Skip to main content

Hey,

 

I’ve made this worklet condition script but it seems the Remediation Code even that there is no Docker0 interface and non of the IPs start with 172.x.x.x

Evaluation Code

 

#!/bin/bash

# Check if the docker0 interface exists
if ip addr show docker0 &> /dev/null; then
    # Get the IP address of the docker0 interface
    docker0_ip=$(ip addr show docker0 | awk '/inet / {split($2, a, "/"); print a;1]}')

    # Check if the IP address starts with 172.x.x.x
    if r $docker0_ip =~ ^172\._0-9]{1,3}\..0-9]{1,3}\..0-9]{1,3}$ ]]; then
        echo "The docker0 interface has an IP address starting with 172.x.x.x."
        exit 1
    else
        echo "The docker0 interface does not have an IP address starting with 172.x.x.x."
        exit 0
    fi
else
    echo "The docker0 interface does not exist."
    exit 0
fi

I would expect it to not run the script (Remediation Code) since non of the conditions are met but the activity log says: Created a new Docker default file at /etc/default/docker and checking the device the file was created.

Any chance to figure why?

Same for another worklet I’ve created that suppose to update Ubuntu client DNS in AD :

Evaluation Code

#!/bin/bash

# Check if update_dns.sh file exists in /etc/cron.d/
if f -f /etc/cron.d/update_dns.sh ]]; then
    echo "The update_dns.sh file exists in /etc/cron.d/."
    exit 0
else
    echo "The update_dns.sh file does not exist in /etc/cron.d/."
    exit 1
fi

It seems that even if the file update_dns.sh is in place it move to process the Remediation Code but should not and exit with 0.


Hey! Thank you for posting! 
 

Can I ask how you’re running/testing these worklets? 
there’s a footnote in our worklets documentation that manually executed worklets will always trigger the remediation block. 

“Note that manually executing the worklet triggers the Remediation code regardless of the flagged exit code.” 
 

I’m gonna take a second to think why this is.. my instinct is that if we’re manually executing. That shouldn’t be different than a real world execution via API or schedule. 
 

I’ll let you know if our product team can explain why it was built this way.


Hey David!

Thank you for your feedback, this is correct, I’m testing the worklet policies by running them manually before adding the scheduling to them.

Any feedback from the team will be much appreciated. 

Thanks!


Reply