$scriptversion='31' # Define PAW installation path write-host('--------------------------------------------------------------------------------') write-host('--- Place this script anywhere, in a path without space character. ---') write-host('--- It will gather system/environment/docker/PAW ---') write-host('--- information and will create an Audit_file_for_IBM_Support_.txt---') write-host('--- in the same directory as the script itself. ---') write-host('--------------------------------------------------------------------------------') Do {$PAWpath = Read-Host 'What is the full path of your PAW installation ? (where Start.ps1 resides) '} Until (("$PAWpath".Contains(':')) -and (Test-Path $PAWpath/Start.ps1)) write-host("`n--------------------------------------------------------------------------------") write-host('--- Don''t stop the script when you see errors, this is normal and benign. ---') write-host('--- Let it run until the end ---') write-host('--- (until you see "Finished. You can now close this Powershell window") ---') write-host('--------------------------------------------------------------------------------') # Set Powershell to allow HTTPS requests write-host("`nSetting Powershell to allow HTTPS requests") [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 add-type @" using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { public bool CheckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { return true; } } "@ [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy # Creating new audit file write-host("`nCreating new audit file") $scriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent $DateTime = Get-Date -Format "yyyyMMdd_HHmm" $AuditFile = "$scriptDir\Audit_file_for_IBM_Support_$DateTime.txt" Add-Content $AuditFile "---------------------------------------------------------------------------`n" Add-Content $AuditFile "------- This audit file will help IBM Support to analyze PAW issues -------`n" Add-Content $AuditFile "---------------------------------------------------------------------------`n`n" Add-Content $AuditFile "Root path of PAW is: $PAWPath" write-host("PAWDockerWinChecker version $scriptversion") Add-Content $AuditFile "PAWDockerWinChecker version $scriptversion" # Computer information write-host("`nGetting system information") $MachineName = ${env:COMPUTERNAME} if("$MachineName".Contains('_')){ write-host("`nERROR! Host machine name $MachineName contains an underscore. PAW cannot work correctly on a host having an underscore character in its name ; PAW would not be able to reach available TM1 Servers. Please change your machine name.") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile "`nERROR: Host machine name $MachineName contains an underscore. PAW cannot work correctly on a host having an underscore character in its name ; PAW would not be able to reach available TM1 Servers. Please change your machine name.`n" } $ComputerInfo = $(get-computerinfo CsCaption,CsDNSHostName,CsName,CsWorkgroup,CsDomain,CsCaption,CsDNSHostName,CsName,CsWorkgroup,CsDomain,CsPartOfDomain,WindowsProductName,WindowsBuildLabEx,CsModel,OsHardwareAbstractionLayer,BiosBIOSVersion,CsProcessors,CsNumberOfProcessors,CsNumberOfLogicalProcessors,OsLocale,OsLanguage,TimeZone,OsLocalDateTime,OsTotalVisibleMemorySize,OsFreePhysicalMemory,OsTotalVirtualMemorySize,OsFreeVirtualMemory,OsInUseVirtualMemory,OsSizeStoredInPagingFiles,OsFreeSpaceInPagingFiles,OsPagingFiles,CsNetworkAdapters | out-string) Add-Content $AuditFile "`n`n------- Computer information -------" Add-Content $AuditFile $ComputerInfo write-host($ComputerInfo) Add-Content $AuditFile "`n---Microsoft Updates:---" Add-Content $AuditFile $(Get-Hotfix | out-string) Add-Content $AuditFile "`n---Disk information:---" Add-Content $AuditFile $(Get-WmiObject Win32_LogicalDisk -ComputerName localhost | out-string) Add-Content $AuditFile "`n---Most memory-consuming processes:---" Add-content $AuditFile $(get-process | sort -des ws | select -f 150 | Format-Table -Autosize Id,ProcessName,@{L='Priv.Mem(K)';E={$_.WS/1024}},@{L='Pag.Mem(K)';E={$_.PM/1024}},@{L='CPU(sec)';E={[int]($_.CPU)}},@{L='File Path';E={$_.Path}} | out-string) Add-Content $AuditFile "`n---Server 'Hosts' file:---" write-host 'C:\Windows\system32\drivers\etc\Hosts'+"`n" Add-Content $AuditFile $( cat C:/Windows/system32/drivers/etc/Hosts | Where-Object { !( $_ | Select-String '#' -quiet) } | out-string) # DEP configuration (Data Execution Prevention) write-host("`nChecking DEP configuration (Data Execution Prevention)") Add-Content $AuditFile "`n---Data Execution Prevention configuration (DEP):---" $DEP = $(wmic OS Get DataExecutionPrevention_SupportPolicy) Switch(($DEP[2]).substring(0,1)){ '0' {Add-Content $AuditFile "`nDEP is disabled for all processes.`n"; write-host("DEP is disabled for all processes.")} '1' {Add-Content $AuditFile "`nDEP is enabled for all processes.`n"; write-host("WARNING! DEP is enabled for all processes.") -ForegroundColor Red -BackgroundColor Yellow} '2' {Add-Content $AuditFile "`nDEP is enabled for only Windows system components and services.`n"; write-host("DEP is enabled for only Windows system components and services.")} '3' {Add-Content $AuditFile "`nDEP is enabled for all processes (with an exception list defined by the administrator)`n"; write-host("DEP is enabled for all processes (with an exception list defined by the administrator)") -ForegroundColor Red -BackgroundColor Yellow} } $WinFeatures = Get-WindowsFeature | out-string write-host("`nGetting Windows features (see audit file)") Add-Content $AuditFile "`n------- Windows features -------`n" Add-Content $AuditFile $WinFeatures # Network configuration write-host("`nGetting network configuration (see audit file)") Add-Content $AuditFile "`n------- Network configuration -------`n" Add-Content $AuditFile $(ipconfig /all) Add-Content $AuditFile "`n`n---Get-NetNat:--- " write-host("`nGet-NetNat (see audit file)") $ErrorResult=$null $Error.Clear() $GetNetNat=$(Get-NetNat | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host('==> Get-NetNat failed. Keep running this script until the end...')} Add-Content $AuditFile $GetNetNat Add-Content $AuditFile "`n---Get-NetAdapter:-- " write-host("`nGet-NetAdapter (see audit file)") $ErrorResult=$null $Error.Clear() $GetNetAdapter=$(Get-NetAdapter | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host('==> Get-NetAdapter failed. Keep running this script until the end...')