search cancel

Custom scripts for NCM Block Policies not parsing correctly since Spectrum update 21.2.8

book

Article ID: 244308

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction


Since Spectrum update to 21.2.8, from 10.4.2.2,  the block policy is not parsing correctly and we see the following error message.

 

 

error text :

May 05, 2022 10:26:57.343 - ScmServiceImpl::parseScriptOutputXml(): GotJDOMException exceptionpolicy /spectrum/NCM/cache/blockScOutput_27614663_3150755933162512331.xml : Error on line 1 of document file:/spectrum/NCM/cache/blockScOutput_27614663_3150755933162512331.xml: Premature end of file.

May 05, 2022 10:26:57.345 - ScmServiceImpl::verifyScriptBlock(): Got violated the policy policyMh: 27614663

type: SCRIPT_BLOCK

scriptContent: "#!/bin/bash# ## Script will return STDOUT has TRUE OR FALSE ( case insensitive)## FALSE ->  Policy is NOT Violated# TRUE  ->  Policy is Violated## First Argument is Temporary File name that contains BLOCK of configuration for validation# Remaining Argument are Dynamic Params configured during  on policy  definition.## First Line is Block Start matched Tag in the BLOCK.# LAST  Line is Block End matched Tag in the BLOCKblockTextFile=$1startTag=`head -n 1 $blockTextFile`endTag=`tail -n 1 $blockTextFile`#conditions to be validated on Blockgrep -F \"local-user \" <$blockTextFile|grep -vF \"undo local-user admin\"|grep -vE \"local-user\\s(Passwordmanager)\" 1>/dev/null 2>&1if [ $? = 0 ]then echo true exitfiecho falseexit"

output text

 

**<internal error> Unable to parse Script outputfile**

 

This is the core of issue.

 

We saw temporary file with blocks and empty xml files.

 

 

 

 

Environment

Release : 21.2

Component : Spectrum Applications

Cause

in Spectrum 10.4.3 the NCM Block Policies were updated, therefore any custom scripts need to be updated.

Resolution

Some changes to NCM Block Policy were made in 10.4.3 that requires the custom scripts to be updated.

 

 

Additional Information

The output file contents need to filled by the user using the custom script. Previously we used to tell whether policy is violated or not, but now we can show more information about violation using the output file. 
Customer can refer to sample script file that is provided with installation to know more about how to populate that data.

 

Using similar script as example we updated documentation section as well: Doc Link

 


Ask them to modify the script as they should able to populate the violation data properly.