Skip to main content

Issue with a worklet


MinnesotaJoe

I am working on a worklet to report back in the Activity log and then take after if the firewall is enabled on some CentOS boxes. But for some reason I cannot get the echos to appear in the activity log. Below is what I have.

#!/bin/bash
if [[ `firewall-cmd --state` = running ]]
then
    firewall_state=active
else
    firewall_state=inactive
fi
echo "Firewall State: $firewall_state" 1>&2
if [[ `systemctl is-enabled firewalld` = enabled ]]
then
    firewall_status=enabled
elif [[ `systemctl is-enabled firewalld` = masked ]]
then
    firewall_status=masked
elif [[ `systemctl is-enabled firewalld` = disabled ]]
then
    firewall_status=disabled
else
    firewall_status=unknown
fi
echo "Firewall Status: $firewall_status" 1>&2
if [ "$firewall_state" = "active" ] || [ "firewall_status" = "enabled" ]
then
    exit 1
else
    exit 0

11 replies

Nic-Automox
  • Former Automox Employee
  • 832 replies
  • June 5, 2020

It looks like you have the right command for the echo to go to the activity log. If you just try to write plain text to the activity log using the echo and 1>&2, does that show up at all?


MinnesotaJoe

No it is blank


Nic-Automox
  • Former Automox Employee
  • 832 replies
  • June 5, 2020

How about just some test code that all it does is try to write to the activity log? That will tell us if it’s a bug on our end or something in the rest of the code.


MinnesotaJoe

Used the below code, same result.

#!/bin/bash
echo "This is a test" 1>&2
exit 0

Nic-Automox
  • Former Automox Employee
  • 832 replies
  • June 5, 2020

Ok let me test it out on my end to reproduce. What version of Centos are you on, so I can make sure I have the same conditions?


MinnesotaJoe

Both test boxes are CentOS 7.8


Nic-Automox
  • Former Automox Employee
  • 832 replies
  • June 5, 2020

I was talking this over with the support folks and they let me know what they think the issue is. The way the worklet works is that it stores both stdout and stderr, and then which it writes to the activity log depends on the return code. If it exits with 0 then stdout gets written to the activity log, and if it exits with 1 (or anything else) it writes stderr. In the case of your code above, since it’s returning 0 it is throwing away stderr. Try your test echo code with the echo just going to stdout (i.e. remove the 1>&2) and see if it shows up. If that works, then I’d say echo to both stdout and stderr and then no matter which exit code gets returned you’ll see the firewall state info show up.


Nic-Automox
  • Former Automox Employee
  • 832 replies
  • June 5, 2020

Follow-up - I just tested out this behavior and it does work. You can duplicate your echo statements:
echo “firewall status”
echo “firewall status” 1>&2

and that way it will be captured no matter which path the rest of the code takes and what the return code is.


MinnesotaJoe

Odd, still returns nothing in the log.

#!/bin/bash
if [[ `firewall-cmd --state` = running ]]
then
    firewall_state=active
else
    firewall_state=inactive
fi
if [[ `systemctl is-enabled firewalld` = enabled ]]
then
    firewall_status=enabled
elif [[ `systemctl is-enabled firewalld` = masked ]]
then
    firewall_status=masked
elif [[ `systemctl is-enabled firewalld` = disabled ]]
then
    firewall_status=disabled
else
    firewall_status=unknown
fi
echo "Firewall Status: $firewall_status" 1>&2
echo "Firewall Status: $firewall_status"
echo "Firewall State: $firewall_state" 1>&2
echo "Firewall State: $firewall_state"
if [ "$firewall_state" = "active" ] || [ "firewall_status" = "enabled" ]
then
    exit 1
else
    exit 0

Interestingly if I put the echos in the remediation section it does echo.


Nic-Automox
  • Former Automox Employee
  • 832 replies
  • June 8, 2020

That is strange - let me play with the full code on my end and see if I can get it to show up.


Nic-Automox
  • Former Automox Employee
  • 832 replies
  • June 16, 2020

Sorry, got sidetracked from this last week. One question: are you running the above code in the evaluation section or the remediation section? Evaluation code won’t write to the activity log, so maybe try reporting from the remediation code if that’s the case?


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings