Troubleshooting
Problem
This technote will provide information about the trustchk command, and show how to solve some of the common errors from it.
Symptom
Errors sometimes are seen from truschk such as:
trustchk: Verification of attributes failed: /usr/sbin/bootinfo
: size hashvalue signature
or
trustchk: Verification of attributes failed: /etc/vfs
: mode
Cause
Many scripts or commands in AIX will now verify that other commands or files they are using are unchanged from the original AIX installation. This is part of the Trusted Execution feature of AIX, intended to ward off problems such as Trojan Horse programs installed in place of common programs or commands.
The command /usr/sbin/trustchk can check, report, and correct some of the attributes of these files, so that they remain as they were when the files were installed.
These errors are produced when one or more attributes of the target file do not match what is in the trusted signature database.
Diagnosing The Problem
Run /usr/sbin/trustchk against the file to review the errors:
# trustchk -n PATH_TO_FILE
For example in the case of the two errors above:
# trustchk -n /usr/sbin/bootinfo
# trustchk -n /etc/vfs
Running trustchk -n will check the attributes of the file, and compare them against the entry in the Trusted Signature Database, /etc/security/tsd/tsd.dat.. If any attributes of the files are found to not match, trustchk will report this. It will not attempt to correct any problems, only report them.
Resolving The Problem
Correct the Attributes of the File
Some attributes can be corrected by trustchk. The full list of attributes can be found in the trustchk man page. The common attributes found incorrect that can be corrected are:
owner : The owner of the file
group : The group of the file
mode : The permission bits of a file
hardlinks : A colon-separated list of hard links pointing to the file
symlinks : A colon-separated list of symbolic links pointing to the file
To correct a problem with these attributes, run trustchk -y filename:
# trustchk -y /etc/vfs
Trustchk will first verify the attributes of the file and report what is wrong:
# trustchk -y /etc/vfs
trustchk: Verification of attributes failed: mode
trustchk: Verification of stanza failed:
After reporting this information, it will attempt to fix the attribute. After this you can run either:
# trustchk -n /etc/vfs
or
# trustchk -y /etc/vfs
Either of these commands should now give no output, signifying the attributes are correct now.
Solution for Non-correctable File Attributes
Other attributes that cannot be corrected by using trustchk are:
size : The size in bytes of the file
cert_tag : ID of the digital certificate used to create the signature of the file
signature : RSA digital signature of the file
hash_value : Cryptographic hash of the file (SHA256 by default)
If any of these values are reported incorrect, the best solution is to restore the file from a backup, or copy it from another host running the same level of AIX.
Then run trustchk to verify the file has the correct attributes again:
# trustchk -n PATH_TO_FILE
If the file attributes are correct trustchk should give no output.
References
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
isg3T1026087