artexdiff Command

Purpose

The artexdiff command compares the parameters and values between two profiles or between a profile and a system.

Syntax

artexdiff [-a] [-q|-v] [-r|-n] [-u|-c] [-f {csv|xml}] [-g category] [-g level] profileA

artexdiff [-a] [-q|-v] [-r|-n] [-u|-c] [[-d|-s] -f txt ] [-g category] [-g level] profileA

artexdiff [-a] [-q|-v] [-r|-n] [-p [-V version] [-m comment]] [-g category] [-g level] profileA

artexdiff [-a] [-q|-v] [-u|-c] [-f {csv|xml}] [-g category] [-g level] profileA profile

artexdiff [-a] [-q|-v][-u|-c] [[-d|-s] -f txt] [-g category] [-g level] profileA profile

Description

The artexdiff command compares the parameters and values between profiles or between a profile and a system.

When the comparison is between a profile and a system, the current values of the parameters of the running system are compared. If the current value cannot be retrieved, then it compares with nextboot values. If –n option is specified, then the comparison uses the nextboot values for the systems with the parameters specified in the profile. If the -r option is specified, the current values are retrieved.

This command displays the output in three different formats to stdout. This output can be saved into a file using the redirector (>). If none of the output formats are specified, it displays in XML format. If Comma Separated Values (CSV) format (-f csv) is specified, then it displays in csv format, which can be used to open in a spreadsheet. If a text format (-f txt) is specified, the output will be in a table like readable format. When text format is specified, the output format can be either diff command output format (-d option) or sdiff command output format (-s option). So, the -s and -d flags can only be used in conjunction with the -f txt flag. When the –p option is specified, this command generates XML output in profile format that includes the parameters and values from the profile that are different from the system. Use the XML output in profile format to set the system by calling the artexset command. This ensures that the system is compliant with the input profile. When the –p option is specified, the output is always XML in profile format .

You can add comment and version number to the output profile if the -p option is specified. If you specify the –m option with a comment, the comment is included in the output profile. If you specify the –V option with a user revision number, the version number of the output profile is updated and the revision number is changed to the user-specified revision number. Otherwise, the revision number of the output profile version is set to 0.

Selection criteria, as specified by the -u or -c flags, indicate how to list the comparison results. When no selection criteria is specified, all comparison results display. If the –c option is specified, only parameters that are different in the comparison are displayed. If the –u option is specified, only the parameters that have the same values are displayed.

The specified profile can exist on the local file system using a relative or absolute path or on an LDAP server.

Flags

Item Description
-a Indicates that artexdiff output will be recorded in the AIX® audit log.
-c Indicates to output only the values found by the comparison that are found to be different. If neither -u nor -c is specified, all parameter values are noted in the output.
-d Indicates to output the comparison results into a format like the diff command.
-f Specifies the output formats. Possible formats include the following:
  • The txt option indicates to use plain text format. The flags –d and –s can be used only when this -f flag is set.
  • The csv option indicates to use comma-separated values format.
  • The xml option indicates to use xml format. This is the default format.
-g categories Displays debug messages for the specified coma-separated list of categories. This option is useful while you write new catalog files. The available categories follow:
  • ALL: Includes all of the following categories.
  • COMMANDS: Prints information about the AIX command that is being run.
  • DISCOVERY: Prints information about the discovery commands that are being run.
  • THREADS: Prints information about threads that are being run within the framework.
  • PARSING: Prints information about the parsing of profile and catalog files.
  • FLOW: Prints information about the progress of the operation.
Note: The default category is ALL.
-g level Specifies the verbosity of the debug traces, as an integer in the range of 0 (no debug traces) - 3 (most verbose level). The default level is 0.
-m comment Allows users to add comments to the profile. If the -m flag is used, the specified comment is added to the result profile.
Note: This optional flag can only be used with the -p flag.
-n Indicates to use the system's nextboot values for comparison. This option is only valid when the comparison includes a system.
-p Generates XML output in profile format that includes the parameters and values from the profile that are different from the system. This option is valid only when the comparison is between a profile and a system.
-q Allows users to ignore the nonfatal warning messages. The ignored messages are not displayed on the screen. This is an optional flag.
Note: This flag cannot be used with the -v flag.
-r Indicates to use the system's current values for comparison. This option is only valid when the comparison includes a system.
-s Indicates to output the comparison results into a format like the sdiff command.
-u Indicates to output only the values found by the comparison that are found to be identical. If neither -u nor -c is specified, all parameter values are noted in the output.
-v Displays the warning and error messages generated by the AIX commands that are run during the processing of the artexdiff command. The messages are displayed on the stderr. This is an optional flag.
Note: This flag cannot be used with the -q flag.
-V version Sets the user revision number of the resulting profile. By default, the revision number of the resulting profile is set to 0. This is an optional flag.
Note: This flag can only be used with the -p flag.

Parameters

Item Description
profileA Specifies the filename for the profile that lists the tunables by which all other information is gathered for comparison.
profile Specifies the filename for the profile to compare to the profile noted by the profileA parameter. If no profile is specified for the profile parameter, the comparison is performed against profileA and the system.

Exit Status

Item Description
0 The command completed successfully and no differences were found.
1 Differences were found.
>1 An error occurred.

Security

Access Control: This command should grant execute (x) access only to the root user and members of the security group. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand. To get the full functionality of the command, besides the accessauths, the role should also have the following authorizations:
  • aix.security.user.audit
  • aix.security.role.assign
  • aix.security.group.change
  • aix.security.user.change

Files Accessed:

Mode File
rw /etc/passwd
rw /etc/security/user
rw /etc/security/user.roles
rw /etc/security/limits
rw /etc/security/environ
rw /etc/group
rw /etc/security/group
r /usr/lib/security/artexdiff.default
x /usr/lib/security/artexdiff.sys

Auditing Events:

Event Information
USER_Create user

Examples

The following example illustrates how to compare the parameters and values between two profiles.

artexdiff profile1.xml profile2.xml

The following example illustrates how to compare the parameters and values between the ldap_profile.xml profile stored on LDAP server and the system.

artexdiff ldap://ldap_profile.xml

The following example illustrates how to create a new profile with the parameters and values from an input profile that are different from the system.

artexdiff -p profile.xml > diff_profile.xml