Software Integrity Checker

The Software Integrity Checker (SIC) enables you to check the integrity of your FTM SWIFT software on the following systems:
  • Installation system
  • Customization system
  • Runtime system
The SIC detects if any of the files that are stored on your hard disk during FTM SWIFT installation was manipulated. Processing information is provided in the FTM SWIFT event log if event options have been specified. If no event options are used, the Software Integrity Checker will provide information in the system log. System log entries issued by the SIC are similar to the following: 
BPXF024I (USER1) DNPD1118I Starting integrity check using level: 3.2.4.0-20201026-1146.
BPXF024I (USER1) DNPD1109I Verifying the customization and runtime files in the directory 
                   '/usr/lpp/IBM/ftm/ftmswift/v324'.
BPXF024I (USER1) DNPD1111I 999 file(s) and 24 directory/directories verified. 2 mismatch(es) detected:
BPXF024I (USER1) DNPD1114I File 'run/lil/newfile.lil' is not expected.
BPXF024I (USER1) DNPD1112I File 'run/data/dnfcocyl.cli' was changed. Checksum: 05442E0A0B869C0...

If the Software Integrity Checker reports manipulations on files, your system was probably tampered and you must take appropriate actions.

Note: If you installed an emergency fix (eFix), the SIC also reports that the checksums of the replaced files are not correct. In this case, proceed as described in Emergency fix installation.
In addition, you are advised to do the following to ensure the integrity of your FTM SWIFT software:
  • Run the SIC at least once per day on both, your customization system and runtime system. To do this, you can, for example, set up a cron job.
  • Check the return code of the SIC after termination. For information on return code values, see Return codes.
  • Monitor the system and FTM SWIFT event log for messages from the SIC as described in Monitoring software integrity
  • Ensure that the SIC is executed during startup of FTM SWIFT, that is, when the message broker starts. This can be done by adding a job step to the message broker start up job as shown in the following example:
    //************************************************************
//* Job step to run the FTM SWIFT Software Integrity Checker.
//* Adapt the JCL to your environment.
//* Integrate verification of the RC of this job step into
//* the return code checking of subsequent job steps.
//* The dnpsic return codes are multiplied by 256.
//* For example, a dnpsic RC=2 results in RC=512 for this step
//************************************************************
//*
//SIC       EXEC PGM=BPXBATCH,REGION=0M
//STEPLIB   DD DISP=SHR,DSN=MQM.Vxxx.SCSQANLE
//          DD DISP=SHR,DSN=MQM.Vxxx.SCSQAUTH
//          DD DISP=SHR,DSN=MQM.Vxxx.SCSQLOAD
//BPXOUT    DD SYSOUT=*
//STDERR    DD SYSOUT=*
//STDOUT    DD SYSOUT=*
//STDPARM   DD *
SH
  . /var/ftmswift_v324/run/dniprofile;
  /usr/lpp/IBM/ftm/ftmswift/v324/run/bin/dnpsic
  -Djava.security.policy=/var/ftmswift_v324/run/ftmswift.policy
  -check runtime
  -qmgr DNIvMQMN -inst DNIvINST
/*
    Note: If you use event options as shown in the example, you need to ensure that the queue manager is running.