UNIX HEALTH CHECK FOR AIX server1

Report

This report is generated by UNIX Health Check for AIX. It is an overview of check scripts run on an AIX system, and depending on the options selected when the checkall.ksh script was run, it will list each check script, the returncode of the check script, the output of the check script and a description. At the end of this report is an overview of all scripts run and a score report.

Any individual implementing changes should completely understand the change and deem each change appropriate before it is applied to the system. As a standard rule, please take into consideration the impact on other components before implementing the change. Also, we encourage all to conduct a peer review of all changes before implementation. Most importantly, if the effect of a change is not fully understood, do not implement that change until a satisfactory explanation can be given as to what the effects of the change are. We recommend implementation of one change at a time. The application of many changes all at once will increase the likelihood of confusion, if issues arise.

For more information, check website www.unixhealthcheck.com. For support, email to support@unixhealthcheck.com.

Options selected

Version:
17.05.25
Start at:
05/25/2017 11:43:01 EDT
Options:
-ghdv
Output file:
checkall_server1.html
Display:
WARNING and ERROR checks only, skipping inventory scripts.
Descriptions:
Yes
Output type:
HTML
# Checks:
1085

System configuration

Hostname:
server1 (server1.unixhealthcheck.com)
IP Address:
10.11.18.66
IP Assignment:
Static
Subnet Mask:
255.255.255.0
Default Gateway:
10.11.18.1
Name Server(s):
204.148.236.3 155.16.44.30
LPAR / VM:
1 server1
OS Level:
AIX 6.1.8.15 6100-08
PowerHA Level:
6.1.0.11
Model:
IBM,8233-E8B Power 750 Express
Serial Number:
10473GF
Firmware Level:
AL730_114
Kernel:
64 bit
Hardware:
64 bit
Processor Type:
PowerPC_POWER7
CPU Clock Rate:
3300 MHz
rPerf:
240.08 rPerf  based on 24.00 Virtual CPU cores
CPUs:
24
Logical CPUs:
96
Capacity:
Min: 8.00 Entitled: 24.00 Max: 32.00 Increment: 1.00
Active Physical CPUs in system:
24
System type:
mode=Capped type=Dedicated-SMT-4 weight=0 smt=4
Virtual CPUs:
Desired: 24 Min: 8 Online: 24 Max: 32
Memory:
513792MB
Memory Settings:
min: 131072MB, desired: 513792MB, max: 524288MB, online: 513792MB
Paging Space:
32640MB (3% in use)
Uptime:
11:43AM up 407 days, 22:53, 1 user, load average: 8.69, 7.81, 8.24

Individual checks

checkauthconsistency.ksh
Script run at:2017-05-25 11:43:08
Runtime:0 second(s)
Returncode:1
Description:
Run the pwdck command to check for any authorization issues or inconsistencies. If issues are found, this check will show the output.

To view the issues, run:

# pwdck -n ALL

To correct, run:

# pwdck -y ALL
Output:
The user Banusha has an invalid password field in /etc/passwd.
The stanza for Banusha was not found in /etc/security/passwd.
The user common has an invalid lastupdate attribute.
The user clarkgs was not found in /etc/passwd.
The user clarkgs does not have a stanza in /etc/security/user.
The user melving was not found in /etc/passwd.
The user melving does not have a stanza in /etc/security/user.

checkauthorizedkeys.ksh
Script run at:2017-05-25 11:43:08
Runtime:0 second(s)
Returncode:2
Description:
Check the authorized keys for user root.

There should NOT be any keys in ~root/.ssh/authorized_keys file that allow outside users to gain root access.
Output:
File: /root/.ssh/authorized_keys

root@nimserver
root@server2.unixhealthcheck.com
root@server3.unixhealthcheck.com

checkcleanetc.ksh
Script run at:2017-05-25 11:43:28
Runtime:1 second(s)
Returncode:2
Description:
Check for any files in /etc that can be cleaned up.

Often, old copies of configuration files are left behind in folder /etc, that will clutter up the folder. This check script identifies files that can be removed safely.
Output:
Consider removing the following files and/or folders in /etc:
/etc/clsnmp.conf-190314
/etc/inittab.crs
/etc/inittab.no_crs
/etc/inittab.no_tfa
/etc/inittab.tfa
/etc/methods.cfg_111314
/etc/snmpd.boots-190314
/etc/sudoers12feb15
/etc/sudoers_18012016
/etc/sudoers.280915
/etc/sudoers_29092015

checkcleanetcmail.ksh
Script run at:2017-05-25 11:43:28
Runtime:0 second(s)
Returncode:2
Description:
Check for any files in folder /etc/mail that can be safely removed.

This script will indicate old copies of files in folder /etc/mail that should be cleaned up to keep folder /etc/mail tidy.
Output:
Consider removing the following files and/or folders in /etc/mail:
/etc/mail/aliases.broke
/etc/mail/aliases.db.broke
/etc/mail/sendmail.cf_030316

checkcleanpartialconns.ksh
Script run at:2017-05-25 11:43:28
Runtime:0 second(s)
Returncode:1
Description:
Check if network option clean_partial_conns is enabled to avoid SYN attacks.

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

Normally when a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this:

1. The client requests a connection by sending a SYN (synchronize) message to the server.
2. The server acknowledges this request by sending SYN-ACK back to the client.
3. The client responds with an ACK, and the connection is established.

This is called the TCP three-way handshake, and is the foundation for every connection established using the TCP protocol.

A SYN flood attack works by not responding to the server with the expected ACK code. The malicious client can either simply not send the expected ACK, or by spoofing the source IP address in the SYN, causing the server to send the SYN-ACK to a falsified IP address - which will not send an ACK because it "knows" that it never sent a SYN.

The server will wait for the acknowledgement for some time, as simple network congestion could also be the cause of the missing ACK, but in an attack increasingly large numbers of half-open connections will bind resources on the server until no new connections can be made, resulting in a denial of service to legitimate traffic.

To avoid SYN attacks, make sure network option clean_partial_conns is set to 1 (enabled).
Output:
Network option clean_partial_conns is set to 0 and should be set to 1.
Run: no -p -o clean_partial_conns=1

checkcleanroot.ksh
Script run at:2017-05-25 11:43:29
Runtime:1 second(s)
Returncode:2
Description:
Check for any files in root directory that can be cleaned up.

Often, old files are left behind in the root home directory by system administrators. This check script identifies files that can be safely removed.
Output:
Consider removing the following files and/or directories:
/root/sddpcmdata_server1_20160412_161934.tar.Z

checkcleansshdiroracle.ksh
Script run at:2017-05-25 11:43:29
Runtime:0 second(s)
Returncode:2
Description:
Check for any files in ~oracle/.ssh that can be cleaned up.

Often, system administrators may leave behind old copies of files in ~oracle/.ssh, and this check script will identify any files that can be safely removed.
Output:
Consider removing the following files in ~oracle/.ssh:
disk_read.sql

checkcorepath.ksh
Script run at:2017-05-25 11:43:35
Runtime:0 second(s)
Returncode:2
Description:
Check if the core path, if set, is available on the system.

Using the chcore command, one can set the default location to dump core files, for either root, or system-wide. This check script will make sure that the core path location indeed exists on the system.
Output:
It is recommended to have a central location to store core files in.
For more information how to set this up, see: http://www.unixhealthcheck.com/blog?id=355

checkcronlogfailed.ksh
Script run at:2017-05-25 11:43:43
Runtime:1 second(s)
Returncode:1
Description:
Check for any failed jobs in the cron log.

A job will be listed as "Failed" in the file /var/adm/cron/log (the log file of the cron daemon), when it returns a returncode other than 0. Please investigate any jobs not completing properly, for example by running them manually.

Other common issues that cause failed cron jobs are:
The cron job not having execute permissions to run.
The cron job command not existing on the server.

After having resolved any failed cron jobs, make sure to empty the log file for cron:

# cp /dev/null /var/adm/cron/log
Output:
There are 5 failed jobs in /var/adm/cron/log:

oracle    : CMD ( /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i +ASM2 -P DiagAlertXMLDest -n 2 -l >/tmp/asm_alert_dump_dest.log 2>&1 ) : PID ( 66060364 ) : Thu May 25 10:50:00 2017 Cron Job with pid: 66060364 Failed 
oracle    : CMD ( /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i +ASM2 -P IncidentDumpDest -n 4 -l >/tmp/asm_Inci_dump_dest.log 2>&1 ) : PID ( 61276298 ) : Thu May 25 10:45:00 2017 Cron Job with pid: 61276298 Failed 
oracle    : CMD ( /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i +ASM2 -P core_dump_dest -n 2 -l >/tmp/asm_core_dump_dest.log 2>&1 ) : PID ( 62325726 ) : Thu May 25 10:40:00 2017 Cron Job with pid: 62325726 Failed 
oracle    : CMD ( /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i +ASM2 -P audit_file_dest -n 2 -l >/tmp/asm_audit_file_dest.log 2>&1 ) : PID ( 41484478 ) : Thu May 25 10:35:00 2017 Cron Job with pid: 41484478 Failed 
oracle    : CMD ( /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i +ASM2 -P background_dump_dest -n 14 -l >/tmp/asm_trace_dump_dest.log 2>&1 ) : PID ( 14680446 ) : Thu May 25 10:30:00 2017 Cron Job with pid: 14680446 Failed 

checkcrontabattwo.ksh
Script run at:2017-05-25 11:43:45
Runtime:1 second(s)
Returncode:1
Description:
Report an error when a crontab entry is scheduled between 2 AM and 3 AM. This job may be skipped, if time shifts from Daylight Saving Time. Therefore, it is good practice never to schedule a job between 2 and 3 AM in the morning.

This check does not apply to systems that have a time zone without Daylight Savings Time configured, e.g. Mountain Standard Time in Arizona, USA.
Output:
Crontab file oracle has command /ora_backup/stby_arch/kill_box.ksh server1 ora12 0 K >>/tmp/kill_box.out 2>&1 scheduled at 2 AM in the crontab.
Crontab file oracle has command /ora_backup/stby_arch/longrun.ksh server1 ora12 0 > /tmp/ora12_v500_boxi.out 2>&1 scheduled at 2 AM in the crontab.

checkcrontabcommands.ksh
Script run at:2017-05-25 11:43:47
Runtime:2 second(s)
Returncode:1
Description:
Check if the commands in crontab files indeed exist. Having a command in the crontab that does not exist will only result in an error in the crontab log file. A common error that occurs and that will alert this check is by not using the full path name of the commands. Always specify the full pathname of commands, even for simple commands like lpr, cp or rm. A hacker could possibly create a script with the same name and have it run from a different directory in the PATH.

For scripts that are run from shared file systems in a clustered environment, make sure to always add a test for the script to be run, before  running the script, e.g.:

[ -x /path/to/command ] && /path/to/command

This way, no errors will be generated in the cron log file, because a test is performed first to check if the command to be run is executable at all.
Output:
File /ath/dr/prdl2/v5.4/bin/dr_monitor.ksh in crontab oracle can be modified by everyone. Remove write access for others.
File /sysadm/scripts/qfull.ksh in crontab root can be modified by everyone. Remove write access for others.

checkcurl.ksh
Script run at:2017-05-25 11:43:50
Runtime:0 second(s)
Returncode:1
Description:
Check if curl is installed. And if so, check if the correct version is installed. 

The latest version of curl can be found in the IBM AIX Toolbox for Linux applications online.
Output:
Version curl-7.9.3-2 of Curl is installed; expected version 7.44.

checkdefaultusersettings.ksh
Script run at:2017-05-25 11:43:51
Runtime:0 second(s)
Returncode:1
Description:
Check the default user settings in /etc/security/user.

To configure the default user settings with just one single command to the recommended values, run:

# chsec -f /etc/security/user -s default -a loginretries=3 -a histexpire=13 -a histsize=4 -a minage=1 -a maxage=13 -a minalpha=2 -a minother=1 -a minlen=8 -a mindiff=3 -a maxrepeats=4 -a maxexpired=4 -a pwdwarntime=5

For those systems on AIX 6.1 TL8 and AIX 7 and up, run:

# chsec -f /etc/security/user -s default -a loginretries=3 -a histexpire=13 -a histsize=4 -a minage=1 -a maxage=13 -a minalpha=2 -a minother=1 -a minlen=8 -a mindiff=3 -a maxrepeats=4 -a maxexpired=4 -a pwdwarntime=5 -a mindigit=1 -a minspecialchar=1 -a minloweralpha=1 -a minupperalpha=1
Output:
Default attribute pwdwarntime in /etc/security/user is set to 7, but should be 5 or less.
Pwdwarntime defines the number of days before the system issues a warning that a password change is required.
Default attribute maxexpired in /etc/security/user is set to 8, but should be 4 or less.
Maxexpired defines the number of weeks a user is allowed to change a password after it is expired.
Default attribute minalpha in /etc/security/user is set to 1, but should be at least 2.
Minalpha defines the minimum number of alphabetic characters in a password.
Default attribute minlen in /etc/security/user is set to 6, but should be at least 8.
Minlen defines the minimum length of a password, which should be 8.
Default attribute mindiff in /etc/security/user is set to 2, but should be at least 3.
Mindiff defines the minimum number of characters in the new password that were not in the old password.

checkdirsworldwriteable.ksh
Script run at:2017-05-25 11:44:11
Runtime:7 second(s)
Returncode:1
Description:
Check for any directories that are world-writeable.

Having world-writeable directories on the system is a major security concern. This allows any user not only to write all the data they want into those folders and fill up file systems, but they may also have access to files in the folders, and may even be able to modify or delete files.

Please ensure to remove world-writeable access to folders as much as possible, to limit this security risk.
Output:
drwxrwxrwx root     system         4096 Nov 15 2016  /u02
drwxrwxrwx inxsight dba            4096 Nov  4 2012  /opt/CA/CADCC/log
drwxrwxrwx inxsight dba            4096 Mar  8 2012  /opt/CA/CADCC/bin
drwxrwxrwx inxsight dba            4096 Mar  8 2012  /opt/CA/CADCC/bin/init
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CADCC/bin/rc
drwxrwxrwx root     system          256 Aug 23 2012  /appl/replicate_backup
drwxrwxrwx root     system          256 Aug 23 2012  /appl/replicate_backup/prd_import_export
drwxrwxrwx inxsight dba            4096 Mar  8 2012  /opt/CA/CADCC
drwxrwxrwx inxsight dba             256 Mar 31 2010  /opt/CA/CADCC/doc
drwxrwxrwx inxsight dba            4096 Mar 31 2010  /opt/CA/CADCC/doc/de_DE
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CADCC/uninstall
drwxrwxrwx root     system        20480 May 10 12:32 /mount/ora_backup
drwxrwxrwx inxsight dba             256 Mar 31 2010  /opt/CA/CADCC/locale/en_US
drwxrwxrwx inxsight dba             256 Feb  4 2013  /opt/CA/CADCC/cfg
drwxrwxrwx inxsight dba            4096 Mar 31 2010  /opt/CA/CADCC/doc/en_US
drwxrwxrwx inxsight dba            4096 Mar 31 2010  /opt/CA/CADCC/doc/fr_FR
drwxrwxrwx inxsight dba            4096 Mar 31 2010  /opt/CA/CADCC/doc/ja_JPSJIS
drwxrwxrwx inxsight dba            4096 Mar 31 2010  /opt/CA/CADCC/doc/ja_JPeucJP
drwxrwxrwx inxsight dba             256 Mar 31 2010  /opt/CA/CADCC/locale
drwxrwxrwx inxsight dba             256 Mar 31 2010  /opt/CA/CADCC/tool
drwxrwxrwx root     system        16384 Sep 27 2011  /usr/local/oracle/rda/output
drwxrwxrwx root     system          256 Sep 27 2011  /usr/local/oracle/rda/output/JOB_RDA
drwxrwxrwx root     system          256 Sep 27 2011  /usr/local/oracle/rda/output/extern
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/pec/tool
drwxrwxrwx inxsight dba            4096 Mar  8 2012  /opt/CA/pec/bin
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/pec/bin/rs6000_aix
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/pec/lib
drwxrwxrwx inxsight dba            4096 Mar  8 2012  /opt/CA/pec/lib/rs6000_aix
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/pec
drwxrwxrwx root     system          256 Aug 22 2007  /var/adm/perfmgr
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/pec/uninstall
drwxrwxrwx inxsight dba            4096 Mar  8 2012  /opt/CA/pec/standard
drwxrwxrwx oracle   dba             256 Dec 31 1969  /ora_backup2
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/pec/locale
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/pec/locale/en_US
drwxrwxrwx oracle   oinstall        256 Oct 29 2014  /u02/cvu_tool
drwxrwxrwx oracle   oinstall        256 Oct 29 2014  /u02/cvu_tool/log
drwxrwxrwx oracle   oinstall        256 Mar  8 2013  /u01/grid/oracle/product/11.2.0.3/grid/auth
drwxrwxrwx oracle   oinstall        256 Feb 11 2015  /u01/grid/oracle/product/11.2.0.3/grid/auth/crs
drwxrwxrwx oracle   oinstall        256 Feb 11 2015  /u01/grid/oracle/product/11.2.0.3/grid/auth/css
drwxrwxrwx oracle   oinstall        256 Feb 11 2015  /u01/grid/oracle/product/11.2.0.3/grid/auth/evm
drwxrwxrwx oracle   oinstall        256 Feb 11 2015  /u01/grid/oracle/product/11.2.0.3/grid/auth/ohasd
drwxrwxrwx oracle   dba            4096 Aug  7 2012  /ath/dr/prdl1/v5.2
drwxrwxrwx root     system          256 Apr 13 2014  /u01/oracle/product/Agents/core/12.1.0.2.0/log
drwxrwxrwx root     system          256 Jul 17 2014  /u01/oracle/product/Agents/core/12.1.0.2.0/log/diag
drwxrwxrwx root     system          256 Jul 24 2014  /u01/oracle/product/Agents/core/12.1.0.2.0/log/diag/clients
drwxrwxrwx oracle   dba            4096 Aug  7 2012  /ath/dr/prdl1/v5.2/bin
drwxrwxrwx root     system        12288 Oct 23 2015  /usr/applesm/jars
drwxrwxrwx inxsight dba            4096 Mar  8 2012  /opt/CA/CADCC/license
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CADCC/license/uninstall
drwxrwxrwx oracle   dba             256 Nov 30 2009  /ath/dr/prdl1/v5.2/bin/include/Linux
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CAIDD/uninstall
drwxrwxrwx oracle   dba           49152 Jul 20 2012  /ath/dr/prdl1/v5.2/bin/include
drwxrwxrwx inxsight dba            4096 Mar  8 2012  /opt/CA/CAIDD/lib
drwxrwxrwx inxsight dba            4096 Mar  8 2012  /opt/CA/CAIDD/bin
drwxrwxrwx root     system          256 Aug 22 2007  /var/hsc/sfp
drwxrwxrwx oracle   dba             256 Mar 10 2010  /ath/dr/prdl1/v5.2/bin/include/AIX
drwxrwxrwx oracle   dba             256 Nov 30 2009  /ath/dr/prdl1/v5.2/bin/include/HP-UX
drwxrwxrwx inxsight dba            4096 Dec  6 2007  /opt/CA/CADCC/license/lic98err
drwxrwxrwx inxsight dba            4096 Mar  8 2012  /opt/CA/CAIDD
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51
drwxrwxrwx root     system         4096 Oct 23 2015  /usr/applesm/java_1_8_51/bin
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/bin/classic
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/bin/j9vm
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CAIDD/locale/en_US
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CAIDD/locale/fr_FR
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CAIDD/locale/ja_JP.eucJP
drwxrwxrwx root     system         4096 Oct 23 2015  /usr/applesm/java_1_8_51/lib
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CAIDD/locale
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/applet
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/boot
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/cmm
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/ddr
drwxrwxrwx inxsight dba             256 Jun  8 2005  /opt/CA/CAIDD/evarch
drwxrwxrwx inxsight dba             256 Jun  3 2009  /opt/CA/CAIDD/evarch/CVS
drwxrwxrwx root     system         4096 Oct 23 2015  /usr/applesm/java_1_8_51/lib/deploy
drwxrwxrwx inxsight dba             256 Nov  4 2012  /opt/CA/CAIDD/log
drwxrwxrwx inxsight dba             256 Jun  3 2009  /opt/CA/CAIDD/log/CVS
drwxrwxrwx inxsight dba             256 Jun  3 2009  /opt/CA/CAIDD/shmlck/CVS
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CAIDD/locale/default
drwxrwxrwx inxsight dba             256 Jun  8 2005  /opt/CA/CAIDD/xfer
drwxrwxrwx inxsight dba             256 Jun  3 2009  /opt/CA/CAIDD/xfer/CVS
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CAIDD/bin/ora
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/applications
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/icons
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/icons/HighContrast
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/icons/HighContrast/16x16
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/icons/HighContrast/16x16/apps
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/icons/HighContrast/16x16/mimetypes
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CAIDD/locale/ja_JP.SJIS
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/icons/HighContrast/48x48
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/icons/HighContrast/48x48/apps
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/icons/HighContrast/48x48/mimetypes
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/icons/HighContrastInverse
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/icons/HighContrastInverse/16x16
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/icons/HighContrastInverse/16x16/apps
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CAIDD/usersql
drwxrwxrwx inxsight dba             256 Mar  8 2012  /opt/CA/CAIDD/usersql/ora
drwxrwxrwx root     system          256 Oct 23 2015  /usr/applesm/java_1_8_51/lib/desktop/icons/HighContrastInverse/16x16/mimetypes
+454 more... To view all directories, run: ./checkdirsworldwriteable.ksh -v

checkdiskqfull.ksh
Script run at:2017-05-25 11:44:22
Runtime:10 second(s)
Returncode:1
Description:
Check any disks that have more than 100 qfull instances. When running the following command:

# iostat -Dl

The sqfull column will show you the number of times the service queue becomes full (that is, the disk is not accepting any more service requests) per second. If this number goes beyond 100 for any given disk, this may result in a disk I/O performance issue.