} Add-Content $AuditFile $GetNetAdapter Add-Content $AuditFile "`n---Get-ContainerNetwork:--- " write-host("`nGet-ContainerNetwork (see audit file)") $ErrorResult=$null $Error.Clear() $GetContainerNetwork=$(Get-ContainerNetwork | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host('==> Get-ContainerNetwork failed. Keep running this script until the end...')} Add-Content $AuditFile $GetContainerNetwork Add-Content $AuditFile "`n---Get-VMSwitch:--- " write-host("`nGet-VMswitch (see audit file)") $ErrorResult=$null $Error.Clear() $GetVMSwitch=$(Get-VMSwitch | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host('==> Get-VMSwitch failed. Keep running this script until the end...')} Add-Content $AuditFile $GetVMSwitch Add-Content $AuditFile "`n---Get-NetIPInterface:---`nif the 'Interface Metric' of the vEthernet (HNS internal NIC) card is lower than the one`nfor the physical Ethernet card, then PAW won't be accessible from outside the docker virtual network" write-host("`n---Get-NetIPInterface:---`nif the 'Interface Metric' of the vEthernet (HNS internal NIC) card is lower than the one`nfor the physical Ethernet card, then PAW won't be accessible from outside the docker virtual network") $ErrorResult=$null $Error.Clear() $GetNetIPInterface=$(Get-NetIPInterface | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host('==> Get-NetIPInterface failed. Keep running this script until the end...')} Add-Content $AuditFile $GetNetIPInterface write-host($GetNetIPInterface) Add-Content $AuditFile "`n---Get-NetNatStaticMapping:--- `n" write-host("`nGet-NetNatStaticMapping (see audit file)") $ErrorResult=$null $Error.Clear() $GetNetNatStaticMapping=$(Get-NetNatStaticMapping | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host('==> Get-NetNatStaticMapping failed. Keep running this script until the end...')} Add-Content $AuditFile $GetNetNatStaticMapping Add-Content $AuditFile "`n-Get-HNSNetwork: `n" write-host("`nGet-HNSNetwork(see audit file)") $ErrorResult=$null $Error.Clear() $GetHNSNetwork=$(Get-HNSNetwork | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host('==> Get-HNSNetwork failed. Keep running this script until the end...')} Add-Content $AuditFile $GetHNSNetwork $VMswitches = Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Services\vmsmp\parameters\SwitchList -recurse | out-string Add-Content $AuditFile "`n--- VM Switches: --- `n" write-host("`nVM switches (see audit file)") Add-Content $AuditFile $VMswitches $NIClist = Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Services\vmsmp\parameters\NicList | out-string Add-Content $AuditFile "`n--- NIC List: --- `n" write-host("`nNIC list (see audit file)") Add-Content $AuditFile $NIClist $HNSconfig = Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Services\hns -Recurse | out-string Add-Content $AuditFile "`n--- HNS config: --- `n" write-host("`nHNS configuration (see audit file)") Add-Content $AuditFile $HNSconfig $NSI = Get-ChildItem 'HKLM:\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a20-9b1a-11d4-9123-0050047759bc}' -Recurse | out-string Add-Content $AuditFile "`n--- NSI config: --- `n" write-host("`nNSI configuration (see audit file)") Add-Content $AuditFile $NSI $WinNAT = Get-Service winnat | FL * | out-string Add-Content $AuditFile "`n--- WinNAT service: --- `n" write-host("`nWinNat service (see audit file)") Add-Content $AuditFile $WinNAT $WinFirewall = Get-Service mpssvc | FL * | out-string Add-Content $AuditFile "`n--- Windows Firewall: --- `n" write-host("`nWindows firewall service (see audit file)") Add-Content $AuditFile $WinFirewall $PAgtwIP = docker inspect pa-gateway -f' {{.NetworkSettings.Networks.nat.IPAddress}}' | out-string $PAgtwIP = $PAgtwIP.trim() Add-Content $AuditFile "`n--- PAW gateway IP address: --- `n" write-host("`nPAW gateway IP address (pa-gateway): `n $PAgtwIP") Add-Content $AuditFile $PAgtwIP $IPcompartments = ipconfig /allcompartments /all | out-string $pagtwIndex = $IPcompartments.IndexOf($PAgtwIP) Add-Content $AuditFile "`n`n--- pa-gateway network compartment: --- `n" write-host("`npa-gateway network compartment (see audit file)") Add-Content $AuditFile $IPcompartments.SubString(1,$IPcompartments.IndexOf('Ethernet',1)-1) $gtwStart = $IPcompartments.IndexOf('Ethernet',$pagtwIndex-1000) $gtwEnd = $IPcompartments.IndexOf('NetBIOS',$gtwStart) Add-Content $AuditFile $IPcompartments.SubString($gtwStart, $gtwEnd-$gtwStart+46) # List listening ports and corresponding process names Add-Content $AuditFile "`n`n----- List of listening ports and corresponding process names ----- `n" write-host("`n`nList of listening ports and corresponding process names (see audit file)") $ErrorResult=$null $Error.Clear() $ListPorts=$(Get-NetTCPConnection -State Listen | Select-Object -Property LocalAddress,LocalPort,@{'Name' = 'ProcessName';'Expression'={(Get-Process -Id $_.OwningProcess).Name}} | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host('==> Unable to list ports. Keep running this script until the end...')} Add-Content $AuditFile $ListPorts # Check proxy settings write-host("`nGetting proxy settings (see audit file)") Add-Content $AuditFile "`n------- proxy configuration -------`n" Add-Content $AuditFile $(Get-ItemProperty -Path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" | select ProxyEnable, ProxyServer, ProxyOverride, AutoConfigURL) # Check version of VMWare Tools service write-host("`nIf VMWare Tools is installed: checking whether version is compatible with Docker") Add-Content $AuditFile "`n`n------- Checking VMWare Tools version for Docker compatibility -------" $GetVMTools = $(Get-Process| Where {$_.ProcessName -eq "vmtoolsd"}) if( $GetVMTools -ne $null){ $VMWareTools = $(Get-Process -Name vmtoolsd -FileVersionInfo) Add-Content $AuditFile "`nVMWare Tools service versions 11.0 to 11.0.5 are not compatible with Docker.`nVerify that the below version is either 10.x or 11.0.6+ :`n" Add-Content $AuditFile $VMWareTools write-host("VMWare Tools service versions 11.0 to 11.0.5 are not compatible with Docker.`nVerify that the below version is either 10.x or 11.0.6+ :") write-host( $VMWareTools ) -ForegroundColor Black -BackgroundColor Yellow }else{Add-Content $AuditFile "`nThere is no VMWare Tools service running. No action required."; write-host("There is no VMWare Tools service running. No action required.")