Operating system data properties
The operating system data properties check operating system prerequisites, such as version, architecture, total memory, available memory, and total physical memory. For Windows systems only, it uses the operating system VBScript collectors in the ips_root/lib directory, with the os prefix identifier in their file names. For UNIX systems only, it uses the UNIX operating system collectors in the ips_root/UNIX_Linux directory, with the os prefix identifier in their file names.
Prerequisite property | Platform | Description | Valid values |
---|---|---|---|
|
All |
Checks the system architecture |
|
|
UNIX |
Checks whether the automount features works |
Boolean value, for example:
|
|
Windows |
Checks whether Windows Update is automatically enabled; returns True if enabled |
Boolean value, for example:
|
|
Windows |
Checks the amount of virtual memory that is available but unused by the operating system |
The value can be any of the following types:
|
|
UNIX |
Checks the dir_name file system that is based on the following qualification attributes:
dir_name can represent for example:
|
String with the following qualifier format:
For example, to check whether the home directory has drwxr-xr-x permissions:
Note: This
prerequisite property supports using the special character + in
the expected value. See Table 1.
For example, to check whether the owner, groups, and other users have read, execute, and optionally write permissions to the home file system:
The check also passes when the octal digit representation is 777, because the + symbol is specified. |
|
Checks the disk usage quota for the logged on user; returns the value for the quota in KBs or Unlimited |
The value can be any of the following types:
|
|
|
UNIX |
Checks whether Expect extension for TCL is available on the machine; returns Available if it has an available status Note: The os.file.expect prerequisite
property checks whether the Expect extension is installed on the machine.
|
Available|Unavailable |
|
UNIX |
Checks whether the binary_name binary
is available on the machine. binary_name can
represent any binary, for example:
|
Boolean value, for example:
|
|
UNIX | Checks whether the file_name file has the relevant specifications that are based on the following qualification attributes:
|
String with the following qualifier formats:
For example, to check whether the owner, groups, and other users have read and execute permissions to the nmap binary, when the path to the binary is set in the PATH environment variable:
Note: This
qualifier format supports using the special character + in
the expected value. See Table 1.
For example, to check whether the owner, groups, and other users have read, execute, and optionally write permissions to the nmap binary, when the path to the binary is not set in the PATH environment variable:
The check also passes when the octal digit representation is 777, because the + symbol is specified.
For example, to check whether the password file exists in the specified path:
|
|
UNIX |
The prerequisite property was grouped with other browser prerequisite properties and will be deprecated in a future release. See Browser data properties. |
|
|
UNIX |
Checks the total size of the available page cache |
Numeric format in MB or GBs, for example:
Note: The
values can use the special characters as outlined in Table 1.
|
|
UNIX |
Checks whether the root user is listed in the ftpusers file that determines the users for whom FTP login privileges are no allowed; returns Available if the user is not listed |
Available|Unavailable |
|
UNIX |
Checks whether the GNU tar utility is available on the machine; returns Available if it is installed |
Available|Unavailable |
|
UNIX |
Checks whether the entries in /etc/host are
in the correct format, for example:IP_Address Host_Name Short_Name_Alias1 [Short_Name_AliasN] where:
|
Boolean value, for example:
|
|
Linux PowerPC® | Checks whether the specified version of the IBM_lib_name IBM library is installed on the machine that is based on the following qualification attributes:
The qualification attributes are delimited by the semicolon character. |
String in the following format:
For example:
|
|
AIX® | Checks whether the specified interim fix or interim fixes are installed on the machine. When multiple interim fixes are specified, all interim fixes must be installed; otherwise the check fails. Restriction: The prerequisite property
has the following restrictions:
|
String in the following format:
|
|
AIX |
Checks the status of the asynchronous I/O (aio0), that is, the kernel process for enhancing I/O operation performance; returns Available if it has an available status |
Available|Unavailable |
|
Windows |
Checks whether 8.3 file name formats are being automatically applied; returns True if they are applied |
Boolean value, for example:
|
|
Windows |
Checks whether the service_name service is running on the machine. service_name represents the valid Windows service name that does not contain spaces or the % character, for example:
If you use spaces or an % character in the service_name suffix, the check logs a warning message. It returns Not Found for the actual value and the check fails. Attention: You
must use the actual Windows service
name. If you use the display name of the service as the service_name suffix,
the scan assumes that the service is not running and returns False for
the actual value and the check fails or passes depending on the expected value.
|
Boolean value, for example:
|
|
UNIX |
Checks whether the daemon_name daemon or service is running on the machine. daemon_name represents the following daemon processes or services for which the tool checks:
The tool requires that the path to the following command, which checks the status of the daemon process or service, is set in the PATH environment variable:
Note: If the tool runs the scan on a UNIX system that has the running daemon process
or service, it returns a PASS result; otherwise,
it returns a FAIL result.
|
Boolean value, for example:
|
|
AIX |
Checks the processor architecture that supports the kernel or unrestricted mode |
32-bit|64-bit |
|
Linux |
Checks whether the kernel parameters are available for the operating system |
Available|Unavailable |
|
Linux |
Checks whether the value for the setting_name kernel performance and tuning setting is specified on the target machine. setting_name represents the kernel performance and tuning setting that is configured by using the sysctl command, for example:
If the setting_name kernel performance and tuning setting is not valid, the check logs an error message. It returns Not Found for the actual value and the check fails. Restriction: The
path to the sysctl binary must be set in the PATH environment variable; if the path is
not set, the check logs an error message. It returns Not
Found for the actual value and the check fails.
|
String or numeric format depending on valid values for the specified setting, for example:
|
|
UNIX |
Checks the release of the kernel for UNIX operating systems |
String, for example:
Note: The check supports using the special characters + and * in
the expected value. See Table 1.
For example:
|
|
UNIX |
Checks for large file support |
Boolean value, for example:
|
|
UNIX |
Checks whether the LD_LIBRARY_PATH environment variable exists and ends with a colon, that is os.ldLibPath=[endsWith=:] |
Available|Unavailable |
|
AIX |
Checks whether the AIX operating system is greater than level 10 for AIX Version 5.3 or greater than level 3 for AIX Version 6.1 |
Boolean value, for example:
|
|
UNIX |
Checks whether the lib_name library or set of libraries is installed on the machine, which can be further qualified by supported operating system architecture: lib_name represents the name, and optionally version, of the library or set of libraries, for example:
_32|64 represents an optional qualification attribute to check whether the library or set of libraries exists for a 32-bit or 64-bit architecture, for example:
|
The value can be any of the following types: String requiring an exact match, for example:
regex {str},
a regular expression with the input parameter, str,
representing the search pattern for the library name, for example:
Checks whether the libXft.so library
exists on the machine.By default, the tool checks for a 32-bit library. To have the tool explicitly check for the 64-bit library, use the optional OS architecture qualification attribute in the prerequisite property name, for example, os.lib.libXft_64. The tool returns a FAIL result if the scan finds the 64-bit library, but no OS architecture qualification attribute is specified in the prerequisite property name. |
|
All |
Checks whether there is an entry in the hosts file that maps the local host to the 127.0.0.1 IP address, for example:
|
Boolean value, for example:
|
|
UNIX |
Checks whether the default paths for the root user are set in the PATH and SUPATH variables; returns Available if they are set |
Available|Unavailable |
|
UNIX |
Check whether /export/home/maximo directory is available |
Available|Unavailable |
|
UNIX |
Checks the owner of the /export/home/maximo directory |
maximo |
|
UNIX |
Checks the maximum number of processes that can run for each user |
Number, for example, 2048 |
|
UNIX |
The prerequisite property was grouped with other browser prerequisite properties. See Browser data properties. | |
|
UNIX |
Checks whether the file system is mounted based on the following qualification attributes:
|
String with the following qualifier format:
For example, to check whether /home directory is mounted and the nosuid option is not set:
|
|
AIX |
Checks whether the value for the parameter_name network option tunable parameter is specified on the target machine. parameter_name represents the network option tunable parameter that is configured by using the no command, for example:
If the parameter_name network option tunable parameter is not valid, the check logs an error message. It returns Not Found for the actual value and the check fails. Restriction: The path to the no binary
must be set in the PATH environment
variable; if the path is not set, the check logs an error message.
It returns Not Found for the actual value
and the check fails.
|
Numeric format, for example:
|
os.package.package_name prerequisite properties Prerequisite Scanner has
two variants of the os.package.package_name property:
You can specify both variants in the same configuration file. |
|||
|
UNIX |
Checks that the supported version of the package_name package is installed on the machine. String to represent package_name, for example, in bold:
Restriction: On HP-UX systems
only, the tool uses the following command and flag, swlist
-l, to retrieve the list of installed packages. This command
requires that the logged in user has at least super user access. If
the logged in user is non-root user, then the check fails.
|
String to represent the required version that must be installed, for example:
Note: This variant of the prerequisite
property supports using the special character + or - in
the expected value. For example:
|
|
UNIX |
Checks whether the package_name package within the specified version range is installed on the machine. package_name represents the short name of the package and [lower_range-upper_range] represents the version range. Examples of package_name include:
Restriction: On HP-UX systems
only, the tool uses the following command and flag, swlist
-l, to retrieve the list of installed packages. This command
requires that the logged in user has at least super user access. If
the logged in user is a non-root user, then the check fails.
