The artexdiff command compares the parameters and values between two profiles or between a profile and a system.
artexdiff [-a] [-q|-v] [-r|-n] [-u|-c] [-f {csv|xml}] [-g category] [-g level] profileA
artexdiff [-a] [-q|-v] [-r|-n] [-u|-c] [[-d|-s] -f txt ] [-g category] [-g level] profileA
artexdiff [-a] [-q|-v] [-r|-n] [-p [-V version] [-m comment]] [-g category] [-g level] profileA
artexdiff [-a] [-q|-v] [-u|-c] [-f {csv|xml}] [-g category] [-g level] profileA profile
artexdiff [-a] [-q|-v][-u|-c] [[-d|-s] -f txt] [-g category] [-g level] profileA profile
The artexdiff command compares the parameters and values between profiles or between a profile and a system.
When the comparison is between a profile and a system, the current values of the parameters of the running system are compared. If the current value cannot be retrieved, then it compares with nextboot values. If –n option is specified, then the comparison uses the nextboot values for the systems with the parameters specified in the profile. If the -r option is specified, the current values are retrieved.
This command displays the output in three different formats to stdout. This output can be saved into a file using the redirector (>). If none of the output formats are specified, it displays in XML format. If Comma Separated Values (CSV) format (-f csv) is specified, then it displays in csv format, which can be used to open in a spreadsheet. If a text format (-f txt) is specified, the output will be in a table like readable format. When text format is specified, the output format can be either diff command output format (-d option) or sdiff command output format (-s option). So, the -s and -d flags can only be used in conjunction with the -f txt flag. When the –p option is specified, this command generates XML output in profile format that includes the parameters and values from the profile that are different from the system. Use the XML output in profile format to set the system by calling the artexset command. This ensures that the system is compliant with the input profile. When the –p option is specified, the output is always XML in profile format .
You can add comment and version number to the output profile if the -p option is specified. If you specify the –m option with a comment, the comment is included in the output profile. If you specify the –V option with a user revision number, the version number of the output profile is updated and the revision number is changed to the user-specified revision number. Otherwise, the revision number of the output profile version is set to 0.
Selection criteria, as specified by the -u or -c flags, indicate how to list the comparison results. When no selection criteria is specified, all comparison results display. If the –c option is specified, only parameters that are different in the comparison are displayed. If the –u option is specified, only the parameters that have the same values are displayed.
The specified profile can exist on the local file system using a relative or absolute path or on an LDAP server.
Item | Description |
---|---|
-a | Indicates that artexdiff output will be recorded in the AIX® audit log. |
-c | Indicates to output only the values found by the comparison that are found to be different. If neither -u nor -c is specified, all parameter values are noted in the output. |
-d | Indicates to output the comparison results into a format like the diff command. |
-f | Specifies the output formats. Possible formats
include the following:
|
-g categories | Displays debug messages for the specified coma-separated
list of categories. This option is useful while you write new catalog
files. The available categories follow:
Note: The default category is ALL.
|
-g level | Specifies the verbosity of the debug traces, as an integer in the range of 0 (no debug traces) - 3 (most verbose level). The default level is 0. |
-m comment | Allows users to add comments to the profile.
If the -m flag is used, the specified comment is added to
the result profile. Note: This optional flag can only be used with
the -p flag.
|
-n | Indicates to use the system's nextboot values for comparison. This option is only valid when the comparison includes a system. |
-p | Generates XML output in profile format that includes the parameters and values from the profile that are different from the system. This option is valid only when the comparison is between a profile and a system. |
-q | Allows users to ignore the nonfatal warning
messages. The ignored messages are not displayed on the screen. This
is an optional flag. Note: This flag cannot be used with the -v flag.
|
-r | Indicates to use the system's current values for comparison. This option is only valid when the comparison includes a system. |
-s | Indicates to output the comparison results into a format like the sdiff command. |
-u | Indicates to output only the values found by the comparison that are found to be identical. If neither -u nor -c is specified, all parameter values are noted in the output. |
-v | Displays the warning and error messages generated
by the AIX commands that are
run during the processing of the artexdiff command. The messages
are displayed on the stderr. This is an optional
flag. Note: This flag cannot be used with the -q flag.
|
-V version | Sets the user revision number of the resulting
profile. By default, the revision number of the resulting profile
is set to 0. This is an optional flag. Note: This flag can only be
used with the -p flag.
|
Item | Description |
---|---|
profileA | Specifies the filename for the profile that lists the tunables by which all other information is gathered for comparison. |
profile | Specifies the filename for the profile to compare to the profile noted by the profileA parameter. If no profile is specified for the profile parameter, the comparison is performed against profileA and the system. |
Item | Description |
---|---|
0 | The command completed successfully and no differences were found. |
1 | Differences were found. |
>1 | An error occurred. |
Access Control: This command should grant execute (x) access only to the root user and members of the security group. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.
Files Accessed:
Mode | File |
---|---|
rw | /etc/passwd |
rw | /etc/security/user |
rw | /etc/security/user.roles |
rw | /etc/security/limits |
rw | /etc/security/environ |
rw | /etc/group |
rw | /etc/security/group |
r | /usr/lib/security/artexdiff.default |
x | /usr/lib/security/artexdiff.sys |
Auditing Events:
Event | Information |
---|---|
USER_Create | user |
The following example illustrates how to compare the parameters and values between two profiles.
artexdiff profile1.xml profile2.xml
The following example illustrates how to compare the parameters and values between the ldap_profile.xml profile stored on LDAP server and the system.
artexdiff ldap://ldap_profile.xml
The following example illustrates how to create a new profile with the parameters and values from an input profile that are different from the system.
artexdiff -p profile.xml > diff_profile.xml