tnchkdb man page on SunOS

tnchkdb man page on SunOS

Man page or keyword search:
man Server 20652 pages
apropos Keyword Search (all sections)
Output format

tnchkdb(1M) System Administration Commands tnchkdb(1M)

NAME
tnchkdb - check file syntax of trusted network databases

SYNOPSIS
/usr/sbin/tnchkdb [-h path] [-t path] [-z path]

DESCRIPTION
tnchkdb checks the syntax of the tnrhtp, tnrhdb, and tnzonecfg data‐
bases. By default, the path for each file is:

o /etc/security/tsol/tnrhtp

o /etc/security/tsol/tnrhdb

o /etc/security/tsol/tnzonecfg

You can specify an alternate path for any or all of the files by speci‐
fying that path on the command line by using the -h (tnrhdb), -t
(tnrhtp) and -z (tnzonecfg) options. The options are useful when test‐
ing a set of modified files before installing the files as new system
databases.

All three database files are checked for integrity. tnchkdb returns an
exit status of 0 if all of the files are syntactically and, to the
extent possible, semantically correct. If one or more files have
errors, then an exit status of 1 is returned. If there are command line
problems, such as an unreadable file, an exit status of 2 is returned.
Errors are written to standard error.

To avoid cascading errors, when there are errors in tnrhtp, the tem‐
plate names in tnrhdb are not validated.

tnchkdb can be run at any label, but the standard /etc/security/tsol
files are visible only in the global zone.

OPTIONS
-h [ path ] Check path for proper tnrhdb syntax. If path is not
specified, then check /etc/security/tsol/tnrhdb.

-t [ path ] Check path for proper tnrhtp syntax. If path is not
specified, then check /etc/security/tsol/tnrhtp.

-z [ path ] Check path for proper tnzonecfg syntax. If path is not
specified, then check /etc/security/tsol/tnzonecfg.

EXAMPLES
Example 1 Sample Error Message

The tnchkdb command checks for CIPSO errors. In this example, the
admin_low template has an incorrect value of ADMIN_HIGH for its default
label.

# tnchkdb
checking /etc/security/tsol/tnrhtp ...
tnchkdb: def_label classification 7fff is invalid for cipso labels:
line 14 entry admin_low
tnchkdb: def_label compartments 241-256 must be zero for cipso labels:
line 14 entry admin_low
checking /etc/security/tsol/tnrhdb ...
checking /etc/security/tsol/tnzonecfg ...

FILES
/etc/security/tsol/tnrhdb

Trusted network remote-host database

/etc/security/tsol/tnrhtp

Trusted network remote-host templates

/etc/security/tsol/tnzonecfg

Trusted zone configuration database

ATTRIBUTES
See attributes(5) for descriptions of the following attributes:

┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWtsu │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │See below. │
└─────────────────────────────┴─────────────────────────────┘

The command line is Committed. The output is Uncommitted.

SEE ALSO
tnd(1M), tnctl(1M), attributes(5)

How to Check the Syntax of Trusted Network Databases in Solaris Trusted
Extensions Administrator's Procedures

NOTES
The functionality described on this manual page is available only if
the system is configured with Trusted Extensions.

It is possible to have inconsistent but valid configurations of tnrhtp
and tnrhdb when LDAP is used to supply missing templates.

SunOS 5.10 20 Jul 2007 tnchkdb(1M)

[top]

List of man pages available for SunOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]

Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................

Vote for polarhome