|
|
|
UNIX |
Checks the pagesize of the system. |
Numeric format in KBs, for example:
Note: The
values can use the special characters as outlined in Table 1.
|
|
AIX | Checks whether the required page size is enabled on the computer that is based on the following segments:
|
Strings to represent valid page size segments:
|
|
UNIX |
Checks the RAM that the operating system can access and report on the machine, which might be less than the actual number of GBs of installed RAM that is dependent on the operating system type |
The value can be any of the following types:
|
|
Windows | Checks whether the key_value value for the HKEY_LOCAL_MACHINE subkey has specified value data in the Windows Registry, which is based on the following qualification attributes:
user_defined_id represents a unique identifier suffix to support multiple prerequisite properties that check the same key value but for different subkeys. The prerequisite property
supports the following data types for the key value data:
Restriction: This prerequisite property supports
subkeys of the HKEY_LOCAL_MACHINE root key only.
|
String with the following qualifier format for the HKEY_LOCAL_MACHINE subkey:
For example, to check whether the 1433 and 1434 ports are specified for the ReservedPorts key value that is associated with the SYSTEM\CurrentControlSet\Services\Tcpip\Parameters subkey:
For example, to check whether a set of privileges was specified for the RequiredPrivileges key value that is associated with the SYSTEM\CurrentControlSet\services\COMSysApp subkey:
|
|
Linux |
The prerequisite property was grouped with other browser prerequisite properties and will be deprecated in a future release. See Browser data properties. |
|
|
Linux |
Checks the enforcement status of the Security-Enhancement Linux feature that is based on the following qualification attributes:
|
The value can be any of the following types:
|
|
Windows |
Checks the current version of the service pack that is installed |
Numeric format, with majorVersion.minorVersion or the majorVersion version only For example, to check whether service pack 2 or later is installed, 2+ Note: The values
can use the special characters as outlined in Table 1.
|
|
UNIX |
Checks the current version of the service pack that is installed |
The value can be any of the following types:
Note: The values can use the special characters as outlined in Table 1.
|
|
UNIX | Checks whether the TCP port for the service_type service or a TCP port from the specified range of ports is absent from the /etc/services file. service_type refers to a user-defined name for the service; for example, os.servicesTCPavailablePorts.db2c_db2inst1_tcp_port checks whether the TCP port for the db2c_db2inst1 service is absent, where service_type is db2inst1_tcp_port. The scan returns the PortsInUse: prefix and list of ports in use in the file, as the actual value. If the expected port is not in the list, then the port is available. |
Single positive integers, for example:
A range of positive integers that is specified by using the - character or a comma-separated list, for example:
|
|
UNIX | Checks whether the UDP port for the service_type service or a UDP port from the specified range of ports is absent from the /etc/services file. service_type refers to a user-defined name for the service; for example, os.servicesUDPavailablePorts.objcall_udp_port checks whether the UDP port for the objcall Tivoli® Management Framework daemon service is absent, where service_type is objcall_udp_port. The scan returns the PortsInUse: prefix and list of ports in use in the file, as the actual value. If the expected port is not in the list, then the port is available. |
Single positive integers, for example:
A range of positive integers that is specified by using the - character or a comma-separated list, for example:
|
|
Red Hat Enterprise Linux |
Checks whether the default system shell is installed |
String to represent the default system shell, for example, bash |
os.space.dir_name prerequisite properties Prerequisite Scanner has
three variants of the os.space.dir_name property:
You can specify os.space.dir_name_nonroot and os.space.dir_name_root variants in the same configuration file. Prerequisite Scanner outputs NOT_REQ_CHECK_ID in the actual results cell for the non-applicable variant. For example, if the logged in user is root, Prerequisite Scanner outputs NOT_REQ_CHECK_ID for the os.space.dir_name_nonroot variant. The dir_path value
for the dir qualification attribute
that specifies the file system can have any of the following formats:
|
|||
|
UNIX |
Checks the available disk space for the specified dir_name file system that is based on one or more of the following qualification attributes:
The value for dir attribute is dependent on the logged on user; thus, the value is a name-value pair to represent the user type, that is, root or non-root, and the associated path. dir_name can
represent for example:
Note: You cannot use this variant twice for the same file
system but different user types in a single configuration file. Use
a combination of the os.space.dir_name_nonroot and os.space.dir_name_root variants.
