|
|
The integrity(ADM) program compares the entries of the File Control database against the actual file permissions on the system. It does not alter permissions. To repair permissions, see ``System file permission repair: fixmog(ADM)''.
If your system is configured with the Low or Traditional security defaults, permission problems reported by integrity have no effect on system operation.
You should run integrity as follows:
/tcb/bin/integrity -m -e > int.report
Print the file int.report and examine it. integrity reports files and directories that are missing or have incorrect permissions or ownership. Here are sample messages generated by integrity:
/etc/utmp (entry 83) is wrong.
Owner is root, should be bin.
Group is root, should be bin.
Mode is 0644, should be 0664.
/usr/spool/lp (entry 233) is wrong.
Group is bin, should be lp.
Mode is 0755, should be 0070.
/etc/inittab (entry 71) is wrong.
Type is d. should be r.
/usr/lib/mkuser/csh (wildcard entry 216) is wrong.
Owner is bin, should be root.
Mode is 0700, should be 0750.
The owner, group, and mode refer to the file permissions. The
file types ``d'' and ``r'' refer to directory, and regular file,
respectively.
Missing files should be replaced by restoring them from backups.
Permission and ``type'' problems can be fixed with the fixmog
utility.
All errors found during the integrity check are packaged as audit records
that show the audit event as a Database Event in the audit trail.