Sample Intellisigs and the Folder Structure

Configuring Asset Management › Custom Software Signatures › Creating Custom Intellisigs › Create a Suite Component › Sample Intellisigs and the Folder Structure

Sample Intellisigs and the Folder Structure

Two sample Intellisigs are provided in DSM path\Intellisigs folder.

For Windows:00000000-A0A0-AAAA-0000-AAAA0000AAAA
For Unix: 00000000-B0B0-BBBB-0000-BBBB0000BBBB

Sample.xml contains the metadata to import these samples into your MDB. Run the following command in the Intellisigs directory:

intellisigcmd import file=sample.xml

Each sample Intellisig has the following folder structure:

uuid of intellisig\version id\scriptfile.dms

Note: Place any additional Intellisig data files in the same location.

More information:

Export Intellisigs

Import Intellisigs

Analyze the Software Identification Information

As with traditional signatures, determine the product structure because this has to reflect in the script and its output. Determine the following:

Product naming, for example, Microsoft Office
Determine how releases of the product are structured and named.
- Verify if there are 32-bit and 64-bit releases.
- Verify if there are multiple languages.
- Verify if there are different releases for different platforms, for example, Office for Windows and Office for Mac.
Verify if the patches are individual binaries or installable packages registered with the OS.
Verify if the product provides an ISO19770-2 SWID file that can be read to provide the information required.

After determining the product structure and the naming convention, decide on the granularity of the Intellisig. This means deciding on how many separate Intellisigs you need to cover the product. The product may be large, for example, Microsoft Office. If the script required to detect each product is large, plan on multiple scripts per sub-product. These scripts are easier to maintain than a large script that performs all the tasks. If the product is small, for example 7-zip, a single script suffices.

Finally, determine the method of detection. An Intellisig must examine resources on the system to detect what is installed. This means looking for specific files, registry keys, configuration files, and settings. An Intellisig can be as intelligent as required. At one level, it can emulate a traditional signature and look for specific information. At another level, it can analyze the computer and detect all possible products from all manufacturers, even if those products are unknown to the Intellisig (similar to a heuristic scan). An ideal Intellisig can operate between these two levels. At a minimum, verify that any version and configuration of a product, past and future, can be detected (as opposed to specific existing versions).

Write your Intellisig

A custom Intellisig requires a metadata file and a script. The files need to be in a specific folder structure. For a sample Intellisig script and folder structure, see Sample Intellisigs and the Folder Structure.

Write the Metadata File

The metadata file is a .xml file that contains information about the Intellisig. The domain manager and software scanning agent use this file to manage it as a unit. This file also contains definitions of the triggers. The agent evaluates these rules to determine whether to run the script to minimize the runtime of the agent.

Example:

<eso_fingerprints version="1.0.0">
    <preferences>
        <ignore dllcache="true" />
        <ignore spuninstall="true" />
        <ignore internetcache="true" />
        <ignore cookies="true" />
        <ignore nortontrash="true" />
        <ignore sysbackup="true" />
        <ignore SDLib="true" />
    </preferences>
    <technologies dateupdateint="1320340565" dateupdate="05/12/11 11:28:05" >
        <technology id="11111111-B1B1-BBBB-1111-BBBB11110000"
                       name="Trigger Test Unix Single File And" version="1.0.0"
                    descr="Intellisig only run if file trigger detected (trigger_file.txt)"
                    swtype="17" srctype="6" iscript="intellisig-trigger-test.dms" os="Unix">
              <additional_files>
                  <data name="Trigger_Test_Unix.txt"/>
                  <data name="Trigger_Test2_Unix.txt"/>
              </additional_files>
              <group type="and">
                  <file name="trigger_file.txt" path="*" />
              </group>

</technology>

    </technologies>
</eso_fingerprints>

ID: Specifies the UUID of the intellisig. This ID can be generated using the Intellisig command line tool, intellisigcmd.exe genuuid.
iscript: Specifies the name of the Intellisig script file.
Additional_files: Specifies a list of optional files that the script requires.
Group: Defines an optional trigger.

Write the Script

A basic understanding of writing programs using dmscript is a prerequisite for writing the Intellisig script.

Note: For more information about the dmscript language, see ITCM_DMSScriptingLanguage_Ref_ENU.pdf.