When a range is specified for the expected disk space value, that is, minimum_value-recommended_value, the scan sets a different severity level and returns a different result depending on whether the actual value is below, within, or above the specified range. See Severity levels. |
String with the following qualifier format for the file system of a root user:
For
example:
String with the following qualifier format for the file system of a non-root user:
For
example:
|
String with the following
qualifier format for the file system of both users, by using only
one qualifier:
For example:
Numeric
format in MB or GBs, for example:
A range of positive integers in MBs or GBs
to represent the minimum and recommended disk space, which is specified
by using the - character, for example:
|
|||
|
UNIX |
Checks the available disk space for the dir_name file system of the non-root user, which is based on one or more of the following qualification attributes:
dir_name can represent for
example:
When a range is specified for the expected disk space value, that is, minimum_value-recommended_value, the scan sets a different severity level and returns a different result depending on whether the actual value is below, within, or above the specified range. See Severity levels. |
String with the following qualifier format for the file system of a non-root user:
For
example:
String with the dir qualification attribute only for the file system of a non-root user:
For
example:
|
|
UNIX |
Checks the available disk space for the dir_name file system of the root user, which is based on one or more of the following qualification attributes:
dir_name can represent for
example:
When a range is specified for the expected disk space value, that is, minimum_value-recommended_value, the scan sets a different severity level and returns a different result depending on whether the actual value is below, within, or above the specified range. See Severity levels. |
String with the following qualifier format for the file system of a root user:
For
example:
String with the dir qualification attribute only for the file system of a root user:
For
example:
|
|
UNIX |
Checks whether permitted root login is configured for SSH daemon sessions |
Available|Unavailable |
|
UNIX |
Checks whether the swap space must be greater than the RAM size or the total amount of swap space Note: On AIX systems
only: If you are logged in as a non-root user, you must have permissions
to run the bootinfo command; otherwise, the returned
results might be unexpected.
|
The value can be any of the following types:
|
|
UNIX |
Checks access permissions that are assigned to the /tmp file system, including any specific permissions that are set by access-right flags, for example, sticky, setuid, or setgid bits in the octal digits. |
Number to represent the octal_digits octal digits for the access permissions. For example, to check whether the temp directory has drwxrwxrwt permissions with the sticky bit permission is enabled:
As another example, to check whether the temp directory has drwxrwxrwx permissions excluding the sticky bit:
|
|
Windows |
The total amount of virtual memory to which the operating system can access |
The value can be any of the following types:
|
|
Windows |
The total amount of physical memory that the operating system can access, but it does not indicate the true amount of physical memory on the target computer |
The value can be any of the following types:
|
|
Windows |
Checks whether User Account Control (UAC) is enabled on the target computer Note: If the tool runs the scan
on a Windows system that
does not have this security component, it returns a FAIL result,
with [Not Found] as the actual value.
|
Boolean value, for example:
|
|
UNIX |
Checks whether an unlimited number of processes can be run based on the following qualification attributes:
Alternatively it checks whether the following limits were set
for the specified domains in the /etc/security/limits.conf file:
|
The value can be any of the following types:
|
|
UNIX |
Checks the permissions for the file mode creation mask |
Number to represent the octal_digits octal digits for the access permissions. For example, to check that new files are only writeable for the owner, set the octal digit to be 0022 |
|
UNIX |
Checks whether the maximum stack size is unlimited; returns Available if it is unlimited |
Available|Unavailable |
|
All | The full name and version of the operating system
that is running on the machine; alternatively, you can use a regular
expression to pass a string that represents the multiple variants
of an operating system. Tip: Use this prerequisite property in conjunction with os.servicePack (Windows) or os.ServicePack (UNIX), and os.architecture to
check the current service pack and system architecture.
Note: This
prerequisite property supersedes the OS Version prerequisite
property that will be deprecated in a future release.
|
The value can be any of the following types:
Note: The values can use the special characters as outlined
in Table 1.
|
|
Windows |
Checks the current version of the operating system that is installed on the machine |
Numeric format, for example, 5.0+ Note: The values can use the special
characters as outlined in Table 1.
|
|
AIX |
Checks whether the value for the parameter_name Virtual Memory Manager tuning parameter is specified on the target machine. parameter_name represents the Virtual Memory Manager tuning parameter that is configured by using the vmo command, for example:
If the parameter_name Virtual Memory Manager tuning parameter is not valid, the check logs an error message. It returns Not Found for the actual value and the check fails. Restriction: The
path to the vmo binary must be set in the PATH environment variable; if the path is
not set, the check logs an error message. It returns Not
Found for the actual value and the check fails.
|
Numeric format, for example:
|
|
UNIX |
Checks whether GNOME or KDE is available as a graphical desktop |
Available|Unavailable |