AIX HEALTH CHECK testaix11

Report

This report is generated by AIX Health Check. It is an overview of check scripts run on an AIX system, and depending on the options selected when the checkall.ksh script was run, it will list each check script, the returncode of the check script, the output of the check script and a description. At the end of this report is an overview of all scripts run and a score report.

Any individual implementing changes should completely understand the change and deem each change appropriate before it is applied to the system. As a standard rule, please take into consideration the impact on other components before implementing the change. Also, we encourage all to conduct a peer review of all changes before implementation. Most importantly, if the effect of a change is not fully understood, do not implement that change until a satisfactory explanation can be given as to what the effects of the change are. We recommend implementation of one change at a time. The application of many changes all at once will increase the likelihood of confusion, if issues arise.

For more information, check website www.aixhealthcheck.com. For support, email to support@aixhealthcheck.com.

Options selected

Version:
12.01.20
Start at:
01/20/2012 13:45:38
Options:
-ghdm info@aiaxhealthcheck.com
Output file:
checkall_testaix11.html
Display:
WARNING and ERROR checks only
Descriptions:
Yes
Output type:
HTML
Email output to:
info@aixhealthcheck.com
# Checks:
605

System configuration

Hostname:
testaix11 (testaix11.aixhealthcheck.com)
IP Address:
10.10.103.174
Subnet Mask:
255.255.255.0
Default Gateway:
10.10.103.1
Name Server(s):
10.10.109.130 10.219.1.10 10.219.1.11
LPAR / VM:
1 06-9A11P AIXB11
OS Level:
6.1.6.15 6100-06
Model:
IBM,9117-MMB
Serial Number:
069A11P
Firmware Level:
AM730_035
Kernel:
64 bit
Hardware:
64 bit
Processor Type:
PowerPC_POWER7
CPU Clock Rate:
3500 MHz
CPUs:
8
Logical CPUs:
32
Capacity:
Min: 1.00 Entitled: 8.00 Max: 12.00 Increment: 1.00
System type:
mode=Capped type=Dedicated weight=0 smt=4
Virtual CPUs:
Desired: 8 Min: 1 Online: 8 Max: 12
Memory:
124672MB
Memory Settings:
min: 256MB, online: 124672MB, max: 196608MB
Paging Space:
129024MB (1% in use)
PowerHA/HACMP:
5.4.1.11

Individual checks

checkauthorizedkeys.ksh
Script run at:2012-01-20 13:45:50
Returncode:2
Description:
Check the authorized keys for user root.

There should NOT be any keys in ~root/.ssh/authorized_keys file that allow outside users to gain root access.
Output:
File: /root/.ssh/authorized_keys

root@testaix10

checkcommonfilesets.ksh
Script run at:2012-01-20 13:45:52
Returncode:2
Description:
Check for any common filesets that can be uninstalled.

By default on AIX, a lot of additional software can or will be installed during OS installation, which is often not used.

Examples are: Director Agent, Electronic Service Agent, Common Agent Services Agent, Lightweight Infrastructure Runtime, Pegasus CIM Server Runtime Environment, System P Console, Web-based System Manager, Tivoli GUID for AIX, AIX Security Hardening, Inventory Scout WebSM.

This check script determines if any of the associated filesets are installed. If they're not used, you may uninstall these, for example, by running:

# installp -u sysmgt.cim* lwi.runtime Director* artex.base* tivoli.tivguid Tivoli_Management_Agent.client.rte bos.esagent bos.aixpert.websm invscout.websm sysmgt.websm* sysmgt*websm sysmgt.msg*websm.apps cas.agent bos.aixpert.cmds sysmgt.pconsole.*

Before un-installing this software, make sure to check if this is truely not used on your system or within your AIX server environment. Also, as a precaution, it is recommended to create a mksysb backup or alt-disk-install copy of rootvg, before un-installing this software.
Output:
Consider uninstalling the following filesets, if they're not used:

#Fileset:Level:PTF Id:State:Type:Description:EFIX Locked
/usr/lib/objrepos:DirectorCommonAgent:6.2.0.1::COMMITTED:I:All required files of Director Common Agent, including JRE, LWI:
/usr/lib/objrepos:DirectorPlatformAgent:6.2.0.1::COMMITTED:I:Director Platform Agent for IBM Systems Director on AIX:
/usr/lib/objrepos:Tivoli_Management_Agent.client.rte:3.7.1.0::COMMITTED:I:Management Framework Endpoint Runtime":
/usr/lib/objrepos:bos.aixpert.cmds:6.1.6.15::COMMITTED:F:AIX Security Hardening:
/usr/lib/objrepos:bos.aixpert.websm:6.1.6.15::COMMITTED:F:AIX Security Hardening WebSM:
/usr/lib/objrepos:bos.esagent:6.6.6.15::COMMITTED:F:Electronic Service Agent:
/usr/lib/objrepos:cas.agent:1.4.2.2::COMMITTED:I:Common Agent Services Agent:
/usr/lib/objrepos:invscout.websm:2.2.0.8::COMMITTED:I:Inventory Scout WebSM Firmware Management GUI:
/usr/lib/objrepos:lwi.runtime:6.1.6.15::COMMITTED:F:Lightweight Infrastructure Runtime:
/usr/lib/objrepos:sysmgt.cim.providers.metrics:1.2.8.30::COMMITTED:I:Metrics Providers for AIX OS:
/usr/lib/objrepos:sysmgt.cim.providers.osbase:1.2.8.30::COMMITTED:I:Base Providers for AIX OS:
/usr/lib/objrepos:sysmgt.cim.providers.scc:1.2.8.30::COMMITTED:I:Security Control Compliance Providers for AIX OS:
/usr/lib/objrepos:sysmgt.cim.providers.smash:1.2.8.30::COMMITTED:I:Smash Providers for AIX OS:
/usr/lib/objrepos:sysmgt.cim.smisproviders.hba_hdr:1.2.1.20::COMMITTED:I:SMI-S HBA&HDR Providers for AIX OS:
/usr/lib/objrepos:sysmgt.cim.smisproviders.hhr:1.2.1.20::COMMITTED:I:SMI-S HHR Providers for AIX OS:
/usr/lib/objrepos:sysmgt.cim.smisproviders.vblksrv:1.2.1.20::COMMITTED:I:SMI-S Storage Virtualizer Providers for AIX OS:
/usr/lib/objrepos:sysmgt.cimserver.pegasus.rte:2.9.0.20::COMMITTED:I:Pegasus CIM Server Runtime Environment:
/usr/lib/objrepos:sysmgt.help.en_US.websm:6.1.4.0::COMMITTED:I:WebSM Extended Helps - U.S. English :
/usr/lib/objrepos:sysmgt.help.msg.en_US.websm:6.1.4.0::COMMITTED:I:WebSM Context Helps - U.S. English :
/usr/lib/objrepos:sysmgt.msg.en_US.websm.apps:6.1.0.0::COMMITTED:I:WebSM Client Apps. Messages - U.S. English:
/usr/lib/objrepos:sysmgt.pconsole.apps.pda:6.1.6.15::COMMITTED:F:System P Console - Problem Determination Advisor:
/usr/lib/objrepos:sysmgt.pconsole.apps.wdcem:6.1.6.15::COMMITTED:F:System P Console - Web-Based DCEM:
/usr/lib/objrepos:sysmgt.pconsole.apps.websm:6.1.6.15::COMMITTED:F:System P Console - Web-Based System Manager LIC:
/usr/lib/objrepos:sysmgt.pconsole.apps.wrbac:6.1.6.15::COMMITTED:F:System P Console - Web-Based RBAC:
/usr/lib/objrepos:sysmgt.pconsole.apps.wsmit:6.1.6.15::COMMITTED:F:System P Console - Web-Based SMIT:
/usr/lib/objrepos:sysmgt.pconsole.rte:6.1.6.15::COMMITTED:F:System P Console Runtime:
/usr/lib/objrepos:sysmgt.websm.apps:6.1.6.15::COMMITTED:F:Web-based System Manager Applications:
/usr/lib/objrepos:sysmgt.websm.diag:6.1.0.0::COMMITTED:I:Web-based System Manager Diagnostic Applications :
/usr/lib/objrepos:sysmgt.websm.framework:6.1.6.15::COMMITTED:F:Web-based System Manager Client/Server Support:
/usr/lib/objrepos:sysmgt.websm.icons:6.1.6.15::COMMITTED:F:Web-based System Manager Icons:
/usr/lib/objrepos:sysmgt.websm.rte:6.1.6.15::COMMITTED:F:Web-based System Manager Runtime Environment:
/usr/lib/objrepos:sysmgt.websm.webaccess:6.1.6.15::COMMITTED:F:WebSM Web Access Enablement:
/usr/lib/objrepos:tivoli.tivguid:1.3.3.1::COMMITTED:I:IBM Tivoli GUID on AIX:
/etc/objrepos:DirectorCommonAgent:6.2.0.1::COMMITTED:I:All required files of Director Common Agent, including JRE, LWI:
/etc/objrepos:DirectorPlatformAgent:6.2.0.1::COMMITTED:I:Director Platform Agent for IBM Systems Director on AIX:
/etc/objrepos:Tivoli_Management_Agent.client.rte:3.7.1.0::COMMITTED:I:Management Framework Endpoint Runtime":
/etc/objrepos:bos.aixpert.cmds:6.1.6.15::COMMITTED:F:AIX Security Hardening:
/etc/objrepos:bos.aixpert.websm:6.1.6.0::COMMITTED:I:AIX Security Hardening WebSM :
/etc/objrepos:bos.esagent:6.6.6.15::COMMITTED:F:Electronic Service Agent:
/etc/objrepos:cas.agent:1.4.2.2::COMMITTED:I:Common Agent Services Agent:
/etc/objrepos:invscout.websm:2.2.0.8::COMMITTED:I:Inventory Scout WebSM Firmware Management GUI:
/etc/objrepos:lwi.runtime:6.1.6.15::COMMITTED:F:Lightweight Infrastructure Runtime:
/etc/objrepos:sysmgt.cimserver.pegasus.rte:2.9.0.20::COMMITTED:I:Pegasus CIM Server Runtime Environment:
/etc/objrepos:sysmgt.pconsole.apps.pda:6.1.6.0::COMMITTED:I:System P Console - Problem Determination Advisor :
/etc/objrepos:sysmgt.pconsole.apps.wdcem:6.1.6.15::COMMITTED:F:System P Console - Web-Based DCEM:
/etc/objrepos:sysmgt.pconsole.apps.websm:6.1.6.15::COMMITTED:F:System P Console - Web-Based System Manager LIC:
/etc/objrepos:sysmgt.pconsole.apps.wrbac:6.1.6.15::COMMITTED:F:System P Console - Web-Based RBAC:
/etc/objrepos:sysmgt.pconsole.apps.wsmit:6.1.6.15::COMMITTED:F:System P Console - Web-Based SMIT:
/etc/objrepos:sysmgt.pconsole.rte:6.1.6.15::COMMITTED:F:System P Console Runtime:
/etc/objrepos:sysmgt.websm.apps:6.1.6.15::COMMITTED:F:Web-based System Manager Applications:
/etc/objrepos:sysmgt.websm.framework:6.1.6.1::COMMITTED:I:Web-based System Manager Client/Server Support :
/etc/objrepos:sysmgt.websm.rte:6.1.6.15::COMMITTED:F:Web-based System Manager Runtime Environment:
/etc/objrepos:sysmgt.websm.webaccess:6.1.6.0::COMMITTED:I:WebSM Web Access Enablement :
/etc/objrepos:tivoli.tivguid:1.3.3.1::COMMITTED:I:IBM Tivoli GUID on AIX:

checkcoredumps.ksh
Script run at:2012-01-20 13:46:04
Returncode:1
Description:
Find core dumps on the system older than 7 days.

If this script detects any core files on the system older than 7 days, a message will be shown: Errors found.

To view the entire list of core files on the system, older than 7 days, run this script in verbose mode:

# ./checkcoredumps.ksh -v

Or run:

# find / -name core -mtime +7 -type f -ls 2>/dev/null

If it is okay to remove all the core files, run:

# find / -name core -mtime +7 -type f -exec rm {} \; 2>/dev/null
Output:
Errors found.

checkcrontabsunused.ksh
Script run at:2012-01-20 13:46:15
Returncode:1
Description:
Check crontabs that are not used.

Any crontab files of users that are no longer used, should be removed from the system.

The crontab files are located in /var/spool/cron/crontabs.
Output:
Crontabs unused: esaadmin

checkcrout.ksh
Script run at:2012-01-20 13:46:15
Returncode:1
Description:
Find crout files in the /tmp file system older than 7 days.

Files in the /tmp file system that start with "crout" are created as temporary files when cron runs a job. When the job finishes, the crout file is usually removed. If the files are still there, the cron daemon is failing half way through the job and is getting respawned by init.

Our recommendation is to remove any crout files in /tmp older than 7 days:

# /usr/bin/find /tmp -name "crout*" -type f -xdev -mtime +7 -exec /usr/bin/rm {} 2>/dev/null \;

To view the files that currently exist, run:

# ./checkcrout.ksh -v

Or run:

# find /tmp -name "crout*" -mtime +7 -type f -xdev -ls 2>/dev/null
Output:
Errors found.

checkdefaultusersettings.ksh
Script run at:2012-01-20 13:46:16
Returncode:1
Description:
Check the default user settings in /etc/security/user.
Output:
Default attribute loginretries in /etc/security/user is set to 3, but should be at least 5.
The loginretries value specifies the number of login attempts before a user is not allowed to login.
Default attribute maxage in /etc/security/user is set to 9, but should be at least 13.
Maxage defines the number of weeks a password is valid. The default is 0, equivalent to unlimited.

checkexec.ksh
Script run at:2012-01-20 13:50:03
Returncode:2
Description:
The exec entry in /etc/inetd.conf is the remote execution service. It runs as user root, and is started by the inetd process. Its use requires to enter a user ID and password, however, these are passed unprotected.

This service is highly susceptible to being snooped, and therefore it is recommended to disable this service.

To disable, comment out the exec entry in /etc/inetd.conf. After that, please make sure to make the inetd process to reread its configuration file /etc/inetd.conf, by running:

# refresh -s inetd
Output:
For security reasons, it is better to disable exec in /etc/inetd.conf.

checkftpd.ksh
Script run at:2012-01-20 13:50:46
Returncode:2
Description:
Check if the File Transfer Protocol daemon (ftpd) is disabled on the system. FTP transfers id and password unprotected, thus allows it to be snooped. For security reasons it is a better idea to use scp instead of ftp. 

The ftp daemon is started through inetd. You can disable the ftp deamon by commenting out the ftpd entry in /etc/inetd.conf. After that, please make sure to refresh the inetd, by running:

# refresh -s inetd
Output:
For security reasons, it is better to disable ftp, and use scp instead.

checkhacmpconfigfiles.ksh
Script run at:2012-01-20 13:51:04
Returncode:1
Description:
Checks if certain configuration files are consistent on both nodes of an HACMP/PowerHA cluster.
Output:
Files inconsistent on HACMP nodes:
/etc/oratab /etc/filesystems /usr/tivoli/tsm/client/ba/bin/dsm.sys

checkhacmpcrontabs.ksh
Script run at:2012-01-20 13:51:08
Returncode:1
Description:
Check if the crontabs of each node of the HACMP/PowerHA cluster are identical.
Output:
Inconsistencies were found in crontabs on the two HACMP-nodes:

140,141c140,147
> ##########Monitoring jobs######################################
> ###00 06 * * * /u02/oracle/admin/rcat/scripts/full_db_backup_tape prod2 1>/dev/null 2>&1
> ###37 01 * * 3 /u02/oracle/admin/rcat/scripts/full_db_backup_tape_for_standby prod2 1>/dev/null 2>&1
> ##30 * * * * /home/oracle/pscdba/scripts/chk_alrt_log prod2 > /dev/null 2>&1
149c155,156
> 0 19 * * * /home/oracle/pscdba/scripts/das.sh prod2 > /dev/null 2>&1
169,171c177,183
< 0 3 * * 1,5 /usr/local/bin/nimbck.ksh >/dev/null 2>&1
< 20 * * * * /home/oracle/pscdba/scripts/chk_db_lstnr prod1 > /dev/null 2>&1
< 30 * * * * /home/oracle/pscdba/scripts/chk_alrt_log prod1 > /dev/null 2>&1
---
> 0 3,11,19 * * * /home/oracle/pscdba/scripts/tbsp_usage.sh > /dev/null 2>&1
> 0 4 * * 0 /home/oracle/pscdba/scripts/tbsp_growth.sh > /dev/null 2>&1
> 0 4 * * 1,5 /usr/local/bin/nimbck.ksh >/dev/null 2>&1
> 00 19 * * 3,6 /u02/oracle/admin/rcat/scripts/full_db_backup_tape prod2 1>/dev/null 2>&1
> 00 6 * * * /home/oracle/pscdba/scripts/tbs_spc_report prod2 > /dev/null 2>&1
> 20 * * * * /home/oracle/pscdba/scripts/chk_db_lstnr prod2 > /dev/null 2>&1
173,174c185,187
< 45 5 * * * /home/oracle/pscdba/scripts/cln_trc_files prod1 30 > /dev/null 2>&1 
---
> 40 * * * * /home/oracle/pscdba/scripts/chk_tbs_usage prod2 > /dev/null 2>&1
> 45 5 * * * /home/oracle/pscdba/scripts/cln_trc_files prod2 30 > /dev/null 2>&1 
> 0,15,30,45 * * * * /u01/oracle/product/10.2.0.3/db/ccr/bin/emCCR -cron -silent start