An Intellisig script performs the following tasks:

Initializes, collects, and checks arguments.
Creates the output file.
Searches for the intended products, releases, patches, and installed instances and collects the required items of information about each.
Invokes the appropriate dmscript functions to copy this information to the output file in the correct order.
Reports any errors
Cleans up and terminates

On Windows, you can use the dmsedit utility to develop the script. This utility is an integrated editor and debugger for developing and running scripts. This method provides all the regular debug features of breakpoints, stepping through code, and examining variables.

Important! Do not use the print statement on Windows because the script is not interactive. On Windows, the result appears in an unscrollable dialog and appears only for 10 seconds. On UNIX, the output is stdout.

Use a text editor and a command line window to develop the script. You can use the dmstrace function to output diagnostic information to the trace log.

Write Scripts that Detect Multiple Products

The dmscript language supports the #include directive which lets you include scripts to execute functions in them. In line with the best practices for creating Intellisigs, we recommend the following approach to write scripts:

Write a script for each product you intend to detect and add each as an ancillary file to the Intellisig definition. These scripts perform the detection and registration of the detected product, release, patch as well as their discovered instances. Verify that these scripts do not perform any Intellisig initialization or finalization code.
Write a main script that performs the Intellisig initiation and finalization and add it to the Intellisig definition. Use the #include directive in the main script to include the ancillary files and run the exposed detection function in each as part of the main script execution.

Example:

The ancillary file windows.dms defines the function DetectWindows(…).

The ancillary file office.dms defines the function DetectOffice(…).

The ancillary file sql.dms defines the function DetectSql(…).

The main script main.dms appears as follows:

#include windows.dms
#include office.dms
#include sql.dms

DoInitialization(…)

Specifies the REM function defined in main.dms that parses args and calls OpenDetectedSoftwareOutputFiles and performs other initialization tasks.

DetectWindows(…): Specifies the REM function defined in windows.dms.
DetectOffice(…): Specifies the REM function defined in office.dms.
DetectSql(…): Specifies the REM function defined in sql.dms.
DoFinalization(…): Specifies the REM function defined in main.dms that calls CloseDetectedSoftwareOutputFiles and performs other cleanup tasks.

Write Help for the Custom Intellisig

You can write help for the Intellisigs that you create and provide additional details in a separate web page. The details help the Intellisig users to know more about the Intellisig. The help is displayed on the Intellisig properties page in DSM Explorer.

Follow these steps:

View the help file for one of the CA-provided Intellisigs.
1. Open DSM Explorer and navigate to Software, Definitions.
2. Right-click a CA-provided Intellisig and click Properties.
3. Click the Details tab on the Intellisig Properties dialog.
4. Click the ? button.
  A webpage displays additional information about the Intellisig.
Create a .html help file for your custom Intellisig based on a CA-provided Intellisig.
Save the help file with the Intellisig name as the file name.
Host the help files on a web server.
After you host the help files, configure the URL in the default configuration policy.
Navigate to Control Panel, Configuration, Configuration Policy. Unseal Default Configuration Policy.
Navigate to DSM, Administration Console.
Double-click the customIntellisigsURL parameter and specify the value as c:\webinfo\%name%.html in the Setting Properties dialog.
The help file is associated with the corresponding Intellisig based on the HTML file name and the URL you configured. When you test the Intellisig, you can test the help also.

Note: The caIntellisigsURL parameter specifies the help file details for CA-provided Intellisigs.
Repeat step 1 for your custom Intellisig to view the corresponding help file.

Initialization

The scanner launches dmscript in the same directory as the script file with the following arguments:

dmscript <scriptfile> -I <uuid of Intellisig> -v <version of Intellisig> -n <name of Intellisig>  -t <trigger_info>

trigger_info: Specifies an optional string that contains information about the trigger that runs the Intellisig. A script can use this string as hints in its discovery process, if necessary.

A script must collect and check that these arguments are present and if missing, report an error and exit. The values of arguments are available from the argv function.

Example:

dim sUuid as string
dim sISVersion as String
dim sISName as String
dim X as Integer 
for X=0 to argc()
    if ( argv(X)="-i") then
        sUuid = argv(X+1)
    endif
    if ( argv(X)="-v") then
        sISVersion=argv(X+1)
    endif
    if ( argv(X)="-n") then
        sISName = argv(X+1)
    endif
next X
if sUuid = "" then
    LogDetectedSoftwareError ("00404","Param1=missing argument uuid to script ")
    exit
endif

Trace and Report Errors

Dmscript provides a means of outputting tracing information to the log file, TRC_DMSCRIPTINTERPRETER_0.log. The log file is useful for debugging during development and troubleshooting after the release of the Intellisig.

