A fix is available
APAR status
Closed as program error.
Error description
Using the following test.xml : <?xml version="1.0" encoding="UTF-8"?> <AIXPertSecurityHardening> <AIXPertEntry name="hls_dissnmpdmn" function="dissnmpdmn"> <AIXPertRuleType type="HLS"/> <AIXPertDescription>Disable SNMP daemon: Stops SNMP daemon and comments it's entry in /etc/rc.tcpip</AIXPertDescript ion> <AIXPertPrereqList>bos.rte.ILS,bos.net.tcp.smit,bos.rte.s h ell,bos.rte.date,bos.rte.commands</AIXPertPrereqList> <AIXPertCommand>/etc/security/aixpert/bin/rctcpip</AIXPer t Command> <AIXPertArgs>snmpd d hls_dissnmpdmn</AIXPertArgs> <AIXPertGroup>/etc/rc.tcpip Settings</AIXPertGroup> </AIXPertEntry> </AIXPertSecurityHardening> Then apply the rule using : aixpert -f test.xml Then start manually snmpd so that checking that rule should complain that snpmd is running while it should not : startsrc -s snmpd aixpert -cp will output : Processing hls_dissnmpdmn_187E7A97 :done. Processedrules=1 Passedrules=1 Failedrules=0 Level= AllRules Input file=/etc/security/aixpert/core/appliedaixpert.xml While it should output : Processing hls_dissnmpdmn_A7ED7C5D : failed. Processedrules=1 Passedrules=0 Failedrules=1 Level=AllRules Input file=/etc/security/aixpert/core/appliedaixpert.xml
Local fix
Problem summary
aixpert -cp command is reporting false information for rules using rctcpip script
Problem conclusion
Fixed the problem by adding exit 1 statement when we encounter failure in rctcpip script
Temporary fix
Comments
APAR Information
APAR number
IV09761
Reported component name
AIX 610 STD EDI
Reported component ID
5765G6200
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Submitted date
2011-10-25
Closed date
2011-10-25
Last modified date
2013-04-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX 610 STD EDI
Fixed component ID
5765G6200
Applicable component levels
R610 PSY U839504
UP12/05/11 I 1000
PTF to Fileset Mapping
U839504 bos.aixpert.cmds 6.1.7.15
U846114 bos.aixpert.cmds 6.1.7.1
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSMV87","label":"AIX 6.1 Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSMVAX","label":"AIX Express Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSAUMY","label":"IBM AIX Enterprise Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG11Q","label":"AIX 6.1 HIPERS, APARs and Fixes"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"610","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
10 April 2013