Re: Running an "application" within HPSA (296 Views)
Reply
Frequent Advisor
Bertram Fukuda
Posts: 86
Registered: ‎11-30-2009
Message 1 of 11 (340 Views)
Accepted Solution

Running an "application" within HPSA

We're working with a government customer. We are in the process of a huge security review of all our systems using a DISA compliance scanning tool called SECSCN - we're running v6.3. They want to know if we can get HPSA to run SECSCN. Basically, SECSCN is a script that calls other scripts (shell/perl) based on OS, Organization etc.  Any ideas?

 

Thanks,

Bert

Please use plain text.
Trusted Contributor
DBR
Posts: 186
Registered: ‎07-29-2010
Message 2 of 11 (313 Views)

Re: Running an "application" within HPSA

Bert,

It is really just a script? Where are the other scripts located? Are they already on the servers? You can import the sciprts into HPSA and then either create a software policy to add them to the servers and then you could use an audit policy to set them up to run.

Don
Please use plain text.
Valued Contributor
Dimiter Todorov
Posts: 99
Registered: ‎03-02-2010
Message 3 of 11 (307 Views)

Re: Running an "application" within HPSA

[ Edited ]

If you have OGFS / OGSH enabled with a user that can impersonate root, then that would be the easiest way of running SECSCN. If not, you would have to use the Audit/Snapshot mechanism I think.

 

Your script would do something like this:

1. Enumerate Taget servers.

2. Copy SECSCN tarball using OGFS onto all target server.

3. Execute SECSCN as you would locally. Using rosh.

4. Create tarball of SECSCN results and copy from target server to OGFS local folder or to another remote server.

 

For example, here is a simple script that copied a file from a local server to a group of target servers.

Using this sort of for loop makes a task like SECSCN scanning really simple.

 

#!/bin/bash

cp -f /opsw/Server/@/WIN-VD-TEST/files/LOCALSYSTEM/L/RUBYDEV/feb2013/sasync/migration_files/Host_PortFile.txt ~/
dos2unix ~/Host_PortFile.txt
for n in `ls /opsw/Group/Public/Customer\ Groups/TOOLS/TOOLS_ROOT/HPSA_SERVERS/ALL_HPSA_SATELLITES/@/Server`
do
        echo $n
        cp  -r -f ~/Host_PortFile.txt /opsw/Group/Public/Customer\ Groups/TOOLS/TOOLS_ROOT/HPSA_SERVERS/ALL_HPSA_SATELLITES/@/Server/$n/files/root/var/opt/opsware/its/port_test/

done

 

Please use plain text.
Frequent Advisor
Bertram Fukuda
Posts: 86
Registered: ‎11-30-2009
Message 4 of 11 (302 Views)

Re: Running an "application" within HPSA

Don,

  Is it really just a script?

It's not just a script but a suite of scripts and associated files.  You run Start-SECSCN.sh, it's asks a couple of questions (location for reports & organization) and based on those answers and the OS it calls all the other required scripts.  When the script completes it creates a set of reports.

 

Where are the other scripts located? 

 The entire suite is contained in a tar ball in /var/tmp/ on the HPSA server.  Not sure if that answers your question though.  

Are they already on the servers? 

  No

 

Thanks,
Bert

Please use plain text.
Trusted Contributor
DBR
Posts: 186
Registered: ‎07-29-2010
Message 5 of 11 (296 Views)

Re: Running an "application" within HPSA

Bert,

You can import the tar ball into HPSA and then use a software policy to do the install.

You can use OGFS to run the Start-SECSCN.sh script. Does the script allow you to pass in the answers to the questions? Where do you get the organization from?


cd /opsw/api/com/opsware/script/ServerScriptService/method./.startServerScript:i self:n=$sunScript "args={timeOut=10
240000 tailOutputSize=10000 targets:i=com.opsware.device.DeviceGroupRef:$deviceG
roupID parameters='$imID'}" "userTag=$imID" | awk '{print $2}' FS=":"`

Something like the above.

Don


Please use plain text.
Frequent Advisor
Bertram Fukuda
Posts: 86
Registered: ‎11-30-2009
Message 6 of 11 (274 Views)

Re: Running an "application" within HPSA

Don,

  This might be the way to go.  I'll give it a go over the next fews days as time allows.

Thanks,
Bert

Please use plain text.
Frequent Advisor
Bertram Fukuda
Posts: 86
Registered: ‎11-30-2009
Message 7 of 11 (268 Views)

Re: Running an "application" within HPSA

Humm - So I imported my zip file, create a SW policy but can't see to get it to install the zip.  Is there some "magic" I'm missing?

 

Thanks,

Bert

Please use plain text.
Frequent Advisor
Bertram Fukuda
Posts: 86
Registered: ‎11-30-2009
Message 8 of 11 (243 Views)

Re: Running an "application" within HPSA

So I was able to get a SW policy to install my zip file and used the post-installation script to run the Start-SECSCN.sh script.  Now all I need to do it get the resulting report tar file back to my core server.  I'm thinking a OGFS script would be best but honestly don't know where to start.  Any help would be greatly appreciated.

 

Thanks,
Bert

Please use plain text.
Trusted Contributor
DBR
Posts: 186
Registered: ‎07-29-2010
Message 9 of 11 (236 Views)

Re: Running an "application" within HPSA

Bert,

How big is your report tar file? You do not want to use OGFS to move large files. The HPSA documentation says to only use it to move files like configuration files. We have set a 2MB limit for our users. If the files aren't that big then OGFS is the way to go.

Don
Please use plain text.
Frequent Advisor
Bertram Fukuda
Posts: 86
Registered: ‎11-30-2009
Message 10 of 11 (229 Views)

Re: Running an "application" within HPSA

Humm, our files are between 4M-5M. Are those too big for OGFS?  If so, what are the other options for getting the files to the core server?

 

 

Please use plain text.
Trusted Contributor
DBR
Posts: 186
Registered: ‎07-29-2010
Message 11 of 11 (221 Views)

Re: Running an "application" within HPSA

I would go ahead and try it and see what the impact is to your core.  If you do one at a time it might be ok.

 

Don

 

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation