Auditing the integrity of Trusted Signature Database

Edit online

The trustchk command can be used to audit the integrity state of the file definitions in the Trusted Signature Database (TSD) against the actual files.

If the trustchk command identifies an anomaly, then it can be made to automatically correct it or prompt the user before attempting correction. If anomalies like size, signature, cert_tag or hash_value mismatch, the correction is not possible. In such cases, the trustchk command would make the file inaccessible, thereby rendering it useless and containing any damage.

Following corrective actions shall be taken for different mismatching attributes:

owner: Owner of the file shall be reset to the value in TSD.
group: Group of the file shall be reset to the value in TSD.
mode: Mode bits of the file be reset to the value in TSD.
hardlinks: If the link points to some other file, it is modified to point to this file. If the link does not exist, a new link is created to point to this file.
symlinks: Same as hardlinks.
type: File is made inaccessible.
size: File is made inaccessible, except in case of VOLATILE file.
cert_tag: File is made inaccessible.
signature: File is made inaccessible, except in case of VOLATILE file.
hash_value: File is made inaccessible, except in case of VOLATILE file.
minslabel: On a Trusted AIX® system, the minimum sensitivity label is reset to the value in the TSD.
maxslabel: On a Trusted AIX system, the maximum sensitivity label is reset to the value in the TSD.
intlabel: On a Trusted AIX system, the integrity label is reset to the value in the TSD.
accessauths: The access authorizations are reset to the value in TSD. On Trusted AIX, the t_accessauths values are considered part of the accessauths attribute.
innateprivs: The innate privileges are reset to the value in TSD. On Trusted AIX, the t_innateprivs values are considered part of the innateprivs attribute.
inheritprivs: The inheritable privileges are reset to the value in TSD. On Trusted AIX, the t_inheritprivs values are considered part of the inherit attribute.
authprivs: The authorized privileges are reset to the value in TSD. On Trusted AIX, the t_authprivs values are considered part of the authprivs attribute.
aecflags: The security flags are reset to the value in TSD. On Trusted AIX, the t_secglags values are considered as part of the secflags attribute.

You can also validate file definitions against an alternate database using the -F option. The system administrator should avoid storing the TSD on the same system and backup the database to some alternate location. This file integrity can be made to match against this backed up version of TSD using the -F option.