Maintaining system security

System file integrity checking: integrity(ADM)

The integrity(ADM) program compares the entries of the File Control database against the actual file permissions on the system. It does not alter permissions. To repair permissions, see ``System file permission repair: fixmog(ADM)''.

NOTE: The verify functions of the Software Manager described in ``Verifying software'' are more extensive than those described here.

If your system is configured with the Low or Traditional security defaults, permission problems reported by integrity have no effect on system operation.

You should run integrity as follows:

/tcb/bin/integrity -m -e >

Print the file and examine it. integrity reports files and directories that are missing or have incorrect permissions or ownership. Here are sample messages generated by integrity:

   /etc/utmp (entry 83) is wrong.
   	Owner is root, should be bin.
   	Group is root, should be bin.
   	Mode is 0644, should be 0664.
   /usr/spool/lp (entry 233) is wrong.
   	Group is bin, should be lp.
   	Mode is 0755, should be 0070.
   /etc/inittab (entry 71) is wrong.
           Type is d. should be r.
   /usr/lib/mkuser/csh (wildcard entry 216) is wrong.
   	Owner is bin, should be root.
   	Mode is 0700, should be 0750.
The owner, group, and mode refer to the file permissions. The file types ``d'' and ``r'' refer to directory, and regular file, respectively. Missing files should be replaced by restoring them from backups. Permission and ``type'' problems can be fixed with the fixmog utility. All errors found during the integrity check are packaged as audit records that show the audit event as a Database Event in the audit trail.

NOTE: Some files may be listed as missing in a correctly configured system, such as one of the pair /usr/lib/cron/at.allow and /usr/lib/cron/at.deny.

Next topic: System file permission repair: fixmog(ADM)
Previous topic: Creating UNIX system and TCB account database reports

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003