Professional Documents
Culture Documents
Checkall Rhel Server4
Checkall Rhel Server4
log
############################################################################################
################################
2017-06-01 08:57:53: UNIX HEALTH CHECK FOR RED HAT ENTERPRISE LINUX
www.unixhealthcheck.com
This is confidential and unpublished work of authorship subject to limited use license
agreements and is a trade secret,
which is the property of UNIX Health Check (www.unixhealthcheck.com). All use, disclosure
and/or reproduction not
Any expressed or implied warranties are disclaimed. In no event shall UNIX Health Check be
liable for any direct, indirect,
incidental, special, exemplary, or consequential damages (including, but not limited to,
loss of use, data, profits, or
business interruption) however caused and on any theory of liability, whether in contract,
strict liability, or tort
(including negligence or otherwise) arising in any way out of the use of these scripts, even
if advised of the possibility
of such damage.
This report is generated by UNIX Health Check for Red Hat Enterprise Linux. It is an
overview of check scripts run on an
Red Hat system, and depending on the options selected when the checkall.sh script was run,
it will list each check script,
the returncode of the check script, the output of the check script and a description. At the
end of this report is an
Any individual implementing changes should completely understand the change and deem each
change appropriate before it is
applied to the system. As a standard rule, please take into consideration the impact on
other components before
implementing the change. Also, we encourage all to conduct a peer review of all changes
before implementation. Most
importantly, if the effect of a change is not fully understood, do not implement that change
until a satisfactory
explanation can be given as to what the effects of the change are. We recommend
implementation of one change at a time. The
application of many changes all at once will increase the likelihood of confusion, if issues
arise.
############################################################################################
################################
2017-06-01 08:57:53: Display: WARNING and ERROR checks only, skipping inventory
scripts.
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 1/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
2017-06-01 08:57:53: # Checks: 405
############################################################################################
################################
2017-06-01 08:57:53: OS Level: Red Hat Enterprise Linux Server release 7.3 (Maipo)
2017-06-01 08:57:53: Uptime: 08:57:53 up 51 days, 5:21, 1 user, load average: 0.04,
0.04, 0.05
############################################################################################
################################
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
This check script lists all user accounts that have no password set.
The best way to avoid user accounts for which no password is set, to log in to the system,
remove the "nullok" argument for
PAM module pam_unix.so for the auth service in /etc/pam.d/system-auth. This disables all
logins with blank passwords on the
system.
Output:
------------
bin
daemon
adm
lp
sync
shutdown
halt
operator
games
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 2/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
ftp
nobody
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Often, old copies of configuration files are left behind in folder /etc, that will clutter
up the folder. This check script
Output:
------------
/etc/profile.old
/etc/sudoers.orig
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Check for any files in root directory that can be cleaned up.
Often, old files are left behind in the root home directory by system administrators. This
check script identifies files
Output:
------------
/1
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Often, system administrators may leave behind old copies of files in ~root/.ssh, and this
check script will identify any
Output:
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 3/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
------------
authorized_keys.orig
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
File /etc/login.defs is a file that determines defaults for new regular and system user
accounts and groups.
This check script will verify the entries in /etc/login.defs, and if the items are set
appropriately for a secure system.
Output:
------------
PASS_MAX_DAYS defines the number of days a password is valid. Recommended value is between
90 and 365 days.
PASS_MIN_DAYS defines the number of days between password changes. It should be higher than
0.
PASS_MIN_LEN defines the minimum length of a password, which should be between 9 and 20.
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
It is best practice to use DNS and to have the hostname correctly added to DNS.
This check script will also check if reverse IP lookup is enabled in DNS. It is best
practice to also be able to reverse
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 4/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
Description:
------------
Item INACTIVE in /etc/default/useradd indicates when to change the account to inactive after
the password has expired, but
Output:
------------
Item INACTIVE in /etc/default/useradd is set to the default value of -1. Please update the
value to 14.
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Quite often, the default permissions are set to 644, meaning that this file is readable for
everyone. For increased
security, please ensure that only user root can read and write this file, by running:
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
File /etc/hosts may not be empty. It needs to contain at least the server hostname and IP
address. Also, the IPv4 localhost
This script will alert if any permission or ownership of the /etc/hosts file are incorrect,
as well as if the number of
Furthermore, this check script will also make sure no additional entries have been added to
the IPv6 and IPv4 localhost
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 5/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
entries in /etc/hosts. If used at all, the IPv6 entry in /etc/hosts for localhost, should
look like this:
Output:
------------
There are too many entries in /etc/hosts (52). Use DNS instead.