checkhacmplsvg.ksh
Script run at:2012-01-20 13:51:40
Returncode:1
Description:
Check if both nodes of an HACMP/PowerHA cluster have the same volume groups configured.

This script will generate an error if no password-less ssh connectivity is available between the two nodes of an HACMP/PowerHA cluster. This script requires the SSH keys to be set up for user root between the two HACMP/PowerHA nodes in order to function correctly.
Output:
Volume groups not consistent in cluster:
testaix11: backupb5vg backupvg oraclevg pagingvg prod01vg prod02vg prod03vg prod04vg prod05vg prod06vg prodarch11vg redovg rootvg votingvg
testaix12: backupb5vg oraclevg pagingvg prod01vg prod02vg prod03vg prod04vg prod05vg prod06vg prodarch12vg redovg rootvg votingvg

checkhacmpmajor.ksh
Script run at:2012-01-20 13:51:52
Returncode:1
Description:
This checks if the major numbers of all the shared volume groups configured in the two-node HACMP/PowerHA cluster are the same on all nodes.

If not, these volume groups will have to be re-imported onto one of the nodes with the correct major number. The major number can be defined with the -V option of importvg.
Output:
Inconsistencies were found between the major numbers of shared volume groups on the two HACMP-nodes:
1,8c1,8
< 0 crw-rw---- 1 root system 51, 0 /dev/prod01vg
< 0 crw-rw---- 1 root system 52, 0 /dev/prod02vg
< 0 crw-rw---- 1 root system 53, 0 /dev/prod03vg
< 0 crw-rw---- 1 root system 56, 0 /dev/prod04vg
< 0 crw-rw---- 1 root system 55, 0 /dev/prod05vg
< 0 crw-rw---- 1 root system 57, 0 /dev/prod06vg
< 0 crw-rw---- 1 root system 54, 0 /dev/redovg
< 0 crw-rw---- 1 root system 50, 0 /dev/votingvg
---
> 0 crw-rw---- 1 root system 50, 0 /dev/prod01vg
> 0 crw-rw---- 1 root system 51, 0 /dev/prod02vg
> 0 crw-rw---- 1 root system 52, 0 /dev/prod03vg
> 0 crw-rw---- 1 root system 55, 0 /dev/prod04vg
> 0 crw-rw---- 1 root system 54, 0 /dev/prod05vg
> 0 crw-rw---- 1 root system 56, 0 /dev/prod06vg
> 0 crw-rw---- 1 root system 53, 0 /dev/redovg
> 0 crw-rw---- 1 root system 49, 0 /dev/votingvg

checkhacmppackages.ksh
Script run at:2012-01-20 13:52:08
Returncode:1
Description:
The same installed software packages, both file sets (LPP) and rpm packages, should be installed on both nodes of an HACMP/PowerHA cluster.
Output:
Inconsistencies were found between the installed software on the two HACMP-nodes:
#Package Name Fileset Level Fix State Description
81d80
< bos.content_list bos.content_list 6.1.0.0 C AIX Release Content List

checkhacmpusers.ksh
Script run at:2012-01-20 13:52:51
Returncode:1
Description:
Users should be identical on both nodes of an HACMP/PowerHA cluster, just like the password. 

Because home directories can be located on a shared file system, no check for the home directory is done in this script.
Output:
Inconsistencies were found between the users on the two HACMP-nodes.