Use the LogDetectedSoftwareError function to report errors back to the manager. This function writes errors in a standard format to a file called <uuid>.err. This file is automatically uploaded to the domain manager. Errors are also copied to the trace log file. DSM Explorer displays the messages in the job status dialog after converting the messages to the local language.

Note: Though this function lets you specify English text directly, use localized error messages. If required, edit the statmod.<lang> file on the manager or explorer to add your own messages.

Create the Output File

Open the output file using the OpenDetectedSoftwareOutputFiles function.

Example:

if OpenDetectedSoftwareOutputFiles (sUuid,sISVersion,sISName) <> CASWDETECT_OK then
    exit
endif

This function creates a file called <uuid>.xml, which contains the results.

Search for Items

Searching for items depends on the details of the product. You can use the following functions:

Detect Files and Directories

To detect if a file exists, use the ExistFile function. To detect a directory, use the ExistDirectory function.

Example:

ProgramFiles = EnvGetString(“ProgramFiles”)
if ExistDirectory (ProgramFiles + “\Microsoft Office”) then
…found MS Office…
if ExistFile (ProgramFiles + “\Microsoft Office\Office14\EXCEL.EXE") then
… found excel…

Read the Registry

Use the following functions:

RegOpenKey: Reads the registry
RegQueryValue: Reads a value
RegEnumKeys: Enumerates keys
RegEnumVariable: Enumerates variables
RegCloseKey: Closes a key

Note: dmscript is a 32-bit program, so Windows applies registry redirection to certain keys such as HKLM\SOFTWARE. To read the parts of the registry that is reserved for 64-bit programs, call setmode64(1). This action turns redirection off. This function also applies to certain parts of the file system such as \windows\system32.

Read the Environment

To read the content of an environment variable on Windows or UNIX, use the EnvGetString function.

Example:

path = EnvGetString(“PATH”)
…now search the path for a target directory..

You can also enumerate all environment variables using the EnvGetFirst and EnvGetNext functions.

Read Configuration Files

Use the following functions:

To read an .ini style file, use the ReadIniEntry function.
To read a plain text file, open it using the OpenFile function then read it using ReadFile.You can use the new GetToken function to parse lines of text.
To read an XML or binary file, write a custom DLL or external program and call it from the script. You can read the output of the program using the OpenFile function.

Note: The custom binary cannot be included in the Intellsig definition.

Run Programs

It is possible that dmscript cannot accomplish some tasks or there can be tasks in which it is simpler to run an existing shell script or external program. In such cases, use the Execute function.

Example:

To get the system version on Windows, use the following command:

Execute ("cmd.exe /c ver > dms.tmp”, True, 0)

The output is available in dms.tmp.

Read the list of Installed Programs

On Windows, run one of the following commands, from Microsoft, SysInternals:

wmic product
psinfo -accepteula -s

Redirect the output to a file and then read it.

Detect Running Programs

Dmscript cannot detect running programs directly but can spawn system commands which can detect these programs and then read their output.

Example:

(Unix)"
execute (“ps -ef | grep myprogram > /tmp/dms.tmp”) 
(Windows)
execute ("cmd.exe /c tasklist /nh /fi ""imagename eq powerpnt.exe"" > dms.tmp",true,0) 
…now read the contents of dms.tmp…

Create the Output

Products, releases, patches and instances exist in a hierarchy that you must follow in a script:

A product has a number of releases.
A release has a number of patches.
A release has a number of instances (or installed copies of the software).
A patch has a number of instances (or installed copies of the patch).

This means that you must specify a product first, followed by its releases, patches and instances. When creating the subsidiary items, the parent name and version must be specified too. Dmscript remembers the hierarchy being created and checks that the parents of items exist and are valid. If not, an error is returned. There are a number of specific functions for creating products. These functions have the following general format:

CreateDetectedSoftwareXXXX (name, version, [parentname, parentversion,…] OptionalProperties)

Create a Product

To create a product, use the following code:

CreateDetectedSoftwareProduct (ProductName as String,

                               ProductVersionLabel as String,

                               OptionalProperties as String) as integer

Example:

CreateDetectedSoftwareProduct("Microsoft Windows 7 Ultimate", “6.1”, "VersionNumber=6.1 | Language=en-us | Bitness=64 | Architecture=x64 | Manufacturer=Microsoft Corporation | Category=Operating Systems | Description=The Microsoft Windows 7 Product | ")

In this example, the values are defined but in a real script they are determined as part of the detection process.