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
If a system is cloned it may occur that a different system is mentioned in the GECOS field
for user root. If that user then
sends out an email it looks like it is originating from the original system, and not from
the actual system.
Having the hostname in the GECOS field for user root is very useful, to understand from
which system an email is
originating.
Output:
------------
The root GECOS field should at least include root and the hostname.
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
.sh_history.
By doing this, you can get a history file for each login session for each user. If not set,
only one history file per user
is written to ~/.sh_history. This will not allow for clear understanding which user exactly
used which command during which
login session. Therefore, it is recommended to set the histfile for each login session.
www.aixhealthcheck.com/blog.php?id=251
Output:
------------
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 6/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
2017-06-01 08:59:03: Check checkhistfile.sh reported ERROR(s): returncode 1
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
The Korn Shell (ksh) is, besides the Bash Shell (bash), often used for scripts, and it is
therefore useful to have it
Output:
------------
The Korn Shell (ksh) is not installed. Run: yum install ksh
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
The file /var/log/lastlog is used by the lastlog command and records the last login time for
every user. This file is a
sparse file, and is known to grow really big in size, even though it does not use up that
much space in the /var file
system.
If the system reports that the file is over 50 MB, it is best to empty the file, as this
will aid in keeping the backup of
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
day close to the mean solar time. However, the Earth's rotation speed varies in response to
climatic and geological events,
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 7/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
and due to this, UTC leap seconds are irregularly spaced and unpredictable. A leap second
insertion is taking place on June
30th, 2015 at 23:59:60. Systems running NTP are generally not vulnerable, however on systems
without NTP the leap second
This check script will indicate if you either need to update the tzdata package and/or if
you need to update the NTP
Output:
------------
[INFORMATION]
When the leap second occurs, this systems time will be stepped by the kernel. Thus, it is
configured to stay in sync with
- There is a chance that hrtimers may fire early when the leap second is inserted; this
issue is documented in
<https://access.redhat.com/solutions/2766351>.
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Check if the noatime mount option has been set for any file systems.
If there's a lot of file activity, the system has to update a lot of timestamps, e.g. file
creation time (ctime), file last
modified time (mtime), and file last access time (atime). File systems with heavy inode
access activity due to file opens
can have significant performance improvements if the noatime option has been set for those
file systems.
The atime attribute is sometimes called perhaps the most stupid Unix design idea of all
times. Think about this a bit: For
every file that is read from the disk, let's do a ... write to the disk! And, for every file
that is already cached in
memory and which we read from the cache ... do a write to the disk!
The performance impact of atime is thus: atime updates are by far the biggest I/O
performance deficiency that Unix has
today. Getting rid of atime updates would give us more everyday Unix performance than all
the pagecache speedups of the
To check if a file system has been mounted with the noatime option, run:
To change a file system to use the noatime mount option, edit /etc/fstab, and add "noatime"
as an extra mount option to
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 8/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
each ext2/3/4 or xfs file system entry, for example "defaults,noatime". Once updated, save
the file, and reboot the server
to allow all the file systems to be re-mounted using the noatime mount option.
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Check if the server is properly time synchronized with its time server.
If it is off by more than 10 seconds, this script will generate a warning message.
If there is an offset with the timeserver, then check the timeservers in /etc/ntp.conf, and
make sure the time servers are
correctly listed.
# ntpdate [timeserver]
Note: replace "timeserver" in the command above with the actual hostname of a time server in
your environment.
Output:
------------
The ntpdate service is not enabled at system boot time. Run: systemctl enable
ntpdate.service
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Check if the time server, ntpd, is active, and if the configuration file, /etc/ntp.conf is
correct.
It is crucial that the time on the physical servers remains synchronized. The most common
way to achieve this is through
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 9/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
NTP. NTP synchronizes the time on the local server to a centralized time server that can be
something public, such as the
atomic clock, or a centralized, trusted, time clock within an organization. Either way is
acceptable as long as all nodes
If utilizing NTP from a public time source, the usage of 3 public servers is recommended to
ensure the most accurate time
# chkconfig ntpd on
If the time on the server is off by more than 5 minutes, use the ntpdate command to
synchronize the time with one of your
time servers. Look in /etc/ntp.conf for the time servers configured on your system. To
synchronize the time, run:
# ntpdate ntpserver
Replace "ntpserver" in the command above with an actual NTP server listed in /etc/ntp.conf.
