# MCcryp.ctl:262: Collects Cryptographic Framework Information # $Id: MCcryp.ctl,v 1.4 2014/07/10 08:26:37 RDA Exp $ # ARCS: $Header: /home/cvs/cvs/RDA_8/src/scripting/lib/collect/EXPLORER/MCcryp.ctl,v 1.4 2014/07/10 08:26:37 RDA Exp $ # # Change History # 20140710 PRA Add local zone collection. =head1 NAME EXPLORER:MCcryp - Collects Cryptographic Framework Information =head1 DESCRIPTION This module collects information about the cryptographic framework. =cut use Mrc # Initialization var $VALIDATE = true keep $VALIDATE section begin var $ERR = '---## Associated Errors' var $TOC = '%TOC%' var $TOP = '[[#Top][Back to top]]' run EXPLORER:XPLRlib('crypto') # ----------------------------------------------------------------------------- # XPLR_crypto section # ----------------------------------------------------------------------------- section XPLR_crypto # Validate the execution context call log_run('Processing CRYP sections ...') =head2 cryp - Cryptographic Framework Gathers cryptographic framework information using the following commands: =over 2 =item o C =item o C =item o C =item o C =back Collects the following configuration files: =over 2 =item o F =item o F =back =cut debug ' Inside CRYP collection, gathering CRYP information' pretoc '2:Cryptographic Framework' # Collect command outputs loop $rec (get_zones(false)) {if $loc = defined($nam = $rec->[0]) {var ($ttl,$pre,$exe) = (concat('From Zone ',$nam),\ concat('zones/',$nam),\ concat('/usr/sbin/zlogin ',$nam)) } else var ($ttl,$pre,$exe) = ('From Global Zone') var $top = $rec->[1] var @cmd = () if ?testFile('x','/usr/bin/elfsign') call push(@cmd,\ ['crypto/elfsign_verify',\ '/usr/bin/find',\ concat('/kernel/crypto /platform/',uname('m'),'/kernel/crypto -type f \ -exec /usr/bin/elfsign verify -e {} \; 2>/dev/null'),\ '---+ Kernel Signed Objects']) if ?testFile('x',$pgm = '/usr/sbin/cryptoadm') call push(@cmd,\ ['crypto/cryptoadm_list_-p',\ $pgm,'list -p',\ '---+ Mechanism Policy'],\ ['crypto/cryptoadm_list_-vm',\ $pgm,'list -vm',\ '---+ Mechanisms for Providers'],\ ['crypto/cryptoadm_list_metaslot',\ $pgm,'list metaslot',\ '---+ Metaslots']) # Create the report debug ' Inside CRYP collection, collecting from ',nvl($nam,'global'),' zone' report concat('cryp_z_',nvl($nam,'global')) title '---+!! ',$ttl title $TOC # Collect the commands call do_remote($pre,$exe,$top,@cmd) # Collect files prefix {write '---+ Configuration Files' write ' * Links point to files that have been collected in their original \ format. Opening them directly in your browser can present \ risks. To prevent them, access the file outside the browser or \ use the link to save them and use an adequate viewer.' write '|*File Path*| *Size*|*Last Modified Date*|' } call do_collect_rem($pre,$top,\ ['B','crypto/kcf.conf', '/etc/crypto/kcf.conf'],\ ['B','crypto/pkcs11.conf','/etc/crypto/pkcs11.conf']) if hasOutput(true) write $TOP # Add the report in the table of content if isCreated(true) toc '3:[[',getFile(),'][rda_report][',$ttl,']]' } # Adjust the table of content unpretoc =head2 Zones =for zone begin crypto By default, collects information from the global zone only. When local zone collections are requested explicitly, collects information about the cryptographic framework from the selected local zones using the following commands: =over 2 =item o C =item o C =item o C =item o C =back and the following configuration files from the selected local zones: =over 2 =item o F =item o F =back =for zone end =head1 SEE ALSO L, L, L =head1 COPYRIGHT NOTICE Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. =head1 TRADEMARK NOTICE Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. =cut