test

Sun Management Center Change Manager 1.0 Administration Guide

Auditing Software Configurations by Using the Command-Line Interface

This section describes how to use the command-line interface to audit managed hosts.

To learn how to create folders and perform management tasks in the Change Manager repository, see Chapter 8, Maintaining the Change Manager Repository (Tasks). None of the procedures described in Chapter 8, Maintaining the Change Manager Repository (Tasks) are required to perform audit tasks, though you might want to create a hierarchy of folders in the repository.

To learn how to create host groups and perform management tasks on the Change Manager topology, see Chapter 9, Maintaining the Change Manager Topology (Tasks). None of the procedures described in Chapter 9, Maintaining the Change Manager Topology (Tasks) are required to perform audit tasks, though you might want to create a hierarchy of host groups in the topology.

How to Import Audit Rules Files to the Change Manager Repository (Command Line)

The audit rules file is used to build manifests and audit managed hosts.

The time required to import a file to the Change Manager repository depends on the size of the file and the speed of the network.

  1. Determine where the audit rules file exists and where to store it.

    For example, copy the audit rules file from /net/test1/home/suzi/usr-only.brul to the web-server folder.

  2. Import an audit rules file to the Change Manager repository by using one of these changemgr import commands.

    • The following command line imports one file at a time. You can also use this command line to rename the file.


      $ changemgr import [ -u username ] [ -p file ] filepath[.type] \
relfilepath.type

    • The following command line imports several files to a folder simultaneously.


      $ changemgr import [ -u  username ] [ -p file ]  filepath.type ... \
reldirpath
    -u username

    Specify the user name to authenticate. If this option is not specified, the user is the current UNIX user.

    -p file

    file consists of a single line, which contains the password. If file is -, then the user can supply the password as standard input.

    If the -p option is not supplied, then the changemgr command prompts the user for his password.

    filepath

    Specifies an absolute or relative path to a file. This file path is not within the Change Manager repository.

    reldirpath

    Specifies the path to a folder that is relative to the top of the Change Manager repository.

    relfilepath

    Specifies the path to a file, not including a folder, that is relative to the top of the Change Manager repository.

    .type

    Specifies the file name suffix that represents the file type. An audit rules file uses the .brul suffix.

    Choose a name that indicates the type of audit specified by the audit rules file. Use the .brul suffix. For example, create an audit rules file named usr-only.brul, which indicates that only files from /usr are cataloged.

Example-Importing an Audit Rules File to the Change Manager Repository

Suzi copies the audit rules file called /net/test1/home/suzi/usr-only.brul to the web-server folder of the repository. She renames the file to be usr_only.brul.


$ changemgr import /net/test1/home/suzi/usr-only.brul \
/web-server/usr_only.brul

Example-Importing Audit Rules Files to the Change Manager Repository

Suzi copies the audit rules files called /net/test1/home/suzi/usr-only.brul and /net/test1/home/suzi/opt-only.brul to the / folder of the repository.


$ changemgr import /net/test1/home/suzi/usr-only.brul \
/net/test1/home/suzi/opt-only.brul /

How to Import Manifests to the Change Manager Repository (Command Line)

The manifests are created by the changemgr manifest command, which performs a per-file audit of a managed host.

The time required to import a file to the Change Manager repository depends on the size of the file and the speed of the network.

  1. Determine where the manifest exists and where to store it.

    For example, copy the manifest from /net/test1/home/suzi/host1-usr-only.bmft to the web-server folder.

  2. Import a manifest to the Change Manager repository by using one of these changemgr import commands.

    • The following command line imports one file at a time. You can also use this command line to rename the file.


      $ changemgr import [ -u username ] [ -p file ] filepath[.type] \
relfilepath.type

    • The following command line imports several files to a folder simultaneously.


      $ changemgr import [ -u username ] [ -p file ] filepath.type ... \
reldirpath

    For descriptions of the options, see How to Import Audit Rules Files to the Change Manager Repository (Command Line).

    Choose a name that indicates the name of the audited managed host and the type of audit specified by the audit rules file. Use the .bmft file suffix. For example, copy a manifest named host1-usr-only.bmft, which indicates that only files from /usr are cataloged for the host1 managed host.

Example-Importing a Manifest to the Change Manager Repository

Suzi copies the manifest called /net/test1/home/suzi/host1-usr-only.bmft to the web-server folder. She renames the file to be host1_usr_only.bmft.


$ changemgr import \
/net/test1/home/suzi/host1-usr-only.bmft \
/web-server/host1_usr_only.bmft

Example-Importing Manifests to the Change Manager Repository

Suzi copies the manifests called /net/test1/home/suzi/host1-usr-only.bmft and /net/test1/home/suzi/host1-opt-only.bmft to the / folder.


$ changemgr import \
/net/test1/home/suzi/host1-usr-only.bmft \
/net/test1/home/suzi/host1-opt-only.bmft /

How to Add Managed Hosts (Command Line)

To simplify naming of managed hosts, you can make each name match the name of the actual machine.

Note -

If you change the value of the AgentPort property after installing a managed host, the Change Manager server will no longer be able to communicate with it. To reestablish communication with the server by using the new agent port, you must re-initialize the managed host by performing an initial installation on it.

Note -

A managed host can be a client of only one Change Manager server. To change control of a managed host to another Change Manager server, see Internal error: unable to establish probe connection Appears When Running Jobs on Managed Hosts.

  1. Determine where to create the managed host.

    For example, create a managed host in the web-server host group.