If this happens, see if you can lower the disk usage, maybe by moving logical volumes from one disk to another, or by spreading the I/O over multiple disks. 

Also, check the queue_depth attribute for the disk, e.g., if an issue is seen on hdisk1:

# lsattr -El hdisk1 -a queue_depth
queue_depth 20 Queue DEPTH True

The queue_depth usually needs to be set to at least 20. If this is considerably lower, consider increasing the queue_depth setting, by running:

# chdev -l hdisk1 -a queue_depth=20

If the disk is in use, run the same command with the -P option:

# chdev -l hdisk1 -a queue_depth=20 -P

And then reboot the system, so the change takes effect.
Output:
Since system boot:

hdisk5 10.9

checkemgr.ksh
Script run at:2017-05-25 11:44:42
Runtime:0 second(s)
Returncode:1
Description:
Check for installed interim fixes and consider applying a full service pack that includes these interim fixes in your next scheduled update. It is best practice to always install full service packs instead of interim fixes.
Output:
ID  STATE LABEL      INSTALL TIME      UPDATED BY ABSTRACT
=== ===== ========== ================= ========== ======================================
1    S    IV83169m9a 12/07/16 22:09:10            Openssl CVEs on 1.0.1e                

STATE codes:
 S = STABLE
 M = MOUNTED
 U = UNMOUNTED
 Q = REBOOT REQUIRED
 B = BROKEN
 I = INSTALLING
 R = REMOVING
 T = TESTED
 P = PATCHED
 N = NOT PATCHED
 SP = STABLE + PATCHED
 SN = STABLE + NOT PATCHED
 QP = BOOT IMAGE MODIFIED + PATCHED
 QN = BOOT IMAGE MODIFIED + NOT PATCHED
 RQ = REMOVING + REBOOT REQUIRED

Consider applying a full service pack that includes these interim fixes in your next scheduled update.

checkemgrb.ksh
Script run at:2017-05-25 11:44:43
Runtime:0 second(s)
Returncode:1
Description:
Check for an entry rcemgr in /etc/inittab that runs /usr/sbin/emgr -B, which no longer works.

To remove this entry, run:

# rmitab rcemgr
Output:
Remove entry rcemgr from /etc/inittab. Run: rmitab rcemgr

checketchostsvsdns.ksh
Script run at:2017-05-25 11:44:55
Runtime:1 second(s)
Returncode:1
Description:
Check for entries in /etc/hosts that are also known in DNS.

If this script shows any entries in /etc/hosts that are also known in DNS, you can most likely remove those entries in the /etc/hosts file.

If this script shows any entries in /etc/hosts that resolve to a different IP address than the one listed in /etc/hosts, you'll need to investigate this discrepancy.
Output:
Hostname server11 in /etc/hosts with IP address 10.198.2.196 resolves to 172.27.199.73 through DNS.
Hostname server12.unixhealthcheck.com in /etc/hosts with IP address 10.198.2.36 resolves to 10.11.199.33 through DNS.

checketherchanneladapters.ksh
Script run at:2017-05-25 11:45:02
Runtime:4 second(s)
Returncode:2
Description:
Check if the ports that are part of an EtherChannel are not physically located on the same adapter.

Doing this may create a single point of failure (a single network adapter), and is therefore not advised. When creating an EtherChannel, always make sure to use at least 2 different Ethernet adapters, and preferably even 2 Ethernet adapters in two different drawers, to rule out all possible single point of failures.
Output:
Devices ent0 ent1 of EtherChannel ent12 are ports all physically located on the same network adapter.

checkfreespaceinvg.ksh
Script run at:2017-05-25 11:45:16
Runtime:4 second(s)
Returncode:1
Description:
Check if there's any space left in a volume group. 

An error is received if there's less than 5 GB free, and a warning is received if there's less than 5% free.
Output:
Free space in volume group gatevg is less than 5 GB: 0 MB
Free space in volume group prd_db512vg03 is less than 5 GB: 0 MB
Free space in volume group prd_fravg01 is less than 5 GB: 0 MB
Free space in volume group prd_lgvg02 is less than 5 GB: 0 MB
Free space in volume group prd_lgvg01 is less than 5 GB: 0 MB
Free space in volume group prd_db512vg02 is less than 5 GB: 0 MB
Free space in volume group prd_db512vg01 is less than 5 GB: 0 MB
Free space in volume group prdcrs_vg is less than 5 GB: 768 MB
Free space in volume group paging01vg is less than 5 GB: 0 MB

checkfscsitypes.ksh
Script run at:2017-05-25 11:45:21
Runtime:1 second(s)
Returncode:1
Description:
Check if all the fibre channel adapters in a system are of the same type, and also have the same level of adapter firmware.

It they're not the same, make sure to exchange the fibre channel adapters for one single type, and also make sure that all adapters are using the same firmware level, by running invscout.
Output:
The fibre channel adapters are not all of the same type.

checkftpd.ksh
Script run at:2017-05-25 11:45:30
Runtime:0 second(s)
Returncode:2
Description:
Check if the File Transfer Protocol daemon (ftpd) is disabled on the system. FTP transfers id and password unprotected, thus allows it to be snooped. For security reasons, it is a better idea to use scp instead of ftp. 

The ftp daemon is started through inetd. You can disable the ftp daemon by commenting out the ftpd entry in /etc/inetd.conf. After that, please make sure to refresh the inetd, by running:

# refresh -s inetd
Output:
For security reasons, it is better to disable ftp, and use scp instead.

checkgangliagmondlevel.ksh
Script run at:2017-05-25 11:45:39
Runtime:1 second(s)
Returncode:1
Description:
Check the level of the gmond (Ganglia Monitor Daemon) for Ganglia, if installed.

A good starting point to learn more about Ganglia on AIX systems, is:

http://www.ibm.com/developerworks/wikis/display/WikiPtype/ganglia

To check the latest available level for Ganglia gmond, check:

http://ganglia.sourceforge.net/downloads.php

To download the Ganglia gmond RPM, visit:

http://www.perzl.org/ganglia/
Output:
Ganglia gmond version installed: ganglia-gmond-3.1.7-3
Version of Ganglia gmond should be at least at level 3.6.

checkgecos.ksh
Script run at:2017-05-25 11:45:39
Runtime:0 second(s)
Returncode:2
Description:
Check if each user account has a GECOS field completed. No user account should be created without a description of who the account is for. You need to be able to determine the name or owner of a user account.

Also, specifying a GECOS field, that is exactly the same as the user ID is not sufficient, because it does not identify clearly who the owner is of the account. Put in the GECOS field the full name of the user, and/or the email address and/or phone number.
Output:
The GECOS field for user Banusha is empty.
The GECOS field for user nimsoft is empty.
The GECOS field for user thu11pim is empty.
The GECOS field for user thu12pim is empty.
The GECOS field for user thu13pim is empty.
The GECOS field for user thu14pim is empty.
The GECOS field for user thu15pim is empty.
The GECOS field for user thu16pim is empty.

checkgzip.ksh
Script run at:2017-05-25 11:45:45
Runtime:1 second(s)
Returncode:1
Description:
To check if gzip is installed, and if so, if the correct version is installed.

The latest version (version 1.2.4) can be obtained by downloading it from the AIX Toolbox for Linux on the IBM website.
Output:
Version 1.2 of gzip is installed, but should be version 1.6.
Download the latest version from the IBM AIX Toolbox for Linux applications.

checkhiperapars.ksh
Script run at:2017-05-25 11:45:58
Runtime:13 second(s)
Returncode:2
Description:
Check if the correct HIPER APARs have been installed on the system.

This check script will check if any HIPER APARs have been installed on the AIX system. "HI" stands for high impact and "PER" for pervasive. These PTFs are considered to have a high impact for customers or are pervasive for many customers, and are therefore recommended to be installed.

This check script may list any HIPER APARs that have not been installed. However, it is not an absolute requirement to install ALL HIPER APARs. Sometimes, APARs are only for specific hardware, for example for POWER8 only, and as such don't need (or can't be) installed on POWER7 systems. Therefore, please review the list of non-installed HIPER APARs carefully, and check if your system requires it or not.

It sometimes occurs that the APAR numbering, as provided by IBM, is off, meaning, a number has been assigned to the APAR, while the recommended ifix for that APAR has a different number. As such, this script may report incorrectly of missing HIPER APARs. Also, it sometimes occurs that IBM recommends an APAR to be installed, but has not provided an ifix package for it (yet). Again, please review the output carefully, to determine if installation of the APAR is required or not, or check with IBM.

An overview of all available HIPER APARs can be found here: http://www-304.ibm.com/webapp/set2/flrt/doc?page=hiper
Output:
The following APAR(s) is/are not installed:

type,product,versions,abstract,apars,fixedIn,ifixes,bulletinUrl,filesets,issued,updated,siblings,download,cvss,reboot
hiper,aix,6100-08-00 :: 6100-08-01 :: 6100-08-02 :: 6100-08-03 :: 6100-08-04 :: 6100-08-05 :: 6100-08-06,LPM TO P7+ OR P8 FOLLOWED BY DLPAR CAN CRASH THE LPAR,IV71109,6100-08-07,IV71109s2a.150420.61TL08SP02.epkg.Z IV71109s6b.150323.61TL08SP06.epkg.Z,http://www-01.ibm.com/support/docview.wss?uid=isg1IV71109,devices.chrp.base.rte:6.1.8.0-6.1.8.21,20150317,,6100-08:IV71109 6100-09:IV59492 7100-02:IV71110 7100-03:IV67876,https://aix.software.ibm.com/aix/ifixes/iv71109/,,no
hiper,aix,6100-08-00 :: 6100-08-01 :: 6100-08-02 :: 6100-08-03 :: 6100-08-04 :: 6100-08-05 :: 6100-08-06,SYSTEM HANGS AFTER PROCESS USES PSINFO ON ITSELF,IV66677,6100-08-07,IV66677m6k.150211.61TL08SP06.epkg.Z,http://www-01.ibm.com/support/docview.wss?uid=isg1IV66677,bos.mp64:6.1.8.0-6.1.8.19,20150215,,6100-08:IV66677 6100-09:IV65814 7100-02:IV69445 7100-03:IV66484,https://aix.software.ibm.com/aix/ifixes/iv66677/,,no
hiper,aix,6100-08-00 :: 6100-08-01 :: 6100-08-02 :: 6100-08-03 :: 6100-08-04,JFS2 FS MARKED CORRUPT WHEN USING FIND COMMAND NEEDING FSCK RUN,IV59225,6100-08-05,IV59225s4a.140507.61TL08SP04.epkg.Z,http://www-01.ibm.com/support/docview.wss?uid=isg1IV59225,bos.mp64:6.1.8.0-6.1.8.17,20140509,20140602,7100-01:IV59232 7100-02:IV59229 7100-03:IV57361 6100-09:IV59100 6100-08:IV59225 6100-07:IV59227 5300-12:IV60235,https://aix.software.ibm.com/aix/ifixes/iv59225,,no
hiper,aix,6100-08-00 :: 6100-08-01 :: 6100-08-02 :: 6100-08-03,Crash in vm_cmem_get_cop_prop after dlpar_cpu_add on AME system,IV47394,6100-08-04,IV47394s3a.130821.61TL08SP03.epkg.Z / IV47394s2a.130821.61TL08SP02.epkg.Z / IV47394s1a.131122.61TL08SP01.epkg.Z,http://www-01.ibm.com/support/docview.wss?uid=isg1IV47394,bos.mp64:6.1.8.0-6.1.8.16,20130821,20140217,7100-02:IV46246 7100-01:IV48042 6100-08:IV47394: 6100-07:IV48041,ftp://public.dhe.ibm.com/aix/ifixes/iv47394/,,no
hiper,aix,6100-08-00 :: 6100-08-01 :: 6100-08-02 :: 6100-08-03,CRASH IN V_PFEND_FSEG_PGOUT WHILE VMM IS PROCESSING NFS PAGE APP,IV46850,6100-08-04,None,http://www-01.ibm.com/support/docview.wss?uid=isg1IV46850,bos.mp64:6.1.8.0-6.1.8.16,20140605,,6100-07:IV47865 6100-08:IV46850 6100-09:IV46897 7100-01:IV49394 7100-02:IV44039 7100-03:IV46950,,,no
hiper,aix,6100-08-00 :: 6100-08-01 :: 6100-08-02 :: 6100-08-03,SYSTEM CRASHES DUE TO AN IMPROPER ASSERT IN TXCOMMIT,IV45898,6100-08-04,IV45898s2b.130724.epkg.Z / IV45898s3a.130819.epkg.Z,http://www-01.ibm.com/support/docview.wss?uid=isg1IV45898,bos.mp64:6.1.8.0-6.1.8.16,20130721,20140217,7100-00:IV46105 7100-01:IV45899 7100-02:IV46104  6100-06:IV45736 6100-07:IV45897 6100-08:IV45898,ftp://public.dhe.ibm.com/aix/ifixes/iv45898/,,no
hiper,aix,6100-08-00 :: 6100-08-01 :: 6100-08-02 :: 6100-08-03,VARIOUS I/O AND LINK ISSUES IN PUREFLEX/BLADE SYSTEMS,IV47037,6100-08-04,IV47037s3a.130828.61TL08SP03.epkg.Z,http://www-01.ibm.com/support/docview.wss?uid=isg1IV47037,devices.pci.77102224.com:6.1.8.0-6.1.8.17,20130813,20140217,6100-07:IV47348 6100-08:IV47037 6100-09:IV47532 7100-01:IV47350 7100-02:IV47351 7100-03:IV47353,ftp://public.dhe.ibm.com/aix/ifixes/iv47037/,,no
hiper,aix,6100-08-00 :: 6100-08-01 :: 6100-08-02,ADDRESS FROM SORECEIVE NOT FILLED IN FOR UDP PACKETS,IV37701,6100-08-03,IV37701.epkg.Z / IV37701s2a.130308.61TL08SP02.epkg.Z,http://www-01.ibm.com/support/docview.wss?uid=isg1IV37701,bos.mp64:6.1.8.0-6.1.8.15,20130307,20131124,6100-08:IV37701 6100-09:IV39175 7100-02:IV37783 7100-03:IV39176,ftp://public.dhe.ibm.com/aix/ifixes/iv37701/,,no
hiper,aix,6100-08-00 :: 6100-08-01 :: 6100-08-02,ATTEMPT FAILED.OPENED STATE DOES NOT RETRY NPIV LOGIN IF FIRST,IV38695,6100-08-03,IV38695s1a.130603.61TL08SP01.epkg.Z / IV38695s2a.130621.epkg.Z / IV38695s2a.130621.epkg.Z,http://www-01.ibm.com/support/docview.wss?uid=isg1IV38695,devices.vdevice.IBM.vfc-client.rte:6.1.8.0-6.1.8.15,20130327,20131124,6100-07:IV39384 6100-08:IV38695 6100-09:IV37549 7100-01:IV41362 7100-02:IV38879 7100-03:IV37484,ftp://public.dhe.ibm.com/aix/ifixes/iv38695/,,no
hiper,aix,6100-08-00 :: 6100-08-01 :: 6100-08-02,LPARSTAT APP VALUE REPORTS 0 WHEN PROCESSORS IN POOL,IV38743,6100-08-03,IV38743.epkg.Z,http://www-01.ibm.com/support/docview.wss?uid=isg1IV38743,bos.mp64:6.1.8.0-6.1.8.15,20130328,20131126,6100-06:IV33883 6100-07:IV40614 6100-08:IV38743 7100-00:IV41813 7100-01:IV41421 7100-02:IV38915,ftp://public.dhe.ibm.com/aix/ifixes/iv38743/,,no
hiper,aix,6100-08-00 :: 6100-08-01 :: 6100-08-02,SYSTEM CRASH IN E_CLEAR_WAIT().,IV14309,6100-08-03,U854277 bos.mp64 6.1.8.16,http://www-01.ibm.com/support/docview.wss?uid=isg1IV14309,bos.mp64:6.1.8.0-6.1.8.15,20120130,20131124,6100-06:IZ94647 6100-07:IV13404 6100-08:IV14309 6100-09:IV42440 7100-00:IV42334 7100-01:IV27584 7100-02:IV42324 7100-03:IV42412,ftp://public.dhe.ibm.com/aix/ifixes/iv14309/,,no
hiper,aix,6100-08-00 :: 6100-08-01 :: 6100-08-02,USERDEL REMOVE -F FLAG,IV38411,6100-08-03,IV38411.epkg.Z / IV38411m2a.130809.61TL08SP02.epkg.Z,http://www-01.ibm.com/support/docview.wss?uid=isg1IV38411,bos.rte.security:6.1.8.0-6.1.8.15,20130320,20131126,6100-08:IV38411 6100-09:IV39043 7100-02:IV38414 7100-03:IV38487,ftp://public.dhe.ibm.com/aix/ifixes/iv38411/,,no
hiper,aix,6100-08-02 :: 6100-08-03 :: 6100-08-04 :: 6100-08-05,VIOS USING NPIV CAN CRASH SYSTEM,IV64465,6100-08-06,None,http://www-01.ibm.com/support/docview.wss?uid=isg1IV64465,devices.pciex.df1060e214103404.com:6.1.8.15-6.1.8.19,20150213,,6100-08:IV64465 6100-09:IV61759 7100-02:IV64283 7100-03:IV61764,http://www-01.ibm.com/support/docview.wss?uid=isg1fixinfo149944,,no

checkhomedirs.ksh
Script run at:2017-05-25 11:46:01
Runtime:2 second(s)
Returncode:1
Description:
Check for any home directories without a valid owner.

It's a best practice to make sure that the home directory of a user has the same name as the user account. So for example, user account dmichael should have a home directory /home/dmichael.
Output:
Home directory /home/us104701 exists without a valid owner.
Home directory /home/clarkgs exists without a valid owner.
Home directory /home/us748329 exists without a valid owner.
Home directory /home/melving exists without a valid owner.
Home directory /home/us104578 exists without a valid owner.

checkhostmibd.ksh
Script run at:2017-05-25 11:46:05
Runtime:0 second(s)
Returncode:2
Description:
Check if the hostmibd service is disabled in /etc/rc.tcpip. This is an outdated SNMP service, and can usually be disabled, especially when SNMP is not used.

To disable, run the following commands to comment out the hostmibd start entry in /etc/rc.tcpip, and to disable hostmibd:

# stopsrc -s hostmibd
# chrctcp -d hostmibd
Output:
The hostmibd service is not disabled in /etc/rc.tcpip. Run: chrctcp -d hostmibd
The hostmibd service is running. Run: stopsrc -s hostmibd

checkinittabduplicates.ksh
Script run at:2017-05-25 11:46:16
Runtime:0 second(s)
Returncode:1
Description:
Check for any duplicate entries in /etc/inittab.
Output:
There is an empty line in /etc/inittab.

checkinittaberrs.ksh
Script run at:2017-05-25 11:46:17
Runtime:1 second(s)
Returncode:1
Description:
Check for any processes started from inittab with an exit code other than 0.

This can be checked by running:

# who -d

Investigate those items with a non-zero error code. 

Note: The entries reported by who -d are cleared only when the system is rebooted.
Output:
Items in inittab have exited with error code other than 0.
   .            .       Apr 12 12:53      .     2687146 id=RunApp  term=0 exit=1

checkinstalldate.ksh
Script run at:2017-05-25 11:46:18
Runtime:1 second(s)
Returncode:2
Description:
Displays the dates and levels of AIX that have been installed on this system.

Please note that no information is present if the system has been re-installed with option "New and complete overwrite", as this will wipe out the entire previous installation.

Also note that the installation information may be incorrect, if the system has been created using a mksysb image of another system.

This script will generate a WARNING, if the system has ever been upgraded from one major AIX release to another (e.g. from AIX 5.3 to 6.1). It is usually better to do a complete new install of an operating system when moving to a new major AIX release, as this will be a cleaner installation with a higher likelihood of better performance and less issues, and by doing this, no traces of the old operating system level will be left behind on the system.
Output:
First install date: Mon Mar  3 02:29:47 2014

All other installation dates and associated levels:

May 25 2007 5.3.0.44
Jun 07 2007 5.3.0.53
Aug 22 2007 5.3.0.61
Aug 22 2007 5.3.0.63
Mar 03 2008 5.3.7.2
Feb 18 2009 5.3.8.3
Jun 11 2010 6.1.4.4
Aug 28 2012 6.1.6.15
Mar 03 2014 6.1.8.15

checkinterfacethreading.ksh
Script run at:2017-05-25 11:46:18
Runtime:0 second(s)
Returncode:1
Description:
Check if the thread option for any network interfaces is enabled.

By default, the network interface device driver is single threaded. With faster network adapters (100 MB and faster) the network interface device driver can
become a performance bottleneck. If the ratio of processors to configured network interfaces is greater than 2:1 and the node has more than 4 processors, the network interface device driver may have threading enabled.

To count the available processors in the node:

# lsdev -Cc processor | wc -l

To list the currently configured network interfaces (Note: do not include lo0):

# ifconfig -a | grep UP, | grep -v ^lo0: | wc -l

Use ifconfig to list the status of network interface threading for a network interface. If the THREAD option is listed, then network interface threading is enabled for this interface. 

For example:

# /usr/sbin/ifconfig en0 | grep THREAD

To enable network interface threading for a network interface:

# /usr/sbin/ifconfig en0 thread

To disable network interface threading for a network interface:

# /usr/sbin/ifconfig en0 -thread

Note: Network interface threading will be disabled upon reboot unless appropriate commands are added to the end of /etc/rc.net. For example:

/usr/sbin/ifconfig en0 thread

Starting with AIX 6.1 TL7 and up, you can also set the threading using the chdev command (which will persist during reboot):

# chdev -l en0 -a thread=on

Note: On servers using HACMP/PowerHA, and using IP Address Take Over via Replacement, running the chdev command above may result in the system becoming unavailable. We highly suggest to use the following command instead, which will only update the ODM:

# chdev -l en0 -a thread=on -P

And afterwards, reboot the node, which will activate threading for the interface.

Although enabling network interface threading may have a 10% performance improvement on network throughput, depending on the nature of the network throughput, enabling this feature can also result in a 10% performance decrease. Enabling network interface threading will at least have an impact on CPU usage, up to 10%, hence the requirement to have at least a ratio of 2:1 for the number of processors to the number of configured network interfaces.

For more information on enabling dog thread usage on LAN adapters, see: http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.prftungd%2Fdoc%2Fprftungd%2Ftcp_udp_perf_tuning.htm
Output:
Please enable threading for the network interfaces. This may help improve performance.

checkipsendredirects.ksh
Script run at:2017-05-25 11:46:20
Runtime:0 second(s)
Returncode:1
Description:
Check if network option ipsendredirects is disabled (set to 0).

Specifies whether or not the kernel should send redirect signals. Disabling ipsendredirects (setting to 0) prevents redirected packets from reaching a remote network, and is a high level of security. By default, this network option is enabled on AIX (set to 1).
Output:
Network option ipsendredirects needs to be set to 0 (disabled), but instead is set to 1.
Run: no -p -o ipsendredirects=0

checkjavalevels.ksh
Script run at:2017-05-25 11:46:21
Runtime:1 second(s)
Returncode:1
Description:
Check if supported levels of Java are installed.

Versions 1.3.1, 1.4.1 and 1.4.2 of Java are no longer in support. Java 1.4.2 had an end of service date of September 30, 2013. However, these levels are commonly still installed on AIX servers, as multiple levels of Java can be installed on an AIX system. Customers are strongly advised to move to a supported version of Java, and to uninstall any of the unsupported levels for security purposes.

The following levels of Java are currently supported:

# IBM SDK and JRE for Java 5.0: EOS September 2015
# IBM SDK and JRE for Java 6.0: EOS September 2017
# IBM SDK and JRE for Java 7: EOS September 2019
# IBM SDK and JRE for Java 8: Released in February 2015

When you upgrade to a higher level of Java, you'll also need to check which items are configured in the $PATH variable, as it often contains statements used by Java. De-installing an older level of Java does not remove these statements in $PATH, so you'll have to do this manually.

Several security vulnerabilities have been identified in Java. This check script will also check if you have the correct levels of Java installed, and will recommend updates, if necessary.

For the IBM recommended Java levels, check: http://aix.software.ibm.com/aix/efixes/security/java_feb2015_advisory.asc
Output:
Unsupported levels of IBM SDK and JRE for Java are installed:

/usr/lib/objrepos:Java131.adt.debug:1.3.1.26::COMMITTED:I:Java Application Development Debuggers :
/usr/lib/objrepos:Java131.adt.includes:1.3.1.6::COMMITTED:I:Java Application Development Toolkit Includes :
/usr/lib/objrepos:Java131.rte.bin:1.3.1.26::COMMITTED:I:Java Runtime Environment Executables :
/usr/lib/objrepos:Java131.rte.lib:1.3.1.25::COMMITTED:I:Java Runtime Environment Libraries :
/usr/lib/objrepos:Java14.sdk:1.4.2.275::COMMITTED:I:Java SDK 32-bit :
/etc/objrepos:Java14.sdk:1.4.2.275::COMMITTED:I:Java SDK 32-bit :

Run: installp -u Java131.adt.debug Java131.adt.includes Java131.rte.bin Java131.rte.lib Java14.sdk
Level 5.0.0.500 of Java5 is installed. Recommended is at least level 5.0.0.590.

checkkshell.ksh
Script run at:2017-05-25 11:46:31
Runtime:0 second(s)
Returncode:2
Description:
Check if kshell is disabled.

The kshell service is only necessary to have enabled if Kerberos authentication is used within your environment. Most organizations however do not use Kerberos due its complexity to set it up. Although not completely similar in features, ssh can be used as well to allow users to login securely, and is by far easier to set up and to maintain.

If you disable this service in /etc/inetd.conf, make sure to refresh inetd afterwards:

# refresh -s inetd
Output:
Kshell is enabled /etc/inetd.conf, and it is recommended to have it disabled.

checklargefilesinrootvg.ksh
Script run at:2017-05-25 11:46:32
Runtime:1 second(s)
Returncode:2
Description:
Check if there are any files in rootvg larger than 100 MB. 

Having such large files in rootvg is usually not a good idea, because these files will be included in the mksysb backup (if they're not specifically excluded in /etc/exclude.rootvg).

Review the list of files provided by this check, and see if any of these large files can be removed or moved to a file system outside rootvg.
Output:
The following files in rootvg are larger than 100 MB:

/var/msgs/sshd
/home/oracle/oradiag_oracle/diag/clients/user_oracle/host_289816299_80/trace/sqlnet.log
/home/oracle/appl_cyber_counts_based_on_MRN_05092017.txt

checklogindelay.ksh
Script run at:2017-05-25 11:46:37
Runtime:0 second(s)
Returncode:1
Description:
This check script will check the logindelay attribute on the system. By default, logindelay is set to 0, meaning that AIX will not delay between any unsuccessful logins. 

For optimal security, it should be set to 5 (seconds).

The logindelay attribute is set on the system in /etc/security/login.cfg, which should be modified using the chsec command only.

An additional delay period is added after each failed login. For example, if logindelay is set to 5, the terminal will wait five seconds after the first failed login until the next request. After a second failed login, the terminal will wait 10 seconds (2*5), and after a third failed login, the terminal will wait 15 seconds (3*5).
Output:
Attribute logindelay should be set to at least 5, but is set to 0.
Run: chsec -f /etc/security/login.cfg -s default -a logindelay=5

checklogindisable.ksh
Script run at:2017-05-25 11:46:37
Runtime:0 second(s)
Returncode:1
Description:
This check script will verify the logindisable attribute, as configured in file /etc/security/login.cfg.

This attribute will disable login after unsuccessful login attempts on a port. It does not apply to any network logins, only to terminal logins. It should be set to 10, which specifies the number of unsuccessful login attempts on a port to 10, before the port is locked.
Output:
Attribute logindisable should be set to 10, but is set to 0.
Run: chsec -f /etc/security/login.cfg -s default -a logindisable=10

checklogininterval.ksh
Script run at:2017-05-25 11:46:37
Runtime:0 second(s)
Returncode:1
Description:
This check script will verify the logininterval attribute on the system, as configured in /etc/security/login.cfg.

Specifies the time interval (60 seconds) for a port in which the unsuccessful login attempts must occur before the port is disabled by the logindisable attribute.

It only applies to terminal ports. It does apply to network logins. It should be set to a value of 60 and 300 (seconds). By default, it is set to 0, meaning there is no interval for unsuccessful logins. We recommend setting it to 60.
Output:
Attribute logininterval should be set to at least 60 (seconds), but is set to 0.
Run: chsec -f /etc/security/login.cfg -s default -a logininterval=60

checkloginreenable.ksh
Script run at:2017-05-25 11:46:38
Runtime:0 second(s)
Returncode:1
Description:
Check if the loginreenable feature has been enabled on the system.

The loginreenable attribute, as defined in /etc/security/login.cfg, defines the time period in minutes after which a port is reenabled, once it has been disable after several unsuccessful logins, using the logininterval and logindisable attributes. 

It should be set to 30 (minutes) or higher, but not higher than 360 (minutes). We recommend setting it to 30.
Output:
Attribute loginreenable should be set to 30, but is set to 0.
Run: chsec -f /etc/security/login.cfg -s default -a loginreenable=30

checklostfoundfolder.ksh
Script run at:2017-05-25 11:46:39
Runtime:1 second(s)
Returncode:1
Description:
Check if the lost+found folder exists in all JFS and JFS2 file systems.

If you run fsck, the filesystem check and repair command, it might find data fragments that are not referenced anywhere in the filesystem. In particular, fsck might find data that looks like a complete file but doesn't have a name on the system or an inode with no corresponding file name. This data is still using up space, but it isn't accessible by any normal means.

If you tell fsck to repair the filesystem, it will turn these almost-deleted files back into files. The thing is, the file had a name and location once, but that information is no longer available. So fsck deposits the file in a specific directory, called lost+found (after lost and found property).

Files that appear in lost+found are typically files that were already unlinked (i.e. their name had been erased) but still opened by some process (so the data wasn't erased yet) when the system halted suddenly (kernel panic or power failure). If that's all that happened, these files were slated for deletion anyway, you don't need to care about them.

Files can also appear in lost+found because the filesystem was in an inconsistent state due to a software or hardware bug. If that's the case, it's a way for you to find files that were lost but that the system repair managed to salvage. The files may or may not contain useful data, and even if they do they may be incomplete or out of date; it all depends how bad the filesystem damage was.

On many filesystems, the lost+found directory is a bit special because it preallocates a bit of space for fsck to deposit files there. (The space isn't for the file data, which fsck leaves in place; it's for the directory entries which fsck has to make up.) If you accidentally delete lost+found, don't re-create it with mkdir, use /usr/sbin/mklost+found instead.
Output:
Folder /usr/applesm/lost+found is missing. Run: cd /usr/applesm; /usr/sbin/mklost+found; chmod 0755 /usr/applesm/lost+found

checklppchkf.ksh
Script run at:2017-05-25 11:46:40
Runtime:1 second(s)
Returncode:1
Description:
Check file set consistency by running:

# lppchk -f

This will check that the files in file sets are present and their file sizes match with the SWVPD database.

Before making any file changes, please note that errors reported by this script may have been caused by the installation of ifixes on the system. To check for any installed ifixes, run:

# emgr -l
Output:
Filesets not consistent:

lppchk: 0504-208  Size of /usr/bin/openssl64 is 1011504,
	expected value was 1011965.
lppchk: 0504-208  Size of /usr/lib/libcrypto_compat.a is 10378804,
	expected value was 5186578.
lppchk: 0504-208  Size of /usr/bin/openssl is 925086,
	expected value was 925539.
lppchk: 0504-208  Size of /usr/lib/libssl.a is 3702840,
	expected value was 4092909.
lppchk: 0504-208  Size of /usr/lib/libssl_compat.a is 2097916,
	expected value was 1159119.
lppchk: 0504-208  Size of /usr/lib/libcrypto.a is 18425818,
	expected value was 18732506.

checklsoflevel.ksh
Script run at:2017-05-25 11:46:56
Runtime:0 second(s)
Returncode:1
Description:
Check the lsof version. It needs to be version 4.89 for AIX 6.1 and version 4.85 for AIX 7.1, and version 4.82 for AIX 5.3, and version 4.77 for AIX 5.2.

Lsof is part of the AIX Expansion Pack and Web Download Pack. The URL is: http://www-03.ibm.com/systems/power/software/aix/expansionpack/index.html
However, that version will not install on AIX 7 and up. And there is also a lsof.base fileset version available for AIX 7, at level 4.85.

Lsof is not installed by default on AIX. It is however recommended to have it installed.
Output:
Lsof version 4.85 is installed on the system, but should be version 4.89.

checklvmbufcnt.ksh
Script run at:2017-05-25 11:47:40
Runtime:0 second(s)
Returncode:1
Description:
Check the lvm_bufcnt input output setting.

You can check it by running:

# ioo -o lvm_bufcnt

If an application is issuing very large raw I/Os rather than writing through the file system, bottlenecks could occur at the LVM layer. Very large I/Os combined with very fast I/O devices would be required to cause the bottleneck to be at the LVM layer. But if it does happen, a parameter called lvm_bufcnt can be increased by the ioo command to provide for a larger number of "uphysio" buffers. The value takes effect immediately. The current default value is 9 "uphysio" buffers. Because the LVM currently splits I/Os into 128 K each, and because the default value of lvm_bufcnt is 9, the 9*128 K can be written at one time. If your I/Os are larger than 9*128 K, increasing lvm_bufcnt to 12 or 20 might be advantageous.

To view if any blocked IOs occur, run:

# vmstat -v | grep blocked

On AIX 5.3 and higher the lvm_bufcount parameter should be left at the default value.
Output:
The default value of lvm_bufcnt is 9, but the current value is 20.
To reset is back to the default value, run: ioo -p -o lvm_bufcnt=9
To permanently update it to the current value, run: ioo -p -o lvm_bufcnt=20

checklvmo.ksh
Script run at:2017-05-25 11:47:40
Runtime:0 second(s)
Returncode:2
Description:
Check for any blocked I/O per volume group.

With the following command, you can see the blocked I/O count on the AIX system:

# vmstat -v | grep pbuf

If this number is greater than zero, it means some I/O was delayed due to the lack of pbufs. Check the value over a period of a week to see if it goes up. If it does, the value needs to be increased.

You can check for every volume group, to see if it has any I/O blocked:

# lvmo -v vg -a

The value of pervg_blocked_io_count shows the number of I/O blocked within this volume group. Increase the value with 512 or 5% if this value continues to go up:

# lvmo -v vg -o pv_pbuf_count=2560

Keep on doing this, until no more shortage of pbufs occurs.

Note: The counter pervg_blocked_io_count, is not reset until the system is rebooted. Make note of the current value for comparison next week when increasing pv_pbuf_count.
Output:
Volume group oraclevg shows pervg_blocked_io_count of 222 (Using command: lvmo -v oraclevg -a)
Consider increasing pv_pbuf_count for volume group oraclevg, if the value of pervg_blocked_io_count goes up.
Run: lvmo -v oraclevg -o pv_pbuf_count=2560
Volume group rootvg shows pervg_blocked_io_count of 122 (Using command: lvmo -v rootvg -a)
Consider increasing pv_pbuf_count for volume group rootvg, if the value of pervg_blocked_io_count goes up.
Run: lvmo -v rootvg -o pv_pbuf_count=1024

checkmailbox.ksh
Script run at:2017-05-25 11:47:44
Runtime:0 second(s)
Returncode:2
Description:
This will check if there is a large number of emails waiting for any user. It will generate a warning when there are between 10 and 50 emails waiting for a user account. Above 50 it will generate an error.

Enabling mail forwarding by adding a .forward file in the users home directory (containing a forwarding email address) is a recommended method to resolve any large number of emails. Also be sure to inspect the contents of the emails. A common issue that can cause a large number of email messages, is an erroneous crontab entry. This will produce an error that is sent to the user owning the crontab entry, and over time may result in large numbers of emails.
Output:
There are 12 emails waiting for oracle.
Mailforwarding is recommended.

checkmailroot.ksh
Script run at:2017-05-25 11:47:45
Runtime:0 second(s)
Returncode:1
Description:
Check if there are any emails for user root, and if so, provide a listing of those emails that are waiting to be read.
Output:
Mail [5.2 UCB] [AIX 5.X]  Type ? for help.
"/var/spool/mail/root": 3 messages 3 new
>N  1 us784593          Mon May  8 19:07  14/525  "*** SECURITY information for"
 N  2 us820304          Mon May  8 22:01  14/533  "*** SECURITY information for"
 N  3 us119945          Thu May 18 15:24  14/531  "*** SECURITY information for"

checkmissingowners.ksh
Script run at:2017-05-25 11:48:13
Runtime:16 second(s)
Returncode:1
Description:
Check for any files or directories that have no owner or no group. For security reasons, every file or directory should have an existing owner and group set. If not, make sure to use the chown and chgrp commands to set an owner for a file or directory.

To see the errors found by this script, run on your system:

# find / \( -nouser -o -nogroup \) -ls 2>/dev/null

To correct some common errors that this script will alert about, run:

# chown -R root.system /usr/lpp/bos.net/inst_root/etc/ipsec /usr/lpp/bos.net/inst_root/etc/isakmpd.conf /usr/lpp/bos.net/inst_root/etc/rc.ike /usr/lpp/bos.net/inst_root/var/snapp /usr/lpp/bos.net/bos.net.ipsec.keymgt/ /usr/lpp/openpts.collector/inst_root/var/adm/ras/openpts  /usr/lpp/bos/bos.rte.install/*/inst_root /usr/lpp/cluster.es.server/inst_root/etc/es/objrepos/* 2>/dev/null
Output:
drwxr-xr-x 503      staff           256 Aug 26 2016  /home/us104701
-rwxr----- 503      staff           254 Aug 26 2016  /home/us104701/.profile
drwxr-xr-x 473      staff           256 Sep 29 2015  /home/clarkgs
drwxr-xr-x 473      staff           256 Sep 29 2015  /home/clarkgs/.history.clarkgs
-rw------- 473      staff           132 Sep 29 2015  /home/clarkgs/.history.clarkgs/.sh_history.clarkgs.root.nimserver.unixhealthcheck.com.pts-1.0223.092915
-rwxr----- 473      staff           254 Apr 22 2015  /home/clarkgs/.profile
drwxr-xr-x 361      hacmp           256 Oct 11 2007  /home/us748329
-rwxr----- 361      hacmp           254 Oct  4 2007  /home/us748329/.profile
-rw------- 361      hacmp          3640 Jun  2 2010  /home/us748329/.sh_history
drwxr-xr-x 347      staff           256 Sep 29 2015  /home/melving
drwxr-xr-x 347      staff           256 Sep 29 2015  /home/melving/.history.melving
-rw------- 347      staff            52 Sep 29 2015  /home/melving/.history.melving/.sh_history.melving.root.nimserver.unixhealthcheck.com.pts-0.0948.092915
-rwxr----- 347      staff           254 Apr  5 2013  /home/melving/.profile
drwxr-xr-x 505      staff           256 Sep 12 2016  /home/us104578
drwxr-xr-x 505      staff           256 Sep 12 2016  /home/us104578/.history.us104578
-rw------- 505      staff            26 Sep 12 2016  /home/us104578/.history.us104578/.sh_history.us104578.us104578.nimserver.unixhealthcheck.com.pts-0.0107.091216
-rwxr----- 505      staff           254 Sep  7 2016  /home/us104578/.profile
drwxr-x--- 1002     1002           4096 Oct 25 2013  /opt/nimsoft/nimldr
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/AIX_5
-rwxr-x--- 1002     1002        3270712 Oct 25 2013  /opt/nimsoft/nimldr/AIX_5/nimldr
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/AIX_5_64
-rwxr-x--- 1002     1002        3669963 Oct 25 2013  /opt/nimsoft/nimldr/AIX_5_64/nimldr
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/HPUX_11
-rwxr-x--- 1002     1002        3495552 Oct 25 2013  /opt/nimsoft/nimldr/HPUX_11/nimldr
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/HPUX_11_64
-rwxr-x--- 1002     1002        4883808 Oct 25 2013  /opt/nimsoft/nimldr/HPUX_11_64/nimldr
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/HPUX_11_ia64
-rwxr-x--- 1002     1002        7120992 Oct 25 2013  /opt/nimsoft/nimldr/HPUX_11_ia64/nimldr
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/LINUX_23
-rwxr-x--- 1002     1002        1987303 Oct 25 2013  /opt/nimsoft/nimldr/LINUX_23/nimldr
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/LINUX_23_64
-rwxr-x--- 1002     1002        2276771 Oct 25 2013  /opt/nimsoft/nimldr/LINUX_23_64/nimldr
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/LINUX_23_ppc64
-rwxr-x--- 1002     1002        3217975 Oct 25 2013  /opt/nimsoft/nimldr/LINUX_23_ppc64/nimldr
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/LINUX_UBUNTU_23
-rwxr-x--- 1002     1002        1955288 Oct 25 2013  /opt/nimsoft/nimldr/LINUX_UBUNTU_23/nimldr
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/LINUX_UBUNTU_23_64
-rwxr-x--- 1002     1002        2289461 Oct 25 2013  /opt/nimsoft/nimldr/LINUX_UBUNTU_23_64/nimldr
-rwxr-x--- 1002     1002          13025 Oct 25 2013  /opt/nimsoft/nimldr/README
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/SOLARIS_10_amd64
-rwxr-x--- 1002     1002        3801168 Oct 25 2013  /opt/nimsoft/nimldr/SOLARIS_10_amd64/nimldr
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/SOLARIS_10_i386
-rwxr-x--- 1002     1002        3128008 Oct 25 2013  /opt/nimsoft/nimldr/SOLARIS_10_i386/nimldr
drwxr-x--- 1002     1002            256 Oct 25 2013  /opt/nimsoft/nimldr/SOLARIS_8_sparcv9
-rwxr-x--- 1002     1002        3018088 Oct 25 2013  /opt/nimsoft/nimldr/SOLARIS_8_sparcv9/nimldr
-rw-r--r-- 210      ipsec          2527 Jul  4 2006  /sysadm/bin/README_v11.txt
lrwxrwxrwx 252      system           13 Mar  3 2014  /usr/local/bin/sudo -> /usr/bin/sudo
-rwxr--r-- 10       15             3849 Apr  9 2008  /usr/local/cluster_archive_2016.02.24_23:04:41/mqha/halinkmqm.ksh
drwxr-xr-x 987      987             256 Mar  3 2014  /usr/lpp/bos.net/inst_root/etc/ipsec
-r-xr-xr-x 987      987           94514 Jul 26 2012  /usr/lpp/bos.net/inst_root/etc/ipsec/create_privkey_db
-r-xr-xr-x 987      987           14215 Aug 16 2012  /usr/lpp/bos.net/inst_root/etc/ipsec/default_group
-r-xr-xr-x 987      987           14218 Aug 16 2012  /usr/lpp/bos.net/inst_root/etc/ipsec/default_group2
-r-xr-xr-x 987      987            7682 May 22 2012  /usr/lpp/bos.net/inst_root/etc/ipsec/ike_initdbs
drwxr-xr-x 987      987             256 Mar  3 2014  /usr/lpp/bos.net/inst_root/etc/ipsec/inet
drwxr-xr-x 987      987             256 Mar  3 2014  /usr/lpp/bos.net/inst_root/etc/ipsec/inet/DB
drwxr-xr-x 987      987             256 Feb  4 2013  /usr/lpp/bos.net/inst_root/etc/ipsec/inet/DB/OAKLEY
drwxr-xr-x 987      987             256 Feb  4 2013  /usr/lpp/bos.net/inst_root/etc/ipsec/inet/DB/RULE2_FILES
drwxr-xr-x 987      987             256 Feb  4 2013  /usr/lpp/bos.net/inst_root/etc/ipsec/inet/DB/RULE_FILES
-rw------- 987      987            1004 Jul 27 2009  /usr/lpp/bos.net/inst_root/etc/ipsec/inet/DB/ec_secrets.conf
-rw------- 987      987            6228 Jul  1 2007  /usr/lpp/bos.net/inst_root/etc/ipsec/inet/ike_template.xml
-rw-r----- 987      987            4331 Jul  1 2007  /usr/lpp/bos.net/inst_root/etc/isakmpd.conf
-r-xr-xr-x 987      987             705 Oct 30 2007  /usr/lpp/bos.net/inst_root/etc/rc.ike
drwxr-x--- root     177             256 Feb  4 2013  /usr/lpp/bos.net/inst_root/var/snapp
-rw-r----- root     911            4096 Sep  7 2007  /usr/lpp/cluster.es/cluster.es.server.rte/5.4.1.0/inst_root/etc/es/objrepos/HACMPpprcconsistgrp
-rw-r----- root     911            4096 Mar  5 2013  /usr/lpp/cluster.es.server/cluster.es.server.rte/6.1.0.11/inst_root/etc/es/objrepos/HACMPtc
-rw-r----- root     911            4096 Nov 30 2011  /usr/lpp/cluster.es.server/cluster.es.server.rte/6.1.0.7/inst_root/etc/es/objrepos/HACMPtc
dr-xr-xr-x 10       15              256 Feb  3 2013  /usr/mqm
dr-xr-xr-x 10       15              256 Feb  3 2013  /usr/mqm/bin
dr-xr-xr-x 10       15             4096 Feb  3 2013  /usr/mqm/lib
-r-sr-sr-x 10       15           127221 Aug  2 2005  /usr/mqm/lib/amqcctca_csd11Ifix
-r-sr-sr-x 10       15           132704 Aug  2 2005  /usr/mqm/lib/amqcctca_r_csd11Ifix
-r-xr-xr-x 10       15           660455 Aug  2 2005  /usr/mqm/lib/libmqiz_csd11Ifix.a
-r-xr-xr-x 10       15           673545 Aug  2 2005  /usr/mqm/lib/libmqiz_r_csd11Ifix.a
-r-xr-xr-x 10       15          1154813 Aug  2 2005  /usr/mqm/lib/libmqmcs_csd11Ifix.a
-r-xr-xr-x 10       15          1170452 Apr  8 2008  /usr/mqm/lib/libmqmcs_csd13Ifix.a
-r-xr-xr-x 10       15          1292958 Aug  2 2005  /usr/mqm/lib/libmqmcs_r_csd11Ifix.a
-r-xr-xr-x 10       15          1310435 Apr  8 2008  /usr/mqm/lib/libmqmcs_r_csd13Ifix.a
-r-xr-xr-x 10       15          2443494 Aug  2 2005  /usr/mqm/lib/libmqml_r_csd11Ifix.a
-r-xr-xr-x 10       15          1484009 Aug  2 2005  /usr/mqm/lib/libmqmr_csd11Ifix.a
-r-xr-xr-x 10       15          1528113 Aug  2 2005  /usr/mqm/lib/libmqmr_r_csd11Ifix.a
-r-xr-xr-x 10       15           687875 Aug  2 2005  /usr/mqm/lib/libmqz_csd11Ifix.a
-r-xr-xr-x 10       15           727050 Aug  2 2005  /usr/mqm/lib/libmqz_r_csd11Ifix.a
-rwxrwxr-x 10       15          1013599 Jun 22 2009  /usr/mqm/lib/libsrvcore.a
dr-xr-xr-x 10       15              256 Feb  3 2013  /usr/mqm/samp
-rw-rw-r-- 378      printq          464 May 27 2009  /var/spool/lpd/pio/@local/msg1.dhfradbc01:hp@dhfradbc01
-rw-rw-r-- 378      printq          372 May 13 2008  /var/spool/lpd/pio/@local/msg1.seslablp09:hp@seslablp09
-rw-rw-r-- 378      printq          460 Feb 27 2010  /var/spool/lpd/pio/@local/msg1.sesradbc03:hp@sesradbc03
-rwxr----- 7        uucp            254 May 25 2007  /var/spool/uucppublic/.profile

checknfsclientdaemons.ksh
Script run at:2017-05-25 11:48:21
Runtime:0 second(s)
Returncode:2
Description:
Check if a NFS client is not running the rpc.mountd, rpc.statd and/or biod daemons. Those are no longer required for using NFS exported file systems from a NFS server. Also check for an existing /etc/xtab file when no /etc/exports file exists.
Output:
Consider removing /etc/exports, because it is empty.

checknfsnosuid.ksh
Script run at:2017-05-25 11:48:23
Runtime:0 second(s)
Returncode:1
Description:
Checks that NFS mounts are configured with the nosuid option.

On the NFS client we can decide that we don't want to trust the NFS server too much. For example we can forbid suid programs to work off the NFS file system with the nosuid option. Some unix programs, such as passwd, are called "suid" programs: They set the id of the person running them to whomever is the owner of the file. If a file is owned by root and is suid, then the program will execute as root, so that they can perform operations (such as writing to the password file) that only root is allowed to do. Using the nosuid option is a good idea and you should consider using this with all NFS mounted disks. It means that the NFS server's root user cannot make a suid-root program on the file system, log in to the client as a normal user and then use the suid-root program to become root on the client too.

To configure an NFS mount using the nosuid option, either use the "-o nosuid" option with the mount command, or use "smitty mknfsmnt" and set "Allow execution of setuid and setgid programs in this file system?" to "No".
Output:
The nosuid option is not set for NFS mount /mount/ora_backup (server4:/vol/appl_millennium).
The nosuid option is not set for NFS mount /mount/appl_NAS_backup (server5:/vol/appl_NAS_rman).

checknfssoft.ksh
Script run at:2017-05-25 11:48:24
Runtime:0 second(s)
Returncode:1
Description:
Checks that NFS mounts are configured with the soft option.

The default for NFS mounts on AIX is to use the hard NFS type mounting, which causes the client to continue trying until the NFS server responds. This may result in undesirable situations if the NFS server is not available. Use the soft option instead, which means that the system returns an error if the NFS server does not respond.

To change a NFS mounted file system, use the -s option for chnfsmnt, or run:

# smitty chnfsmnt

Note: Changing a NFS mounted file system from hard to soft, will require an unmount and mount of the file system.
Output:
The soft option is not set for NFS mount /mount/ora_backup (server4:/vol/appl_millennium).
The soft option is not set for NFS mount /mount/appl_NAS_backup (server5:/vol/appl_NAS_rman).

checknoatime.ksh
Script run at:2017-05-25 11:48:27
Runtime:0 second(s)
Returncode:1
Description:
Check if the noatime mount option has been set for any file systems.

If there's a lot of file activity, the system has to update a lot of timestamps, e.g. file creation time (ctime), file last modified time (mtime), and file last access time (atime). File systems with heavy inode access activity due to file opens can have significant performance improvements if the noatime option has been set for those file systems.

The atime attribute is sometimes called perhaps the most stupid Unix design idea of all times. Think about this a bit: For every file that is read from the disk, let's do a ... write to the disk! And, for every file that is already cached in memory and which we read from the cache ... do a write to the disk!

The performance impact of atime is thus: atime updates are by far the biggest I/O performance deficiency that Unix has today. Getting rid of atime updates would give us more everyday Unix performance than all the pagecache speedups of the past 10 years, _combined_. 

Similar to Linux, AIX also has the atime attribute for file systems by default enabled. The mount option noatime disables last access time updates for JFS2 file systems.

To check if a file system has been mounted with the noatime option, run:

# lsfs | grep noatime

To change a file system to use the noatime mount option, run:

# chfs -a options=noatime /

If you update the root file system, a bosboot is required and a reboot is required for this to take effect. For all other file systems, it only requires a re-mount of the file system.
Output:
File system /ggmig/thctx is not using the noatime mount option. Run: chfs -a options=rbrw,rw,noatime /ggmig/thctx
File system /usr/applesm is not using the noatime mount option. Run: chfs -a options=rw,noatime /usr/applesm

checknonaixlvsinrootvg.ksh
Script run at:2017-05-25 11:48:28
Runtime:0 second(s)
Returncode:1
Description:
Check if there are logical volumes in rootvg which are not part of the default AIX operating system installation.

It is best practice to not place any other file systems in rootvg, than the default file systems created, when AIX is installed. Especially when AIX needs to be upgraded, having other file systems in rootvg, may cause issues.
Output:
Non-AIX OS logical volumes found in rootvg:
nimsoft mksysblv sysadmlv

checknooptions.ksh
Script run at:2017-05-25 11:48:32
Runtime:4 second(s)
Returncode:1
Description:
Check various network options (no) to be set correctly for performance tuning. To modify the values, use no with the -p option to make the settings permanent, for example:

# no -p -o udp_sendspace=65536

Keep in mind that many applications, including inetd, need a stop/start to activate the new settings. See the relevant man page for more info about the no command.

If this check script reports any differences between the current value and the boot value, make sure that any network option changes are made permanently by using the -p option with the no command, which will result in the network option being added to the /etc/tunables/nextboot file, and network options will be applied during the next boot of the system.

If this check script reports that a network adapter has one or more isno values set that actually should be a NULL value, then the only way to correct this situation is by using ODM commands, which should be used with extreme caution.

For example, if attribute rfc1323 is set to 1 for adapter en0, and it should be a NULL value, do the following steps:

Save a backup copy of the en0 attributes to file /tmp/odm:

# odmget -q name=en0 CuAt > /tmp/odm

Edit file /tmp/odm, and remove the value where the attribute is listed as rfc1323:

CuAt:
        name = "en0"
        attribute = "rfc1323"
        value = ""
        type = "R"
        generic = "DU"
        rep = "nr"
        nls_index = 42

Then save the file. Then delete the original entries for en0 in the ODM:

# odmdelete -q name=en0 -o CuAt

Then re-apply the entries for en0 using the /tmp/odm file:

# odmadd /tmp/odm

Again, use ODM commands with extreme caution.
Output:
Network adapter en13 has isno item rfc1323 set to value 1 (and should be a NULL value).

checknumcmdelems.ksh
Script run at:2017-05-25 11:48:34
Runtime:0 second(s)
Returncode:1
Description:
Check if the max_xfer_size and num_cmd_elems of fibre channel adapters require tuning.

This script will check the fcstat output for active fibre channel adapters. If it finds that either the "No Adapter Elements Count" or "No Command Resource Count" is greater than zero, then it is wise to tune the max_xfer_size and num_cmd_elems for the fibre channel adapter.

