mbionwu
Newcomer
Does anyone have a script that checks the ITCS104 Compliance for TSM 7.1 running on Windows Server 2012?
-
Please be aware that ADSM.ORG will be going through forum software conversion and migration over the next several weeks. The cut-over date and time will be posted in the ADSM.ORG News & Announcements section as we near the target date. Please visit the following link for more details ADSM News & Announcements
-
Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)
Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
ITCS104 Healthcheck Script
- Thread starter mbionwu
- Start date
mbionwu
Newcomer
Itcs103 script
#!/usr/local/bin/perl
##################################################################
#
# TSM Healthcheck Script
#
# 04/17/2003
#
##################################################################
##################################################################
#
# User-defineable variables (defaults work like a charm on AIX)
#
##################################################################
$TSM_DIR="/usr/tivoli/"; # where the tsm/ dirtree resides
$TSM_SERVER_PATH="/usr/tivoli/tsm/server/bin/"; # location of dsmserv.opt
$SERVER="usrdad003"; # Hostname of server (for report output only)
$ID="sysop"; # TSM ID that script will login as
$PWPATH="/home/root/adsm/.passwd"; # root-protected location of above ID pw
##################################################################
#
# DO NOT ALTER ANY CODE BELOW THIS POINT!!!!
#
##################################################################
use Time::Local;
$pass = `cat $PWPATH`;
chomp $pass;
($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst)=localtime(time);
$today=timelocal(0,0,0,$mday,$mon,$year);
$year += 1900;
$mon +=1; if ($mon < 10) { $mon = "0".$mon; }
if ($mday < 10) { $mday_pretty = "0".$mday; } else { $mday_pretty = $mday; }
format HEADER=
==============================================================================
IBM TSM Monthly Healthcheck Report for @<<<<<<<<<<<<<<
$SERVER
Generated @>-@>-@>>>
$mon, $mday_pretty, $year
==============================================================================
Parameter Value Status
------------------------------------------------------------------------------
.
$~=HEADER;
write;
format SUMMARY=
@<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @<<<<<<<<<<< @<<<<<<<<<<<<<<
$parameter, $value, $status
.
$~=SUMMARY;
open (SESSION, "dsmadmc -id=$ID -pa=$pass -tabd 'select minpwlength,invalidpwlimit, passexp, actlogretention, accounting, authentication from status' |");
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
chomp;
next if ($_ eq "");
last if /^ANS8002I/;
@fields = split("\t");
$minpwlength=$fields[0]; $invalidpwlength=$fields[1];
$passexp=$fields[2]; $actlogretention=$fields[3];
$accounting=$fields[4]; $authentication=$fields[5];
}
close (SESSION);
$parameter="Minimum PW Length";
$value=$minpwlength;
if ($minpwlength eq "8") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Invalid PW Limit";
$value=$invalidpwlength;
if ($invalidpwlength eq "5") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Password Expiration";
$value=$passexp;
if ($passexp eq "90") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Activity Log Retention";
$value=$actlogretention;
if ($actlogretention eq "60") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Accounting";
$value=$accounting;
if ($accounting eq "ON") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Authentication";
$value=$authentication;
if ($authentication eq "ON") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
format SEPARATOR=
==============================================================================
Administrator ID's With No Contact Field Information
==============================================================================
.
$~=SEPARATOR;
write;
format ADMINS=
@<<<<<<<<<<<<<<<<<<<<<<<<<<<
$admin
.
$~=ADMINS;
$admin="[PASSED]";
open (SESSION, "dsmadmc -id=$ID -pa=$pass -tabd 'select admin_name, contact from admins' |");
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
chomp;
next if ($_ eq "");
last if /^ANS8002I/;
@fields = split("\t");
$admin_name=$fields[0]; $contact=$fields[1];
if ($contact eq "") { $admin = $admin_name; write; }
}
close (SESSION);
format SEPARATOR2=
==============================================================================
Administrator ID's With System Privilege
==============================================================================
.
$~=SEPARATOR2;
write;
$~=ADMINS;
open (SESSION, "dsmadmc -id=$ID -pa=$pass -tabd 'select admin_name, system_priv from admins' |");
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
chomp;
next if ($_ eq "");
last if /^ANS8002I/;
@fields = split("\t");
$admin_name=$fields[0]; $system_priv=$fields[1];
if ($system_priv eq "Yes") { $admin = $admin_name; write; }
}
close (SESSION);
format SEPARATOR3=
==============================================================================
File Permissions per GSD331 Requirements
==============================================================================
.
$~=SEPARATOR3;
write;
$~=SUMMARY;
print "TSM Server Executable Directory (Correct Setting: drwxr-xr-x):\n";
$parameter=$TSM_DIR . "tsm";
$value = `ls -la $TSM_DIR | grep tsm`;
$value = substr($value, 0, 10);
if ($value eq "drwxr-xr-x") {$status="[PASSED]"; }
else { $status="[FAILED]"; }
write;
## Let's look at the permissions on volhist files
print "\nVolume History Files (Correct Setting: -rw-r-----):\n";
$optfile = $TSM_SERVER_PATH . "dsmserv.opt";
open (SESSION, "cat $optfile | grep VOLUMEH |");
while (<SESSION>) {
chomp;
s/^\s*(.*?)\s*$/$1/;
next if ! /^V/;
@fields = split(" ");
$parameter = $fields[1];
$value = `ls -la $parameter`;
$value = substr($value, 0, 10);
if ($value eq "-rw-r-----") {$status="[PASSED]"; }
else { $status="[FAILED]"; }
write;
}
close(SESSION);
print "\nDevice Configuration Files (Correct Setting: -rw-r-----):\n";
open (SESSION, "cat $optfile | grep DEVCONF |");
while (<SESSION>) {
chomp;
s/^\s*(.*?)\s*$/$1/;
next if ! /^D/;
@fields = split(" ");
$parameter = $fields[1];
$value = `ls -la $parameter`;
$value = substr($value, 0, 10);
if ($value eq "-rw-r-----") {$status="[PASSED]"; }
else { $status="[FAILED]"; }
write;
}
close (SESSION);
print "\nStorage, Log, and Storage Vols (Correct Setting: -rw-r-----):\n";
$dskfile = $TSM_SERVER_PATH . "dsmserv.dsk";
open (SESSION, "cat $dskfile |");
while (<SESSION>) {
chomp;
next if ! /^\//;
$parameter = $_;
$value = `ls -la $parameter`;
$value = substr($value, 0, 10);
if ($value eq "-rw-r-----") {$status="[PASSED]"; }
else { $status="[FAILED]"; }
write;
}
close(SESSION);
format SEPARATOR4=
==============================================================================
Invalid Logon Attempts (Previous 10 Days, Message 2177)
==============================================================================
.
$~=SEPARATOR4;
write;
open (SESSION, "dsmadmc -id=$ID -pa=$pass q act begind=-10 msgno=2177 |");
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
last if /^ANS8002I/;
chomp;
print "$_\n";
}
close(SESSION);
format SEPARATOR5=
==============================================================================
Invalid Logon Attempts (Previous 30 Days, Message 0423)
==============================================================================
.
$~=SEPARATOR5;
write;
open (SESSION, "dsmadmc -id=$ID -pa=$pass q act begind=-30 msgno=0423 |"
);
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
last if /^ANS8002I/;
chomp;
print "$_\n";
}
close(SESSION);
#!/usr/local/bin/perl
##################################################################
#
# TSM Healthcheck Script
#
# 04/17/2003
#
##################################################################
##################################################################
#
# User-defineable variables (defaults work like a charm on AIX)
#
##################################################################
$TSM_DIR="/usr/tivoli/"; # where the tsm/ dirtree resides
$TSM_SERVER_PATH="/usr/tivoli/tsm/server/bin/"; # location of dsmserv.opt
$SERVER="usrdad003"; # Hostname of server (for report output only)
$ID="sysop"; # TSM ID that script will login as
$PWPATH="/home/root/adsm/.passwd"; # root-protected location of above ID pw
##################################################################
#
# DO NOT ALTER ANY CODE BELOW THIS POINT!!!!
#
##################################################################
use Time::Local;
$pass = `cat $PWPATH`;
chomp $pass;
($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst)=localtime(time);
$today=timelocal(0,0,0,$mday,$mon,$year);
$year += 1900;
$mon +=1; if ($mon < 10) { $mon = "0".$mon; }
if ($mday < 10) { $mday_pretty = "0".$mday; } else { $mday_pretty = $mday; }
format HEADER=
==============================================================================
IBM TSM Monthly Healthcheck Report for @<<<<<<<<<<<<<<
$SERVER
Generated @>-@>-@>>>
$mon, $mday_pretty, $year
==============================================================================
Parameter Value Status
------------------------------------------------------------------------------
.
$~=HEADER;
write;
format SUMMARY=
@<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< @<<<<<<<<<<< @<<<<<<<<<<<<<<
$parameter, $value, $status
.
$~=SUMMARY;
open (SESSION, "dsmadmc -id=$ID -pa=$pass -tabd 'select minpwlength,invalidpwlimit, passexp, actlogretention, accounting, authentication from status' |");
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
chomp;
next if ($_ eq "");
last if /^ANS8002I/;
@fields = split("\t");
$minpwlength=$fields[0]; $invalidpwlength=$fields[1];
$passexp=$fields[2]; $actlogretention=$fields[3];
$accounting=$fields[4]; $authentication=$fields[5];
}
close (SESSION);
$parameter="Minimum PW Length";
$value=$minpwlength;
if ($minpwlength eq "8") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Invalid PW Limit";
$value=$invalidpwlength;
if ($invalidpwlength eq "5") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Password Expiration";
$value=$passexp;
if ($passexp eq "90") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Activity Log Retention";
$value=$actlogretention;
if ($actlogretention eq "60") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Accounting";
$value=$accounting;
if ($accounting eq "ON") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
$parameter="Authentication";
$value=$authentication;
if ($authentication eq "ON") {$status="[PASSED]";}
else {$status="[FAILED]";}
write;
format SEPARATOR=
==============================================================================
Administrator ID's With No Contact Field Information
==============================================================================
.
$~=SEPARATOR;
write;
format ADMINS=
@<<<<<<<<<<<<<<<<<<<<<<<<<<<
$admin
.
$~=ADMINS;
$admin="[PASSED]";
open (SESSION, "dsmadmc -id=$ID -pa=$pass -tabd 'select admin_name, contact from admins' |");
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
chomp;
next if ($_ eq "");
last if /^ANS8002I/;
@fields = split("\t");
$admin_name=$fields[0]; $contact=$fields[1];
if ($contact eq "") { $admin = $admin_name; write; }
}
close (SESSION);
format SEPARATOR2=
==============================================================================
Administrator ID's With System Privilege
==============================================================================
.
$~=SEPARATOR2;
write;
$~=ADMINS;
open (SESSION, "dsmadmc -id=$ID -pa=$pass -tabd 'select admin_name, system_priv from admins' |");
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
chomp;
next if ($_ eq "");
last if /^ANS8002I/;
@fields = split("\t");
$admin_name=$fields[0]; $system_priv=$fields[1];
if ($system_priv eq "Yes") { $admin = $admin_name; write; }
}
close (SESSION);
format SEPARATOR3=
==============================================================================
File Permissions per GSD331 Requirements
==============================================================================
.
$~=SEPARATOR3;
write;
$~=SUMMARY;
print "TSM Server Executable Directory (Correct Setting: drwxr-xr-x):\n";
$parameter=$TSM_DIR . "tsm";
$value = `ls -la $TSM_DIR | grep tsm`;
$value = substr($value, 0, 10);
if ($value eq "drwxr-xr-x") {$status="[PASSED]"; }
else { $status="[FAILED]"; }
write;
## Let's look at the permissions on volhist files
print "\nVolume History Files (Correct Setting: -rw-r-----):\n";
$optfile = $TSM_SERVER_PATH . "dsmserv.opt";
open (SESSION, "cat $optfile | grep VOLUMEH |");
while (<SESSION>) {
chomp;
s/^\s*(.*?)\s*$/$1/;
next if ! /^V/;
@fields = split(" ");
$parameter = $fields[1];
$value = `ls -la $parameter`;
$value = substr($value, 0, 10);
if ($value eq "-rw-r-----") {$status="[PASSED]"; }
else { $status="[FAILED]"; }
write;
}
close(SESSION);
print "\nDevice Configuration Files (Correct Setting: -rw-r-----):\n";
open (SESSION, "cat $optfile | grep DEVCONF |");
while (<SESSION>) {
chomp;
s/^\s*(.*?)\s*$/$1/;
next if ! /^D/;
@fields = split(" ");
$parameter = $fields[1];
$value = `ls -la $parameter`;
$value = substr($value, 0, 10);
if ($value eq "-rw-r-----") {$status="[PASSED]"; }
else { $status="[FAILED]"; }
write;
}
close (SESSION);
print "\nStorage, Log, and Storage Vols (Correct Setting: -rw-r-----):\n";
$dskfile = $TSM_SERVER_PATH . "dsmserv.dsk";
open (SESSION, "cat $dskfile |");
while (<SESSION>) {
chomp;
next if ! /^\//;
$parameter = $_;
$value = `ls -la $parameter`;
$value = substr($value, 0, 10);
if ($value eq "-rw-r-----") {$status="[PASSED]"; }
else { $status="[FAILED]"; }
write;
}
close(SESSION);
format SEPARATOR4=
==============================================================================
Invalid Logon Attempts (Previous 10 Days, Message 2177)
==============================================================================
.
$~=SEPARATOR4;
write;
open (SESSION, "dsmadmc -id=$ID -pa=$pass q act begind=-10 msgno=2177 |");
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
last if /^ANS8002I/;
chomp;
print "$_\n";
}
close(SESSION);
format SEPARATOR5=
==============================================================================
Invalid Logon Attempts (Previous 30 Days, Message 0423)
==============================================================================
.
$~=SEPARATOR5;
write;
open (SESSION, "dsmadmc -id=$ID -pa=$pass q act begind=-30 msgno=0423 |"
);
while (<SESSION>) {
last if /^ANS8000I/;
}
while (<SESSION>) {
last if /^ANS8002I/;
chomp;
print "$_\n";
}
close(SESSION);