Create a Release

To create a release of a product, use the following code:

CreateDetectedSoftwareRelease (ProductName as String,

                               ProductVersionLabel as String,

                               ReleaseName as String,

                               ReleaseVersionLabel as String,

                               OptionalProperties as String) as integer

Example:

CreateDetectedSoftwareRelease("Microsoft Windows 7 Ultimate", "6.1", "Microsoft Windows 7 Ultimate x64 64 en-us", "6.1.7600", "VersionNumber=6.1.7600 |Language=en-us | Bitness=64 |Architecture=x64 | Manufacturer=Microsoft Corporation | Category=Operating Systems | Description=The Microsoft Windows 7 Release | ")

Create a Patch

To create a patch, use the following code:

CreateDetectedSoftwarePatch (ProductName as String,

                             ProductVersionLabel as String,

                             ReleaseName as String,

                             ReleaseVersionLabel as String,

                             PatchName as String,

                             PatchVersionLabel as String,

                             OptionalProperties as String) as integer

Example:

CreateDetectedSoftwarePatch("Microsoft Windows 7 Ultimate", "6.1", "Microsoft Windows 7 Ultimate x64 64 en-us", "6.1.7600", "KB971033 x64 64 en-us", "Language=en-us | Bitness=64 | Architecture=x64 | Manufacturer=Microsoft Corporation | Category=Operating Systems | Description=The Microsoft Windows 7 Activation Checker Update | ")

Create an Instance

To create an installed instance of a release, use the following code:

CreateDetectedSoftwareReleaseInstance (ProductName as String,

                                       ProductVersionLabel as String,

                                       ReleaseName as String,

                                       ReleaseVersionLabel as String,

                                       OptionalProperties as String) as integer

To create an installed instance of a patch:

CreateDetectedSoftwarePatchInstance (ProductName as String,

                                     ProductVersionLabel as String,

                                     ReleaseName as String,

                                     ReleaseVersionLabel as String,

                                     PatchName as String,

                                     PatchVersionLabel as String,

                                     OptionalProperties as String) as integer

Example:

CreateDetectedSoftwareReleaseInstance("Microsoft Windows 7 Ultimate", "6.1", "Microsoft Windows 7 Ultimate x64 64 en-us", "6.1.7600", "Origin=Forward Inc | TrustLevel=5 | InstallPath=C:\Windows | SerialNumber=1234-567-890414-86668 | LastAccessed=2011-11-29T12:30 | ")

CreateDetectedSoftwarePatchInstance("Microsoft Windows 7 Ultimate", "6.1", "Microsoft Windows 7 Ultimate x64 64 en-us", "6.1.7600", "KB971033 x64 64 en-us", "", "Origin=Forward Inc | TrustLevel=5 | ")

Note: Replace the value in the Origin parameter to reflect your organization name.

Close the Output File

After releasing the resources your script uses, call CloseDetectedSoftwareOutputFiles.

Test the Intellisig

Test your script offline on a small number of computers before you release it. Testing lets you correct the script before you apply it on all the computers in your organization. You can run a script from the command line and then examine the following files for the results:

Compilation errors, if any, are generated in the trace log file. You can also view these errors in dmsedit and stdout on Unix.
Any errors that are raised by the script are stored in <uuid>.err and also the trace log file.
The discovered software results are stored in <uuid>.xml.

When testing, you do not need to specify a UUID on the command line. Any string works and is used to name the output files. The UUID is required only by the agent, which searches for files that are named using this string. It is recommended that you use a UUID.

Verify that you have available the computers, operating systems, and software installed that you want to detect. If not, simulate the installed software by creating the appropriate file, registry, and configuration entries that would normally be present. You can obtain trial versions from the vendors.

Verify that you test the script on all the target operating systems.

For the second level of testing, create a small DSM environment using spare computers or virtual machines. These computers must have an MDB, a domain manager, and a scalability server on one computer and the Asset Management agent installed on one of the target operating computers. Import the Intellisig using DSM explorer and run an Intellisig-based software detection task. Check that the expected results appear.

Release the Intellisig

An Intellisig that CA ITCM produces is delivered to customers using the content download job. If the Intellisig is custom created, use DSM Explorer to export it from the test manager and then import it into the production enterprise or domain manager.

More information:

Export Intellisigs

Import Intellisigs