Adding a trusted program

Use the tcbck command to add a specific program to the /etc/security/sysck.cfg file.

To add a specific program to the /etc/security/sysck.cfg file, type:

tcbck -a PathName [Attribute=Value]

Only attributes whose values are not deduced from the current state of the file need be specified on the command line. All attribute names are contained in the /etc/security/sysck.cfg file.

For example, the following command registers a new SetUID root program named /usr/bin/setgroups, which has a link named /usr/bin/getgroups:

tcbck -a /usr/bin/setgroups links=/usr/bin/getgroups

To add jfh and jsl as administrative users and to add developers as an administrative group to be verified during a security audit of the /usr/bin/abc file, type:

tcbck -a /usr/bin/abc setuids=jfh,jsl setgids=developers

After installing a program, you might not know which new files are registered in the /etc/security/sysck.cfg file. These files can be found and added with the following command:

tcbck -t tree

This command string displays the name of any file that is to be registered in the /etc/security/sysck.cfg file.