FLRTVC Script and Documentation
The Fix Level Recommendation Tool Vulnerability Checker Script (FLRTVC) provides security and HIPER (High Impact PERvasive) reports based on the inventory of your system. FLRTVC Script is a ksh script which uses FLRT security and HIPER data (CSV file) to compare the installed filesets and interim fixes against known vulnerabilities and HIPER issues.
FLRTVC exists as a standalone ksh script which may be downloaded by the link below.
FLRTVC uses HIPER/Security data from FLRT
to compare against the installed filesets (lslpp -Lcq) and interim fixes (emgr -lv3)
to report your risks.
This webpage was developed based on feedback received from customers at Edge2015. We welcome your feedback on this tool and ways to improve it!
To download, click the download link below and save to a folder. It is packaged as a ZIP file with the FLRTVC.ksh script and LICENSE.txt file.
Download: FLRTVC (0.8.5)
Note:The script requires ksh93 to use. If you are receiving errors when running the script, you may execute the script using "ksh93 flrtvc.ksh". As of v0.7, only non-fixed vulnerabilities will be showed by default. Use -a to show all.
Please read the latest changelog to see important changes to FLRTVC.
- 03/21/2022 - v0.8.5
- Fixed warning that appeared when apar.csv has single space in column for CVSS
- 03/01/2022 - v0.8.4
- Fixed Last Update not showing correctly and updated aparCSV download to new FLRT link at https://esupport.ibm.com/customercare/flrt/doc?page=aparCSV.
- 1/18/2019 - v0.8.1
- Fixed bug with fileset names getting out of sync with upper/lowercase in FLRTVC variables.
- 11/29/2018 - v0.8.0
- Fixed a major bug blocking filesets being checked. Added support for running on MacOS ksh. Improved wget/curl/ftp selection.
- 11/16/2018 - v0.7.7
- Fixed an obscure bug with not reading bos.rte version correctly from lslpp output.
- 9/28/2018 - v0.7.6
- Updated HTTP download URL for HIPER/Security CSV. (Proxy issues)
- 9/21/2018 - v0.7.5
- Added -p flag. Converts FTP protocol to HTTP for bulletin and efix URL links
- Added exit codes for when script stops execution:
0 = No vulnerabilities,
1 = Error running script,
2 = Vulnerabilities found
- 5/2/2017 - v0.7.3
- Fixed issue with the CVSS Score displayed in report.
- 2/7/2017 - v0.7.2
- Fixed fileset name comparing method, which affected AIX 7.2.
- 11/11/2016 - v0.7.1
- Fixed ksh syntax issues with some versions of AIX 6.1.
The FLRTVC script is licensed under IBM Public License Version 1.0.
You may read the license here: http://opensource.org/licenses/IPL-1.0
The FLRTVC script works by downloading an "apar.csv" file from the FLRT website using CURL or WGET, whichever your machine has installed. Then, it uses the commands "emgr -lv3" for interim fixes and "lslpp -Lcq" for installed filesets, and compares to the vulnerabilities reported in the apar.csv file. FLRTVC will report any findings using one of two formats: Compact and Full (verbose). Compact is preferable for scripting purposes, and full reporting is for a more human-readable format that may be piped to an e-mail address.
Please see below for the flags and different usages:
Flags-d = Change delimiter for compact reporting
-f = File selection for *.csv file
-q = Quiet mode, hide compact reporting header
-s = Skip download, use default apar.csv file
-v = Verbose, full report (for piping to email)
-g = Grep for filesets with phrase, useful for verbose mode
-t = Type of APAR [hiper | sec]
-l = Enter a custom LSLPP output file, must match lslpp -Lqc
-e = Enter a custom EMGR output file, must match emgr -lv3
-x = Skip EFix processing
-a = Show all fixed and non-fixed HIPER/Security vulnerabilities
-p = Convert FTP protocol to HTTP for bulletin and efix download links
# /flrtvc.ksh -c
# ./flrtvc.ksh -v
Set a custom CSV file
# ./flrtvc.ksh -f myfile.csv
Report on a specific fileset in verbose mode
# ./flrtvc.ksh -vg printers
Show only hiper results
# ./flrtvc.ksh -t hiper
Custom lslpp and emgr outputs, for reporting on other systems
# ./flrtvc.ksh -l lslpp.txt -e emgr.txt
Grouping flags together
# ./flrtvc.ksh -vf myfile.csv -g printers
# ./flrtvc.ksh -vsg printers