname of client folder of current site)))} appendfile gzip -dvS .zip DISA.zip appendfile FILE=`ls -1 DISA* | grep -v zip` appendfile tar xf $FILE appendfile rm -rf $FILE appendfile cd {((pathname of parent folder of parent folder of folder (pathname of client folder of current site)) & "/SCM")} appendfile ./runme.sh -F ../scm_preserve/SunOS/5.10/daily.txt move __appendfile run_SCM.sh wait sh ./run_SCM.sh