You can use the following command to verify that NTP is functional:
# ntpq -p
The local node's NTP daemon will mark a remote NTP server as trusted after a short period of
time (5 - 15 minutes). During
this time, the local node's NTP daemon is determining the stability of the remote NTP
server. The "*" seen in front of the
remote NTP server's name or IP address in the output of ntpq -p command designates the
trusted, remote NTP server. All
remote NTP servers should have a stratum value less than 10. The stratum value is under the
st column in the ntpq -p -n
command.
In the below example, the remote NTP server, 159.140.213.147, is the trusted, remote NTP
server.
# ntpq -p
==============================================================================
Output:
------------
The ntpdate service is not enabled at system boot time. Run: systemctl enable
ntpdate.service
--------------------------------------------------------------------------------------------
--------------------------------
Description:
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 10/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
------------
Check if the correct options are present in /etc/sysconfig/ntpd for the NTP daemon.
It is required to run the NTP daemon with the -x option. This option allows for time
corrections to be done with the "slew"
Option -u ntp:ntp will drop the user for the NTP daemon from root to ntp.
Option -p /var/run/ntpd.pid determines the location of the PID file of the NTP daemon.
Option -g will avoid the NTP daemon from stopping if the hardware clock (or chip time)
differs more than 1000 seconds from
The additional parameter -g allows for the NTP daemon to survive a larger time gap at
startup before shutting down
abnormally.
Output:
------------
NTP pidfile is not set in item OPTIONS in /etc/sysconfig/ntpd. Make sure to add "-p
/var/run/ntpd.pid".
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Check if the slewing option (-x) is enabled for the NTP daemon, ntpd.
Slewing is important to enable. This will ensure that any time changes that are required or
done so, in a slewing fashion,
taking small steps at a time, so no large time changes occur on the system, which often
impact any applications depending
If slewing is not enabled, make sure that the -x option is added to /etc/sysconfig/ntp, as
follows:
Then check if you can see the ntpd daemon active with the -x option:
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 11/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
an initial time synchronization with at boot time. If this file is empty, then it will use a
time server configured in
/etc/ntp.conf instead. Because ntp.conf needs to contain the time servers already, there is
no need to configure these as
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
The parameter SYNC_HWCLOCK will synchronize the local node's internal clock after a
successful execution of ntpdate command
SYNC_HWCLOCK=yes
Starting in RHEL 6, hardware clock synchronization at boot time is handled by the ntpdate
service. Modify the SYNC_HWCLOCK
SYNC_HWCLOCK=yes
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 12/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
# chkconfig ntpdate on
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Check if there is no nullok argument listed for pam_unix.so allowing a user without a
password to log in to the system.
The PAM configuration option that enables null passwords is the nullok module argument
passed to pam_unix.so PAM module.
You'll want to remove this argument from any modules of auth type for services that allow
login.
To avoid allowing user accounts for which no password is set to be able to log into the
system, the "nullok" argument for
the auth entry for the pam_unix.so module in /etc/pam.d/system-auth should be removed.
# useradd test
Output:
------------
Argument nullok is listed for pam_unix.so for the auth service type in file
/etc/pam.d/system-auth.
This allows users without a password to log in to the system.
Argument nullok is listed for pam_unix.so for the password service type in file
/etc/pam.d/system-auth.
This allows users to change their passwords to a null value.
Argument nullok is listed for pam_unix.so for the auth service type in file
/etc/pam.d/password-auth.
Argument nullok is listed for pam_unix.so for the password service type in file
/etc/pam.d/password-auth.
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 13/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
Check if password history checking is enabled through PAM pam_unix.so or pam_pwhistory.so.
Depending on the Red Hat Enterprise Linux version used, an argument "remember=20" should be
added to either pam_unix.so
(for RHEL version 6 or lower) or pam_pwhistory.so (for RHEL 7 and up) to files
/etc/pam.d/system-auth and
value of 20, which means the last 20 passwords are kept for user accounts, and cannot be re-
used by users, which increases
system security. The maximum number of passwords that can be kept is 400.