  2. Use one of the following changemgr add commands to add the managed host.

    • This command adds a managed host to be controlled by the Change Manager. A managed host can be created in a host group that is part of the Change Manager topology. hostpath is the full path name or relative path name to the managed host, which includes the host group hierarchy.


      $ changemgr add [ -u username ] [ -p file ] [ -d domain ] \
hostname hostpath

    • This command adds the specified hosts to the specified host group. The topology names are the same as the host names.


      $ changemgr add [ -u username ] [ -p file ] [ -d domain ] \
hostname ... grouppath
    -u username

    Specify the user name to authenticate. If this option is not specified, the user is the current UNIX user.

    -p file

    file consists of a single line, which contains the password. If file is -, then the user can supply the password as standard input.

    If the -p option is not supplied, then the changemgr command prompts the user for his password.

    -d domain

    Specify the administrative domain on which to operate. In the context of a session, the default is the domain specified for the session. If no domain is specified, domain is the user's home domain. By default, domain is the user's home domain.

    hostname

    Specifies the network name of a host, for example, host1.yourcompany.com.

    hostpath

    Specifies the path to a managed host that is relative to the top of the selected administrative domain.

    grouppath

    Specifies the path to a host group that is relative to the top of the selected administrative domain.

Example-Adding a Managed Host

Chris creates the host1 managed host in the web-server/apache host group.


$ changemgr add host1 /web-server/apache

Example-Adding a Managed Host and Changing Its Name

Chris adds the host1 managed host to the web-server/apache host group and changes the host name to Host1.


$ changemgr add host1 /web-server/apache/Host1

Example-Adding Managed Hosts to a Host Group

Chris adds the host1 and host2 managed hosts to the web-server/apache host group.


$ changemgr add host1 host2 /web-server/apache

How to Build Manifests for Managed Hosts (Command Line)

  1. Determine which managed hosts you want to audit.

    For example, audit the /web-server/host1 and /web-server/host2 managed hosts.

  2. Build manifests for the managed hosts.


    $ changemgr manifest [ -u username ] [ -p file ] [ -d domain ] \
-o relfilepathprefix [ -r relfilepath.brul ] topopath ...
    -o relfilepathprefix

    Specify the prefix to be used when creating the output inventories. The name of the managed host and the .bmft suffix are appended to the prefix specified to form the name of the resulting manifest.

    -r relfilepath.brul

    Specify the audit rules file to use to create the manifest.

    topopath

    Specifies the path to a managed host or host group that is relative to the top of the selected administrative domain.

    For descriptions of the other options, see How to Add Managed Hosts (Command Line).

Example-Building Manifests for Managed Hosts

Suzi builds manifests for the /web-server/host1 and /web-server/host2 managed hosts. She stores the files in the /web-server folder with a manifest file prefix of usr-only. The resulting file names are /web-server/host1.bmft and /web-server/host2.bmft.


$ changemgr manifest -o /web-server/ -r usr-only.brul \
/web-server/host1 /web-server/host2
Note -

If the argument to -o is a folder, terminate the argument with a slash. For example, if the argument to -o is /web-server/baseline, then baseline is prefixed to manifests created in the /web-server folder. Using this prefix, a resulting manifest name might be /web-server/baselinehost1.bmft.

How to Audit Managed Hosts (Command Line)

The baseline manifest does not need to be built on the managed host. You can build a baseline manifest on a master system before creating the Solaris Flash archive.

  1. Determine which managed hosts you want to audit.

    For example, audit the /web-server/host1 and /web-server/host2 managed hosts.

  2. Audit managed hosts.


    $ changemgr audit [ -u username ] [ -p file ] [ -d domain ] \
-o relfilepath.txt [ -r relfilepath.brul ] relfilepath.bmft topopath ...
    -o relfilepath.txt

    Specify where to write the report on manifest differences.

    -r relfilepath.brul

    Specify the audit rules file to use to create the manifest.

    relfilepath.bmft

    Specifies the path to the manifest file that is relative to the top of the Change Manager repository.

    topopath

    Specifies the path to a managed host or host group that is relative to the top of the selected administrative domain.

    For descriptions of the other options, see How to Add Managed Hosts (Command Line).

Example-Auditing Managed Hosts

Suzi audits the /web-server/host1 managed host. She stores the report in the /web-server/usr-only.txt file. She audits the managed host by comparing its manifest against the baseline manifest called /web-server/baseline.bmft.


$ changemgr audit suzi \
-o /web-server/usr-only.txt -r usr-only.brul \
/web-server/baseline.bmft /web-server/host1

To understand how to interpret the report results, see Comparison Report Format.

How to Get the Software Status of Managed Hosts (Command Line)

  1. Determine the managed hosts for which you want to get the software status.

    For example, get the software status for the /web-server/host1 and /web-server/host2 managed hosts.

  2. Get the software status for a managed host.


    $ changemgr info [ -u username ] [ -p file ] [ -d domain ] \
-o relfilepath.txt topopath ...
    -o relfilepath.txt

    Specify the path of the file that contains the software status report.

    topopath

    Specifies the path to a managed host or host group that is relative to the top of the selected administrative domain.

    For descriptions of the other options, see How to Add Managed Hosts (Command Line).

Example-Getting the Software Status of Managed Hosts

Suzi gets the software status for the /web-server/host1 managed host. She stores the report in the /web-server/software-status.txt file.


$ changemgr info -o /web-server/software-status.txt \
/web-server/host1