The default values are:
max_xfer_size: 0x100000
num_cmd_elems: 200

If this script recommends increasing the values, check the current values for the adapter, e.g. for fcs0:

# lsattr -El fcs0

If you find that the values are still set to default, update the values as follows:

# chdev -l fcs0 -a max_xfer_size=0x200000
# chdev -l fcs0 -a num_cmd_elems=1024

For a VIO server, it is recommended to update these values to:
max_xfer_size: 0x400000
num_cmd_elems: 2048

After updating these values, it is required to reboot the server, for the values to take affect (and for the fcstat statistics to be reset to zero).
Output:
The No Adapter Elements Count or No Command Resource Count is higher than zero for adapter fcs0:
  No Adapter Elements Count: 69              
Consider increasing max_xfer_size and num_cmd_elems.
The No Adapter Elements Count or No Command Resource Count is higher than zero for adapter fcs1:
  No Adapter Elements Count: 78              
Consider increasing max_xfer_size and num_cmd_elems.
The No Adapter Elements Count or No Command Resource Count is higher than zero for adapter fcs2:
  No Adapter Elements Count: 65              
Consider increasing max_xfer_size and num_cmd_elems.
The No Adapter Elements Count or No Command Resource Count is higher than zero for adapter fcs3:
  No Adapter Elements Count: 73              
Consider increasing max_xfer_size and num_cmd_elems.

checkopensshlevel.ksh
Script run at:2017-05-25 11:48:37
Runtime:2 second(s)
Returncode:1
Description:
This script checks if the correct version of OpenSSH is installed. It is best practice to keep OpenSSH and OpenSSL at the very latest available levels, to avoid any security vulnerabilities. 

OpenSSH can be downloaded from the AIX Web Download Pack at https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp&lang=en_US. 

Please upgrade OpenSSH if the level installed is at an older version. It is generally a good idea to upgrade both OpenSSH and OpenSSL at the same time to the latest available levels. 

OpenSSH nowadays is included in the Technology Levels released by IBM. Updating your system to one of the latest available TLs should also update OpenSSH to the correct version. Therefore, this check script will only check if you have the OpenSSH level installed that comes with the operating system. Still, it's a good idea to keep OpenSSH updated to the latest available level.
Output:
Level 6.0.0.6200 of OpenSSH is installed, but should be level 7.1.101.5000.

checkopenssllevel.ksh
Script run at:2017-05-25 11:48:39
Runtime:2 second(s)
Returncode:1
Description:
Checks the level of OpenSSL installed. It is best practice to keep the OpenSSL level at the latest available level, to avoid any security vulnerabilities. 

The recommended level is 1.0.1.514 for AIX 5.3, 6.1 and 7.1.

The latest available level for OpenSSL is 1.0.1.514. We recommend that you install this level on all AIX 5, AIX 6 and AIX 7 systems, and VIOS servers.

Please upgrade OpenSSL if the level is lower than the recommended level. The latest version can be found in the IBM AIX Web Download Pack at https://www-01.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=aixbp&lang=en_US. It is generally a good idea to also update OpenSSH when updating OpenSSL.

Several different branches of OpenSSL exist: OpenSSL 1.0.1, OpenSSL with FIPS 12.9.8 and OpenSSL 0.9.8. We recommend that you use OpenSSL 1.0.1, as this is the highest level branch available.

Special note about the Heartbleed bug:

Only OpenSSL 1.0.1e (IBM AIX VRMFs - 1.0.1.500 & 1.0.1.501) is vulnerable to the Heartbleed bug (CVE-2014-010). All OpenSSL v0.9.8.xxxx and v12.9.8.xxxx are NOT vulnerable to this CVE.

OpenSSL 1.0.1.500 and 1.0.1.501 were included in AIX 6.1 TL9 and AIX 7.1 TL3. It has also been available to download in the AIX Web Download Pack. Finally, it has been included in VIOS 2.2.3.1, but VIOS are not impacted, because it does not utilize the affected TLS 1.2 heartbeat mechanism.

IBM's released OpenSSL 1.0.1g in April 2014 (IBM VRMF 1.0.1.502). It is the official fix. 

The following is information about an ifix that is available for OpenSSL 1.0.1e ONLY. The ifix is just a workaround. It is recommended to upgrade to OpenSSL 1.0.1g (IBM VRMF 1.0.1.502) instead.

-This is a workaround compiled with the feature turned off.
-This is not OS dependent. It only depends on the OpenSSL level.

Below are the download and install/uninstall instructions.

The OpenSSL ifix doesn't require a reboot. However... It's a shared library update, so any daemons that use it will need to be restarted such as sshd. If you aren't sure what applications running on your machine use OpenSSL, it's recommended to reboot.

To download it, go to: https://testcase.software.ibm.com/ and log in as "Anonymous" (no password needed). Click on the "fromibm" folder, and then click on the "aix" folder. Scroll down the list until you find the following file and click on it to download:

0160_ifix.140409.epkg.Z

Once the download is complete, transfer the file to your AIX system. Log on to your AIX system, go to the directory where you put the file, and run the following command as the root user.

To preview the installation of 0160_ifix.140409.epkg.Z, please do the following:
                                     
# emgr -p -e 0160_ifix.140409.epkg.Z   

To install the ifix, run the following:

# emgr -X -e 0160_ifix.140409.epkg.Z

If you need to uninstall the iFix for some reason, run the following command as root:

# emgr -r -L 0160_ifix.140409.epkg.Z

For more information, see http://heartblead.com

Later, in CVE-201-05298, also level 1.0.1.502 was determined to be impacted by a security vulnerability; which not only applies to AIX, but also to VIOS. We therefore recommend upgrading all AIX 5.3, 6.1, and 7.1 systems and VIOS 2.X systems to OpenSSL 1.0.1.514.
Output:
Version installed: 1.0.1.515. Version recommended: 1.0.2.1000

checkoradiag.ksh
Script run at:2017-05-25 11:48:41
Runtime:1 second(s)
Returncode:2
Description:
Check if there are any oradiag_username folders in home directories of users. This is related to systems running Oracle.

If an oradiag_username folder exists in any users' home directory, head over into that directory:

# cd ~username/oradiag_username/diag/clients/user_username/host_*/trace/

(Replace "username" in the command above with the actual user name)

Then view the sqlnet.log file in this folder:

# head sqlnet.log

You should see an error message complaining about a directory not existing for read/write.

Create that directory, and allow users to write to it. E.g.:

# mkdir /u01/oracle/product/11.1.0.7/client/log/diag
# chmod 777 /u01/oracle/product/11.1.0.7/client/log/diag

Now remove the entire oradiag_username directory:

# rm -rf ~username/oradiag_username

(Replace "username" in the command above with the actual user name)

You may have to repeat the process of creating directories a few times until the oradiag_username folder stops appearing.

Cleaning out the oradiag_username folders is interesting, as these folders may use up quite a bit of storage space.
Output:
The following user(s) has/have an oradiag_ folder in their home directory:
/home/oracle/oradiag_oracle

checkoslevel.ksh
Script run at:2017-05-25 11:48:49
Runtime:7 second(s)
Returncode:1
Description:
Check if the correct OS level is installed. The best practice is to have the OS level at N-1, so at the latest minus one technology level, unless that technology level is at least 3 months available.

Recommended level for AIX 5.3: TL12

Latest level for AIX 5.3 is TL12; Support for TL11 has ended on October 1, 2011. Support for TL12 has ended on 4/30/2012. After this date, IBM will no longer provide generally available fixes or interim fixes on any level of AIX 5.3 without an extended support contract. This applies to all Service Packs and all Technology Levels. Please plan to upgrade to a new version of AIX at your earliest convenience, if your system is still on AIX 5.3. 

AIX 5.3 extended support is only available for AIX 5.3 Technology Level 12. Earlier AIX 5.3 Technology Levels will not be supported under the extended support offering of IBM.

AIX 5.3 is out of general IBM support since April 30, 2012, and we recommend upgrading your system to AIX 7 if AIX 5.3 is still in use.

Recommended level for AIX 6.1: TL9

Latest level for AIX 6.1 is TL 9.

AIX 6.1 Technology Level 3 (6100-03)

After May 2011, IBM no longer provides generally available fixes or interim fixes for new defects on systems at AIX 6100-03. This applies to all Service Packs within TL3. Please plan to upgrade to a newer Technology Level at your earliest convenience, or upgrade to AIX 7.

AIX 6.1 Technology Level 4 (6100-04)

After October 1st, 2011, IBM no longer provides generally available fixes or interim fixes for new defects on systems at AIX 6100-04. This applies to all Service Packs within TL4. Please plan to upgrade to a newer Technology Level at your earliest convenience or upgrade to AIX 7.

AIX 6.1 Technology Level 5 (6100-05)

After May 1, 2012, IBM no longer provides generally available fixes
or interim fixes for new defects on systems at AIX 6100-05. This applies to all Service Packs within TL5. Please plan to upgrade to a newer Technology Level at your earliest convenience or upgrade to AIX 7.

AIX 6.1 Technology Level 6 (6100-06)

No more service packs will be released by IBM for this level. As such, we recommend that you upgrade to a higher level or upgrade to AIX 7. TL 6 is already EOS (End-of-Service). EOS date is 2013.11.30.

AIX 6.1 Technology Level 7 (6100-07)

No more service packs will be released by IBM for this level. As such, we recommend that you upgrade to a higher level or upgrade to AIX 7. TL 7 is already EOS (End-of-Service). EOS date is 2014.10.31.

AIX 6.1 Technology Level 8 (6100-08)

TL 8 is already EOS (End-of-Service). EOS date is 2015.11.30.

AIX 6.1 Technology Level 9 (6100-09)

TL 9 EOS date is April 30, 2017. Please plan to upgrade to AIX 7.

Recommended level for AIX 7.1: TL4

Technology level 4 for AIX 7.1 is recommended, because it includes all available Power8 features. Technology levels 1 and 2 for AIX 7.1 are already EOS (End-of-Service). 

Recommended level for AIX 7.2: TL0

For a complete list of End Of Service dates, see: http://www-01.ibm.com/support/docview.wss?uid=isg3T1012517
Output:
This system is at level 6100-08 (AIX 6100-08-02-1316). Technology level 9 is recommended for AIX 6.1. Please update to this technology level.
This system uses service pack 02 for AIX TL 6100-08 (AIX 6100-08-02-1316). Service pack 07 is recommended.
The End-of-Service date for AIX 6.1 was April 30, 2017. Please update to AIX 7 at your earliest convenience.

checkpasswordalgorithm.ksh
Script run at:2017-05-25 11:49:00
Runtime:0 second(s)
Returncode:1
Description:
Check if the legacy unix crypt password algorithm has been updated.

Changing from the legacy UNIX crypt password algorithm increases the number size of the encryption from 56 bits to 265 bits and is a much more robust encryption. You can read more about the benefits here: http://en.wikipedia.org/wiki/SHA-2

Check the current system settings, using:

# lssec -f /etc/security/login.cfg -s usw -a pwd_algorithm -a unix_passwd_compat

Change the password algorithm to ssha512, using:

# chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm="ssha512" -a unix_passwd_compat="true"
Output:
The default crypt() password algorithm is in use on the system. Please consider using an improved password algorithm, such as ssha256 or ssha512.
Run: chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm="ssha512" -a unix_passwd_compat="true"

checkpgsp.ksh
Script run at:2017-05-25 11:49:06
Runtime:4 second(s)
Returncode:1
Description:
Checks if the paging spaces are activated (both currently and at boot time), and if the paging spaces are of equal size.
Output:
Pagingspace paging01 with size 16256 MB is not sized correctly.
Pagingspace hd6 with size 16384 MB is not sized correctly.
All paging spaces should have the same size, to allow for the same disk usage.

checkpgspminsize.ksh
Script run at:2017-05-25 11:49:07
Runtime:0 second(s)
Returncode:1
Description:
Check if the paging space is the same size as the available memory. 

The guidelines for defining the size of the paging space are:

The paging space should match the memory size, if the available memory is less than 32 GB.

The paging space should be 32 GB, if the available memory is more than 32 GB.

If the paging space size is incorrect, it is best to make changes to any paging space sizes, by using:

# smitty chps
Output:
Paging space should be 32 GB. Currently sized at 32640 MB, please add 128 MB.

checkpowerhaclstat.ksh
Script run at:2017-05-25 11:49:17
Runtime:0 second(s)
Returncode:1
Description:
Check if clstat can be run on a PowerHA/HACMP cluster node.

If this does not work; you may need to check if the clinfoES service is running:

# lssrc -s clinfoES

If it is not running, start it with:

# startsrc -s clinfoES

If it was already running, but clstat is not working, stop and re-start it:

# stopsrc -s clinfoES
# startsrc -s clinfoES

If still not working, check if the snmp configuration in /etc/snmpdv3.conf is correct. For more information, check:

http://unixhealthcheck.com/blog.php?id=326
Output:
Command clstat -o is not properly working.

checkpowerhaconfigfiles.ksh
Script run at:2017-05-25 11:49:25
Runtime:7 second(s)
Returncode:1
Description:
Checks if certain configuration files are consistent on both nodes of a PowerHA/HACMP cluster.
Output:
Files inconsistent on PowerHA/HACMP nodes:
/etc/filesystems /etc/oratab /etc/sudoers

checkpowerhacrontabs.ksh
Script run at:2017-05-25 11:49:29
Runtime:4 second(s)
Returncode:1
Description:
Check if the crontabs of each node of the PowerHA/HACMP cluster are identical.

This script will output a plain diff between all crontab files of both nodes of the PowerHA/HACMP cluster, if any differences are found. Please correct any differences, as crontab files should be identical across all nodes of a PowerHA/HACMP cluster.
Output:
Inconsistencies were found in crontabs on the two PowerHA/HACMP-nodes:

< oracle:
< oracle:###                         DR CRONTAB ENTRIES
> oracle:##                         DR CRONTAB ENTRIES
< oracle:# 0 4 * * * /ath/dr/prd/v5.1/bin/dr_daily_node_report.ksh prd   > /ath/dr/prd/v5.1/log/dr_daily_node_report.cronlog 2>&1
< oracle:# DR Toolkit 5.4 requested entry
< oracle:45 * * * * /ath/dr/prdl2/v5.4/bin/dr_monitor.ksh 2>&1
> oracle:# 724 TK 156
> oracle:# 0 7 * * * /ath/dr/prodv52/v5.2/bin/dr_daily_node_report.ksh > /dev/null 2>&1
> oracle:# 59 0 * * * /ath/dr/prodv52/v5.2/bin/dr_kart_info.ksh > /dev/null 2>&1
> oracle:# 0,5,10,15,20,25,30,35,40,45,50,55 * * * * /ath/dr/prodv52/v5.2/bin/db_update.ksh prd1 > /dev/null 2>&1
> oracle:# 724 TK v5.4 requested CRON entries
> oracle:0 * * * * /ath/dr/prdl2/v5.4/bin/dr_monitor.ksh 2>&1
> oracle:30 7 * * * /ath/dr/prdl2/v5.4/bin/dr_daily_node_report.ksh 2>&1
> oracle:0 1 * * * /ath/dr/prdl2/v5.4/bin/dr_kart_info.ksh 2>&1
> oracle:0 4 * * * /ath/dr/prdl2/v5.4/bin/dr_cleanup.ksh 2>&1
> oracle:0 5 * * * /ath/dr/prdl2/v5.4/bin/gg_manage.ksh prd1 DEFGEN 2>&1
< oracle:00,10,20,30,40,50 * * * * /usr/local/oracle/sysmon/bin/CheckFileSystems.ksh  > /tmp/CheckFileSystems.out 2>&1
< oracle:00,10,20,30,40,50 * * * * /usr/local/oracle/sysmon/bin/CheckFileSystems.ksh 2>&1 >> /tmp/CheckFileSystems.out
> oracle:#PT 0,15,30,45 * * * * /usr/local/oracle/bin/ArchDestUsage.sh -s server2 -i prd1 -t 120 > /tmp/ArchDestUsage_prd1.log 2>&1
> oracle:#PT 10 9 * * * /usr/local/oracle/bin/ArchDestUsage.sh -s server2 -i prd1 -t 360 -R  > /tmp/ArchDestUsage_prd1.log 2>&1
> oracle:0 10,16,21 * * *  /usr/local/oracle/bin/asmSpaceAlert.sh -s server2 -i prd1 -f 10 -G 1200 > /tmp/asmSpaceAlert.out 2>&1
< oracle:25,55 * * * * /usr/local/oracle/bin/KillCrawlerSessions.sh "ora12" > /tmp/KillCrawlerSessions.out 2>&1
> oracle:00,20,40 * * * * /usr/local/oracle/sysmon/bin/CheckFileSystems.ksh >> /tmp/CheckFileSystems.out 2>&1
> oracle:50 23 * * * /usr/local/oracle/bin/dba_db_health.sh "prd1" > /tmp/dba_db_health.out 2>&1
> oracle:0 * * * * /usr/local/oracle/bin/getDbBlockers.sh server2 prd1 >> /tmp/getDbBlockers.out 2>&1
< oracle:00 * * * * /usr/local/oracle/bin/MonitorSystemLoad2.ksh > /tmp/MonitorSystemLoad2.err
< oracle:0,10,20,30,40,50 * * * * /usr/local/oracle/bin/MonitorOracleAlertLog.sh -s server1 -i ora12 > /tmp/MonitorOracleAlertLog_ora12.out 2>&1
> oracle:0 * * * * /usr/local/oracle/bin/MaintainAuditFiles.sh -i prd1 > /tmp/MaintainAuditFiles.log 2>&1
> oracle:1,31 * * * * /usr/local/oracle/bin/MonitorDbProcessCount.sh -s server2 -i prd1 -p 90  > /tmp/MonitorDbProcessCount.log 2>&1
> oracle:0,10,20,30,40,50 * * * * /usr/local/oracle/bin/MonitorOracleAlertLog.sh -s server2 -i prd1 > /tmp/MonitorOracleAlertLog_prd1.out 2>&1
> oracle:0 * * * * /usr/local/oracle/bin/MonitorSystemLoad2.ksh > /tmp/MonitorSystemLoad2.err 2>&1
> oracle:00 * * * * /usr/local/oracle/bin/MonitorTableSpace.sh -i "prd1" -f 30 -M 7000 -A -S > /tmp/MonitorTableSpace.out 2>&1
> oracle:00 09 * * 3 /usr/local/oracle/bin/mlnm_exp_printer_tables.sh "prd1" > /tmp/mlnm_exp_printer_tables.out 2>&1
> oracle:0,30 * * * * /usr/local/oracle/bin/snap_sess_count.sh server2 prd1 >> /tmp/snapsesscount.out 2>&1
< oracle:05 00 * * * /usr/local/oracle/bin/VerifyFileChanges.sh -h24 > /tmp/VerifyFileChanges.log 2>&1
> oracle:5 0 * * * /usr/local/oracle/bin/VerifyFileChanges.sh -h24 > /tmp/VerifyFileChanges.log 2>&1
> oracle:
> oracle:# GG
> oracle:0 4,10,16,22 * * * /usr/local/oracle/bin/FindGGArchReqmnt.sh -i prd1 -l 120 > /tmp/FindGGArchReqmnt.out 2>&1
> oracle:4 * * * * /usr/local/oracle/bin/monitorGGProcess.sh -l 120> /tmp/monitorGGProcess.out 2>&1
< oracle:#ora12
< oracle:00 09 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i ora12 -P background_dump_dest -n 14 >/tmp/ora12_trace_dump_dest.log 2>&1
< oracle:05 09 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i ora12 -P audit_file_dest -n 7 >/tmp/ora12_audit_file_dest.log 2>&1
< oracle:10 09 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i ora12 -P core_dump_dest -n 4 >/tmp/ora12_core_dump_dest.log 2>&1
< oracle:15 09 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i ora12 -P IncidentDumpDest -n 4 >/tmp/ora12_Inci_dump_dest.log 2>&1
< oracle:20 09 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i ora12 -P DiagAlertXMLDest -n 4 >/tmp/ora12_alert_dump_dest.log 2>&1
< oracle:#ASM2
< oracle:30 10 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i +ASM2 -P background_dump_dest -n 14 -l >/tmp/asm_trace_dump_dest.log 2>&1
< oracle:35 10 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i +ASM2 -P audit_file_dest -n 2 -l >/tmp/asm_audit_file_dest.log 2>&1
< oracle:40 10 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i +ASM2 -P core_dump_dest -n 2 -l >/tmp/asm_core_dump_dest.log 2>&1
< oracle:45 10 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i +ASM2 -P IncidentDumpDest -n 4 -l >/tmp/asm_Inci_dump_dest.log 2>&1
< oracle:50 10 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server1 -i +ASM2 -P DiagAlertXMLDest -n 2 -l >/tmp/asm_alert_dump_dest.log 2>&1
> oracle:#prd1
> oracle:00 09 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server2 -i prd1 -P background_dump_dest -n 7 >/tmp/prd1_trace_dump_dest.log 2>&1
> oracle:05 09 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server2 -i prd1 -P audit_file_dest -n 7 >/tmp/prd1_audit_file_dest.log 2>&1
> oracle:10 09 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server2 -i prd1 -P core_dump_dest -n 4 >/tmp/prd1_core_dump_dest.log 2>&1
> oracle:15 09 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server2 -i prd1 -P IncidentDumpDest -n 7 >/tmp/prd1_Inci_dump_dest.log 2>&1
> oracle:20 09 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server2 -i prd1 -P DiagAlertXMLDest -n 7 >/tmp/prd1_alert_dump_dest.log 2>&1
> oracle:#ASM1
> oracle:30 10 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server2 -i +ASM1 -P background_dump_dest -n 7 -l >/tmp/asm_trace_dump_dest.log 2>&1
> oracle:35 10 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server2 -i +ASM1 -P audit_file_dest -n 2 -l >/tmp/asm_audit_file_dest.log 2>&1
> oracle:40 10 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server2 -i +ASM1 -P core_dump_dest -n 2 -l >/tmp/asm_core_dump_dest.log 2>&1
> oracle:45 10 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server2 -i +ASM1 -P IncidentDumpDest -n 4 -l >/tmp/asm_Inci_dump_dest.log 2>&1
> oracle:50 10 * * * /usr/local/oracle/bin/dbtracefilepurge.sh -s server2 -i +ASM1 -P DiagAlertXMLDest -n 2 -l >/tmp/asm_alert_dump_dest.log 2>&1
< oracle:00 00,06,12,18 * * * /usr/local/oracle/bin/purge_oracle_listener_logs.sh -s server1 -n 5 >/tmp/purge_oracle_listener_logs.log 2>&1
< oracle:# 
< oracle:0,10,20,30,40,50 * * * * /ora_backup/stby_arch/check_share_mem.ksh server1 ora12 1024 2>&1 >> /mount/appl_NAS_backup/ora12_shared_memory.out 2>&1
> oracle:00 00,06,12,18 * * * /usr/local/oracle/bin/purge_oracle_listener_logs.sh -s server2 -n 5 >/tmp/purge_oracle_listener_logs.log 2>&1
> oracle:##################################
> oracle:# Recovery Manager Backup Schedule
> oracle:##################################
> oracle:00 04 * * 6 /usr/local/oracle/bin/rmanv4.sh -s server2 -i prd1 -b0 -R -c -N2 >/tmp/rmanv4_server2_prd_L0.log 2>&1 
> oracle:00 01 * * 1 /usr/local/oracle/bin/rmanv4.sh -s server2 -i prd1 -b1 -R -c -N2 >/tmp/rmanv4_server2_prd_L1.log 2>&1 
> oracle:00 13 * * 1-5 /usr/local/oracle/bin/rmanv4.sh -s server2 -i prd1 -b1 -R -c -N2 >/tmp/rmanv4_server2_prd_L1.log 2>&1 
> oracle:00 * * * * /usr/local/oracle/bin/rmanv4.sh -s server2 -i prd1 -R -a -c >/tmp/rmanv4_server2_prd_Arch.log 2>&1
< oracle:5,45 3-1 * * * /ora_backup/stby_arch/kill_box.ksh server1 ora12 0 K >>/tmp/kill_box.out 2>&1
< oracle:0,10,20,30,40,50 2 * * * /ora_backup/stby_arch/kill_box.ksh server1 ora12 0 K >>/tmp/kill_box.out 2>&1
> oracle:#######################################################################
> oracle:# For SnapShot gathering of Segment Usage and Tablespace Usage
> oracle:# To setup Snapshot configuration use /usr/local/oracle/bin/dba_snap_setup.sh 
> oracle:# To Setup Monitored Schemas for SnapShot gathering use
> oracle:#	/usr/local/oracle/bin/dba_snap_schema_conf.sh   
> oracle:#######################################################################
> oracle:20 23 * * 0 /usr/local/oracle/bin/dba_get_ts_snaps.sh prd1 > /tmp/dba_get_ts_snaps_prd1.log 2>&1
< oracle:0,5,10,15,20,25,30,35,40,45,50,55 * * * * /ora_backup/stby_arch/library_wait_events.ksh server1 ora12 2>&1 >> /tmp/prd_chk_libary_latch.out 2>&1
> oracle:###############
> oracle:# PSC_SQL_STATS
> oracle:###############
< oracle:0,40 * * * * /ora_backup/stby_arch/longrun.ksh server1 ora12 0 > /tmp/ora12_v500_boxi.out 2>&1
< oracle:10,20,30,50 2 * * * /ora_backup/stby_arch/longrun.ksh server1 ora12 0 > /tmp/ora12_v500_boxi.out 2>&1
> oracle:45 08,16 * * * /usr/local/oracle/bin/snap_sql_stats.sh server2 prd1 > /tmp/snap_sql_stats.out 2>&1
< oracle:30 08-17 * * * /ora_backup/stby_arch/mon_long_run.sh server1 ora12 >> /tmp/mon_long_run.out 2>&1
< oracle:5 18-07 * * * /ora_backup/stby_arch/mon_long_run.sh server1 ora12 >> /tmp/mon_long_run.out 2>&1
> oracle:5,35 08-17 * * * /ora_backup/stby_arch/mon_long_run.sh server2 prd1 >> /tmp/mon_long_run.out 2>&1
> oracle:0,30 18-07 * * * /ora_backup/stby_arch/mon_long_run.sh server2 prd1 >> /tmp/mon_long_run.out 2>&1
> oracle:30 * * * * /ora_backup/stby_arch/latching.sh server2 prd1 2>&1 >> /tmp/latching_session.out 2>&1
> oracle:0,5,10,15,20,25,30,35,40,45,50,55 * * * * /ora_backup/stby_arch/library_wait_events.ksh server2 prd1 >> /tmp/prd_wait_events.out 2>&1
> oracle:0,10,20,30,40,50 * * * * /ora_backup/stby_arch/mon_high_temp_usage.sh server2 prd1 >/mount/appl_NAS_backup/prd_temp_high_usage.out 2>&1
> oracle:0,5,10,15,20,25,30,35,40,45,50,55 07-18 * * * /ora_backup/stby_arch/check_share_mem.ksh server2 prd1 1024 >> /mount/appl_NAS_backup/prd1_shared_memory.out 2>&1
> oracle:
> oracle:0,30 19-23,0-6 * * * /ora_backup/stby_arch/check_share_mem.ksh server2 prd1 1024 >> /mount/appl_NAS_backup/prd1_shared_memory.out 2>&1
> oracle:
> oracle:######SPECIAL EXPORT###################################################################
> oracle:50 15 23 6 * /usr/local/oracle/bin/exp_v500_tbl.ksh prd1 >/tmp/exp_v500_tbl.log 2>&1
< root:0 0 * * * /usr/es/sbin/cluster/utilities/clcycle 1>/dev/null 2>/dev/null # HACMP for AIX Logfile rotation
> root:0 0 * * * /usr/es/sbin/cluster/utilities/clcycle 1>/dev/null 2>/dev/null # HACMP for AIX Logfile rotation
< root:0 0 * * * /usr/local/nmon/proc/esm_run_nmon.ksh 1>/usr/local/nmon/log/esm_run_nmon.log 2>&1
< root:59 0 * * * /usr/local/webdoc/webdoc -o /tmp >/dev/null 2>&1
> root:59 0 * * * /usr/local/webdoc/webdoc -o /tmp > /dev/null 2>&1
> root:0 0 * * * /usr/local/nmon/proc/esm_run_nmon.ksh > /usr/local/nmon/log/esm_run_nmon.log 2>&1

checkpowerhalevel.ksh
Script run at:2017-05-25 11:49:48
Runtime:0 second(s)
Returncode:1
Description:
This check shows the installed PowerHA/HACMP level. These are the preferred levels:

Basically the recommended level for running PowerHA/HACMP, is the N-1 fix pack level of each supported version, or the latest level if that level is at least 3 months available:

Version 5.4.1: "5.4.1.12" # Latest level = 5.4.1.12 October 2011 - Supported until September 1, 2011.

Version 5.5: "5.5.0.11" # Latest level = 5.5.0.11 May 1, 2012. Supported by IBM until April 30, 2012.

Version 6.1: "6.1.0.16" # Latest level = 6.1.0.16 October 26, 2015. Supported until April 30, 2015.

Version 7.1.0: "7.1.0.9" # Latest level = 7.1.0.9 May 1, 2014. In end of service pack mode since April 30, 2015.

Version 7.1.1: "7.1.1.9" # Latest level = 7.1.1.9 May 27, 2015. 

Version 7.1.2: "7.1.2.8" # Latest level = 7.1.2.8 June 22, 2016. 

Version 7.1.3: "7.1.3.5" # Latest level = 7.1.3.5 June 24, 2016. 

Version 7.2.0: "7.2.0.2" # Latest level = 7.2.0.2 November 11, 2016. 
Output:
Level installed: 6.1.0.11
PowerHA 6.1.0 is out of support since April 30, 2015.
Please update to a supported level of PowerHA.

checkpowerhalogdirectory.ksh
Script run at:2017-05-25 11:50:10
Runtime:19 second(s)
Returncode:1
Description:
Check if any PowerHA/HACMP log files are written to the /tmp file system.

Because the /tmp file system is usually not backed up, it is a better idea to change the location of all PowerHA/HACMP log files to a location in another file system than /tmp.
Output:
One or more log files are written to /tmp:

clstrmgr.debug:Generated by the clstrmgr daemon:/tmp
cspoc.log:Generated by CSPOC commands:/tmp
dms_loads.out:Generated by deadman's switch activity:/tmp
emuhacmp.out:Generated by the event emulator scripts:/tmp
hacmp.out:Generated by event scripts and utilities:/tmp

checkpowerhalsvg.ksh
Script run at:2017-05-25 11:50:12
Runtime:2 second(s)
Returncode:1
Description:
Check if both nodes of a PowerHA/HACMP cluster have the same volume groups configured.
Output:
Volume groups not consistent in cluster:
server1: dbdiskhbvg gatevg prd_db512vg01 prd_db512vg02 prd_db512vg03 prd_fravg01 prd_ggvg01 prd_lgvg01 prd_lgvg02 prdcrs_vg oraclevg paging01vg rootvg
server2: dbdiskhbvg prd_db512vg01 prd_db512vg02 prd_db512vg03 prd_fravg01 prd_ggvg01 prd_lgvg01 prd_lgvg02 prdcrs_vg oracle4avg paging01vg rootvg

checkpowerhanfs.ksh
Script run at:2017-05-25 11:50:42
Runtime:3 second(s)
Returncode:1
Description:
The remotely mounted NFS file systems should be identical on both nodes of a PowerHA/HACMP cluster.
Output:
Inconsistencies were found between the NFS file systems on the two PowerHA/HACMP-nodes:
/mount/appl_NAS_backup:/vol/appl_NAS_rman:nfs:server5::0:rw,fg,hard,rsize=32768,wsize=32768,vers=3,proto=tcp,sec=sys:yes:no
> /ora12_arch:/u02/oracle/admin/prd/arc/ora12:nfs:server1::0:rw,bg,soft,intr,sec=sys:no:no

checkpowerhanodedown.ksh
Script run at:2017-05-25 11:50:47
Runtime:1 second(s)
Returncode:1
Description:
Check if any node of a PowerHA/HACMP cluster is down.
Output:
Command clstat -o is not properly working.

checkpowerhapvid.ksh
Script run at:2017-05-25 11:51:07
Runtime:2 second(s)
Returncode:1
Description:
Check if the PVID of shared disks are within the same volume groups on both nodes of a cluster.

If a disk or LUN is shared between 2 nodes of a PowerHA/HACMP cluster, then this disk should be in the same volume group on each node (or not in a volume group at all). Shared disks should not be used in a local volume group, known to only one of the 2 nodes of the PowerHA/HACMP cluster. If that is done, then the risk exists, that someone may consider to use a disk on one node of the cluster, while the disk is actually already in use within another volume group on the other node of the cluster.

If the disk is forced into a volume group (using extendvg -f) on one node of the cluster, that may result in volume group corruption on the other cluster, with most likely recovery of the entire volume group as a result of doing so.

This can all be avoided, by simply making sure that if a disk is shared between the 2 cluster nodes, that it is also configured within the same volume group of both nodes.

If this script detects that a disk is used within a different volume group on both nodes, either remove the disk from that volume group, or make sure that the disk is no longer shared between the 2 cluster nodes (e.g. by removing the zoning for the SAN LUN on the secondary node, so the disk is no longer available for use on the secondary node).
Output:
Shared disk with pvid 00f609301cc09917 is within a different volume group on the cluster nodes:
hdisk45         00f609301cc09917                    gatevg    active      
hdisk45         00f609301cc09917                    None                        
Shared disk with pvid 00f609301cc09a07 is within a different volume group on the cluster nodes:
hdisk46         00f609301cc09a07                    gatevg    active      
hdisk46         00f609301cc09a07                    None                        

checkpowerhargfallbackpolicy.ksh
Script run at:2017-05-25 11:51:29
Runtime:0 second(s)
Returncode:2
Description:
Check if the fallback policy for a resource group is set to Never Fallback.

Although allowed, one could set the fallback policy of a PowerHA/HACMP resource group to anything other than "Never Fallback", like "Fallback To Higher Priority Node In The List". 

But other fallback policies may result in unintended failovers, and thus additional downtime can occur. For example, if the fallback policy is set to "Fallback To Higher Priority Node In The List", and a cluster has failed over resources from a primary node to a lower priority node, then another failover will occur automatically when the higher priority node is introduced back into the cluster. 

Instead, it is better to set the fallback policy to "Never Fallback", and to schedule a time outside business hours to perform the fallback, than to allow PowerHA/HACMP to perform the fallback automatically.
Output:
The fallback policy of resource group server2_rg is set to "Fallback To Higher Priority Node In The List", but should be set to "Never Fallback".
The fallback policy of resource group server1_rg is set to "Fallback To Higher Priority Node In The List", but should be set to "Never Fallback".

checkpowerhasnapshot.ksh
Script run at:2017-05-25 11:52:08
Runtime:1 second(s)
Returncode:1
Description:
Check for any old cluster snapshots.

Old cluster snapshots can most likely be removed. It is recommended to remove them, if they're no longer required, because cluster snapshots can use up quite a bit of disk space.
Output:
Cluster snapshot 03_03_2014_prd_cl_autosnap is at least 6 months old and should be removed. Run: /usr/es/sbin/cluster/utilities/clsnapshot -r -n'03_03_2014_prd_cl_autosnap'
Cluster snapshot new-svcmigration is at least 6 months old and should be removed. Run: /usr/es/sbin/cluster/utilities/clsnapshot -r -n'new-svcmigration'

checkpowerhasyncd.ksh
Script run at:2017-05-25 11:52:08
Runtime:0 second(s)
Returncode:1
Description:
Checks the syncd setting for the frequency with which the I/O disk-write buffers are flushed. Frequent flushing of these buffers reduces the chance of deadman switch time-outs. This check only applies to servers that are part of a PowerHA/HACMP cluster.

The AIX default value for syncd is set in /sbin/rc.boot, and is by default set to 60. It is recommended to keep this value at 60. In older versions of PowerHA/HACMP (version 5 and below), it was recommended set it to 10 instead of 60, but in newer versions of PowerHA, this is no longer required.

To change the syncd frequency setting, do the following on each PowerHA/HACMP node in the cluster:

Run:

# /usr/es/sbin/cluster/utilities/clchsyncd '60'
Output:
Syncd setting should be 60, but is set to 10.

checkpowerhausers.ksh
Script run at:2017-05-25 11:52:45
Runtime:35 second(s)
Returncode:1
Description:
Users should be identical on both nodes of a PowerHA/HACMP cluster, just like the password. 

Because home directories can be located on a shared file system, no check for the home directory is done in this script.

If you see a lot of differences between attributes for most of the users, your best bet is to look at the default stanza in /etc/security/limits and /etc/security/user. Probably the default settings for user accounts are different on the two nodes of the PowerHA/HACMP cluster.
Output:
Inconsistencies were found between the users on the two PowerHA/HACMP-nodes.

Username---------------: *** Banusha ***
Username id pgrp groups: server1 ==> Banusha:497:prd:admin,prd,printq,staff,
Username id pgrp groups: server2 ==> Banusha:499:prd:admin,prd,printq,staff,

Username---------------: *** us776633 ***
Username id pgrp groups: server1 ==> us776633:496:staff:staff,
Username id pgrp groups: server2 ==> us776633:498:staff:staff,
   (Encrypted) password: server1 ==> 0c1dGg5xni9GM
   (Encrypted) password: server2 ==> 

Username---------------: *** us108498 ***
Username id pgrp groups: server1 ==> us108498:520:staff:hcucdt1,staff,
Username id pgrp groups: server2 ==> us108498:523:staff:hcucdt1,staff,
   (Encrypted) password: server1 ==> Z.TT0NUTfQhd6
   (Encrypted) password: server2 ==> 0soZe3GF2s7dU

Username---------------: *** us574603 ***
Username id pgrp groups: server1 ==> us574603:428:staff:hcucdt1,staff,
Username id pgrp groups: server2 ==> us574603:429:staff:hcucdt1,staff,
   (Encrypted) password: server1 ==> 5imzaFPOpHQUk
   (Encrypted) password: server2 ==> qY.fz9WZDwkAw

Username---------------: *** us332218 ***
Username id pgrp groups: server1 ==> us332218:351:staff:hcucdt1,staff,
Username id pgrp groups: server2 ==> us332218:354:staff:hcucdt1,staff,
   (Encrypted) password: server1 ==> LzitV.W7rAR/o
   (Encrypted) password: server2 ==> i5eM0r/G.ILNA

+112 more... To view all entries, run: checkpowerhausers.ksh -v

checkquorum.ksh
Script run at:2017-05-25 11:54:28
Runtime:90 second(s)
Returncode:1
Description:
A special characteristic for volume groups is quorum checking. Depending on if this is set to on or off, the operating system will take the following actions:

If quorum checking is on, the operating system will bring down (vary off) an active volume group, if less than 51% of the VGDA's are available; Not activate (vary on) an inactive volume group if less than 51% of the VGDA's are available.

