Bookmark and Share
RSS

Recent Posts

Vulnerability Checker Provides Security Info

August 21, 2018

The FLRT Vulnerability Checker Online (FLRTVC) allows you to check your AIX system for HIPER and Security vulnerabilities:

The Fix Level Recommendation Tool Vulnerability Checker (FLRTVC) online provides security and HIPER (High Impact PERvasive) reports based on the fileset inventory of your system. The report will guide you in discovering vulnerable filesets, the affected versions, interim fixes that are installed, as well as a link to the security bulletin for further action.

FLRTVC exists as a standalone ksh script which may be downloaded from our FLRTVC Script webpage. FLRTVC uses HIPER/Security data from FLRT (aparCSV) to compare against the installed filesets (lslpp -Lcq) and interim fixes (emgr -lv3) to report your risks.

This webpage was developed based on feedback received from customers at Edge2015. We welcome your feedback on this tool and ways to improve it! Please use the Feedback button on the FLRT page or visit the FLRT IBM developerWorks Community. Follow us on Twitter @IBM_FLRT for updates!

Follow the instructions to get started:

FLRTVC Online will accept two input files, lslpp.txt (required) and emgr.txt (optional), that will be cross-examined with the aparCSV that is provided through our website. If any filesets listed in lslpp.txt are found to be within the affected versions listed in aparCSV, they will be displayed in the generated report.

Step 1) Log in to the AIX server that will be checked for vulnerabilities.
Step 2) Run the "lslpp" command: lslpp -Lcq > lslpp.txt
Step 3) (optional) Run the "emgr" command: sudo emgr -lv3 > emgr.txt
Step 4) Move the files to a machine that has an internet browser.
Step 5) Upload the file(s) using the buttons of their respective type.
Step 6) (optional) Filter the filesets using a search term.
Step 7) (optional) Select an APAR type.
Step 8) Click on "Run vulnerability checker" to begin.

If you'd prefer to not run the report interactively, one machine at a time, submitting each one via a web page (and I suspect this applies to most of you), just download the script:

The FLRTVC script works by downloading an apar.csv file from the FLRT website using CURL or WGET, whichever your machine has installed. Then, it uses the commands "emgr -lv3" for interim fixes and "lslpp -Lcq" for installed filesets, and compares to the vulnerabilities reported in the apar.csv file. FLRTVC will report any findings using one of two formats: Compact and Full (verbose). Compact is preferable for scripting purposes, and full reporting is for a more human-readable format that may be piped to an e-mail address.

Please see below for the flags and different usages:

Flags
-d = Change delimiter for compact reporting.
-f = File selection for *.csv file.
-q = Quiet mode, hide compact reporting header.
-s = Skip download, use default apar.csv file.
-v = Verbose, full report (for piping to email).
-g = Grep for filesets with phrase, useful for verbose mode.
-t = Type of APAR [hiper | sec].
-l = Enter a custom LSLPP output file, must match lslpp -Lqc.
-e = Enter a custom EMGR output file, must match emgr -lv3.
-x = Skip EFix processing.
-a = Show all fixed and non-fixed HIPER/Security vulnerabilities.

Examples

Compact Formatting
# /flrtvc.ksh -c

Verbose Formatting
# ./flrtvc.ksh -v

Set a custom CSV file
# ./flrtvc.ksh -f myfile.csv

Report on a specific fileset in verbose mode
# ./flrtvc.ksh -vg printers

Show only hiper results
# ./flrtvc.ksh -t hiper

Custom lslpp and emgr outputs, for reporting on other systems
# ./flrtvc.ksh -l lslpp.txt -e emgr.txt

Grouping flags together
# ./flrtvc.ksh -vf myfile.csv -g printers
# ./flrtvc.ksh -vsg printers

The vulnerability checker delivers valuable information about your systems. Try it for yourself.
 

Posted August 21, 2018| Permalink

Post a Comment

Note: Comments are moderated and will not appear until approved

comments powered by Disqus