Checking filesystems with the fsck command

The internal integrity of a filesystem should be checked periodically with the fsck command. The fsck command must be run on unmounted filesystems. The fsck command can only be executed by an SA user.

By default, the fsck command runs interactively, prompting the user for the action to perform when an orphaned file or directory is found. A user has an option to delete the file or attempt to recover the file. If a user specifies that the file should be recovered, the fsck command attempts to store the file in the /lost+found directory.

After the fsck command has completed and recovered files are stored in the /lost+found directory, an ISSO user should review the files to determine their security level. It is recommended that the /lost+found directory be assigned the SYSTEM_HIGH SL to prevent normal users from accessing recovered files.

See the fsck command for more information.