check

Purpose

The check command searches the FTM SWIFT database tables for suspicious changes and reports any findings.
Required access rights: User has to be a data integrity validator or a data integrity operator as described in Table 1
Predefined roles that provide required access rights: None

Format

Read syntax diagramSkip visual syntax diagram  dnpdic  -check -Djava.security.policy=<policy_file> -passphrase phrase -tabletable_name -rowid rowid -dsn data_source_name -schema schema  -uid user_id -pw passwordEvent options -report
Event options
Read syntax diagramSkip visual syntax diagram -instanceinstance -qmgrqmgrMQ client
MQ client
Read syntax diagramSkip visual syntax diagram  -host host  -channel channel  -port 1414 -portnumber -ciphersuitename -truststorefilename -fips
To display command help:
Read syntax diagramSkip visual syntax diagramdnpdic -help -h -check
Notes:
  • FTM SWIFT events are not written unless the instance's remote event service DNI_R_EVENT is running.
  • You must specify parameters -host, -channel and -port only if you want the data integrity checker to connect to the queue manager specified by parameter -qmgr in client mode. If you omit these parameters, the data integrity checker connects in bindings mode.
  • You must specify parameters -ciphersuite, -truststore and -fips only if you want to use SSL/TLS.

Parameters

-Djava.security.policy=policy_file
policy_file is the policy file that was provided for the runtime system. You can omit this parameter if your system administrator has added the required policies to the JVM default security properties file. For more information, see Java Policy files.
-passphrase phrase
The passphrase that the data integrity administrator specified when issuing the vault utility command create as described in activation of the data integrity framework, step 2.a.
Notes:
  • If you omit this parameter, the data integrity checker prompts for the passphrase.
  • Instead of specifying the phrase itself, you can also provide a stash file as described in Stash File Utility, for example:
    -passphrase @/var/ftmswift_v300/run/passphrase.stash
-table table_name
Use this parameter if you want to verify a specific database table only.
-rowid rowid
Use this parameter if you want to verify a specific row of a database table only.
-dsn data_source_name
The data source name of the FTM SWIFT runtime database. By default, the value of environment variable DNI_DSN is used.
-schema schema
The schema name of the tables in the FTM SWIFT runtime database. By default, the value of environment variable DNI_SN is used.
-uid user_id
The user ID to be used when connecting to the FTM SWIFT runtime database. Specify your own user ID as user_id.
-pw password
The password of the user ID specified in the -uid parameter.
Notes:
  • If you omit this parameter, the data integrity checker prompts for the password.
  • Instead of specifying the password itself, you can also provide a stash file as described in Stash File Utility, for example:
    -pw @/var/ftmswift_v300/run/db2.stash
-instance (or -in or -i) instance
The name of the FTM SWIFT instance used to write events. If not specified, the environment variable DNI_I is used.
-qmgr qmgr
The name of the queue manager that is associated with the specified FTM SWIFT instance. If not specified, the environment variable DNI_QM_instance is used.
-host host
The host name of the IBM® MQ server on which the queue manager runs. Specify this parameter if you want the data integrity checker to connect to the queue manager in client mode instead of bindings mode.
-channel channel
The channel to be used to connect to the queue manager. Specify this parameter if you want the data integrity checker to connect in client mode instead of bindings mode.
-port number
The port number of the IBM MQ server on which the queue manager runs. Specify this parameter if you want the data integrity checker to connect in client mode instead of bindings mode. The default is 1414.
-ciphersuite name
The name of the SSL cipher suite to be used in client connections to the IBM MQ server on which the queue manager runs. Use the name of the SSL cipher suite that matches the SSL definition for the channel name used. Refer to the IBM MQ documentation, SSL CipherSpecs and CipherSuites in MQ classes for Java, for more information on cipher suite naming.
-truststore filename
The file name of a trust store which contains the certificate information of the IBM MQ queue manager. Refer to the IBM MQ documentation, Configuring SSL security, for details on how to set up SSL/TLS connections and certificate information.
-fips
Use this parameter to enable Federal Information Processing Standards (FIPS) conforming SSL/TLS operations.
-report
The report option can be used to display component specific details if potentially manipulated entries are detected. The report includes detailed information for potentially manipulated entries of the following tables:
  • DNF_OAMS
  • DNF_IAMS
The details include a reference value (DisposeReference) which can be used in order to remove the entry using the dispose command if required.
-help or -h
Show the help text that describes the parameters.
Note: The parameter -keystore is deprecated. For compatibility reasons you can still specify it, but it is ignored during processing. The check command now uses the vault that was specified by the data integrity administrator when issuing the init command.

Return codes

The check command terminates with one of the following return codes:
Code
Description
0
Successful processing. This implies that no manipulated or missing data was detected.
2
Processing was successful, but possibly manipulated or missing data was detected. For more information, see the FTM SWIFT event log.
4
No processing was done because an invalid parameter was specified.
8
Processing terminated because the vault file could not be read.
12
Processing terminated due to a fatal error. For more information, see the command output in the shell.

Examples

The following command (issued on a single line) checks the integrity of all FTM SWIFT database tables identified by environment variables DNI_DSN (data source name) and DNI_SN (schema name); it prompts for the vault's pass phrase, uses Diane's credentials to connect to the database and writes events for instance INST1 on the local host by connecting to queue manager QM3 in client mode using port 1421 and connection channel SYSTEM.DEF.SVRCONN:
dnpdic -check -Djava.security.policy=/var/ftmswift_v300/run/ftmswift.policy 
       -uid diane -pw dianes_password -i INST1 -qmgr QM3
       -host localhost -channel SYSTEM.DEF.SVRCONN -port 1421
The following command uses the -report option to display additional details for records failing integrity check. 
dnpdic -check -report -Djava.security.policy=/var/ftmswift_v300/run/ftmswift.policy 
       -uid paul -pw pauls_password -i INST1 -qmgr QM7
       -host 192.168.122.185 -channel SYSTEM.DEF.SVRCONN -port 2421
The output generated by the Data Integrity Checker Utility will contain sections as displayed below: 
 ...
DETAILS FOR RECORD FAILING DATA INTEGRITY CHECK
------------------------------------------------------------------
 DisposeReference: FINRECEIVE#2
------------------------------------------------------------------
 Type...........: FMT message (Incoming)
 OU.............: OU1
 MsgType........: 999
 Sender.........: PTSADEJJCXXX
 Receiver.......: PTSADEJJCXXX
 Reference (20).: test
 Session........: 0000
 Sequence number: 000002

MQ INFORMATION
------------------------------------------------------------------
 ID.............: 414d5120514236202020202020202020547f45ab26554d04

PAYLOAD
------------------------------------------------------------------
{1:F01PTSADEJJCXXX0000000000}{2:O9991211180925PTSADEJJCXXX00000000001809251211N}{4:
:20:test
:79:test
-}{5:{CHK:000000000000}}
...
The Dispose Reference, here FINRECEIVE#2, can be used as reference in a -dispose operation.