Differences

This shows you the differences between two versions of the page.

--- aix:aix_internet_updates [2025/01/17 11:32]
manu
+++ aix:aix_internet_updates [2025/09/22 17:00] (current)
manu [FLRTVC.ksh (generate security reports)]
@@ Line 6: / Line 6: @@
   * **emgr_check_ifixes**
   * **emgr_download_ifix**
+  * **emgr_sec_patch**
+FIXME currently (02-2025) you can't set a proxy to download ! Only direct connections to internet are supported
 <cli prompt='#'>
 # emgr_check_ifixes
@@ Line 210: / Line 214: @@
 invscout fix - CVE-2024-27260
 </cli>
+===== FLRTVC.ksh (generate security reports) =====
+The [[https://esupport.ibm.com/customercare/sas/f/flrt3/FLRTVC-0.8.12.zip|FLRTVC]] script can generate multiple kind of output
+Flags for this script:
+<code>
+-d = Change delimiter for compact reporting
+-f = File selection for *.csv file
+-q = Quiet mode, hide compact reporting header
+-s = Skip download, use default apar.csv file
+-v = Verbose, full report (for piping to email)
+-g = Grep for filesets with phrase, useful for verbose mode
+-t = Type of APAR [hiper | sec]
+-l = Enter a custom LSLPP output file, must match lslpp -Lqc
+-e = Enter a custom EMGR output file, must match emgr -lv3
+-x = Skip EFix processing
+-a = Show all fixed and non-fixed HIPER/Security vulnerabilities
+-p = Convert FTP protocol to HTTP for bulletin and efix download links
+-r = Enter PROXY URL to be used by wget or curl, the same can be provided through HTTP_PROXY environment variable. This option value takes precedence over environment variable. Ex: http://user:password@hostIPorName:port or http://hostIPorName:port
+</code>
+Example, create 2 files whith the output of the following commands, and compare to the latest [[https://esupport.ibm.com/customercare/flrt/doc?page=aparCSV|apar file]]
+  emgr -lv3 > /tmp/emgr.txt
+  lslpp -Lcq > /tmp/lslpp.txt
+  flrtvc.ksh -a -l /tmp/lslpp.txt -e /tmp/emgr.txt -f /path_to_aparcsv/shared_data/APAR.csv
+The **-a** flag, give an output for what is fixed, and what is note, output can be imported in excel.
 ===== Efix DB location =====
@@ Line 226: / Line 258: @@
 1022103a|:|4|:|/usr/bin/openssl|:|openssl.base|:|1|:|5|:|063008060422|:|1.0.2.2103
 1022103a|:|5|:|/usr/bin/openssl64|:|openssl.base|:|1|:|5|:|063008060522|:|1.0.2.2103
+</cli>
+===== Efix TAR installation =====
+To install an efix based on TAR efix package, use the following command
+<cli prompt='#'>
+# /usr/sbin/emgr_sec_patch kernext_fix.tar
+...
+Efix State
++-----------------------------------------------------------------------------+
+Setting efix state to: STABLE
++-----------------------------------------------------------------------------+
+Operation Summary
++-----------------------------------------------------------------------------+
+Log file is /var/adm/ras/emgr.log
+EPKG NUMBER       LABEL               OPERATION              RESULT
+===========       ==============      =================      ==============
+                 IJ52610m2a          INSTALL                SUCCESS
+Return Status = SUCCESS
+Done
+em+-----------------------------------------------------------------------------+
+Checking System Level Prerequisites
++-----------------------------------------------------------------------------+
+calling emgr -p -e /tmp/emgr_12321112/kernext_fix/IJ52977s2a.241113.epkg.Z
+gr -PSkipping ifix
+See /var/adm/ras/emgr.log for more details
++-----------------------------------------------------------------------------+
+Checking System Level Prerequisites
++-----------------------------------------------------------------------------+
+calling emgr -p -e /tmp/emgr_12321112/kernext_fix/IJ52977s3a.241113.epkg.Z
+Skipping ifix
+See /var/adm/ras/emgr.log for more details
 </cli>

wiki

User Tools

Site Tools

Differences

Page Tools