check if OS hardening and our standards are still intact
OS hardening is done with SST (Solaris Security Toolkit, old name JASS) and should be checked with it as well.
extra checks of other services
Many needed services are checked through the SST but some should be extra checked in the jb_cqa (netbackup for example, or if the NFS, ftp or telnet SMF services are disabled).
check if deployer's tasks are already done
Some tasks should be done by deployer of the server and are therefore checked as well, for example:
Exceptions are handled via the local file:
/jb/jb_cqa/cqa_excludes_list on each server
This file is delivered by the BJBcqa package to make sure that some tests are skiped on some of the servers (for example NFS solhome server should not be checked for disabled NFS SMF service).
do log all that you do separatelly and keep <= 30 days
all your findings should be traceable in SYSLOG
root@shp00385so# jb_cqa -h
Usage: /usr/bin/jb_cqa [options]
-n, --notify_tivoli default is without tivoli
-j, --jass_should_run default is without jass
-d, --dry_run only IGNORE entries in the messages log, no tickets
daily tickets should be raised based on the SYSLOG entries
For this task, cron entries are created during the installation of the BJBcqa pkg:
root@shp00385so# crontab -l | grep BJBcqa
30 7 * * * [ -x /jb/jb_cqa/jb_cqa ] && /jb/jb_cqa/jb_cqa --jass_should_run --notify_tivoli >/dev/null 2>&1 #BJBcqa
Also, if the package is removed, cron entries are removed as well.
Please use Google Chrome to obtain the best export results.
Public - 5/31/16, 6:51 PM