Contents
Updated November 2008: The instructions below detail how to reconfigure your TSM Client Scheduler so that it is no longer vulnerable to a known security exploit. These instructions are intended only for users running the TSM Client Backup software on an older operating system for which NO TSM version 5.5.1.0 or later client is available (the only exceptions being TSM 5.4.2.4+ for Mac OS X 10.4.7+).
Platform-specific instructions on how to do this are detailed from the links below.
Please contact us for instructions and assistance.
1.2. Reconfiguring TSM Schedules on Windows 2000
1.2.1. Remove the old Scheduler
cmd.exe using the [Run] option in the [Start] Menu.c: cd \progra* cd tivoli cd tsm cd baclient
dsmcutil program to find the old services to be removed:
dsmcutil list
dsmcutil remove /name:"service_name". Note, the number at the start of each line of the listing produced in the step above is not part of the name. For example:
dsmcutil list <... program output ...> Installed TSM Client Services: 1. TSM Client Acceptor 2. TSM Scheduler <... program output ...> dsmcutil remove /name:"TSM Scheduler" <... program output ...> Removing TSM Client Service 'TSM Scheduler' ... <... program output ...> dsmcutil remove /name:"TSM Client Acceptor" <... program output ...> Removing TSM Client Service 'TSM Client Acceptor' ... <... program output ...> dsmcutil list <... program output ...> No TSM Client Services were located. <... program output ...>
1.2.2. Install a new Scheduler
Next you need to install a new scheduler which does not use the CAD. Again, select [Setup Wizard] from the [Utilities] menu. It should display the following:
Choose the TSM Client Scheduler option only and click Next. A screen similar to below
will appear:
Ensure that the Install a new or additional scheduler
option is highlighted. then click the Next button.
Enter TSM Scheduler as the name given to the scheduler. Ensure that the Local Machine
radio button is checked, and DO NOT select the Use the Client Acceptor Daemon (CAD) option. Click
Next.
This screen prompts for a path to the dsm.opt options file. This should point to the file
in the installation directory of the software - by default
c:\Program Files\Tivoli\TSM\baclient\dsm.opt. Ensure that this is so and click Next.
Check the entry for TSM node name carefully and ensure that it matches the full Nodename under which the machine was registered for OUCS TSM Backup
. Typically this will be if the format ABCD.OUCS or ABCD1234-FREETEXT-DEPT.
If you are unsure of this, but can connect and run backups manually using the TSM Backup Client, then just use the
NODENAME entry from the dsm.opt options file here. Do not forget to enter
the TSM password in the second field before proceeding.
Ideally, the services should run under the System account. If the Scheduler services are to run under any other
account, please read this page before proceeding: backing up in Windows as a non-administrative
user.
Without the necessary
rights, the Scheduler will be unable to backup all the files and objects on the local system. The system account
has all the necessary rights for the entire local filestore to be backed up, and TSM advises that the service be
installed under this account. You may want to select the Automatically when Windows boots option so that the
services start automatically. Clicking the Next button displays the following screen.
This screen prompts for the location of the schedule and error logs - by default dsmsched.log
and dsmerror.log in the installation directory. OUCS recommends accepting these defaults.
This screen offers the possibility of starting the service directly after completion of the setup wizard. This is recommended.
Click Next to display the Completion screen and click the Finish button. You have
now finished setting up the TSM Scheduler service and it should now start if the immediate start option
was chosen. This can be checked as described in the following section.
If you have any problems please contact us for instructions and assistance.
No changes are required. The TSM client for Mac OS 8 and 9 is not vulnerable to this problem.
Stop the TSM Scheduler by starting the TSM Backup for Administrators program and from the
[Utilities] menu choose the 'Setup Assistant' option and then
'Help me configure the TSM Client Acceptor Daemon and the TSM Client Schedule'.
On the next screen, choose the 'Remove' option. This will remove the TSM Client
Acceptor Daemon from your machine and thus will bypass the security
vulnerability that lies within that program.
Unfortunately, there is no patched client for this version of MacOS X. We therefore advise that you regularly backup manually.
1.5. Linux kernel versions below 2.6
% ps -ef | grep [d]smcad
# if any output
% pid=`ps -ef | grep [d]smcad | awk '{print $2}'`
% kill -TERM $pid
/opt/tivoli/tsm/client/ba/bin/dsm.sys
to remove the following line:
ManagedServices Schedule
/etc/inittab file and amend the following line if found, from:
dc:2:once:/usr/bin/dsmcad > /dev/null 2>&1to
dc:2:once:/usr/bin/dsmc schedule > /dev/null 2>&1
ftp://ftp.hfs.ox.ac.uk/adsm/clients/updates/linux/dsmcad-init. Ensure that this script is executable by running 'chmod 755' on it.
(/usr/bin/dsmc schedule > /dev/null 2>&1 & ) > /dev/null 2>&1 &
/var/log/dsmsched.log to ensure that
a schedule has been picked up.
Please follow the Linux instructions above.
If required, the new init level command file for Solaris can be found ftp://ftp.hfs.ox.ac.uk/adsm/clients/updates/solaris/dsmcad-init.
MYSERVER: unload dsmcad
MANAGEDSERVICES Schedule ## if using TSM version 4.2 or later CADMODE Schedule ## if using TSM version 4.1 or later
load dsmcad to load dsmc schedule
load dsmc schedule