On RHEL7 and up, the following entry should be listed after pam_pwquality.so:
On RHEL6 and below, the following entry should be present after pam_cracklib.so:
RHEL 6: http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html
RHEL 7: http://www.deer-run.com/~hal/linux_passwords_pam.html
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
accounts.
As such, this check script only applies to systems running RHEL 7 or higher.
/etc/security/pwquality.conf.
difok = 5
minlen = 9
dcredit = -1
ucredit = -1
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 14/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
lcredit = -1
ocredit = -1
maxrepeat = 4
gecoscheck = 1
This requires user accounts to have at least a length of 9 characters, and the password
should include at least 1 digit,
one upper-case letter and one special character. Also, the user is allowed 3 times to set a
password (retry=3 is defined in
Finally, a new password should differ at least with 5 characters of the previous password,
and a check is done to validate
that no words found in the gecos field for the user are part of the new password.
Output:
------------
This argument defines the minimum length of the password. The value should be between 9 and
20.
This argument defines the maximum number of the same consecutive characters. The default is
0. It should be set between 2
and 4.
This argument determines the minimum number of digits in a password. It should be set to -1
specifying at least one digit
is required.
This argument determines the minimum number of special characters in a password. It should
be set to -1 specifying at least
This argument determines if any words in the gecos field of the user can be used in a
password. It should be enabled (set
to non-zero).
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 15/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
The mydomain entry in file /etc/postfix/main.cf is important for the Postfix mail system.
Without it, Postfix may not be
The mydomain entry should contain the domain name of the system, for example:
mydomain = domain.com
# postfix reload
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
The myhostname entry in /etc/postfix/main.cf is important for the Postfix mail system.
Without it, it may not be able to
send email.
myhostname = hostname.domain.com
This check script will also alert if the hostname of the system does not match with the
myhostname entry in
/etc/postfix/main.cf.
After updating /etc/postfix/main.cf, make sure to reload Postfix in order to have it pick up
any changes to the main.cf
file, by running:
# postfix reload
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 16/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
The myorigin entry in /etc/postfix/main.cf can be used for the Postfix mail system, to make
it look like email is coming
from a different domain. The myorigin parameter specifies the domain that locally-posted
mail appears to come from. The
Using the myorigin entry, may also result in the Linux system not being able to deliver
email to local email addresses (for
After updating the main.cf file, make sure to reload the configuration for Postfix, by
running:
# postfix reload
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
First, the file should exist. Also, there should be only one domain entry in the file, and
only one search entry. There
should be a nameserver entry in the file, and no more than 3 entries. The search entry must
be 1024 characters or less. The
FQDN discovered through the /etc/resolv.conf must be resolvable through DNS. The search
order in the search entry should be
correct (smaller domains should be listed in /etc/resolv.conf BEFORE larger domains, which
they are part of).
Besides that, there are several other checks within this script, to ensure that name
resolving works properly.
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
The sharutils package contains the GNU shar utilities, a set of tools
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 17/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
for encoding and decoding packages of files (in binary or text format)
format can be sent through e-mail (which can be problematic for regular
binary files). Install sharutils if you send binary files through e-mail.
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
SyslogFacility AUTHPRIV
LogLevel DEBUG
The good thing about enabling these 2 items is, that it will now log all activity via ssh.
Once you've enabled these 2
Also make sure that an entry in /etc/rsyslog.conf (if rsyslog is used on RHEL6 or later) or
/etc/syslog.conf (if syslog is
used on RHEL5 or earlier) is present that records the authpriv.debug messages to a file. For
example:
authpriv.* /var/log/secure
And make sure that the file that is referenced in /etc/rsyslog.conf or /etc/syslog.conf
(/var/log/secure in the example
above) exists. Then, make sure that the syslog daemon knows about any modification to
/etc/rsyslog.conf or
or
Output:
------------
The LogLevel option should be set to DEBUG and should be enabled in /etc/ssh/sshd_config.
--------------------------------------------------------------------------------------------
--------------------------------
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 18/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
Description:
------------
Check if the commands in the /etc/sudoers file (configuration file for the sudo utility)
exist. Having a command in the
/etc/sudoers file that does not exist does not make sense.
Please make sure to include the full pathname to any command in the /etc/sudoers file. And
also make sure to always edit
This check script will also check any files or folders included using the #include and
#includedir directives in
/etc/sudoers.
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
loglinelen=0 - to avoid wrapping text in the sudo log file (by default, entries in the sudo
log file are word-wrapped at 80
characters).