Username---------------: *** user1 ***
Username id pgrp groups: identical on both nodes
   (Encrypted) password: testaix11 ==> 3eLqCmVaKwPis
   (Encrypted) password: testaix12 ==> gIdPBckEaimtU
 User attributes/limits: identical on both nodes

Username---------------: *** user2 ***
Username id pgrp groups: identical on both nodes
   (Encrypted) password: testaix11 ==> s09fzs7GpgcS2
   (Encrypted) password: testaix12 ==> Ml40xPt5IEac2
 User attributes/limits: identical on both nodes

Username---------------: *** user3 ***
Username id pgrp groups: identical on both nodes
   (Encrypted) password: testaix11 ==> xDZLRkDvViPf2
   (Encrypted) password: testaix12 ==> tkNkKV/TlufpE
 User attributes/limits: identical on both nodes

Username---------------: *** user4 ***
Username id pgrp groups: identical on both nodes
   (Encrypted) password: testaix11 ==> HinQ9QxABn4og
   (Encrypted) password: testaix12 ==> E7AXyKgEcBJV6
 User attributes/limits: identical on both nodes

Username---------------: *** user5 ***
Username id pgrp groups: identical on both nodes
   (Encrypted) password: testaix11 ==> epZWQsbxfvIn6
   (Encrypted) password: testaix12 ==> 9/eMHbSXXjid6
 User attributes/limits: identical on both nodes

Username---------------: *** user6 ***
Username id pgrp groups: identical on both nodes
   (Encrypted) password: testaix11 ==> 6WODLTbK72x2w
   (Encrypted) password: testaix12 ==> TSmMidxFHq6Hg
 User attributes/limits: identical on both nodes

Username---------------: *** user7 ***
Username id pgrp groups: identical on both nodes
   (Encrypted) password: testaix11 ==> /EuGy3DSLyzJY
   (Encrypted) password: testaix12 ==> 71xAXzhHCil1g
 User attributes/limits: identical on both nodes

Username---------------: *** user8 ***
Username id pgrp groups: identical on both nodes
   (Encrypted) password: testaix11 ==> 11WUIynirUfus
   (Encrypted) password: testaix12 ==> mhh4WIlvmB44Q
 User attributes/limits: identical on both nodes

Username---------------: *** user9 ***
Username id pgrp groups: identical on both nodes
   (Encrypted) password: testaix11 ==> vkO1xEVMBBka2
   (Encrypted) password: testaix12 ==> qHWVPw.xYsV1Y
 User attributes/limits: identical on both nodes

checkhostnameaix.ksh
Script run at:2012-01-20 13:52:58
Returncode:1
Description:
Check if there is no reference to what kind of operating system is running in the hostname itself.

It is generally a bad idea to include any information regarding the type of opereating system, function or location of an AIX server in its hostname, because this provides any hacker with interesting information on either what OS is running on a server, where the server might be located, or what the server is being used for, thus allowing a hacker to know which server to target first, and also how to best target a server.

Also, it is not uncommon for organizations to change names, or for servers to be relocated sooner or later, resulting in having to rename a server. To avoid that, use hostames for servers that are not related to any organization or location.
Output:
Hostname contains aix.

checkinittaberrs.ksh
Script run at:2012-01-20 13:53:09
Returncode:1
Description:
Check for any processes started from inittab with an exit code other than 0.

This can be checked by running:

# who -d

Investigate those items with a non-zero error code. 

Note: The entries report by who -d are cleared only when the system is rebooted.
Output:
Items in inittab have exited with error code other than 0.
   .            .       Jan 04 02:59      .     2949372 id=cluster term=0 exit=255

checkmaxpvs.ksh
Script run at:2012-01-20 14:09:41
Returncode:1
Description:
Check if a volume group has reached the maximum number of disks. This can easily be checked by running the lsvg command for a volume group.

If a volume group is at its maximum amount of PVs, this means no more disks can be added, which is a risk, because if the file systems and/or logical volumes run out of available disk space, this cannot be remediated without moving a file system or logical volume to another volume group, which usually requires downtime.
Output:
81% of MAX PVs (26 out of 32 disks) used in volume group prod03vg.
84% of MAX PVs (27 out of 32 disks) used in volume group prod02vg.
96% of MAX PVs (31 out of 32 disks) used in volume group prod01vg.

checkpgspminsize.ksh
Script run at:2012-01-20 14:11:03
Returncode:2
Description:
Check if the paging space is the same size as the available memory. 