If quorum checking is off, the operation system will not take any actions on active volume groups; Not activate (vary on) an inactive volume group if less than 100% of the VGDA's are available.

A VGDA (Volume Group Descriptor Area) is located on every disk in the volume group and is used by the operating system to save data about logical volumes and filesystems in that volume group. Each volume group has a minimum of three VGDA's, meaning that:

A volume group of one disk will have all 3 VGDA's on that single disk. A volume group of two disks will have one disk with two VGDA's and one disk with one VGDA. A volume group of three or more disks will have one VGDA per disk.

The availability of a machine is important; More important than not being able to bring up an inactive volume group. Therefore, quorum checking needs to be turned off for all volume groups. Besides that, the varyon command has an option to force the vary on, ignoring the quorum checking.

To disable quorum on a volume group, run:

# chvg -Qn volumegroup

On a PowerHA/HACMP clustered node, make sure to change this through C-SPOC:

# smitty hacmp
System Management (C-SPOC) -> Storage -> Volume Groups -> Set Characteristics of a Volume Group -> Change/Show characteristics of a Volume Group -> select a volume group -> Set "A QUORUM of disks required to keep the volume group on-line ?" to "no".

There's one exception: IBM recommends enabling quorum on volume groups that are in use for concurrent access, in other words: volume groups online and accessible on all nodes of a cluster. This is to prevent data corruption. This check script will check for this condition as well.
Output:
Quorum is not disabled for volume group gatevg. Run: chvg -Qn gatevg

checkrlogin.ksh
Script run at:2017-05-25 11:54:29
Runtime:0 second(s)
Returncode:2
Description:
Check if rlogin is disabled.

The rlogin service is susceptible to IP spoofing and DNS spoofing. Data, including user IDs and passwords, is sent over the network unprotected without encryption; therefore, the communication can be intercepted by
an intruder who could use it to gain unauthorized access. The service runs also runs as user root. Use secure shell (ssh) instead of this service.

To disable, comment the login entry in /etc/inetd.conf, followed by refreshing the inetd process:

# refresh -s inetd
Output:
For security reasons, it is better to disable rlogin in /etc/inetd.conf.

checkrootforward.ksh
Script run at:2017-05-25 11:54:30
Runtime:0 second(s)
Returncode:1
Description:
Checks if a .forward file exists in the home directory of root. This file should exist and should contain a valid email address to forward any email from user root.

Also, the file should be owned by user root, group system, and the file should not be allowed to be written by any other users.
Output:
File ~root/.forward is missing. No mail is forwarded.

checkrootpwreset.ksh
Script run at:2017-05-25 11:54:31
Runtime:0 second(s)
Returncode:1
Description:
Check if the password of user root has been reset within the last 90 days. It is best practice to change it every 3 months.
Output:
Last update of root password: Tue Feb  7 02:41:52 2017

checkrshd.ksh
Script run at:2017-05-25 11:54:33
Runtime:0 second(s)
Returncode:2
Description:
Check if rshd is disabled.

The rshd server provides remote execution facilities with authentication based on privileged port numbers from trusted hosts. Rshd does not use encryption; therefore, the communication can be intercepted by an intruder who could use it to gain unauthorized access. Use ssh instead.

To disable, comment the rshd entry in /etc/inetd.conf, and refresh inetd by running:

# refresh -s inetd
Output:
For security reasons, it is better to disable rshd in /etc/inetd.conf.

checksadc.ksh
Script run at:2017-05-25 11:54:34
Runtime:0 second(s)
Returncode:1
Description:
Check if old sadc processes are active.

The sadc process is a backend process for sar, and could be left behind without a parent process, if the sar process ends prematurely.

This check script will detect if any such sadc processes are still running.

A quick way to kill all sadc processes on the system is:

# ps -ef | grep sadc | grep -v grep | awk '{print $2}' | xargs -n1 kill

Or to only kill those sadc processes that no longer have a parent process:

# ps -ef | grep sadc | awk '$3 ~ /^1$/ { print $2 }' | xargs -n1 kill
Output:
There are 13 sadc processes active:
    root 24510594        1   0   Mar 03      -  0:00 /usr/lib/sa/sadc -x abcdkmqrvwy 899 2
    root 55443460        1   0   Apr 11      -  0:00 /usr/lib/sa/sadc -x abcdkmqrvwy 899 2
    root 23724392        1   0   Mar 07      -  0:00 /usr/lib/sa/sadc -x abcdkmqrvwy 899 2
    root 30343560        1   0   Jan 23      -  0:00 /usr/lib/sa/sadc -x abcdkmqrvwy 899 2
    root 34865474        1   0   May 16      -  0:00 /usr/lib/sa/sadc -x abcdkmqrvwy 299 2
    root 49152276        1   0   Aug 08      -  0:00 /usr/lib/sa/sadc -x abcdkmqrvwy 899 2
    root 49152276        1   0   Sep 05      -  0:00 /usr/lib/sa/sadc -x abcdkmqrvwy 899 2
    root 36176532        1   0   Oct 03      -  0:00 /usr/lib/sa/sadc -x abcdkmqrvwy 899 2
    root 44106350        1   0   Apr 25      -  0:00 /usr/lib/sa/sadc -x abcdkmqrvwy 899 2
    root 48235232        1   0   May 16      -  0:00 /usr/lib/sa/sadc -x abcdkmqrvwy 299 2
+3 more...

checksendmailgreetingmessage.ksh
Script run at:2017-05-25 11:54:49
Runtime:0 second(s)
Returncode:1
Description:
Check the SMTP greeting message of Sendmail to ensure no unnecessary information is provided.

Sendmail has been the target of numerous attacks over the years - from buffer overflows to denials of service. A quick fix to reduce the exposure of a sendmail server is to remove any evidence of the particular release of sendmail that you are running from the sendmail greeting. While this obviously doesn't change anything about the security of the software you are running, it makes it less likely that anyone wishing to exploit a release-specific attack from targeting your system.

To remove any version information from the sendmail greeting, and to even further remove any indication that sendmail is used, update the SMTP initial login message in /etc/mail/sendmail.cf to:

O SmtpGreetingMessage=$j mailserver; $b

Afterwards, refresh sendmail, so the updated configuration file for sendmail is re-read:

# refresh -s sendmail

When you make this change, and then telnet to the mail port:

# telnet localhost 25

The message will now show something like this:

220 yourhost.com ESMTP mailserver Fri, 19 Sep 2014 13:45:15 -0500

While before it will have provided an indication that Sendmail was used. There are other options available for the SmtpGreetingMessage, such as the use of $v and $Z, which will show version information. These are not enabled by default on AIX, and the use of these options is discouraged, so no Sendmail version is provided to any attacker.
Output:
Please update the following entry in /etc/sendmail.cf:
O SmtpGreetingMessage=$j Sendmail $b
To:
O SmtpGreetingMessage=$j mailserver $b

checkshells.ksh
Script run at:2017-05-25 11:54:50
Runtime:0 second(s)
Returncode:1
Description:
Check the list of valid login shells for a user as defined in /etc/security/login.cfg.

Commands such as chuser and chsh will only allow to change a user's login shell to one of the shells listed in /etc/security/login.cfg in the usw stanza.

By default, some legacy shells are listed here, which should be removed for security reasons. Also, the use of custom made shells is discouraged. Finally, this check script ensures that the proper permissions are set on the shells.

To set a proper limited list of valid shells on the system, run:

# chsec -f /etc/security/login.cfg -s usw -a shells="/bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh,/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,\
/usr/bin/csh,/usr/bin/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/rksh93,/bin/false"
Output:
Shell /usr/sbin/uucp/uucico is listed as a valid shell, however is a legacy shell. Please consider removing it.
Shell /usr/sbin/sliplogin is listed as a valid shell, however is a legacy shell. Please consider removing it.
Shell /usr/sbin/snappd is listed as a valid shell, however is a legacy shell. Please consider removing it.
Shell /usr/local/PSC/c3scripts/STARTUP is listed as a valid shell, however is either a legacy shell, or a custom shell. Please consider removing it.

checksnmp.ksh
Script run at:2017-05-25 11:54:52
Runtime:1 second(s)
Returncode:2
Description:
Display a warning if it is possible to retrieve system information through SNMP.

It may be okay if this is configured, e.g. for monitoring purposes. But if there is no need to allow a system to provide information through SNMP, make sure to disable this, e.g. by stopping the SNMP daemons:

# stopsrc -s snmpd
# stopsrc -s snmpmibd
# stopsrc -s aixmibd
# stopsrc -s hostmibd

Also, make sure to comment out the entries for the snmp daemons in /etc/rc.tcpip to avoid restarting the daemons when the server is rebooted.
Output:
This system allows system information to be accessed remotely through SNMP:
sysDescr.0 = "IBM PowerPC CHRP Computer
Machine Type: 0x0800004c Processor id: 00F6093E4C00
Base Operating System Runtime AIX version: 06.01.0008.0015
TCP/IP Client Support  version: 06.01.0008.0015"
sysUpTime.0 = 407 days, 23 hours, 4 minutes, 0 seconds (3524784000 timeticks)

checksnmpvacmview.ksh
Script run at:2017-05-25 11:54:52
Runtime:0 second(s)
Returncode:1
Description:
Check if the VACM_VIEW entry in /etc/snmpdv3.conf for internet is disabled.

Enabling the following entry in /etc/snmpdv3.conf, unlocks the entire MIB tree, which is a potential security issue.

VACM_VIEW defaultView internet - included -

For HACMP/PowerHA, it is better to leave this entry disabled, which is the default. Instead, enable the following entry:

VACM_VIEW defaultView  1.3.6.1.4.1.2.3.1.2.1.5 - included -

After enabling the MIB entry above, the snmp daemon must be restarted with the following commands:

# stopsrc -s snmpd
# startsrc -s snmpd

After snmp is restarted, leave the daemon running for about two minutes before attempting to start clstat or cldump, if HACMP/PowerHA is in use on this system.
Output:
The internet VACM_VIEW entry is enabled in /etc/snmpdv3.conf.

checksudocommands.ksh
Script run at:2017-05-25 11:55:04
Runtime:7 second(s)
Returncode:1
Description:
Check if the commands that are referenced in the /etc/sudoers file (configuration file for the sudo utility) indeed exist on the system.

Having a command in the /etc/sudoers file that does not exist does not make sense. In case of an HACMP/PowerHA node it may mean that a command needs to be copied onto all the nodes of a cluster or should be placed in a shared file system.

Please make sure to include the full pathname to any command in the /etc/sudoers file. And also make sure to always edit the /etc/sudoers file using the visudo command.
Output:
Command "/opt/bmc/Patrol3/PatrolAgent" is owned by patagt instead of root and has write access.
Command "/opt/hphsv/bin/lshsv" in file /etc/sudoers does not exist.
Command "/u01/crs/oracle/product/10/crs/bin/crsctl" in file /etc/sudoers does not exist.
Command "/u01/crs/oracle/product/crs/bin/ocrdump" is owned by oracle instead of root and has write access.
Command "/usr/bin/dspmqver" in file /etc/sudoers does not exist.
Command "/usr/bin/runmqsc" in file /etc/sudoers does not exist.
Command "/usr/DynamicLinkManager/bin/dlnkmgr" in file /etc/sudoers does not exist.
Command "/usr/tivoli/tsm/client/ba/bin/dsmc" in file /etc/sudoers does not exist.
Command "/home/oracle/root_orachk.sh" in file /etc/sudoers does not exist.
Command "/mount/ora_backup/stage/ora11204/install/checkprep_11204.ksh" in file /etc/sudoers does not exist.

checksudoerspassword.ksh
Script run at:2017-05-25 11:55:15
Runtime:10 second(s)
Returncode:1
Description:
Check if we can guess the password for any user in /etc/sudoers.

For each user with unlimited root access through sudo, you will want to make sure they don't have a password that is easy to guess. This script will check that.

If any passwords are found, please make sure to change the password as soon as possible, or remove access through sudo by removing their entry from /etc/sudoers (Note: use the visudo command to do so).
Output:
The password of user us108498 is: changeme
The password of user us332218 is: changeme
The password of user us986227 is: changeme
The password of user us578498 is: changeme
The password of user us670244 is: changeme
The password of user us749874 is: Changem3
The password of user us976364 is: changeme
The password of user us107742 is: changeme
The password of user us107734 is: changeme
The password of user us105063 is: changeme
The password of user us991045 is: changeme
The password of user us107050 is: changeme
The password of user us108484 is: changeme
The password of user us607070 is: changeme
The password of user us683685 is: changeme
The password of user us604926 is: changeme
The password of user us645895 is: changeme
The password of user us107522 is: changeme
The password of user us634895 is: changeme

checksudoersusers.ksh
Script run at:2017-05-25 11:55:16
Runtime:1 second(s)
Returncode:1
Description:
Check if users that are part of a User_Alias in the /etc/sudoers file, indeed exist in /etc/passwd.

This script will also check if there are any groups listed in /etc/sudoers which are unknown in /etc/groups.
Output:
User us641714 in /etc/sudoers does not exist in /etc/passwd.
User us647257 in /etc/sudoers does not exist in /etc/passwd.
User us644551 in /etc/sudoers does not exist in /etc/passwd.
User us647793 in /etc/sudoers does not exist in /etc/passwd.
User us872987 in /etc/sudoers does not exist in /etc/passwd.

checksudoversion.ksh
Script run at:2017-05-25 11:55:18
Runtime:1 second(s)
Returncode:1
Description:
Check if sudo is installed, and if so, what version. 

If sudo is not installed, this script will generate an error message. Using sudo to provide access to others to commands that normally can only be run by user root, is a best practice. Never give out the root password to anyone else, except to system administrators.

The latest version of sudo can be found in IBM's Toolbox for Linux, and thus is the preferred version. A more up-to-date version can be downloaded from http://www.courtesan.com/sudo/download.html.
Output:
Please upgrade sudo to version 1.8.15.
Version of sudo installed: sudo-1.6.9p23-2noldap

checksysdumpdevlv.ksh
Script run at:2017-05-25 11:55:29
Runtime:0 second(s)
Returncode:2
Description:
Checks for the most recent system dump.
Output:
Device name:         /dev/dumplv1
Major device number: 10
Minor device number: 17
Size:                9814817792 bytes
Uncompressed Size:   51319339148 bytes
Date/Time:           Fri Jul 19 10:37:17 EDT 2013
Dump status:         0
Type of dump:        traditional
dump completed successfully

checksyslogdremote.ksh
Script run at:2017-05-25 11:55:31
Runtime:0 second(s)
Returncode:1
Description:
Check if the syslog facility to receive messages from the network is disabled.

The syslog service is a UDP-based service, that can be a threat to the security of the system. By default, the syslog listens on the network, on UDP-port 514. Syslog also does not perform any authentication of data that is sent to it.

This way, an attacker can create a denial-of-service condition by sending large amounts of data to the syslog service, filling up the disk space. Once the disk is full, logs can no longer be saved, thus any attack that would leave a trail within the logs would go unnoticed. Or by sending large amounts of specially crafted messages, an attacker can cause chaos if logs are monitored by intrusion detection systems or other systems that create alerts.

When syslog is listening, an attack can be performed using netcat, e.g. using:

# nc -u [IP-address] 514

Once connected, anything you type will be logged to a log file, if so configured in /etc/syslog.conf.

To mitigate this issue, ensure that syslog is started using the -R option:

# stopsrc -s syslogd
# chssys -s syslogd -a "-R"
# startsrc -s syslogd

Note that you can also start the syslogd using -r (lowercase) option. This will also ignore remote messages; however, this will still leave UDP port 514 open, and requires the syslogd to handle the messages, thus it's better to use the -R (uppercase) option.
Output:
The syslog daemon accepts remote messages from the network.

checksyslogfiles.ksh
Script run at:2017-05-25 11:55:32
Runtime:0 second(s)
Returncode:1
Description:
Check if the log destination files for the syslog facility exist. If a file doesn't exist, the syslog facility will not log to the file. Simply touch the file to create it, if this check reports any non-existing files.

Note: A good entry to put into the /etc/syslog.conf file is one that is rotated regularly. E.g., the default AIX 6.1 entry is:

*.info /var/adm/ras/syslog.caa rotate size 1m files 10

This means the file syslog.caa is rotated when the file is 1 MB in size, and up to a maximum of 10 files are kept on the system. This way, any messages file used in /etc/syslog.conf will never grow to an enormous size.

This check script will also check the permissions of any log file written by syslog. Others should not be allowed to read or write a log file written by syslog, as this may be a security issue.
Output:
Others have access to log file /usr/es/adm/cluster.log. Run: chmod o-rwx /usr/es/adm/cluster.log

checksyslogrotate.ksh
Script run at:2017-05-25 11:55:32
Runtime:0 second(s)
Returncode:1
Description:
Check if syslog files are rotated automatically.

Syslog provides several options to automatically rotate and compress log files. This check script will verify if this has been set up for all entries in /etc/syslog.conf. 

A good example of setting up automatic rotation for a log file, along with compressing it, is this entry from /etc/syslog.conf:

daemon.debug /var/msgs/messages rotate size 1m files 10 compress

This entry will log all debug and higher level messages for the daemon group to /var/msgs/messages, and it will rotate the log file once the size reaches 1 megabyte. It will keep up to 10 files, and it will compress old files.

Setting up automatic rotation and compressing is important, because it avoids filling up file systems, or simply log files growing too large to be useful.

If any changes are made to /etc/syslog.conf, please make sure to refresh the syslog daemon, so any changes are picked up:

# refresh -s syslogd
Output:
The following entry in /etc/syslog.conf is missing the compress key word:
*.err                  /var/log/syslog     rotate size 1024k files 7
The following entry in /etc/syslog.conf is missing the compress key word:
daemon.info /var/msgs/messages rotate size 1m files 10

checksystemfirmwarelevel.ksh
Script run at:2017-05-25 11:55:33
Runtime:1 second(s)
Returncode:1
Description:
Check the level installed of the system firmware.

It is best practice to keep the system firmware at a recent level, however, also don't use the very latest available level, as this level may contain not yet discovered bugs. Therefore, it is best practice to use the N-1 level of system firmware, or you may use the latest available level of system firmware, if that level is available for at least 3 months.
Output:
Recommended system firmware level: AL730_152. Current level: AL730_114.

checktcpfastlo.ksh
Script run at:2017-05-25 11:55:36
Runtime:0 second(s)
Returncode:1
Description:
Check if network option tcp_fastlo is enabled.

Starting with AIX 6.1 TL5, you can use network option tcp_fastlo to enable the system to use the TCP Fast Loopback option. This option helps to reduce TCP/IP (CPU) overhead when two (TCP) communication end points reside in the same LPAR. This could be useful where you have an LPAR running a database and application in the same LPAR. It can also be used when two or more WPARs, in the same LPAR need to communicate with each over TCP/IP.

To enable, run:

# no -p -o tcp_fastlo=1

To enable fast loopback communication between WPARs, run:

# no -p -o tcp_fastlo_crosswpar=1

To check for any connections and traffic through the fastpath loopback, run:

# netstat -s -p tcp | grep fastpath
Output:
Network option tcp_fastlo is set to 0 and should be set to 1 (enabled).
Run: no -p -o tcp_fastlo=1

checktcpicmpsecure.ksh
Script run at:2017-05-25 11:55:36
Runtime:0 second(s)
Returncode:1
Description:
Check if network option tcp_icmpsecure is enabled (set to 1) to protect TCP connections against ICMP attacks. By default, it is disabled set to 0).

