Itcs103 script
#!/usr/local/bin/perl
##################################################################
#
# TSM Healthcheck Script
#
# 04/17/2003
#
##################################################################
##################################################################
#
# User-defineable variables (defaults work like a charm on AIX)
#
##################################################################
$TSM_DIR="/usr/tivoli/"; # where the tsm/ dirtree resides
$TSM_SERVER_PATH="/usr/tivoli/tsm/server/bin/"; # location of dsmserv.opt
$SERVER="usrdad003"; # Hostname of server (for report output only)
$ID="sysop"; # TSM ID that script will login as
$PWPATH="/home/root/adsm/.passwd"; # root-protected location of above ID pw
##################################################################
#
# DO NOT ALTER ANY CODE BELOW THIS POINT!!!!
#
##################################################################
use Time::Local;
$pass = `cat $PWPATH`;
chomp $pass;
($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst)=localtime(time);
$today=timelocal(0,0,0,$mday,$mon,$year);
$year += 1900;
$mon +=1; if ($mon < 10) { $mon = "0".$mon; }
if ($mday < 10) { $mday_pretty = "0".$mday; } else { $mday_pretty = $mday; }
format HEADER=
==============================================================================
IBM TSM Monthly Healthcheck Report for @<<<<<<<<<<<<<<
$SERVER
Generated @>-@>-@>>>
$mon, $mday_pretty, $year
==============================================================================
Parameter Value Status
------------------------------------------------------------------------------
.
$~=HEADER;
write;
format SUMMARY=
@<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @<<<<<<<<<<< @<<<<<<<<<<<<<<
$parameter, $value, $status
.
$~=SUMMARY;
open (SESSION, "dsmadmc -id=$ID -pa=$pass -tabd 'select minpwlength,invalidpwlimit, passexp, actlogretention, accounting, authentication from status' |");
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
chomp;
next if ($_ eq "");
last if /^ANS8002I/;
@fields = split("\t");
$minpwlength=$fields[0]; $invalidpwlength=$fields[1];
$passexp=$fields[2]; $actlogretention=$fields[3];
$accounting=$fields[4]; $authentication=$fields[5];
}
close (SESSION);
$parameter="Minimum PW Length";
$value=$minpwlength;
if ($minpwlength eq "8") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Invalid PW Limit";
$value=$invalidpwlength;
if ($invalidpwlength eq "5") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Password Expiration";
$value=$passexp;
if ($passexp eq "90") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Activity Log Retention";
$value=$actlogretention;
if ($actlogretention eq "60") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Accounting";
$value=$accounting;
if ($accounting eq "ON") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Authentication";
$value=$authentication;
if ($authentication eq "ON") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
format SEPARATOR=
==============================================================================
Administrator ID's With No Contact Field Information
==============================================================================
.
$~=SEPARATOR;
write;
format ADMINS=
@<<<<<<<<<<<<<<<<<<<<<<<<<<<
$admin
.
$~=ADMINS;
$admin="[PASSED]";
open (SESSION, "dsmadmc -id=$ID -pa=$pass -tabd 'select admin_name, contact from admins' |");
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
chomp;
next if ($_ eq "");
last if /^ANS8002I/;
@fields = split("\t");
$admin_name=$fields[0]; $contact=$fields[1];
if ($contact eq "") { $admin = $admin_name; write; }
}
close (SESSION);
format SEPARATOR2=
==============================================================================
Administrator ID's With System Privilege
==============================================================================
.
$~=SEPARATOR2;
write;
$~=ADMINS;
open (SESSION, "dsmadmc -id=$ID -pa=$pass -tabd 'select admin_name, system_priv from admins' |");
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
chomp;
next if ($_ eq "");
last if /^ANS8002I/;
@fields = split("\t");
$admin_name=$fields[0]; $system_priv=$fields[1];
if ($system_priv eq "Yes") { $admin = $admin_name; write; }
}
close (SESSION);
format SEPARATOR3=
==============================================================================
File Permissions per GSD331 Requirements
==============================================================================
.
$~=SEPARATOR3;
write;
$~=SUMMARY;
print "TSM Server Executable Directory (Correct Setting: drwxr-xr-x):\n";
$parameter=$TSM_DIR . "tsm";
$value = `ls -la $TSM_DIR | grep tsm`;
$value = substr($value, 0, 10);
if ($value eq "drwxr-xr-x") {$status="[PASSED]"; }
else { $status="[FAILED]"; }
write;
## Let's look at the permissions on volhist files
print "\nVolume History Files (Correct Setting: -rw-r-----):\n";
$optfile = $TSM_SERVER_PATH . "dsmserv.opt";
open (SESSION, "cat $optfile | grep VOLUMEH |");
while (<SESSION>) {
chomp;
s/^\s*(.*?)\s*$/$1/;
next if ! /^V/;
@fields = split(" ");
$parameter = $fields[1];
$value = `ls -la $parameter`;
$value = substr($value, 0, 10);
if ($value eq "-rw-r-----") {$status="[PASSED]"; }
else { $status="[FAILED]"; }
write;
}
close(SESSION);
print "\nDevice Configuration Files (Correct Setting: -rw-r-----):\n";
open (SESSION, "cat $optfile | grep DEVCONF |");
while (<SESSION>) {
chomp;
s/^\s*(.*?)\s*$/$1/;
next if ! /^D/;
@fields = split(" ");
$parameter = $fields[1];
$value = `ls -la $parameter`;
$value = substr($value, 0, 10);
if ($value eq "-rw-r-----") {$status="[PASSED]"; }
else { $status="[FAILED]"; }
write;
}
close (SESSION);
print "\nStorage, Log, and Storage Vols (Correct Setting: -rw-r-----):\n";
$dskfile = $TSM_SERVER_PATH . "dsmserv.dsk";
open (SESSION, "cat $dskfile |");
while (<SESSION>) {
chomp;
next if ! /^\//;
$parameter = $_;
$value = `ls -la $parameter`;
$value = substr($value, 0, 10);
if ($value eq "-rw-r-----") {$status="[PASSED]"; }
else { $status="[FAILED]"; }
write;
}
close(SESSION);
format SEPARATOR4=
==============================================================================
Invalid Logon Attempts (Previous 10 Days, Message 2177)
==============================================================================
.
$~=SEPARATOR4;
write;
open (SESSION, "dsmadmc -id=$ID -pa=$pass q act begind=-10 msgno=2177 |");
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
last if /^ANS8002I/;
chomp;
print "$_\n";
}
close(SESSION);
format SEPARATOR5=
==============================================================================
Invalid Logon Attempts (Previous 30 Days, Message 0423)
==============================================================================
.
$~=SEPARATOR5;
write;
open (SESSION, "dsmadmc -id=$ID -pa=$pass q act begind=-30 msgno=0423 |"
);
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
last if /^ANS8002I/;
chomp;
print "$_\n";
}
close(SESSION);