So, the following entry can be added to /etc/sudoers, by using the visudo command:
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Check if any groups defined in /etc/sudoers or any files in /etc/sudoers.d aren't set to
primary groups of users.
This check script will check for any groups defined in /etc/sudoers and any files in
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 19/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
there are any users defined in /etc/passwd that have any of those groups as their primary
group.
Although it is possible, we recommend that you do not define the primary group of a user as
a group known in /etc/sudoers,
or any file in /etc/sudoers.d. The reason for this is, that primary groups configured for
user accounts are not listed in
/etc/group.
For example, if the primary group of user "theo" is set to "wheel", and group "wheel" has
been added to /etc/sudoers with
root access, then by looking at /etc/group, you will not see that user "theo" is a member of
group "wheel". You will only
see this if you run "groups theo", or if you compare the group ID defined as the primary
group for user "theo" in
/etc/passwd, with the group ID known in /etc/group. It is easier to recognize if user "theo"
has been added to group
"wheel" as a secondary group, and his primary group has been set to something else, such as
"staff" instead. That way, you
If this script identifies any users with a primary group that is configured in /etc/sudoers
or a file in /etc/sudoers.d,
then change the primary group of the user to something else, and add the former primary
group as a secondary group to the
Output:
------------
The following users have group ITS as their primary group and that group is also defined in
/etc/sudoers:
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
By default, this package is not installed on Red Hat systems. The sysfsutils package is a
set of utilities built upon
sysfs, a virtual filesystem in Linux kernel versions 2.5_ that exposes a system's device
tree. A very useful tool in this
Output:
------------
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 20/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Setting a shell timeout prevents unauthorized access. A TMOUT value (higher than 0) should
be set in /etc/profile or in
/etc/bashrc.
Output:
------------
No shell timeout set. Set the TMOUT value to a non-zero value in /etc/profile or
/etc/bashrc.
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Check if the most recent TSM / IBM Spectrum Protect backup was successful or not.
This check only applies to systems that are backed up by TSM / IBM Spectrum Protect.
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Check if the TSM / IBM Spectrum Protect scheduler is active. Check if the scheduler is
started at system boot time. Check
it the TSM / IBM Spectrum Protect scheduler is started after any update to dsm.sys.
This check only applies to systems that are backed up through TSM / IBM Spectrum Protect.
Output:
------------
TSM / IBM Spectrum Protect scheduler and/or acceptor daemon is not active.
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 21/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
Check if package tzdata is up-to-date and any tzdata-java package is the same level as
tzdata.
This check script will alert if the tzdata package is too old. The tzdata package determines
the time zone configuration of
the local machine, and due to frequent changes to time zone related information, it is
important to keep package tzdata
up-to-date.
Besides package tzdata, also a package tzdata-java exists, which holds time zone information
for Java applications, and may
also be installed. This check script will check if the tzdata-java package is of the same
version as tzdata. Whenever
tzdata is updated, and you have tzdata-java installed, please also update tzdata-java.
Output:
------------
Package tzdata has version 2016h, while package tzdata-java has version 2016i. Please ensure
both packages have the same
level.
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
It is recommended to set a password for all user accounts that can login to the system.
Note: User accounts without a password can not be used to log in directly to a system, and
will display a double
exclamation mark in the password field in /etc/shadow. However, if there are other
authentication mechanisms configured for
an account without a password, such as SSH keys that have been configured, then even if no
password is set, someone can log
in to the system using that user account. As such, we recommend setting a password for all
user accounts.
Output:
------------
User us50814 has no password set. It is recommended to set a password for this account.
--------------------------------------------------------------------------------------------
--------------------------------
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 22/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
Description:
------------
Output:
------------
Permission on folder /usr/lib set to dr-xr-xr-x instead of drwxr-xr-x. Run: chmod 755
/usr/lib
--------------------------------------------------------------------------------------------
--------------------------------
Description:
------------
The following command will display if any updates are available for your system:
# yum check-update
# yum update
Keeping your system up to date with the latest available updates is important for the
stability and security of the system.
Output:
------------
--------------------------------------------------------------------------------------------
--------------------------------
############################################################################################
################################
############################################################################################
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 23/24
4/10/23, 6:35 AM https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log
################################
https://www.unixhealthcheck.com/sample/checkall_rhel_server4.log 24/24