Trusted Signature Database

Edit online

The Trusted Signature Database is a database that is used to store critical security parameters of trusted files present on the system. This database resides in the /etc/security/tsd/tsd.dat directory.

Every trusted file must ideally have an associated stanza or a file definition stored in the Trusted Signature Database (TSD). Every trusted file is associated with a unique cryptographic hash and a digital signature. The cryptographic hash of the default set of trusted files is generated by using the SHA-256 algorithm and the digital signature that is generated by using RSA by the AIX® build environment and packaged as part of AIX installation filesets. These hash values and the signatures are shipped as part of respective AIX installation images and stored in the Trusted Software Database (/etc/security/tsd/tsd.dat) on the destination machine, in the sample stanza format that follows:

/usr/bin/ps:
           owner          = bin
           group          = system
           mode           = 555
           type           = FILE
           hardlinks      = /usr/sbin/ps
           symlinks       = 
           size           = 1024
           cert_tag       = bbe21b795c550ab243
           signature      = 
f7167eb9ba3b63478793c635fc991c7e9663365b2c238411d24c2a8a
           hash_value     = c550ab2436792256b4846a8d0dc448fc45
           maxslabel      = SLSL
           intlabel       = SHTL
           accessauths    = aix.mls.pdir, aix.mls.config
           innateprivs    = PV_LEF                   
           proxyprivs     = PV_DAC
           authprivs      = 
aix.security.cmds:PV_DAC,aix.ras.audit:PV_AU_ADMIN
           secflags       = FSF_EPS

owner: Owner of the file. This value is computed by the trustchk command when the file is being added to TSD.
group: Group of the file. This value is computed by the trustchk command.
mode: Comma-separated list of values. The permissible values are SUID (SUID set bit), SGID (SGID set bit), SVTX (SVTX set bit), and TCB (Trusted Computing Base). The file permissions must be the last value and can be specified as an octal value. For example, for a file that is set with uid and has permission bits as rwxr-xr-x, the value for mode is SUID, 755. The value is computed by the trustchk command.
type: Type of the file. This value is computed by the trustchk command. The possible values are FILE, DIRECTORY, MPX_DEV, CHAR_DEV, BLK_DEV, and FIFO.
hardlinks: List of hardlinks to the file. This value cannot be computed by the trustchk command. It must be supplied by the user when adding a file to the database.
symlinks: List of symbolic links to the file. This value cannot be computed by the trustchk command. It must be supplied by the user when adding a file to the database.
size: Defines size of the file. The VOLATILE value means that the file gets changed frequently.
cert_tag: This field maps the digital signature of the file with the associated certificate that can be used to verify the signature of the file. This field stores the certificate ID and is computed by the trustchk command at the time of addition of the file to the TSD. The certificates are stored in /etc/security/certificates directory.
signature: Digital signature of the file. The VOLATILE value means that the file gets changed frequently. This field is computed by the trustchk command.
hash_value: Cryptographic hash of the file. The VOLATILE value means that the file gets changed frequently. This field is computed by the trustchk command.
innateprivs: Defines the innate privileges for the file.
proxyprivs: Defines the proxy privileges for the file.
authprivs: Defines the privileges that are assigned to the user after given authorizations.
secflags: Defines the file security flags associated with the object.

When you add a new entry to TSD, if a trusted file has some symbolic or hard links pointing to it, then these links can be added to the TSD by using symlinks and hardlinks attributes at the command line, along with the trustchk command. If the file being added is expected to change frequently, then use VOLATILE keyword at the command line. Then the trustchk command would not calculate the hash_value and signature fields when it generates the file definition for addition into the TSD. During integrity verification of this file, the hash_value and signature fields are ignored.

During addition of regular file definitions to the TSD, it is necessary to provide a private key (ASN.1/DER format). Use the -s flag and digital certificate with the corresponding public key by using the -v flag. The private key is used to generate the signature of the file and then discarded. It is up to the user to store this key securely. The certificate is stored into a certificate store in the/etc/security/certificates file for the signatures to be verified whenever you request integrity verification. Since signature calculation is not possible for non-regular files like directory and device files, it is not mandatory to supply the private key and certificate while adding such files to TSD.

You can also supply the pre-computed file definition through a file by using the -f option to be added to the TSD. In this case the trustchk command does not compute any of the values and stores the definitions into TSD without any verification. The user is responsible for sanity of the file definitions in this case.

Supporting library verification

To support the library verification, the tsd.dat file is added in the /etc/security/tsd/lib/directory. The name of the database is /etc/security/tsd/lib/lib.tsd.dat. This database is specifically for libraries that include the stanzas for the .o files of a corresponding trusted library. The stanza for every.o file of a library is in the format as specified in the following example.

For library libc.a if the strcmp.o file is one of the.o file type, then the stanza for strcmp.o file in /etc/security/tsd/lib/lib.tsd.dat is similar to the following example:

/usr/lib/libc.a/strcmp.o:
			Type = OBJ
			Size = 2345
			Hash value
			Signature =    
			Cert_tag =

This database has the entries corresponding to type, size hash, cert tag, and signature of the .o file. The hash of the library is updated in the /etc/security/tsd/tsd.dat file for the corresponding stanza. These attribute values are dynamically generated during the build, and the values are moved into the /etc/security/tsd/lib/lib.tsd.dat database during installation.

In the /etc/security/tsd/tsd.dat file, the stanzas for the libraries are modified to reflect the type attribute as LIB and the size and signature attributes are empty. Currently the values for the dynamica attributes size, hash, signature are maintained as a VOLATILE value. Therefore, the library verification is skipped during system boot. Beginning with the release of AIX 6.1.0, the size, hash, and signature of the trusted library stanzas are computed with the .o files of a library. During installation, the tsd.dat database is populated to reflect the computed values and the corresponding .o file stanza for a trusted library is stored in the /etc/security/tsd/lib/lib.tsd.dat database.