1tnchkdb(1M) System Administration Commands tnchkdb(1M)
2
3
4
6 tnchkdb - check file syntax of trusted network databases
7
9 /usr/sbin/tnchkdb [-h path] [-t path] [-z path]
10
11
13 tnchkdb checks the syntax of the tnrhtp, tnrhdb, and tnzonecfg data‐
14 bases. By default, the path for each file is:
15
16 o /etc/security/tsol/tnrhtp
17
18 o /etc/security/tsol/tnrhdb
19
20 o /etc/security/tsol/tnzonecfg
21
22
23 You can specify an alternate path for any or all of the files by speci‐
24 fying that path on the command line by using the -h (tnrhdb), -t
25 (tnrhtp) and -z (tnzonecfg) options. The options are useful when test‐
26 ing a set of modified files before installing the files as new system
27 databases.
28
29
30 All three database files are checked for integrity. tnchkdb returns an
31 exit status of 0 if all of the files are syntactically and, to the
32 extent possible, semantically correct. If one or more files have
33 errors, then an exit status of 1 is returned. If there are command line
34 problems, such as an unreadable file, an exit status of 2 is returned.
35 Errors are written to standard error.
36
37
38 To avoid cascading errors, when there are errors in tnrhtp, the tem‐
39 plate names in tnrhdb are not validated.
40
41
42 tnchkdb can be run at any label, but the standard /etc/security/tsol
43 files are visible only in the global zone.
44
46 -h [ path ] Check path for proper tnrhdb syntax. If path is not
47 specified, then check /etc/security/tsol/tnrhdb.
48
49
50 -t [ path ] Check path for proper tnrhtp syntax. If path is not
51 specified, then check /etc/security/tsol/tnrhtp.
52
53
54 -z [ path ] Check path for proper tnzonecfg syntax. If path is not
55 specified, then check /etc/security/tsol/tnzonecfg.
56
57
59 Example 1 Sample Error Message
60
61
62 The tnchkdb command checks for CIPSO errors. In this example, the
63 admin_low template has an incorrect value of ADMIN_HIGH for its default
64 label.
65
66
67 # tnchkdb
68 checking /etc/security/tsol/tnrhtp ...
69 tnchkdb: def_label classification 7fff is invalid for cipso labels:
70 line 14 entry admin_low
71 tnchkdb: def_label compartments 241-256 must be zero for cipso labels:
72 line 14 entry admin_low
73 checking /etc/security/tsol/tnrhdb ...
74 checking /etc/security/tsol/tnzonecfg ...
75
76
77
79 /etc/security/tsol/tnrhdb
80
81 Trusted network remote-host database
82
83
84 /etc/security/tsol/tnrhtp
85
86 Trusted network remote-host templates
87
88
89 /etc/security/tsol/tnzonecfg
90
91 Trusted zone configuration database
92
93
95 See attributes(5) for descriptions of the following attributes:
96
97
98
99
100 ┌─────────────────────────────┬─────────────────────────────┐
101 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
102 ├─────────────────────────────┼─────────────────────────────┤
103 │Availability │SUNWtsu │
104 ├─────────────────────────────┼─────────────────────────────┤
105 │Interface Stability │See below. │
106 └─────────────────────────────┴─────────────────────────────┘
107
108
109 The command line is Committed. The output is Uncommitted.
110
112 tnd(1M), tnctl(1M), attributes(5)
113
114
115 How to Check the Syntax of Trusted Network Databases in Solaris Trusted
116 Extensions Administrator's Procedures
117
119 The functionality described on this manual page is available only if
120 the system is configured with Trusted Extensions.
121
122
123 It is possible to have inconsistent but valid configurations of tnrhtp
124 and tnrhdb when LDAP is used to supply missing templates.
125
126
127
128SunOS 5.11 20 Jul 2007 tnchkdb(1M)