Audits the security state of the system.
tcbck { -n | -p | -t| -y } [ -i ] [-o] { ALL | tree | { Name ... Class ... } }
tcbck -a -f File | PathName Attribute = Value ...
OR
tcbck -d -fFile | { PathName ... | Class ... }
OR
tcbck -l /dev/filename /dev/filename
The tcbck command audits the security state of the system by checking the installation of the files defined in the /etc/security/sysck.cfg file (the sysck database). Each file definition in the /etc/security/sysck.cfg file can include one or more attributes that describe proper installation. When invoked with no flags and with no parameters, the tcbck command prints a synopsis of its syntax.
The tcbck database usually defines all the files and programs that are part of the trusted computing base, but the root user or a member of the security group can choose to define only those files considered to be security-relevant.
The tcbck command has two modes of operation: check mode and update mode. A description of each mode follows.
In check mode, the tcbck command checks file definitions against the installed files. You can check all the file definitions in the sysck database (the /etc/security/sysck.cfg file) by specifying the ALL value, or all the files in the file system tree by specifying the tree value. If you prefer to check specific files, you can use the Name parameter to give the path names of individual files or the Class parameter to group several files into a logical group that is defined by a class name, such as audit. You must select one of the following: the ALL or tree values, or one or more files identified by the Class or Name parameter.
If the tree value is the selection criterion, all the files in the file system tree are checked to ensure that all the relevant files are defined in the sysck database. Files defined in the tcbck database are checked against their definitions. Files not in the tcbck database must not:
If the tcbck command is running in check mode with both the tree value and the -t flag and an error occurs, the command provides an error message and prompts you for a decision on how or whether the error should be corrected. If you decide not to delete the file or turn off illegal permissions, you are prompted for a decision on updating the database. If you request an update, the system supplies missing information, such as the name of the file, the link, or the unregistered device name.
A flag ( -n, -p, -t, -y ) also must be included to specify check mode and identify the method of error handling. If there is a duplicate stanza in the /etc/security/sysck.cfg file, an error is reported, but not fixed.
Updating the Vital Product Database (VPD) involves defining the type, checksum, and size attributes of each file to the VPD manager. This information is used to verify a correct installation. If these attributes are not defined in -f File, they are computed when the program is installed or updated. The checksum attribute is computed with a method specifically defined for the VPD manager. Refer to Fixing Errors for more information on file attributes.
The only file definitions modified during an update are the new definitions that indicate a file is part of the trusted computing base (TCB). The File parameter is the stanza file that contains the file definitions in tcbck format, and is defined in the /etc/security/sysck.cfg file. When the update is complete, the files are checked against their file definitions in the stanza file and errors are fixed and reported.
Programs that require setuid or setgid privilege must be in the tcbck database, or these privileges will be cleared when the tcbck command runs in Check mode.
In update mode, the tcbck command adds (-a), deletes (-d), or modifies file definitions in the /etc/security/sysck.cfg file for the file specified by the File parameter, the PathName parameter, or the Class parameter. The Class parameter permits you to group several files into a logical group that is defined by a class name, such as audit. The tcbck command also deletes the specified stanzas from the /etc/security/sysck.cfg file.
In update mode, the tcbck command (-l) adds or modifies /dev/ entry definitions in the /etc/security/sysck.cfg file for the specified /dev entry. This flag should be run by the administrator to add newly created devices that are trusted to the sysck.cfg file. If new devices are not added to the sysck.cfg file, the tree option produces warnings of unregistered devices.
The -l flag creates a stanza for each /dev/ entry listed on the command line. The information for the stanza is taken from the current status of the /dev entry. The stanza includes:
File definitions to be added or modified with the -a flag can be specified on the command line or in a file as Attribute=Value statements. The following attributes can be used:
You can add, delete, or modify the attributes of the tcbck command by creating or modifying a sysck stanza in the /etc/security/sysck.cfg file. The following attributes can be used:
Refer to the /etc/security/sysck.cfg file for more information about these attributes and Examples for information about a typical stanza.
If Attributes are included without values, the command tries to compute the value from the file to be changed. The type attribute is mandatory, but the others do not need to be specified.
To fix errors, the tcbck command usually resets the attribute to the defined value. For the following attributes, the command modifies its actions as described:
If you used the -t flag with the tcbck command, you are prompted for a decision on fixing errors. If you answer yes, errors are fixed. If you give any other response, errors are not fixed.
Access Control: This command grants execute (x) access only to the root user and members of the security group. The command should be setuid to the root user and have the trusted computing base attribute.
Files Accessed:
Mode | File |
---|---|
r | /etc/passwd |
r | /etc/group |
r | /etc/security/user |
rw | /etc/security/sysck.cfg |
x | /usr/bin/aclget |
x | /usr/bin/aclput |
x | /usr/bin/sum |
Auditing Events:
Event | Information |
---|---|
TCBCK_Check | file, error, status |
TCBCK_Update | file, function |
tcbck -a /bin/boo acl checksum class=audit group owner\ program=/bin/boock
The resulting stanza will contain the attributes given previously, with computed values inserted for those attributes you do not define. The database will contain a stanza like the following:
/bin/boo: acl = checksum = 48235 class = audit group = system owner = root program = /bin/boock type = FILE
The attribute values are added to the installation definition but are not checked for correctness. The program attribute value comes from the command line, the checksum attribute value is computed with the checksum program, and all the others, except acl, are computed from the file i-node.
/etc/passwd: type = FILE owner = root group = system size = 1234,VOLATILE
tcbck -d /bin/boo
tcbck -d audit
tcbck -y ALL
tcbck -a sysck treeck_novfs=/calvin,/hobbes
tcbck -a sysck treeck_nodir=/home/john
tcbck -a sysck setuids=jfh,jsl setgids=developers
tcbck -l /dev/foo /dev/bar
/usr/bin/tcbck | Specifies the path to the tcbck command. |
/etc/security/sysck.cfg | Specifies the path to the system configuration database. |
The aclget command, grpck command, installp command, pwdck command, sum command, usrck command.
The Software Vital Product Data (SWVPD) in AIX 5L Version 5.2 General Programming Concepts: Writing and Debugging Programs.
Access Control Lists in AIX 5L Version 5.2 System User's Guide: Operating System and Devices discusses the format of an access control list and provides an example of one.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Administration in AIX 5L Version 5.2 Security Guide.