This section describes how to use the command-line interface to audit managed hosts.
To learn how to create folders and perform management tasks in the Change Manager repository, see Chapter 8, Maintaining the Change Manager Repository (Tasks). None of the procedures described in Chapter 8, Maintaining the Change Manager Repository (Tasks) are required to perform audit tasks, though you might want to create a hierarchy of folders in the repository.
To learn how to create host groups and perform management tasks on the Change Manager topology, see Chapter 9, Maintaining the Change Manager Topology (Tasks). None of the procedures described in Chapter 9, Maintaining the Change Manager Topology (Tasks) are required to perform audit tasks, though you might want to create a hierarchy of host groups in the topology.
The audit rules file is used to build manifests and audit managed hosts.
The time required to import a file to the Change Manager repository depends on the size of the file and the speed of the network.
Determine where the audit rules file exists and where to store it.
For example, copy the audit rules file from /net/test1/home/suzi/usr-only.brul to the web-server folder.
Import an audit rules file to the Change Manager repository by using one of these changemgr import commands.
The following command line imports one file at a time. You can also use this command line to rename the file.
$ changemgr import [ -u username ] [ -p file ] filepath[.type] \ relfilepath.type |
The following command line imports several files to a folder simultaneously.
$ changemgr import [ -u username ] [ -p file ] filepath.type ... \ reldirpath |
Specify the user name to authenticate. If this option is not specified, the user is the current UNIX user.
file consists of a single line, which contains the password. If file is -, then the user can supply the password as standard input.
If the -p option is not supplied, then the changemgr command prompts the user for his password.
Specifies an absolute or relative path to a file. This file path is not within the Change Manager repository.
Specifies the path to a folder that is relative to the top of the Change Manager repository.
Specifies the path to a file, not including a folder, that is relative to the top of the Change Manager repository.
Specifies the file name suffix that represents the file type. An audit rules file uses the .brul suffix.
Choose a name that indicates the type of audit specified by the audit rules file. Use the .brul suffix. For example, create an audit rules file named usr-only.brul, which indicates that only files from /usr are cataloged.
Suzi copies the audit rules file called /net/test1/home/suzi/usr-only.brul to the web-server folder of the repository. She renames the file to be usr_only.brul.
$ changemgr import /net/test1/home/suzi/usr-only.brul \ /web-server/usr_only.brul |
Suzi copies the audit rules files called /net/test1/home/suzi/usr-only.brul and /net/test1/home/suzi/opt-only.brul to the / folder of the repository.
$ changemgr import /net/test1/home/suzi/usr-only.brul \ /net/test1/home/suzi/opt-only.brul / |
The manifests are created by the changemgr manifest command, which performs a per-file audit of a managed host.
The time required to import a file to the Change Manager repository depends on the size of the file and the speed of the network.
Determine where the manifest exists and where to store it.
For example, copy the manifest from /net/test1/home/suzi/host1-usr-only.bmft to the web-server folder.
Import a manifest to the Change Manager repository by using one of these changemgr import commands.
The following command line imports one file at a time. You can also use this command line to rename the file.
$ changemgr import [ -u username ] [ -p file ] filepath[.type] \ relfilepath.type |
The following command line imports several files to a folder simultaneously.
$ changemgr import [ -u username ] [ -p file ] filepath.type ... \ reldirpath |
For descriptions of the options, see How to Import Audit Rules Files to the Change Manager Repository (Command Line).
Choose a name that indicates the name of the audited managed host and the type of audit specified by the audit rules file. Use the .bmft file suffix. For example, copy a manifest named host1-usr-only.bmft, which indicates that only files from /usr are cataloged for the host1 managed host.
Suzi copies the manifest called /net/test1/home/suzi/host1-usr-only.bmft to the web-server folder. She renames the file to be host1_usr_only.bmft.
$ changemgr import \ /net/test1/home/suzi/host1-usr-only.bmft \ /web-server/host1_usr_only.bmft |
Suzi copies the manifests called /net/test1/home/suzi/host1-usr-only.bmft and /net/test1/home/suzi/host1-opt-only.bmft to the / folder.
$ changemgr import \ /net/test1/home/suzi/host1-usr-only.bmft \ /net/test1/home/suzi/host1-opt-only.bmft / |
To simplify naming of managed hosts, you can make each name match the name of the actual machine.
If you change the value of the AgentPort property after installing a managed host, the Change Manager server will no longer be able to communicate with it. To reestablish communication with the server by using the new agent port, you must re-initialize the managed host by performing an initial installation on it.
A managed host can be a client of only one Change Manager server. To change control of a managed host to another Change Manager server, see Internal error: unable to establish probe connection Appears When Running Jobs on Managed Hosts.
Determine where to create the managed host.
For example, create a managed host in the web-server host group.
Use one of the following changemgr add commands to add the managed host.
This command adds a managed host to be controlled by the Change Manager. A managed host can be created in a host group that is part of the Change Manager topology. hostpath is the full path name or relative path name to the managed host, which includes the host group hierarchy.
$ changemgr add [ -u username ] [ -p file ] [ -d domain ] \ hostname hostpath |
This command adds the specified hosts to the specified host group. The topology names are the same as the host names.
$ changemgr add [ -u username ] [ -p file ] [ -d domain ] \ hostname ... grouppath |
Specify the user name to authenticate. If this option is not specified, the user is the current UNIX user.
file consists of a single line, which contains the password. If file is -, then the user can supply the password as standard input.
If the -p option is not supplied, then the changemgr command prompts the user for his password.
Specify the administrative domain on which to operate. In the context of a session, the default is the domain specified for the session. If no domain is specified, domain is the user's home domain. By default, domain is the user's home domain.
Specifies the network name of a host, for example, host1.yourcompany.com.
Specifies the path to a managed host that is relative to the top of the selected administrative domain.
Specifies the path to a host group that is relative to the top of the selected administrative domain.
Chris creates the host1 managed host in the web-server/apache host group.
$ changemgr add host1 /web-server/apache |
Chris adds the host1 managed host to the web-server/apache host group and changes the host name to Host1.
$ changemgr add host1 /web-server/apache/Host1 |
Chris adds the host1 and host2 managed hosts to the web-server/apache host group.
$ changemgr add host1 host2 /web-server/apache |
Determine which managed hosts you want to audit.
For example, audit the /web-server/host1 and /web-server/host2 managed hosts.
Build manifests for the managed hosts.
$ changemgr manifest [ -u username ] [ -p file ] [ -d domain ] \ -o relfilepathprefix [ -r relfilepath.brul ] topopath ... |
Specify the prefix to be used when creating the output inventories. The name of the managed host and the .bmft suffix are appended to the prefix specified to form the name of the resulting manifest.
Specify the audit rules file to use to create the manifest.
Specifies the path to a managed host or host group that is relative to the top of the selected administrative domain.
For descriptions of the other options, see How to Add Managed Hosts (Command Line).
Suzi builds manifests for the /web-server/host1 and /web-server/host2 managed hosts. She stores the files in the /web-server folder with a manifest file prefix of usr-only. The resulting file names are /web-server/host1.bmft and /web-server/host2.bmft.
$ changemgr manifest -o /web-server/ -r usr-only.brul \ /web-server/host1 /web-server/host2 |
If the argument to -o is a folder, terminate the argument with a slash. For example, if the argument to -o is /web-server/baseline, then baseline is prefixed to manifests created in the /web-server folder. Using this prefix, a resulting manifest name might be /web-server/baselinehost1.bmft.
The baseline manifest does not need to be built on the managed host. You can build a baseline manifest on a master system before creating the Solaris Flash archive.
Determine which managed hosts you want to audit.
For example, audit the /web-server/host1 and /web-server/host2 managed hosts.
Audit managed hosts.
$ changemgr audit [ -u username ] [ -p file ] [ -d domain ] \ -o relfilepath.txt [ -r relfilepath.brul ] relfilepath.bmft topopath ... |
Specify where to write the report on manifest differences.
Specify the audit rules file to use to create the manifest.
Specifies the path to the manifest file that is relative to the top of the Change Manager repository.
Specifies the path to a managed host or host group that is relative to the top of the selected administrative domain.
For descriptions of the other options, see How to Add Managed Hosts (Command Line).
Suzi audits the /web-server/host1 managed host. She stores the report in the /web-server/usr-only.txt file. She audits the managed host by comparing its manifest against the baseline manifest called /web-server/baseline.bmft.
$ changemgr audit suzi \ -o /web-server/usr-only.txt -r usr-only.brul \ /web-server/baseline.bmft /web-server/host1 |
To understand how to interpret the report results, see Comparison Report Format.
Determine the managed hosts for which you want to get the software status.
For example, get the software status for the /web-server/host1 and /web-server/host2 managed hosts.
Get the software status for a managed host.
$ changemgr info [ -u username ] [ -p file ] [ -d domain ] \ -o relfilepath.txt topopath ... |
Specify the path of the file that contains the software status report.
Specifies the path to a managed host or host group that is relative to the top of the selected administrative domain.
For descriptions of the other options, see How to Add Managed Hosts (Command Line).
Suzi gets the software status for the /web-server/host1 managed host. She stores the report in the /web-server/software-status.txt file.
$ changemgr info -o /web-server/software-status.txt \ /web-server/host1 |