Software Integrity Checker command
Purpose
Use this command to check the integrity of your FTM SWIFT software.
| Required access rights: | User has to be a software integrity administrator as described in Table 1 |
| Predefined roles that provide required access rights: | None |
Format
Notes:
- Start the software integrity checker using directory /run/bin within the FTM SWIFT installation directory (for example, /opt/IBM/ftm/swift/v300)
- Use /admin/bin if you issue the software integrity checker command in your customization system
- You must specify event options only if you want the software integrity checker to write FTM SWIFT events (for example, on successful termination or detection of corrupted files). Equivalent information is written to the syslog if no event parameters are provided.
- If you specify
event options, the following prerequisites must be met:
- Your environment variable CLASSPATH must contain the IBM® MQ Java archive files (for example, mq_install_dir/java/lib/com.ibm.mq.jar)
- Your library path environment variable (LD_LIBRARY_PATH) must contain the IBM MQ Java library directory (for example, mq_install_dir/java/lib)
- FTM SWIFT events are not written unless the remote event service DNI_R_EVENT is running.
- You must specify parameters -host, -channel and -port only if you want the software integrity checker to connect to the queue manager specified by parameter -qmgr in client mode. If you omit these parameters, the software integrity checker connects in bindings mode.
- You must specify parameters -ciphersuite, -truststore and -fips only if you want to use SSL/TLS.
Parameters
- -Djava.security.policy=policy_file
- policy_file is the policy file that was created for the system in which you issue the software integrity checker command. You can omit this parameter if your system administrator has added the required policies to the JVM default security properties file. For more information, see Java Policy files.
- -check system
- Specifies the system(s) to be checked. Possible values:
- customization
- Causes the software integrity checker to check the directory inst_dir/admin where inst_dir is the FTM SWIFT installation directory (for example, /opt/IBM/ftm/swift/v300). Specify this value if you issue the software integrity checker command in your customization system.
- runtime
- Causes the software integrity checker to check the directory inst_dir/run where inst_dir is the FTM SWIFT installation directory. Specify this value if you issue the software integrity checker command in your runtime system.
- all
- Causes the software integrity checker to check both directories, inst_dir/admin and inst_dir/run. Specify this value if you issue the software integrity checker command in your installation system. This is the default.
- -instance (or -in or -i) instance
- The name of the FTM SWIFT instance to write events.
- -qmgr qmgr
- The name of the queue manager that is associated with the specified FTM SWIFT instance.
- -host host
- The host name of the IBM MQ server on which the queue manager runs. Specify this parameter if you want the software integrity checker to connect to the queue manager in client mode.
- -channel channel
- The channel to be used to connect to the queue manager. Specify this parameter if you want the software integrity checker to connect in client mode.
- -port number
- The port number of the IBM MQ server on which the queue manager runs. Specify this parameter if you want the software integrity checker to connect in client mode. The default is 1414.
- -ciphersuite name
- The name of the SSL cipher suite to be used in client connections to the IBM MQ server on which the queue manager runs. Use the name of the SSL cipher suite that matches the SSL definition for the channel name used. Refer to the IBM MQ documentation, SSL CipherSpecs and CipherSuites in MQ classes for Java, for more information on cipher suite naming.
- -truststore filename
- The file name of a trust store which contains the certificate information of the IBM MQ queue manager. Refer to the IBM MQ documentation, Configuring SSL security, for details on how to set up SSL/TLS connections and certificate information.
- -fips
- Use this parameter to enable Federal Information Processing Standards (FIPS) conforming SSL/TLS operations.
- -help or -h
- Show help text that describes the parameters.
Return codes
The software integrity checker command terminates with either of the following return codes:- Code
- Description
- 0
- Successful processing; no manipulated file was detected
- 2
- Successful processing; at least one possibly manipulated file was detected. For further
information on findings see the following:
- System log
- Event log (if event options were specified when issuing the software integrity checker command)
- 4
- No processing was done because an invalid parameter was specified
- 8
- Processing was terminated because one of the following errors occurred:
- A sub-directory of the FTM SWIFT installation directory could not be accessed
- A file in the FTM SWIFT installation directory or one of its sub-directories could not be read
- An event could not be written because the appropriate request message could not be put on IBM MQ queue instance.SYSOU.DNI_R_EVENT using the specified event options.
- 12
- Processing was terminated because a system log entry could not be written
Examples
The following command (issued on a single line in the customization system) checks the software
integrity without writing FTM SWIFT
events:
/opt/IBM/ftm/swift/v300/admin/bin/dnpsic
-Djava.security.policy=/var/ftmswift_v300/cus/ftmswift.policy
-check customizationThe following command (issued on a single line in the installation system) checks the integrity
of all FTM SWIFT software; it writes FTM SWIFT
events to instance INST1 on the local host by connecting to queue manager
QM6 in client mode using port 1421 and connection channel
SYSTEM.DEF.SVRCONN:
/opt/IBM/ftm/swift/v300/run/bin/dnpsic
-Djava.security.policy=/var/ftmswift_v300/run/ftmswift.policy
-check all -i INST1 -qmgr QM6
-host localhost -channel SYSTEM.DEF.SVRCONN -port 1421