The guidelines for defining the size of the paging space are:

The paging space should match the memory size, if the available memory is less than 32 GB.

The paging space should be 32 GB, if the available memory is more than 32 GB.
Output:
Paging space (129024 MB) is larger than memory (124672 MB).
It is recommended to NOT have a paging space that is larger than memory.

checkrlogin.ksh
Script run at:2012-01-20 14:12:27
Returncode:2
Description:
Check if rlogin is disabled.

The rlogin service is susceptible to IP spoofing and DNS spoofing. Data, including user IDs and passwords, is passwd unprotected, and the service runs as user root. Use secure shell (ssh) instead of this service.

To disable, comment the login entry in /etc/inetd.conf, followed by refreshing the inetd process:

# refresh -s inetd
Output:
For security reasons, it is better to disable rlogin in /etc/inetd.conf.

checksddsrvvsvpath.ksh
Script run at:2012-01-20 14:12:39
Returncode:1
Description:
Check if no sddsrv is running and no SDD fileset is installed, if there aren't any vpath devices.
Output:
SDD fileset installed, but no vpath devices are present.
Uninstall this fileset: rmdev -Rdl dpo; installp -u devices.sdd*

checksysdumpdevlv.ksh
Script run at:2012-01-20 14:13:06
Returncode:1
Description:
Checks for the most recent system dump.
Output:
Device name:         /dev/dumplv1
Major device number: 10
Minor device number: 13
Size:                1162980352 bytes
Uncompressed Size:   11827539949 bytes
Date/Time:           Wed Jun  8 07:22:21 MST 2011
Dump status:         0
Type of dump:        traditional
dump completed successfully

checksystemfirmwarelevel.ksh
Script run at:2012-01-20 14:13:08
Returncode:1
Description:
Check the level installed of the system firmware.

It is best practice to keep the system firmware at a recent level, however, also don't use the very latest available level, as this level may contain not yet discovered bugs. Therefore, it is best practice to use the N-1 level of system firmware.
Output:
Recommended: AM730_065 Current: AM730_035

checktelnet.ksh
Script run at:2012-01-20 14:13:08
Returncode:2
Description:
For security reasons, it is better to disable telnet in /etc/inetd.conf, and to use ssh instead. This check will return a warning message if telnet is still enabled.

To disable telnet, comment out the telnet entry in /etc/inetd.conf, as telnet is normally started by inetd. After that, please make sure to refresh inetd, so it re-reads the /etc/inetd.conf file, by running:

# refresh -s inetd
Output:
Telnet is enabled.

checkunusedlv.ksh
Script run at:2012-01-20 14:13:48
Returncode:1
Description:
Check for any logical volumes that have no file system defined. These logical volumes will show up as "closed", and are basically only using up disk space. 

Please investigate why any reported logical volumes exist, but aren't in use. Once it is determined that the logical volume(s) is/are no longer necessary, they can removed by running:

# rmlv lvname
Output:
prod_0512_001       raw        32      32      1    closed/syncd  N/A
prod_0512_002       raw        32      32      1    closed/syncd  N/A
prod_0512_003       raw        32      32      1    closed/syncd  N/A
prod_0512_009       raw        32      32      1    closed/syncd  N/A
prod_0512_010       raw        32      32      1    closed/syncd  N/A
prod_0512_013       raw        32      32      1    closed/syncd  N/A
prod_0512_015       raw        32      32      1    closed/syncd  N/A
prod_0512_016       raw        32      32      1    closed/syncd  N/A
prod_0000278        raw        32      32      1    closed/syncd  N/A
prod_0000279        raw        32      32      1    closed/syncd  N/A
prod_0000280        raw        32      32      1    closed/syncd  N/A
prod_0000281        raw        32      32      1    closed/syncd  N/A
prod_0000282        raw        32      32      1    closed/syncd  N/A
prod_0000283        raw        32      32      1    closed/syncd  N/A
prod_0000284        raw        32      32      1    closed/syncd  N/A
prod_0000285        raw        32      32      1    closed/syncd  N/A
prod_0000286        raw        32      32      1    closed/syncd  N/A
prod_0000287        raw        32      32      1    closed/syncd  N/A
prod_0000288        raw        32      32      1    closed/syncd  N/A
prod_0000289        raw        32      32      1    closed/syncd  N/A
prod_0000290        raw        32      32      1    closed/syncd  N/A
prod_0000291        raw        32      32      1    closed/syncd  N/A
prod_0000292        raw        32      32      1    closed/syncd  N/A
prod_0000293        raw        32      32      1    closed/syncd  N/A
prod_0016_900       raw        1       1       1    closed/syncd  N/A

