cancel
Showing results for 
Search instead for 
Did you mean: 

verifying system integrity

SOLVED
Go to solution
dom kris
Frequent Advisor

verifying system integrity

Hi,

I want to use the 'fverify' cmd to verify system integrity.
However, how should I proceed? I mean, what .inv file should fverify use to verify the file? I am seeing that if you use the *BASE* files (in /usr/.smdb.) then a lot of errors are reported (mostly on checksum). I am guessing that whenever you install patches, the binaries change, so the checksum for the binaries changes. The *BASE* inv file is not updated but the info is kept in a .inv file for the patch.
So basically, how do I know what .inv file to use to test the integrity of a file?

Any help much appreciated

Kd
7 REPLIES
Johan Brusche
Honored Contributor
Solution

Re: verifying system integrity


The basic script to start from would be:

#!/bin/ksh
#
time=`date +%H:%M:%Y-%m-%d`
#
# Must execute fverify from / root file system
cd /
# Save older fverify.log
#
mv /var/adm/smlogs/fverify.log /var/adm/smlogs/fverify.log.$time
#
for i in /usr/.smdb./*.lk # Check ONLY for INSTALLED subsets
do
#
subset=`basename $i | cut -f 1 -d . `
echo "*************** $subset **********" >> /var/adm/smlogs/fverify.log
/usr/lbin/fverify -n < /usr/.smdb./$subset.inv
#
done
exit 0


However it does not take into account that modules in a subset migth be superceded by modules from patches.
A more elaborate tcl script exists that includes patch inventory files into the verification of software subsets. Have sent you mail with kit in attachement.

JB.

_JB_
dom kris
Frequent Advisor

Re: verifying system integrity

Thanks Johan.
Greg Yates
Valued Contributor

Re: verifying system integrity

To get around the trouble of patches confusing fverify, use the tool 'allverify'. I'll send that to you directly via e-mail and will try to get it posted to itrc as well (for others that have the same problem).

Greg

Greg Yates
Valued Contributor

Re: verifying system integrity

Current version of ALLVERIFY is atttached. This is a setld kit complete with man page.

Greg
dom kris
Frequent Advisor

Re: verifying system integrity

Thanks Greg!
Ralf Puchner
Honored Contributor

Re: verifying system integrity

allverify should be part of the latest patchkits and distributions....
Help() { FirstReadManual(urgently); Go_to_it;; }
Greg Yates
Valued Contributor

Re: verifying system integrity

Ralf, I agree that it /should/ be... but it isn't. :)

Greg