This option should be turned on to protect TCP connections against ICMP attacks. The ICMP attacks may be of the form of ICMP source quench attacks and PMTUD (Path MTU Discovery) attacks. If this network option is turned on, the system does not react to ICMP source quench messages. This will protect against ICMP source quench attacks. Also, if this network option is enabled, the payload of the ICMP message is tested to determine if the sequence number of the TCP header portion of the payload is within the range of acceptable sequence numbers. This will mitigate PMTUD attacks to a large extent.
Output:
Network option tcp_icmpsecure is set to 0 and should be set to 1 (enabled).
Run: no -p -o tcp_icmpsecure=1

checktcpkeepalive.ksh
Script run at:2017-05-25 11:55:36
Runtime:0 second(s)
Returncode:2
Description:
Check the settings for the TCP keepalive network options.

This script will warn when network options tcp_keepidle, tcp_keepintvl, tcp_keepinit and/or tcp_keepcnt have been modified/tuned from their default values.

Usually, it is recommended to use the default values. For some environments like DB2, Ensemble, WebSphere, Tivoli, the vendor has recommendations to tune these options.
Output:
Network option tcp_keepidle has been tuned from default value 14400 to 60.
Network option tcp_keepintvl has been tuned from default value 150 to 10.
Network option tcp_keepinit has been tuned from default value 150 to 10.

checktcptcpsecure.ksh
Script run at:2017-05-25 11:55:37
Runtime:0 second(s)
Returncode:1
Description:
Check if network option tcp_tcpsecure is enabled to avoid connection reset attacks and data corruption attacks on TCP.

This option is used to protect TCP connections from one or more of the following three vulnerabilities. The first vulnerability involves the sending of a fake SYN to an established connection to abort the connection. A tcp_tcpsecure value of 1 provides protection from this vulnerability. The second vulnerability involves the sending of a fake RST to an established connection to abort the connection. A tcp_tcpsecure value of 2 provides protection from this vulnerability. The third vulnerability involves injecting fake data in an established TCP connection. A tcp_tcpsecure value of 4 provides protection from this vulnerability. 

A value of 7 will protect the connection from combinations of these three vulnerabilities.
Output:
Network option tcp_tcpsecure is set to 0 and should be set to 7.
Run: no -p -o tcp_tcpsecure=7

checktelnet.ksh
Script run at:2017-05-25 11:55:37
Runtime:0 second(s)
Returncode:2
Description:
For security reasons, it is better to disable telnet in /etc/inetd.conf, and to use ssh instead. This check will return a warning message if telnet is still enabled.

To disable telnet, comment out the telnet entry in /etc/inetd.conf, as telnet is normally started by inetd. After that, please make sure to refresh inetd, so it re-reads the /etc/inetd.conf file, by running:

# refresh -s inetd
Output:
Telnet is enabled.

checktmpexecutables.ksh
Script run at:2017-05-25 11:55:38
Runtime:0 second(s)
Returncode:2
Description:
Check for any executable files in /tmp and /var/tmp.

Preferably, there should not be any executable file present in /tmp or /var/tmp. This may be a file written by someone (or a hacker), and given execute permissions as well, in the hope of someone executing it at a certain point in time, which may compromise system security.

All applications should use scripts or executable files from their own specific file systems, and not use /tmp to store any scripts or executables. 

This check scripts will run the find command to display any file with the execute permission set. For example, for file system /tmp:

# find /tmp -perm 1 -type f - size 0c -ls

If any such files are discovered, either delete the scripts and/or executables found, or move them so another file system location, or adjust the application so it does not write files to /tmp or /var/tmp with execute permissions set.
Output:
Executable file(s) found:

53320    3 -rwxr-xr-x  1 oracle    oinstall      2866 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/alert_log_file_size_analyzer.sh
53321    3 -rwxr-xr-x  1 oracle    oinstall      2992 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/bdump_dest_trace_analyzer.sh
53322    3 -rwxr-xr-x  1 oracle    oinstall      2596 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/check_default_gateway.sh
53323    3 -rwxr-xr-x  1 oracle    oinstall      2270 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/check_disk_asynch_io_linking.sh
53324    3 -rwxr-xr-x  1 oracle    oinstall      2145 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/check_e1000.sh
53325    3 -rwxr-xr-x  1 oracle    oinstall      2652 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/check_jumbo_frames.sh
53326    3 -rwxr-xr-x  1 oracle    oinstall      2421 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/check_network_packet_reassembly.sh
53327    5 -rwxr-xr-x  1 oracle    oinstall      4789 Aug 25  2011 /tmp/CVU_11.2.0.3.0_oracle/check_network_param.sh
53329    3 -rwxr-xr-x  1 oracle    oinstall      2246 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/check_non_routable_network_interconnect.sh
53330    8 -rwxr-xr-x  1 oracle    oinstall      7926 May  9  2011 /tmp/CVU_11.2.0.3.0_oracle/check_rp_filter.sh
53331    3 -rwxr-xr-x  1 oracle    oinstall      2449 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/check_tcp_packet_retransmit.sh
53332    3 -rwxr-xr-x  1 oracle    oinstall      2198 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/check_vip_restart_attempt.sh
53333    3 -rwxr-xr-x  1 oracle    oinstall      2347 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/check_vmm.sh
53334    4 -rwxr-xr-x  1 oracle    oinstall      3649 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/checkcorefile.sh
53335    3 -rwxr-xr-x  1 oracle    oinstall      3035 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/checkhugepage.sh
53336    3 -rwxr-xr-x  1 oracle    oinstall      2523 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/checkmemlock.sh
53337    3 -rwxr-xr-x  1 oracle    oinstall      2760 May 10  2011 /tmp/CVU_11.2.0.3.0_oracle/checkportavail.sh
53338    3 -rwxr-xr-x  1 oracle    oinstall      2538 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/checkramfs.sh
53339    4 -rwxr-xr-x  1 oracle    oinstall      3965 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/checksshd.sh
53340    1 -rwxr-xr-x  1 oracle    oinstall       730 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/common_include.sh
53341    3 -rwxr-xr-x  1 oracle    oinstall      2883 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/core_dump_dest_analyzer.sh
53342    3 -rwxr-xr-x  1 oracle    oinstall      2293 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/css_diagwait.sh
53343    3 -rwxr-xr-x  1 oracle    oinstall      2770 Sep 21  2011 /tmp/CVU_11.2.0.3.0_oracle/css_disk_timeout.sh
53344    3 -rwxr-xr-x  1 oracle    oinstall      2870 Sep 21  2011 /tmp/CVU_11.2.0.3.0_oracle/css_misscount.sh
53345    3 -rwxr-xr-x  1 oracle    oinstall      2320 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/css_reboot_time.sh
53319 1759 -rwxr-xr-x  1 oracle    oinstall   1800714 Feb 21  2013 /tmp/CVU_11.2.0.3.0_oracle/exectask
53296    1 -rwxr-xr-x  1 oracle    oinstall       606 Feb 11  2015 /tmp/CVU_11.2.0.3.0_oracle/exectask.sh
53346    1 -rwxr-xr-x  1 oracle    oinstall       661 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/getNICSpeed.sh
53347    3 -rwxr-xr-x  1 oracle    oinstall      2518 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/hangcheck_margin.sh
53348    3 -rwxr-xr-x  1 oracle    oinstall      2509 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/hangcheck_reboot.sh
53349    3 -rwxr-xr-x  1 oracle    oinstall      2470 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/hangcheck_tick.sh
53350    3 -rwxr-xr-x  1 oracle    oinstall      2231 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/hangchecktimer.sh
53351    3 -rwxr-xr-x  1 oracle    oinstall      2137 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/listener_naming_convention.sh
53352    3 -rwxr-xr-x  1 oracle    oinstall      3039 Sep 19  2011 /tmp/CVU_11.2.0.3.0_oracle/ora_00600_errors_analyzer.sh
53353    3 -rwxr-xr-x  1 oracle    oinstall      3033 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/ora_07445_errors_analyzer.sh
53295   23 -rwxr-xr-x  1 oracle    oinstall     23127 Feb 21  2013 /tmp/CVU_11.2.0.3.0_oracle/orarun.sh
53290    2 -rwxr-xr-x  1 oracle    oinstall      1495 Feb 21  2013 /tmp/CVU_11.2.0.3.0_oracle/runfixup.sh
53354    6 -rwxr-xr-x  1 oracle    oinstall      5895 Apr 27  2011 /tmp/CVU_11.2.0.3.0_oracle/shutdown_hwclock_sync.sh

checkunusedlv.ksh
Script run at:2017-05-25 11:56:08
Runtime:3 second(s)
Returncode:1
Description:
Check for any logical volumes that have no file system defined. These logical volumes will show up as "closed", and are basically only using up disk space. 

Please investigate why any reported logical volumes exist, but aren't in use. Once it is determined that the logical volume(s) is/are no longer necessary, they can be removed by running:

# rmlv lvname
Output:
spfile_asm          raw        1       1       1    closed/syncd  N/A

checkunzip.ksh
Script run at:2017-05-25 11:56:09
Runtime:1 second(s)
Returncode:1
Description:
Checks if the unzip RPM package is installed, and displays the version.
Output:
Version 5.51 installed of unzip, but should be version 6.0.
Download the latest version from the IBM AIX Toolbox for Linux applications.
UnZip 5.51 of 22 May 2004, by Info-ZIP

checkuptime.ksh
Script run at:2017-05-25 11:56:09
Runtime:0 second(s)
Returncode:2
Description:
Check if the uptime is over 6 months. Make sure a system is rebooted at least every 6 months. This will avoid any memory issues by applications running a long time, and it will also test the start and stop scripts of the system.
Output:
11:56AM   up 407 days,  23:06,  1 user,  load average: 8.10, 8.28, 8.32
System is up longer than 6 months.

checkuseraccounts.ksh
Script run at:2017-05-25 11:56:13
Runtime:4 second(s)
Returncode:1
Description:
Check for user accounts that are not used over 6 months or that have never been used since creation.

If too many user accounts are older than 6 months or are never used, this script will only list the first 100 entries. To view a complete listing, run:

# checkuseraccounts.ksh -v
Output:
User us574603 (User Name) last login was over 6 months ago: Wed Dec 12 01:07:13 2012
User us332218 (User Name) never logged in and password was set-up over 6 months ago: Mon May 13 23:51:54 2013
User us986227 (User Name) never logged in and password was set-up over 6 months ago: Fri Sep 16 18:29:50 2016
User us578498 (User Name) never logged in and password was set-up over 6 months ago: Thu Jul 9 07:34:43 2015
User us983724 (User Name) last login was over 6 months ago: Mon Aug 29 06:24:07 2016
User us670244 (User Name) never logged in and password was set-up over 6 months ago: Tue Apr 12 04:57:40 2016
User us749874 (User Name) never logged in and password was set-up over 6 months ago: Wed Jun 3 13:19:34 2015
User us976364 (User Name) never logged in and password was set-up over 6 months ago: Thu Jun 9 07:03:50 2016
User us105063 (User Name) never logged in and password was set-up over 6 months ago: Thu Oct 6 17:27:32 2016
User us991045 (User Name) never logged in and password was set-up over 6 months ago: Fri Aug 26 14:10:42 2016
User us873649 (User Name) never logged in and password was set-up over 6 months ago: Thu Feb 18 04:55:01 2016

checkuserchars.ksh
Script run at:2017-05-25 11:56:14
Runtime:0 second(s)
Returncode:1
Description:
Check for user accounts that use any special characters in the user name.

User names must begin with an alphabetic character.

User names must contain at least 3 characters. AIX does allow user accounts of only 1 character, but it is not recommended. Some applications do require a minimum user length.

User names cannot contain spaces.

On AIX systems, user names should only include:

- letters in lowercase

AIX does allow you to create user accounts with uppercase characters, but it is not advised because some applications may not be able to handle differences between user accounts with lowercase and uppercase user accounts, like user MWILSON and mwilson. And some applications, e.g. sudo, have trouble handling user accounts with only uppercase.

- letters a-z

- numbers 0-9

- special characters: ! % ( ) { }. . ^ ~ _ @ # $ \

We do not recommend using any special characters in usernames, except underscore; anything else should be discouraged. Doing so, may cause issues later on with certain applications.
Output:
The following user account does not start with a lowercase alphabetic character:
Banusha
The following user account does not use only lowercase characters or digits:
Banusha

checkuserconsistency.ksh
Script run at:2017-05-25 11:56:16
Runtime:2 second(s)
Returncode:1
Description:
Run usrck to check for any issues.

To check for any inconsistencies, run:

# usrck -n ALL

To have AIX resolve them, run:

# usrck -y ALL
Output:
3001-642 The user name melving appears in /etc/security/passwd
         but not in /etc/passwd.
3001-642 The user name clarkgs appears in /etc/security/passwd
         but not in /etc/passwd.
3001-661 There have been too many invalid login attempts by user agent.

checkusernopassword.ksh
Script run at:2017-05-25 11:56:18
Runtime:0 second(s)
Returncode:1
Description:
Check if there are user accounts that have no password set.

It is recommended to lock user accounts that have no password set.

Note: User accounts without a password cannot be used to log in directly to a system, and will display an asterisk in the password field in /etc/passwd and /etc/security/passwd. However, if there are other authentication mechanisms configured for an account without a password, such as SSH keys that have been configured, then even if no password is set, someone can log in to the system using that user account. As such, we recommend locking all user accounts that have no password set.
Output:
User Banusha has no password set. It is recommended to lock this user account.
Run: chsec -f /etc/security/user -s Banusha -a account_locked=true

checkuserprofile.ksh
Script run at:2017-05-25 11:56:24
Runtime:3 second(s)
Returncode:1
Description:
Check the owner and the permissions of the .profile of every user.

The permissions of the .profile for every user should be restricted to the owning user account only. If that's not the case, hackers may add items to the .profile of a user, that may get run, when the user logs in to the system.
Output:
Permission of the .profile of user oracle should be 740. Run: chmod 740 /home/oracle/.profile

checkusersettingsvsdefault.ksh
Script run at:2017-05-25 11:56:29
Runtime:5 second(s)
Returncode:2
Description:
Check user settings in /etc/security/user that differ from the default settings.

This check script will identify (the first 100 unique) users that have user settings defined, that differ from the system default, and will warn about it.

It's best to configure user accounts using the default user settings, such as password aging settings. A user account can deviate from the default user settings, e.g. an application account can have password aging disabled, however, regular user accounts should generally follow the default user settings.
Output:
User us645895 (us645895 gecos=User Name) has rlogin set to false, while the default is true. Run: chuser rlogin=true us645895

checkvgautosync.ksh
Script run at:2017-05-25 11:56:45
Runtime:6 second(s)
Returncode:1
Description:
Check if auto sync has been enabled for volume groups.

Volume groups have an auto sync feature to synchronize stale partitions automatically. The "chvg -s" command can be used to enable synchronization. This option has no meaning for non-mirrored logical volumes. Automatic synchronization is a recovery mechanism that will only be attempted after the LVM device driver logs LVM_SA_STALEPP in the errpt. A partition that becomes stale through any other path (for example, mklvcopy) will not be automatically resynced. This option is not supported for the concurrent capable volume groups.

The lsvg command can be used to check if auto sync has been enabled. Look for "AUTO SYNC: yes" in the lsvg output.
Output:
Volume group rootvg is not set to auto sync. Run: chvg -s y rootvg

checkvmmklockmode.ksh
Script run at:2017-05-25 11:56:49
Runtime:0 second(s)
Returncode:1
Description:
Check if vmo option vmm_klock_mode is set to 2.

Virtual memory option vmm_klock_mode helps to prevent paging out kernel data. This improves system performance in many cases.

On AIX 6.1 the default setting for vmm_klock_mode is -1, however, most AIX 6.1 systems will have a boot mode of 0, which means that kernel locking is disabled. On AIX 7.1, it is similar, the default is listed as -1, however most AIX 7.1 systems will have a boot mode of 2. A message can usually be seen in /etc/tunables/lastboot.log, stating that the boot mode and the current mode for vmm_klock_mode is different.

Setting it to 2 will enable kernel locking. In AIX 6.1 TL6+ and 7.1, Kernel Memory Locking may be used to avoid unnecessary kernel page faults, thereby improving performance. Locked memory is not stolen until no other pages are available, thereby giving preference to kernel pages.

Vmo option vmm_klock_mode is available from AIX 6.1 TL6 SP5 and up.

Kernel locking can be enabled by running:

# vmo -r -o vmm_klock_mode=2

You will be asked to run bosboot afterwards. We recommend to reboot the system after changing this tunable.
Output:
Virtual memory tunable vmm_klock_mode is set to 0, but should be set to 2. Run: vmo -r -o vmm_klock_mode=2

checkwget.ksh
Script run at:2017-05-25 11:56:53
Runtime:0 second(s)
Returncode:2
Description:
Check if wget is installed, and if so, if the correct version is installed. The latest available version in the AIX Toolbox for Linux Applications is version 1.9.1.
Output:
Wget version 1.9.1 is installed, but should be version 1.17.1.

checkzip.ksh
Script run at:2017-05-25 11:56:56
Runtime:1 second(s)
Returncode:1
Description:
Checks if the zip RPM is installed. Zip can be found in the AIX Toolbox for Linux and is useful for creating a zip archive, that also works on Windows/Intel systems.

Version 2.3(.3) is the recommended version for zip.
Output:
Version 2.3 installed of zip, but should be version 3.0.
Download the latest version from the AIX Toolbox for Linux.
Zip 2.3 (November 29th 1999)

checkzlib.ksh
Script run at:2017-05-25 11:56:57
Runtime:1 second(s)
Returncode:1
Description:
Check if the latest version of the zlib RPM package is installed.

This package can be found in the AIX Toolbox for Linux applications.
Output:
Version 1.2.5 of zlib installed, but version 1.2.8 is recommended.
Download and install the preferred version from the AIX Toolbox for Linux Applications on the IBM website.

checkzsnapinstalled.ksh
Script run at:2017-05-25 11:56:57
Runtime:0 second(s)
Returncode:2
Description:
Check if zsnap is installed.

IBM recommends that you install zsnap before you call the AIX or PowerHA technical support center.

For the latest version, please see the following URL:

http://www-01.ibm.com/support/docview.wss?uid=aixtools_home
Output:
The Ztrans Support Tool (zsnap) is not installed.

Results

Run time for all checks:
836 seconds
Total number of checks:
1085
# Checks with result OK:
970
# Checks with result WARNING:
30
# Checks with result ERROR:
85
Score [Percentage OK/WARNING]:
92.16 %
For details see logfile:
/uhc/checkall_server1.html

Copyright (c) 2004-2017 UNIX Health Check - All Rights Reserved

This is confidential and unpublished work of authorship subject to limited use license agreements and is a trade secret, which is the property of UNIX Health Check (www.unixhealthcheck.com). All use, disclosure and/or reproduction not specifically authorized in writing by UNIX Health Check is strictly prohibited.

Any expressed or implied warranties are disclaimed. In no event shall UNIX Health Check be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, loss of use, data, profits, or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of these scripts, even if advised of the possibility of such damage.