} # List IBM services write-host("`nListing other existing IBM services (see audit file)") Add-Content $AuditFile "`n`n------- List of existing IBM Services on this machine -------" Add-Content $AuditFile $(Get-WmiObject Win32_Service -Filter "DisplayName like 'IBM%'" | select DisplayName,Name,PathName,StartMode,State,StartName | out-string) # List minifilters $minifilters = (fltmc | out-string) write-host("`nListing minifilters (optional drivers that add value to or modify the behavior of a file system)`n $minifilters") Add-Content $AuditFile "`n-----List of minifilters (optional drivers that add value to or modify the behavior of a file system)-----`n $minifilters" # Getting info on "IBM Planning Analytics Administration Agent" if it exists $PAAA=(Get-WmiObject -Class Win32_Service -Filter "Name='kate-agent'" | select PathName | out-string) if ($PAAA -ne ''){ $PAAAPath=([regex]::Matches($PAAA, '--------([^/)]+)paa_agent') |ForEach-Object { $_.Groups[1].Value }) $PAAAPath=$PAAAPath.Replace('"','') $PAAAPath=$PAAAPath.trim() write-host("`nGetting version of IBM Planning Analytics Administration Agent") Add-Content $AuditFile "`n`n------- Version of IBM Planning Analytics Administration Agent -------" write-host "$PAAAPath/paa_agent/wlp/usr/servers/kate-agent/version.txt" Add-Content $AuditFile "$PAAAPath/paa_agent/wlp/usr/servers/kate-agent/version.txt" Add-Content $AuditFile $(cat "$PAAAPath/paa_agent/wlp/usr/servers/kate-agent/version.txt") write-host($(cat "$PAAAPath/paa_agent/wlp/usr/servers/kate-agent/version.txt" | out-string)) write-host("`nGetting configuration file from IBM Planning Analytics Administration Agent (see audit file)") Add-Content $AuditFile "`n`n---- bootstrap.properties from IBM Planning Analytics Administration Agent ----" write-host "$PAAAPath/paa_agent/wlp/usr/servers/kate-agent/bootstrap.properties" Add-Content $AuditFile "$PAAAPath/paa_agent/wlp/usr/servers/kate-agent/bootstrap.properties" Add-Content $AuditFile $(cat "$PAAAPath/paa_agent/wlp/usr/servers/kate-agent/bootstrap.properties") Add-Content $AuditFile "`n`n---- server.xml from IBM Planning Analytics Administration Agent ----" write-host "$PAAAPath/paa_agent/wlp/usr/servers/kate-agent/server.xml" Add-Content $AuditFile "$PAAAPath/paa_agent/wlp/usr/servers/kate-agent/server.xml" Add-Content $AuditFile $(cat "$PAAAPath/paa_agent/wlp/usr/servers/kate-agent/server.xml") } # Getting info on "IBM Planning Analytics Spreadsheet Services" if it exists $PASS=(Get-WmiObject -Class Win32_Service -Filter "Name='tm1web'" | select PathName | out-string) if ($PASS -ne ''){ $PASSPath=([regex]::Matches($PASS, '--------([^/)]+)wlp') |ForEach-Object { $_.Groups[1].Value }) $PASSPath=$PASSPath.Replace('"','') $PASSPath=$PASSPath.trim() write-host("`nGetting version of IBM Planning Analytics Spreadsheet Services") Add-Content $AuditFile "`n`n------- Version of IBM Planning Analytics Spreadsheet Services -------" write-host $(dir "$PASSPath/tm1javaweb*.txt") Add-Content $AuditFile $(dir "$PASSPath/tm1javaweb*.txt") Add-Content $AuditFile $(cat "$PASSPath/tm1javaweb*.txt") write-host $(cat "$PASSPath/tm1javaweb*.txt") write-host("`nGetting configuration files from IBM Planning Analytics Spreadsheet Services (see audit file)") Add-Content $AuditFile "`n`n---- bootstrap.properties from IBM Planning Analytics Spreadsheet Services ----" write-host "$PASSPath/wlp/usr/servers/tm1web/bootstrap.properties" Add-Content $AuditFile "$PASSPath/wlp/usr/servers/tm1web/bootstrap.properties" Add-Content $AuditFile $(cat "$PASSPath/wlp/usr/servers/tm1web/bootstrap.properties") Add-Content $AuditFile "`n`n---- server.xml from IBM Planning Analytics Spreadsheet Services ----" write-host "$PASSPath/wlp/usr/servers/tm1web/server.xml" Add-Content $AuditFile "$PASSPath/wlp/usr/servers/tm1web/server.xml" Add-Content $AuditFile $(cat "$PASSPath/wlp/usr/servers/tm1web/server.xml") Add-Content $AuditFile "`n`n---- jvm.options from IBM Planning Analytics Spreadsheet Services ----" write-host "$PASSPath/wlp/usr/servers/tm1web/jvm.options" Add-Content $AuditFile "$PASSPath/wlp/usr/servers/tm1web/jvm.options" Add-Content $AuditFile $(cat "$PASSPath/wlp/usr/servers/tm1web/jvm.options") Add-Content $AuditFile "`n`n---- tm1web_config.xml from IBM Planning Analytics Spreadsheet Services ----" write-host "$PASSPath/webapps/tm1web/WEB-INF/configuration/tm1web_config.xml" Add-Content $AuditFile "$PASSPath/webapps/tm1web/WEB-INF/configuration/tm1web_config.xml" Add-Content $AuditFile $(cat "$PASSPath/webapps/tm1web/WEB-INF/configuration/tm1web_config.xml") } # Getting info on TM1 Web (old "IBM Cognos TM1") if it exists $TM1Web=(Get-WmiObject -Class Win32_Service -Filter "Name='IBM Cognos TM1'" | select PathName | out-string) if ($TM1Web -ne ''){ $TM1WebPath=([regex]::Matches($TM1Web, '--------([^/)]+)tm1_64') |ForEach-Object { $_.Groups[1].Value }) $TM1WebPath=$TM1WebPath.Replace('"','') $TM1WebPath=$TM1WebPath.trim() if (Test-Path $TM1Webpath\tm1_64\webapps\tm1web){ write-host("`nGetting version of TM1 Web (in old 'IBM Cognos TM1' service)") Add-Content $AuditFile "`n`n------- Version of TM1 Web (in old 'IBM Cognos TM1' service) -------" write-host "$TM1WebPath/tm1_64/webapps/tm1web/version.txt" Add-Content $AuditFile "$TM1WebPath/tm1_64/webapps/tm1web/version.txt" Add-Content $AuditFile $(cat "$TM1WebPath/tm1_64/webapps/tm1web/version.txt") write-host($(cat "$TM1WebPath/tm1_64/webapps/tm1web/version.txt" | out-string)) write-host("`nGetting configuration file from TM1 Web (in old 'IBM Cognos TM1' service)") Add-Content $AuditFile "`n`n---- tm1web_config.xml from TM1 Web (in old 'IBM Cognos TM1' service) ----" write-host "$TM1WebPath/tm1_64/webapps/tm1web/WEB-INF/configuration/tm1web_config.xml" Add-Content $AuditFile "$TM1WebPath/tm1_64/webapps/tm1web/WEB-INF/configuration/tm1web_config.xml" Add-Content $AuditFile $(cat "$TM1WebPath/tm1_64/webapps/tm1web/WEB-INF/configuration/tm1web_config.xml") } } # Checking Windows Explorer view options write-host("`nChecking whether Windows Explorer displays file extensions or not (mistakes can happen if file extensions are not shown)") Add-Content $AuditFile "`n`n------- Checking Windows Explorer view options -------" if($(Get-ItemProperty -Path HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -Name "HideFileExt").HideFileExt -eq 1) { Add-Content $AuditFile "`n File extensions are hidden in Explorer: it is advised to show them, to avoid mistakes (like having a double file extension without noticing) `n" write-host("File extensions are hidden in Explorer: it is advised to show them, to avoid mistakes (like having a double file extension without noticing)") -ForegroundColor Red -BackgroundColor Yellow } else { Add-Content $AuditFile "`n File extensions are displayed in Explorer. No action required. `n" write-host("File extensions are displayed in Explorer. No action required.") } # Listing Docker's virtual disks: info and state write-host("`nListing Docker's virtual disks: info and state (see audit file)") Add-Content $AuditFile "`n------- Listing Docker's virtual disks: info and state -------" Add-Content $AuditFile $(Get-Disk | ? {$_.Location -like "*docker*"} | ft * | out-string) # Docker information write-host("`nGetting Docker and docker-compose information") Add-Content $AuditFile "`n------- Docker information -------`n" # Checking that Host Network Service (HNS) and Hyper-V Host Compute Service (vmcompute) are installed and running write-host("`nChecking that Host Network Service (HNS) and Hyper-V Host Compute Service (vmcompute) are installed and running") Add-Content $AuditFile "`n`nChecking that Host Network Service (HNS) and Hyper-V Host Compute Service (vmcompute) are installed and running`n" If (Get-WmiObject -Class Win32_Service -Filter "Name='hns'"){ if ((Get-Service -Name hns).status -ne 'Running'){ write-host("ERROR! Host Network Service (HNS) is not running: Docker cannot work") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile "ERROR! Host Network Service (HNS) is not running: Docker cannot work" } else { write-host("Host Network Service (HNS) is running") Add-Content $AuditFile "Host Network Service (HNS) is running" } } else { write-host("ERROR! Host Network Service (HNS) is not installed: Docker cannot work") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile "ERROR! Host Network Service (HNS) is not installed: Docker cannot work" } If (Get-WmiObject -Class Win32_Service -Filter "Name='vmcompute'"){ if ((Get-Service -Name vmcompute).status -ne 'Running'){ write-host("ERROR! Hyper-V Host Compute Service (vmcompute) is not running: Docker cannot work") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile "ERROR! Hyper-V Host Compute Service (vmcompute) is not running: Docker cannot work" } else { write-host("Hyper-V Host Compute Service (vmcompute) is running") Add-Content $AuditFile "Hyper-V Host Compute Service (vmcompute) is running" } } else { write-host("ERROR! Hyper-V Host Compute Service (vmcompute) is not installed: Docker cannot work") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile "ERROR! Hyper-V Host Compute Service (vmcompute) is not installed: Docker cannot work" } # docker version Add-Content $AuditFile "`n--- Docker version ---`n" $ErrorResult=$null $Error.Clear() $dockerversion=$(docker version 2> $null | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host("`n==> Docker is either not started or not corectly installed.`nKeep running this script anyway... ") -ForegroundColor Red -BackgroundColor Yellow} Add-Content $AuditFile $dockerversion write-host($dockerversion) # docker compose version Add-Content $AuditFile "`n---Docker-Compose version:---`n" $ErrorResult=$null $Error.Clear() $dockercomposeversion=$(docker-compose version | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host("`n==> docker-compose is not installed.`nKeep running this script anyway... ") -ForegroundColor Red -BackgroundColor Yellow} Add-Content $AuditFile $dockercomposeversion write-host($dockercomposeversion) # Docker configuration file (daemon.json) Add-Content $AuditFile "`n`n---Docker configuration file:---" Add-Content $AuditFile "C:/ProgramData/Docker/config/daemon.json" write-host("`nDocker configuration file (C:/ProgramData/Docker/config/daemon.json)") If(Test-Path 'C:/ProgramData/Docker/config/daemon.json'){ Add-Content $AuditFile $(cat C:/ProgramData/Docker/config/daemon.json) write-host($(cat C:/ProgramData/Docker/config/daemon.json | out-string)) } # Docker service properties Add-Content $AuditFile "`n`n---Docker service name and service account:---" $dockerServiceInfo = $(Get-WmiObject Win32_Service -Filter "Name like 'docker%'" | select DisplayName,PathName,StartMode,State,StartName | out-string) $dockerServiceInfo = [String]$dockerServiceInfo $dockerServiceInfo = $dockerServiceInfo.Trim() Add-Content $AuditFile $dockerServiceInfo write-host($dockerServiceInfo) $StartMode = (sc.exe qc "docker" | select-string START_TYPE) $Startmode = [String]$Startmode $Startmode = $Startmode.trim() write-host($StartMode) Add-Content $AuditFile "$StartMode `n" # Checking if docker is running if ((Get-Service -Name docker).status -eq 'Running'){ # docker info $ErrorResult=$null $Error.Clear() $dockerinfo=$(docker info | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host("==> Docker is either not started or not correctly installed.`nKeep running this script anyway... ") -ForegroundColor Red -BackgroundColor Yellow} Add-Content $AuditFile $dockerinfo write-host($dockerinfo) # Docker network configuration Add-Content $AuditFile "---Docker network configuration:---`n" $ErrorResult=$null $Error.Clear() $dockernetworkls=$(docker network ls | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host("==> Docker is either not started or not correctly installed.`nKeep running this script anyway... ") -ForegroundColor Red -BackgroundColor Yellow} Add-Content $AuditFile $dockernetworkls # docker NAT network configuration $ErrorResult=$null $Error.Clear() $dockernat=$(docker network inspect nat | out-string) if($Error.count -gt 0){$ErrorResult=$error[0];Add-Content $AuditFile $ErrorResult;write-host("==> docker not correctly installed, or not started, or 'NAT' is missing`nKeep running this script anyway... ") -ForegroundColor Red -BackgroundColor Yellow} Add-Content $AuditFile $dockernat } write-host("`nGathering PAW configuration and installation information") # Version of PAW Add-Content $AuditFile "`n------- PAW version -------`n$PAWpath/config/version.ps1" Set-Location -Path "$PAWpath" Add-Content $AuditFile $(cat ./config/version.ps1) write-host( $(cat ./config/version.ps1) ) # Verifying that important parameters were not modified directly in defaults.ps1 write-host("`nVerifying that important parameters were not modified directly in defaults.ps1:") Add-Content $AuditFile "`n--- Verifying that important parameters were not modified directly in $PAWPath/config/defaults.ps1 ---" Set-Location -Path "$PAWpath" . "./config/defaults.ps1" $DefaultsNotModified = $true If ($env:PAGatewayHTTPPort -ne "80"){ Add-Content $AuditFile "WARNING! Default PAGatewayHTTPPort has been set to $env:PAGatewayHTTPPort in /config/defaults.ps1: it should be set in /config/paw.ps1 instead" $DefaultsNotModified = $false write-host("WARNING! Default PAGatewayHTTPPort has been set to $env:PAGatewayHTTPPort in /config/defaults.ps1: it should be set in /config/paw.ps1 instead") -ForegroundColor Red -BackgroundColor Yellow } If ($env:PAGatewayHTTPSPort -ne "443"){ Add-Content $AuditFile "WARNING! Default PAGatewayHTTPSPort has been set to $env:PAGatewayHTTPSPort in /config/defaults.ps1: it should be set in /config/paw.ps1 instead" $DefaultsNotModified = $false write-host("WARNING! Default PAGatewayHTTPSPort has been set to $env:PAGatewayHTTPSPort in /config/defaults.ps1: it should be set in /config/paw.ps1 instead") -ForegroundColor Red -BackgroundColor Yellow } If ($env:EnableSSL -ne "false"){ Add-Content $AuditFile "WARNING! Default EnableSSL has been set to $env:EnableSSL in /config/defaults.ps1: it should be set in /config/paw.ps1 instead" $DefaultsNotModified = $false write-host("WARNING! Default EnableSSL has been set to $env:EnableSSL in /config/defaults.ps1: it should be set in /config/paw.ps1 instead") -ForegroundColor Red -BackgroundColor Yellow } If ($env:ServerName -ne "pa-gateway"){ Add-Content $AuditFile "WARNING! Default ServerName has been set to $env:ServerName in /config/defaults.ps1: it should be set in /config/paw.ps1 instead" $DefaultsNotModified = $false write-host("WARNING! Default ServerName has been set to $env:ServerName in /config/defaults.ps1: it should be set in /config/paw.ps1 instead") -ForegroundColor Red -BackgroundColor Yellow } If ($env:EnableIPv6 -ne "false"){ Add-Content $AuditFile "WARNING! Default EnableIPv6 has been set to $env:EnableIPv6 in /config/defaults.ps1: it should be set in /config/paw.ps1 instead" $DefaultsNotModified = $false write-host("WARNING! Default EnableIPv6 has been set to $env:EnableIPv6 in /config/defaults.ps1: it should be set in /config/paw.ps1 instead") -ForegroundColor Red -BackgroundColor Yellow } If ($env:ENABLE_PAA -ne "true"){ Add-Content $AuditFile "WARNING! Default ENABLE_PAA has been set to $env:ENABLE_PAA in /config/defaults.ps1: it should be set in /config/paw.ps1 instead" $DefaultsNotModified = $false write-host("WARNING! Default ENABLE_PAA has been set to $env:ENABLE_PAA in /config/defaults.ps1: it should be set in /config/paw.ps1 instead") -ForegroundColor Red -BackgroundColor Yellow } If ($env:ENABLE_USER_IMPORT -ne "true"){ Add-Content $AuditFile "WARNING! Default ENABLE_USER_IMPORT has been set to $env:ENABLE_USER_IMPORT in /config/defaults.ps1: it should be set in /config/paw.ps1 instead" $DefaultsNotModified = $false write-host("WARNING! Default ENABLE_USER_IMPORT has been set to $env:ENABLE_USER_IMPORT in /config/defaults.ps1: it should be set in /config/paw.ps1 instead") -ForegroundColor Red -BackgroundColor Yellow } If ( $DefaultsNotModified ) { Add-Content $AuditFile "No important changes were made in defaults.ps1: no problem to report here.`nJust keep in mind that defaults.ps1 must never be modified: edit /config/paw.ps1 instead." write-host("No important changes were made in defaults.ps1: no problem to report here.`nJust keep in mind that defaults.ps1 must never be modified: edit /config/paw.ps1 instead.") } # If PAW config file exists, execute it to set variables Set-Location -Path "$PAWpath" If((Test-Path ./config/paw.ps1) -or (Test-Path "$PAWpath\config\paw.ps1")){ . "./config/paw.ps1" write-host("`n------- Content of PAW configuration file -------`n$PAWPath/config/paw.ps1`n") Add-Content $AuditFile '(If PAAuthMode is set to "tm1", then we need to check tm1s.cfg too)`n' Add-Content $AuditFile "`n------- Content of PAW configuration file -------`n$PAWPath/config/paw.ps1`n" Add-Content $AuditFile $(cat ./config/paw.ps1) write-host($(cat ./config/paw.ps1 | out-string)) #################################################################### # Testing URLs found in /config/paw.ps1, from the PAW host machine # #################################################################### # # Testing TM1 Admin server from the PAW host # write-host("`nChecking that all URIs found in /config/paw.ps1 are accessible from PAW host machine") Add-Content $AuditFile "`n`n------- Is TM1 Admin server responding ? (if HTTP Status Code is 200 then Yes) -------" $ErrorResult=$null $Error.Clear() $TM1Loc=$env:TM1Location.Trim() If ($TM1Loc.Contains(";")){ $TM1Loc= $TM1Loc.substring(0 , $TM1Loc.IndexOf(";")).Trim() } Add-Content $AuditFile ('invoke-webrequest -Uri ' + $TM1Loc + '/api/v1/Servers') $TM1LocationTest = invoke-webrequest -Uri "$TM1Loc/api/v1/Servers" if($Error.count -gt 0){$ErrorResult="$error[0]"+"`nTM1 Admin Server is not accessible`n";Add-Content $AuditFile $ErrorResult;write-host("==> TM1 Admin Server is not accessible ") -ForegroundColor Red -BackgroundColor Yellow} Add-Content $AuditFile $($TM1LocationTest | out-string) Add-Content $AuditFile $($TM1LocationTest.Content | out-string) Add-Content $AuditFile $ErrorResult if($ErrorResult -ne $null){write-host("Keep running this script until the end...")} # # Testing TM1 Web or PASS from the PAW host # Add-Content $AuditFile "`n------- Is TM1 Web or PASS responding ? (if HTTP Status Code is 200 then Yes) -------" Add-Content $AuditFile ('invoke-webrequest -Uri ' + $env:TM1ApplicationsLocation + '/tm1web') $ErrorResult=$null $Error.Clear() $TM1ApplicationsLocationTest = invoke-webrequest -Uri "$env:TM1ApplicationsLocation/tm1web" if($Error.count -gt 0){$ErrorResult="$error[0]"+"`nTM1 Web or PASS is not accessible`n";Add-Content $AuditFile $ErrorResult;write-host("==> TM1 Web Server or PASS is not accessible ") -ForegroundColor Red -BackgroundColor Yellow} Add-Content $AuditFile $($TM1ApplicationsLocationTest | out-string) Add-Content $AuditFile $ErrorResult if($ErrorResult -ne $null){write-host("Keep running this script until the end... ")} # # If security mode is "tm1" then test if TM1 Server is responding... # If($env:PAAuthMode.ToLower() -eq 'tm1'){ Add-Content $AuditFile "`n------- Is TM1 Server responding ? (if HTTP Status Code is 200 then Yes) -------" Add-Content $AuditFile ('invoke-webrequest -Uri ' + $env:TM1LoginServerURL + '/api/v1/$metadata') $ErrorResult=$null $Error.Clear() $TM1LoginServerURLTest = invoke-webrequest -Uri ("$env:TM1LoginServerURL/api/v1/" + '$metadata') if($Error.count -gt 0){$ErrorResult="$error[0]"+"`nTM1 Server is not accessible`n";Add-Content $AuditFile $ErrorResult;write-host("==> TM1 Server is not accessible") -ForegroundColor Red -BackgroundColor Yellow} Add-Content $AuditFile $($TM1LoginServerURLTest | out-string) Add-Content $AuditFile $ErrorResult if($ErrorResult -ne $null){write-host("Keep running this script until the end...")} }else{ # ...ELSE test if Cognos Analytics is responding # # For Cognos Gateway, first we have to check if we use IBMCognosGateway or IBMCognosGatewayURL (this depends on the PAW version) if($env:IBMCognosGateway -ne $null){ Add-Content $AuditFile "`n------- Is Cognos Analytics Gateway responding ? (if HTTP Status Code is 200 then Yes) -------" Add-Content $AuditFile ('invoke-webrequest -Uri ' + $env:IBMCognosGateway) $ErrorResult=$null $Error.Clear() $IBMCognosGatewayTest = invoke-webrequest -Uri "$env:IBMCognosGateway" if($Error.count -gt 0){$ErrorResult="$error[0]"+"`nCognos Analytics gateway is not accessible";write-host("==> Cognos Analytics gateway is not accessible") -ForegroundColor Red -BackgroundColor Yellow} }else{ Add-Content $AuditFile "`n------- Is Cognos Analytics Gateway responding ? (if HTTP Status Code is 200 then Yes) -------" Add-Content $AuditFile ('invoke-webrequest -Uri ' + $env:IBMCognosGatewayURL) $ErrorResult=$null $Error.Clear() $IBMCognosGatewayTest = invoke-webrequest -Uri "$env:IBMCognosGatewayURL" if($Error.count -gt 0){$ErrorResult="$error[0]"+"`nCognos Analytics gateway is not accessible";write-host("==> Cognos Analytics gateway is not accessible") -ForegroundColor Red -BackgroundColor Yellow} } Add-Content $AuditFile $($IBMCognosGatewayTest | out-string) Add-Content $AuditFile $ErrorResult if($ErrorResult -ne $null){write-host("Keep running this script until the end...")} # # Test if Cognos Analytics Dispatcher is responding # Add-Content $AuditFile "`n------- Is Cognos Analytics Dispatcher responding ? (if HTTP Status Code is 200 then Yes) -------" Add-Content $AuditFile ('invoke-webrequest -Uri ' + $env:IBMCognosServlet) $ErrorResult=$null $Error.Clear() $IBMCognosServletTest = invoke-webrequest -Uri "$env:IBMCognosServlet" if($Error.count -gt 0){$ErrorResult="$error[0]"+"`nCognos Analytics dispatcher is not accessible`n";write-host("==> Cognos Analytics dispatcher is not accessible ") -ForegroundColor Red -BackgroundColor Yellow} Add-Content $AuditFile $($IBMCognosServletTest | out-string) Add-Content $AuditFile $ErrorResult if($ErrorResult -ne $null){write-host("Keep running this script until the end...")} # # If Cognos Analytics is installed on the same machine as PAW, then analyze pmhub.html # $CAservice=$null $CAservice=(Get-WmiObject Win32_Service -Filter "Name like 'IBM Cognos'" | select PathName | out-string) If(($env:PAAuthMode.ToLower() -eq 'cam') -and ($CAservice -ne "")){ write-host("`nSince CA is installed on the same machine: retrieving pmhub.html information`n") -ForegroundColor DarkBlue -BackgroundColor White $CAPath=([regex]::Matches($CAservice, '--------([^/)]+)bin64') |ForEach-Object { $_.Groups[1].Value }) $CAPath=$CAPath.Replace('"','') $CAPath=$CAPath.trim() # Go to Cognos Analytics webcontent Set-Location -Path "$CAPath\webcontent" If(Test-Path ".\pmhub.html"){ # List HTML files Add-Content $AuditFile "---HTML files in /webcontent:---" Add-Content $AuditFile $(dir .\*.htm* | out-string) # \webcontent permissions Add-Content $AuditFile "---Permissions on /webcontent folder---" Add-Content $AuditFile $((get-acl . ).access | ft IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -auto | out-string) # \webcontent\pmhub.html permissions Add-Content $AuditFile "---Permissions on /webcontent/pmhub.html file---" Add-Content $AuditFile $((get-acl ".\pmhub.html" ).access | ft IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -auto | out-string) # List of URLs declared in /webcontent/pmhub.html Add-Content $AuditFile "---List of URLs declared in /webcontent/pmhub.html:---`n" write-host("---List of URLs declared in /webcontent/pmhub.html:---") $pmhubcontent = get-content ./pmhub.html $pmhubcontent = [System.String] $pmhubcontent $pmhubcontent = ($pmhubcontent -Replace "`n",'') $pmhubStart = $pmhubcontent.IndexOf("var pmhubURLs") $pmhubEnd = $pmhubcontent.IndexOf("]",$pmhubstart) $varpmhubURLs = $pmhubcontent.Substring($pmhubStart,$pmhubEnd-$pmhubStart+1) $varpmhubURLs = $varpmhubURLs.Replace(",",",`n") Add-Content $AuditFile $varpmhubURLs write-host($varpmhubURLs) } If(Test-Path ".\bi\pmhub.html"){ # \webcontent\bi permissions Add-Content $AuditFile "`n---Permissions on /webcontent/bi folder---" Add-Content $AuditFile $((get-acl ".\bi" ).access | ft IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -auto | out-string) # \webcontent\bi\pmhub.html permissions Add-Content $AuditFile "---Permissions on /webcontent/bi/pmhub.html file---" Add-Content $AuditFile $((get-acl ".\bi\pmhub.html" ).access | ft IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -auto | out-string) # List of URLs declared in /webcontent/bi/pmhub.html Add-Content $AuditFile "---List of URLs declared in /webcontent/bi/pmhub.html:---" write-host("`n---List of URLs declared in /webcontent/bi/pmhub.html:---") $pmhubcontent = get-content ./pmhub.html $pmhubcontent = [System.String] $pmhubcontent $pmhubcontent = ($pmhubcontent -Replace "`n",'') $pmhubStart = $pmhubcontent.IndexOf("var pmhubURLs") $pmhubEnd = $pmhubcontent.IndexOf("]",$pmhubstart) $varpmhubURLs = $pmhubcontent.Substring($pmhubStart,$pmhubEnd-$pmhubStart+1) $varpmhubURLs = $varpmhubURLs.Replace(",",",`n") Add-Content $AuditFile $varpmhubURLs write-host($varpmhubURLs) } Set-Location -Path "$PAWpath" } } # # if docker service is running # If ((Get-Service -Name docker).status -eq 'Running'){ # # Testing if tm1proxy is started (before entering inside it for URL testing) # $pawps=$(Powershell './scripts/paw.ps1 ps') $tm1proxy=$( echo $pawps | Select-String -Pattern 'tm1proxy') if("$tm1proxy".Contains('Up')){ write-host("`nChecking that all URIs found in /config/paw.ps1 are accessible from inside a PAW container (here: tm1proxy)") # # Initiate Powershell to accept web requests through HTTPS # $initSSL = '[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12'+"`n"+'add-type @"'+"`n"+'using System.Net;'+"`n"+'using System.Security.Cryptography.X509Certificates;'+"`n"+'public class TrustAllCertsPolicy : ICertificatePolicy {'+"`n"+'public bool CheckValidationResult('+"`n"+'ServicePoint srvPoint, X509Certificate certificate,'+"`n"+'WebRequest request, int certificateProblem) {'+"`n"+'return true;'+"`n"+'}}'+"`n"+'"@'+"`n"+'[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy'+"`n" ########################################################################################### # Testing URLs found in /config/paw.ps1, from inside a running container (here: tm1proxy) # ########################################################################################### # # Testing TM1 Admin Server from inside container # $TM1Loc=$env:TM1Location.Trim() If ($TM1Loc.Contains(";")){ $TM1Loc= $TM1Loc.substring(0 , $TM1Loc.IndexOf(";")).Trim() } $URItest1 = 'invoke-webrequest -Uri '+"$TM1Loc"+'/api/v1/Servers'+' -UseBasicParsing' $CompleteCommand = $initSSL+"`n"+$URItest1 If(Test-Path ./URLTest1.ps1){Remove-Item -Path ./URLTest1.ps1 -Force} Add-Content ./URLTest1.ps1 $CompleteCommand docker cp ./URLTest1.ps1 tm1proxy:C:\opt\ibm\tm1proxy Add-Content $AuditFile "`n------- Is TM1 Admin Server responding from inside containers ? (if HTTP Status Code is 200 then Yes) -------`n" Add-Content $AuditFile $URItest1 $ErrorResult=$null $ResultURLtest1 = docker exec -it tm1proxy Powershell "./URLTest1.ps1" | out-string if("$ResultURLTest1" -Like "*StatusCode*200*Content*"){ write-host("TM1 Admin Server is responding`n") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile "`nTM1 Admin Server is responding`n" } else { $ErrorResult="`nUnable to connect to the remote server`nTM1 Admin Server is not accessible.`n" write-host("==> PAW containers cannot reach TM1 Admin Server") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile $ErrorResult } docker exec -it tm1proxy Powershell 'Remove-item -Path C:/opt/ibm/tm1proxy/URLTest1.ps1 -Force' if($ErrorResult -ne $null){write-host("Keep running this script until the end...")} # # Testing TM1 Web or PASS from inside container # $URItest2 = 'invoke-webrequest -Uri '+"$env:TM1ApplicationsLocation"+'/tm1web'+' -UseBasicParsing' $CompleteCommand = $initSSL+"`n"+$URItest2 If(Test-Path ./URLTest2.ps1){Remove-Item -Path ./URLTest2.ps1 -Force} Add-Content ./URLTest2.ps1 $CompleteCommand docker cp ./URLTest2.ps1 tm1proxy:C:\opt\ibm\tm1proxy Add-Content $AuditFile "`n------- Is TM1 Web or PASS responding from inside containers ? (if HTTP Status Code is 200 then Yes) -------`n" Add-Content $AuditFile $URItest2 $ErrorResult=$null $ResultURLtest2 = docker exec -it tm1proxy Powershell "./URLTest2.ps1" | out-string if("$ResultURLTest2" -Like "*StatusCode*200*Content*"){ write-host("TM1 Web (PASS) is responding`n") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile "`nTM1 Web (PASS) is responding`n" } else { $ErrorResult="`nUnable to connect to the remote server`nTM1 Web or PASS is not accessible.`n" write-host("==> PAW containers cannot reach TM1 Web or PASS`n") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile $ErrorResult } docker exec -it tm1proxy Powershell 'Remove-item -Path C:/opt/ibm/tm1proxy/URLTest2.ps1 -Force' if($ErrorResult -ne $null){write-host("Keep running this script until the end...")} # # Verifying PAW security mode # If($env:PAAuthMode.ToLower() -eq 'tm1'){ # # If security is "tm1" then test TM1 Server from inside container... # $URItest3 = 'invoke-webrequest -Uri '+"$env:TM1LoginServerURL"+'/api/v1/Server'+' -UseBasicParsing' $CompleteCommand = $initSSL+"`n"+$URItest3 If(Test-Path ./URLTest3.ps1){Remove-Item -Path ./URLTest3.ps1 -Force} Add-Content ./URLTest3.ps1 $CompleteCommand docker cp ./URLTest3.ps1 tm1proxy:C:\opt\ibm\tm1proxy Add-Content $AuditFile "`n------- Is TM1 Server responding from inside containers ? (if HTTP Status Code is 200 then Yes) -------`n" Add-Content $AuditFile $URItest3 $ErrorResult=$null $Error.Clear() $ResultURLTest3 = docker exec -it tm1proxy Powershell "./URLTest3.ps1" | out-string if("$ResultURLTest3" -Like "*StatusCode*200*Content*"){ write-host("TM1 Server is responding`n") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile "`nTM1 Server is responding`n" } else { $ErrorResult="`nUnable to connect to the remote server`nTM1 Server is not accessible.`n" write-host("==> PAW containers cannot reach TM1 Server") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile $ErrorResult } docker exec -it tm1proxy Powershell 'Remove-item -Path C:/opt/ibm/tm1proxy/URLTest3.ps1 -Force' if($ErrorResult -ne $null){write-host("Keep running this script until the end...")} }else{ # # ELSE if security is "cam" then test Cognos Analytics from inside container # # Test CA Gateway # if($env:IBMCognosGateway -ne $null){ $URItest4 = 'invoke-webrequest -Uri '+"$env:IBMCognosGateway"+' -UseBasicParsing' }else{ $URItest4 = 'invoke-webrequest -Uri '+"$env:IBMCognosGatewayURL"+' -UseBasicParsing'} $CompleteCommand = $initSSL+"`n"+$URItest4 If(Test-Path ./URLTest4.ps1){Remove-Item -Path ./URLTest4.ps1 -Force} Add-Content ./URLTest4.ps1 $CompleteCommand docker cp ./URLTest4.ps1 tm1proxy:C:\opt\ibm\tm1proxy Add-Content $AuditFile "`n------- Is CA Gateway responding from inside containers ? (if HTTP Status Code is 200 then Yes) -------`n" $ErrorResult=$null $ResultURLTest4 = docker exec -it tm1proxy Powershell "./URLTest4.ps1" | out-string if("$ResultURLTest4" -Like "*StatusCode*200*Content*"){ write-host("CA Gateway is responding`n") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile "`nCA Gateway is responding`n" } else { $ErrorResult="`nUnable to connect to the remote server`nCA Gateway is not accessible.`n" write-host("==> PAW containers cannot reach CA Gateway") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile $ErrorResult } docker exec -it tm1proxy Powershell 'Remove-item -Path C:/opt/ibm/tm1proxy/URLTest4.ps1 -Force' if($ErrorResult -ne $null){write-host("Keep running this script until the end...")} # # Test CA dispatcher # $URItest5 = 'invoke-webrequest -Uri '+"$env:IBMCognosServlet"+' -UseBasicParsing' $CompleteCommand = $initSSL+"`n"+$URItest5 If(Test-Path ./URLTest5.ps1){Remove-Item -Path ./URLTest5.ps1 -Force} Add-Content ./URLTest5.ps1 $CompleteCommand docker cp ./URLTest5.ps1 tm1proxy:C:\opt\ibm\tm1proxy Add-Content $AuditFile "`n------- Is CA dispatcher responding from inside containers ? (if HTTP Status Code is 200 then Yes) -------`n" $ErrorResult=$null $ResultURLTest5 = docker exec -it tm1proxy Powershell './URLTest5.ps1' | out-string if("$ResultURLTest5" -Like "*StatusCode*200*Content*"){ write-host("CA Dispatcher is responding`n") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile "`nCA Dispatcher is responding`n" } else { $ErrorResult="`nUnable to connect to the remote server`nCA Dispatcher is not accessible.`n" write-host("==> PAW containers cannot reach CA Dispatcher") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile $ErrorResult } docker exec -it tm1proxy Powershell 'Remove-item -Path C:/opt/ibm/tm1proxy/URLTest5.ps1 -Force' if($ErrorResult -ne $null){write-host("Keep running this script until the end...")