Unable to run a Unix /etc/passwd content query - Report Error : File "/etc/passwd" is a secure file. Cannot display its content.

book

Article ID: 156437

calendar_today

Updated On:

Products

Control Compliance Suite Unix Control Compliance Suite Windows

Issue/Introduction

Error reported while running bv Control for Unix agent-based or CCS 11 agent-based data collection or query on a Unix host.

Report Error : File "/etc/passwd" is a secure file. Cannot display its content.

Cause

In CCS 10.5.1, the query composite file descriptor needed to add Content Selection Options as well as selecting file content and adding a " * " strict in the search text field.

In CCS 11, running a Query or Data Collection with a CIS standard fo UNIX

In addition, securedFiles; SecuredFiles.dat was not commented out on the Unix targets.

The file bv.conf needs to be modified to comment out the securedFiles; SecuredFiles.dat reference.

Resolution

These steps are for Agent-based Unix Assets only.

CCS RMS Version 10.5.1:

  1. Login to the Unix host as root.
    1. cd /opt/bindview/bvcontrol
    2. vi bv.conf
  2. Comment out the following line by adding a hash key (#) at the start of the line.
    1. securedFiles; SecuredFiles.dat
  3. the line should now look;
    1. #securedFiles; SecuredFiles.dat
  4. Save the file.
  5. Restart the agent
    1. ./bvunix.startup restart
  6. Verify that the query has the following query composite file descriptor as shown in the image below. This is needed to add Content Selction Options as well as selecting file content and adding a " * " strict in the search text field.
  7. Rerun query.

 CCS Version 11.0 

  1. Login to the Unix host as root. Path provided for Linux targets; other platforms may vary but only one bv.conf file will be found.
    1. cd /esm/bin/dcmodules/Linux/UNIX/
    2. vi bv.conf
  2. Comment out the following line by adding a hash key (#) to the start of the line:
    1. securedFiles; SecuredFilesList.dat
  3. the line should now look:
    1. #securedFiles; SecuredFilesList.dat
  4. Save the file.
  5. Restart the agent: 
    1. /esm/esmrc restart
  6. Re-run the Data Collection or Query from the CCS 11.0 console.

Applies To

Client: 

bv-Control for UNIX version 10.5.1
RapidFire(s) Added : 10500, 10530, 10545, 10546, 10547, 10548, 10560, 10561, 10563,
OR 

CCS 11 Agent

Server:
Version 10.5.1, 11.0

Modules:
10.50.33.20200 UnixTIISnapin.dll
10.50.33.20200 UnixTIVSnapin.dll
10.50.33.20100 UnixIcons.dll