search cancel

command not whitelisted c=`rpm


Article ID: 242472


Updated On:


Control Compliance Suite Standards Server


Control Compliance Suite after making a copy of a predefined Linux Standard, running a data collection job getting error.

The following commands are not whitelisted c=`rpm




The predefined Standards by default bypass the CommandWhitelist requirements.


After making a copy of a predefined Standard it becomes a custom Standard and any command based checks then need to have all commands listed in the CommandWhitelist.ini file on each CCS Manager doing data collection.

In this case the check '1.7.2 Ensure GDM login banner is configured for RHEL' has the following command.

c=`rpm -q gdm 2>/dev/null`; if [[ ${c} != *"not installed"* ]]; then echo "Pass"; egrep "^user-db:user$|^system-db:gdm$|^file-db:/usr/share/gdm/greeter-dconf-defaults$" /etc/dconf/profile/gdm 2>/dev/null; egrep -rin "banner-message-enable=true|banner-message-text=*" /etc/dconf/db/gdm.d/ 2>/dev/null;else echo "Fail"; fi

As that first part "c=`rpm" are altogether with no space CCS recognizes this as a single command.

Edit the CommandWhitelist.ini file and add in the command "c=`rpm" to the bottom of the [Linux] section of commands. Make sure this is done on each CCS Manager.

Please refer to the following documentation on how to add the command to the CommandWhitelist.ini file.

About whitelisting commands for Commands entity for UNIX