CDDL HEADER START
The contents of this file are subject to the terms of the
Common Development and Distribution License (the "License").
You may not use this file except in compliance with the License.
You can obtain a copy of the license at CDDL.txt
or http://www.opensolaris.org/os/licensing.
See the License for the specific language governing permissions
and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each
file and include the License file at CDDL.txt.
If applicable, add the following below this CDDL HEADER, with the
fields enclosed by brackets "[]" replaced with your own identifying
information: Portions Copyright [yyyy] [name of copyright owner]
CDDL HEADER END
Copyright 2008 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.
sccheck [-b] [-h nodename[,nodename].\|.\|.] [-o output-dir] [-s severity] [-v verbosity]
sccheck [-b] [-W] [-h nodename[,nodename].\|.\|.] [-o output-dir] [-v verbosity]
Note - Beginning with the Sun Cluster 3.2 release, Sun Cluster software includes an object-oriented command set. Although Sun Cluster software still supports the original command set, Sun Cluster procedural documentation uses only the object-oriented command set. For more information about the object-oriented command set, see the Intro(1CL) man page.
The sccheck utility examines Sun Cluster nodes for known vulnerabilities and configuration problems, and it delivers reports that describe all failed checks, if any. The utility runs one of these two sets of checks, depending on the state of the node that issues the command:
Preinstallation checks - When issued from a node that is not running as an active cluster member, the sccheck utility runs preinstallation checks on that node. These checks ensure that the node meets the minimum requirements to be successfully configured with Sun Cluster software.
Cluster configuration checks - When issued from an active member of a running cluster, the sccheck utility runs configuration checks on the specified or default set of nodes. These checks ensure that the cluster meets the basic configuration required for a cluster to be functional. The sccheck utility produces the same results for this set of checks regardless of which cluster node issues the command.
The sccheck utility runs configuration checks and uses the explorer(1M) utility to gather system data for check processing. The sccheck utility first runs single-node checks on each nodename specified, then runs multiple-node checks on the specified or default set of nodes.
Each configuration check produces a set of reports that are saved in the specified or default output directory. For each specified nodename, the sccheck utility produces a report of any single-node checks that failed on that node. Then the node from which sccheck was run produces an additional report for the multiple-node checks. Each report contains a summary that shows the total number of checks executed and the number of failures, grouped by check severity level.
Each report is produced in both ordinary text and in XML. The DTD for the XML format is available in the /usr/cluster/lib/sccheck/checkresults.dtd file. The reports are produced in English only.
The sccheck utility is a client-server program in which the server is started when needed by the inetd daemon. Environment variables in the user's shell are not available to this server. Also, some environment variables, in particular those that specify the non-default locations of Java and Sun Explorer software, can be overridden by entries in the /etc/default/sccheck file. The ports used by the sccheck utility can also be overridden by entries in this file, as can the setting for required minimum available disk space. The server logs error messages to syslog and the console.
You can use this command only in the global zone.
The following options are supported:
.na -b .ad Specifies a brief report. This report contains only the summary of the problem and the severity level. Analysis and recommendations are omitted. You can use this option only in the global zone. You need solaris.cluster.system.read RBAC authorization to use this command option. See rbac(5).
.na -h nodename[,nodename].\|.\|. .ad Specifies the nodes on which to run checks. If the -h option is not specified, the sccheck utility reports on all active cluster members. You can use this option only in the global zone. This option is only legal when issued from an active cluster member.
.na -o output-dir .ad Specifies the directory in which to save reports. You can use this option only in the global zone. The output-dir must already exist or be able to be created by the sccheck utility. Any previous reports in output-dir are overwritten by the new reports. If the -o option is not specified, /var/cluster/sccheck/reports.yyyy-mm-dd:hh:mm:ss is used as output-dir by default, where yyyy-mm-dd:hh:mm:ss is the year-month-day:hour:minute:second when the directory was created.
.na -s severity .ad Specifies the minimum severity level to report on. You can use this option only in the global zone. The value of severity is a number in the range of 1 to 4 that indicates one of the following severity levels:
1. Low
2. Medium
3. High
4. Critical Each check has an assigned severity level. Specifying a severity level will exclude any failed checks of lesser severity levels from the report. When the -s option is not specified, the default severity level is 0, which means that failed checks of all severity levels are reported. The -s option is mutually exclusive with the -W option.
.na -v verbosity .ad Specifies the sccheck utility's level of verbosity. You can use this option only in the global zone. The value of verbosity is a number in the range of 0 to 2 that indicates one of the following verbosity levels:
0: No progress messages. This level is the default.
1: Issues sccheck progress messages.
2: Issues Sun Explorer and more detailed sccheck progress messages. You need solaris.cluster.system.read RBAC authorization to use this command option. See rbac(5). The -v option has no effect on report contents.
.na -W .ad Disables any warnings. The report generated is equivalent to -s 3. You can use this option only in the global zone. The -W option is mutually exclusive with the -s option. The -W option is retained for compatibility with prior versions of the sccheck utility. You need solaris.cluster.system.read RBAC authorization to use this command option. See rbac(5).
The following exit values are returned:
.na 0 .ad The command completed successfully. No violations were reported.
.na 1-4 .ad The code indicates that the highest severity level of all violations was reported.
.na 100+ .ad An error has occurred. Some reports might have been generated.
See attributes(5) for descriptions of the following attributes:
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Availability | SUNWsczu, SUNWscsck |
| Interface Stability | Obsolete |
.na /usr/cluster/lib/sccheck/checkresults.dtd .ad
.na /var/cluster/sccheck/reports.yyyy-mm-dd:hh:mm:ss .ad
Intro(1CL), explorer(1M), sccheckd(1M), scinstall(1M), attributes(5)
Sun Cluster Software Installation Guide, Sun Cluster System Administration Guide
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.