Structure of the sysck.cfg file
The tcbck command reads the /etc/security/sysck.cfg file to determine which files to check. Each trusted program on the system is described by a stanza in the /etc/security/sysck.cfg file.
Each stanza has the following attributes:
Attribute | Description |
---|---|
acl | Text string representing the access control
list for the file. It must be of the same format as the output of
the aclget command. If this does not match the
actual file ACL (access control list), the sysck command applies this value using the aclput command.
Note: The SUID, SGID, and SVTX attributes must match
those specified for the mode, if present.
|
class | Name of a group of files. This attribute permits several files with the same class name to be checked by specifying a single argument to the tcbck command. More than one class can be specified, with each class being separated by a comma. |
group | Group ID or name of the file group. If this does not match the file group, the tcbck command sets the group ID of the file to this value. |
links | Comma-separated list of path names linked to this file. If any path name in this list is not linked to the file, the tcbck command creates the link. If used without the tree parameter, the tcbckcommand prints a message that there are extra links but does not determine their names. If used with the tree parameter, the tcbck command also prints any additional path names linked to this file. |
mode | Comma-separated list of values. The permissible values are SUID, SGID, SVTX, and TCB. The file permissions must be the last value and can be specified either as an octal value or as a 9-character string. For example, either 755 or rwxr-xr-x are valid file permissions. If this does not match the actual file mode, the tcbck command applies the correct value. |
owner | User ID or name of the file owner. If this does not match the file owner, the tcbck command sets the owner ID of the file to this value. |
program | Comma-separated list of values. The first value
is the path name of a checking program. Additional values are passed
as arguments to the program when the program is run. Note: The first argument is always one of -y, -n, -p, or -t, depending on which flag the tcbck command was used with.
|
source | Name of a file this source file is to be copied from prior to checking. If the value is blank, and this is either a regular file, directory, or a named pipe, a new empty version of this file is created if it does not already exist. For device files, a new special file is created for the same type device. |
symlinks | Comma-separated list of path names symbolically linked to this file. If any path name in this list is not a symbolic link to the file, the tcbck command creates the symbolic link. If used with the tree argument, the tcbck command also prints any additional path names that are symbolic links to this file. |
If a stanza in the /etc/security/sysck.cfg file does not specify an attribute, the corresponding check is not performed.