} } } } } If(Test-Path $PAWPath/URLTest1.ps1){Remove-Item -Path $PAWPath/URLTest1.ps1 -Force} If(Test-Path $PAWPath/URLTest2.ps1){Remove-Item -Path $PAWPath/URLTest2.ps1 -Force} If(Test-Path $PAWPath/URLTest3.ps1){Remove-Item -Path $PAWPath/URLTest3.ps1 -Force} If(Test-Path $PAWPath/URLTest4.ps1){Remove-Item -Path $PAWPath/URLTest4.ps1 -Force} If(Test-Path $PAWPath/URLTest5.ps1){Remove-Item -Path $PAWPath/URLTest5.ps1 -Force} # If docker service is running if ((Get-Service -Name docker).status -eq 'Running'){ $pagateway=$( echo $pawps | Select-String -Pattern 'pa-gateway') if($pagateway -ne $null){ write-host("`nGathering pa-gateway information: virtual IP address and logs (see audit file)") if("$pagateway".Contains('Exit')){ Add-Content $AuditFile "`n---pa-gateway startup log:---`n" write-host("`n---pa-gateway startup log:---") Add-Content $AuditFile $(docker logs pa-gateway) write-host($(docker logs pa-gateway)) }else{ Add-Content $AuditFile "`n--- pa-gateway IP address (from docker virtual network): ---`n" write-host("--- pa-gateway IP address (from docker virtual network): ---") $GatewayIP = $(docker inspect pa-gateway -f' {{.NetworkSettings.Networks.nat.IPAddress}}') Add-Content $AuditFile $GatewayIP write-host($GatewayIP) } } # Docker/PAW images version from the /images/images.ps1 write-host("`nListing provided images from /images/images.ps1 (see audit file)") Set-Location -Path "$PAWpath" Add-Content $AuditFile "`n`n------- Docker/PAW provided images from $PAWpath/images/images.ps1-------`n" Add-Content $AuditFile $(cat "$PAWpath/images/images.ps1") # Docker/PAW installed images write-host("`nListing actually installed PAW images (see audit file)") Add-Content $AuditFile "`n`n------- Docker/PAW actually installed images -------`n" Add-Content $AuditFile $(docker image ls) # Checking environment and configuration for PAW write-host("`nRunning PAW checkup script provided with PAW installation (/scripts/Debug-ContainerHost.ps1)") Add-Content $AuditFile "`n------- Checking environment and configuration for PAW -------" write-host("`n------- Checking environment and configuration for PAW -------") $DebugContainerHost = $(Powershell ./scripts/Debug-ContainerHost.ps1 | out-string) Add-Content $AuditFile $DebugContainerHost write-host($DebugContainerHost) # PAW containers state write-host("`nListing PAW containers state") Add-Content $AuditFile "`n------- PAW containers state -------`n" write-host("`n------- PAW containers state -------") $ContainerState = $(Powershell './scripts/paw.ps1 ps' | out-string ) Add-Content $AuditFile $ContainerState write-host($ContainerState) } # Searching for docker_event_logs.csv If(Test-Path ./log/docker_event_logs.csv){ write-host("`nSearching for docker_event_logs.csv (see audit file)") Add-Content $AuditFile "`n------- Docker Event Log -------`n$PAWPath/log/docker_event_logs.csv" Add-Content $AuditFile $(Get-Item '.\log\docker_event_logs.csv' | select -Property LastWriteTime | out-string) Add-Content $AuditFile $(cat ./log/docker_event_logs.csv) Add-Content $AuditFile "(end of file)`n" } # Searching for validation.log If(Test-Path ./log/validation.log){ write-host("`nSearching for validation.log (see audit file)") Add-Content $AuditFile "`n------- Validation Log -------`n$PAWPath\log\validation.log" Add-Content $AuditFile $(Get-Item '.\log\validation.log' | select -Property LastWriteTime | out-string) Add-Content $AuditFile $(cat ./log/validation.log) Add-Content $AuditFile "(end of file)`n" } # Searching for admintool log (up.log) If(Test-Path ./log/admintool/up.log){ write-host("`nSearching for admintool log (see audit file)") Add-Content $AuditFile "`n------- AdminTool Log -------`n$PAWPath/log/admintool/up.log" Add-Content $AuditFile $(Get-Item '.\log\admintool\up.log' | select -Property LastWriteTime | out-string) Add-Content $AuditFile $(cat ./log/admintool/up.log) Add-Content $AuditFile "(end of file)`n" } # Permissions on PAW install directories write-host("`nGathering permissions on PAW install directories (see audit file)") Add-Content $AuditFile "`n`n------- Permissions on PAW install directories -------" Add-Content $AuditFile $((get-acl . ).access | ft IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -auto | out-string) # Listing SSL directories of PAW write-host("`nListing existing SSL/TLS files in PAW installation (see audit file)") Add-Content $AuditFile "`n`n------- Analyzing SSL configuration and directories of PAW -------" Add-Content $AuditFile $(dir ./config/ssl | out-string) Add-Content $AuditFile $(dir ./config/certs | out-string) # Displaying certificates from pa-workspace.pem (but NOT the private key!) write-host("`nCopying content of pa-worspace.pem into the audit file, except the private key (which must remain secret). `nIf we have to open and analyze these certificates at Support, we can just copy/paste the BASE64 text into `nseveral text files and rename them as '.cer' `n(then we can double-click on these CER files to display them in Windows for analysis)`n") Add-Content $AuditFile "`nDisplaying content of pa-worspace.pem, except the private key (which must remain secret). `nIf you have to open and analyze these certificates, you can just copy/paste them into `ntext files and rename them as '.cer' `n(then you can double-click on these CER files to display them in Windows)`n" $PawCerts = $(get-content ./config/ssl/pa-workspace.pem) $copyflag=$false $BadPrivKey=$true If(Test-Path './config/ssl/pa-workspace.pem'){ $PawCerts = $(get-content ./config/ssl/pa-workspace.pem) $PawCerts | ForEach-Object { if($_.Trim().ToUpper().contains('-----BEGIN PRIVATE KEY-----')){$BadPrivKey=$false; Add-Content $AuditFile $_ } } $PawCerts | ForEach-Object { if($_.Trim().ToUpper().contains('-----BEGIN RSA PRIVATE KEY-----')){$BadPrivKey=$false; Add-Content $AuditFile $_ } } If( $BadPrivKey -eq $false ){Add-Content $AuditFile '(private key removed by script to protect confidentiality)'} $PawCerts | ForEach-Object { if($_.Trim().ToUpper().contains('-----END RSA PRIVATE KEY-----')){ Add-Content $AuditFile $_ } } $PawCerts | ForEach-Object { if($_.Trim().ToUpper().contains('-----END PRIVATE KEY-----')){ Add-Content $AuditFile $_ } } $PawCerts | ForEach-Object { if(($_.Trim().ToUpper().contains('-----BEGIN CERTIFICATE-----')) -or ($copyflag)){ $copyflag=$true; Add-Content $AuditFile $_ } } if( $BadPrivKey ){ write-host("`nThe PRIVATE KEY is not correctly declared in pa-workspace.pem: only '-----BEGIN PRIVATE KEY-----'/'-----END PRIVATE KEY-----' and '-----BEGIN RSA PRIVATE KEY-----'/'-----END RSA PRIVATE KEY-----' are supported by PAW. No ENCRYPTED private key is allowed either: this is an Apache limitation.`n") -ForegroundColor Red -BackgroundColor Yellow Add-Content $AuditFile "`nThe PRIVATE KEY is not correctly declared in pa-workspace.pem:`nonly '-----BEGIN PRIVATE KEY-----'/'-----END PRIVATE KEY-----' `nand '-----BEGIN RSA PRIVATE KEY-----'/'-----END RSA PRIVATE KEY-----' `nare supported by PAW. `nNo ENCRYPTED private key is allowed either: this is an Apache limitation.`n" } }else{write-host("`npa-workspace.pem was not found in /config/ssl") -ForegroundColor Red -BackgroundColor Yellow;Add-Content $AuditFile "`npa-workspace.pem was not found in /config/ssl"} # Ending script write-host("`nFinished.`nCheck file $AuditFile `n") -ForegroundColor DarkGreen -BackgroundColor Yellow write-host("`nYou can now close this Powershell window`n") sleep 36000