checkuseraccounts.ksh
Script run at:2012-01-20 14:13:49
Returncode:1
Description:
Check for user accounts that are not used over 6 months or that have never been used since creation.
Output:
User user2 never logged in and password was set-up over 6 months ago.
User user3 never logged in and password was set-up over 6 months ago.

checkvacmview.ksh
Script run at:2012-01-20 14:13:53
Returncode:1
Description:
Check if the VACM_VIEW entry in /etc/snmpdv3.conf for internet is disabled.

Enabling the following entry in /etc/snmpdv3.conf, unlocks the entire MIB tree, which is a potential security issue.

VACM_VIEW defaultView internet - included -

For HACMP/PowerHA, it is better to leave this entry disabled, which is the default. Instead, enable the following entry:

VACM_VIEW defaultView  1.3.6.1.4.1.2.3.1.2.1.5 - included -

After enabling the MIB entry above, the snmp daemon must be restarted with the following commands:

# stopsrc -s snmpd
# startsrc -s snmpd

After snmp is restarted, leave the daemon running for about two minutes before attempting to start clstat or cldump, if HACMP/PowerHA is in use on this system.
Output:
The internet VACM_VIEW entry is enabled in /etc/snmpdv3.conf.

checkvartmp.ksh
Script run at:2012-01-20 14:13:53
Returncode:1
Description:
Check for any old files in /var/tmp that may be deleted.

This will check if there are any old files (older than 90 days) in /var/tmp. A large number of files in /var/tmp may fill up the /var file system, and will also increase the size of any mksysb images created, so therefore, it is important to clean out /var/tmp on a regular basis.

To check for any files older than 90 days, run:

# find /var/tmp/ -mtime +90 -type f -exec ls -als {} \;

To remove them all at once:

# find /var/tmp/ -mtime +90 -type f -exec rm {} \;

Always be sure to first test if the file is still no longer in use. It could be that a process is still using a file in /var/tmp. For example, if a file called slp_srvreg.lock is found in /var/tmp, and it's older than 90 days, run the fuser command against it, to see if any process is still using it:

# fuser /var/tmp/slp_srvreg.lock
/var/tmp/slp_srvreg.lock:  4980892
# ps -ef | grep 4980892
root 4980892 1 0 Mar 30 -  1:16 ./slp_srvreg -D

In the example above, it is still in use, so it should not be deleted.
Output:
Files found in /var/tmp that have not been modified for at least 90 days.
Please remove the following files from /var/tmp:
   0 -rw-------    1 oracle   oinstall          0 Aug 20 19:03 /var/tmp/pg_Gaiqa
   0 -rw-------    1 rromero  staff             0 Aug 25 16:00 /var/tmp/pgsWaqya

checkwheel.ksh
Script run at:2012-01-20 14:14:05
Returncode:1
Description:
Check for any members of the wheel group. This group may have been allowed unlimited root access to its members, via SUDO. It is recommended to either comment out the wheel entry in /etc/sudoers or to remove any members of the wheel group.
Output:
Users in group wheel exist with unlimited root access via SUDO:
user1, user2, user3

Results

Run time for all checks:
1708 seconds
Total number of checks:
605
# Checks with result OK:
577
# Checks with result WARNING:
7
# Checks with result ERROR:
21
Score [Percentage OK/WARNING]:
96.52 %
For details see logfile:
/ahc/checkall_testaix11.html

Copyright (c) 2004-2011 AIX Health Check - All Rights Reserved

This is confidential and unpublished work of authorship subject to limited use license agreements and is a trade secret, which is the property of AIX Health Check (www.aixhealthcheck.com). All use, disclosure and/or repoduction not specifically authorized in writing by AIX Health Check is strictly prohibited.

Any expressed or implied warranties are disclaimed. In no event shall AIX Health Check be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, loss of use, data, profits, or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of these scripts, even if advised of the possibility of such damage.