There are several different options for adding TSD entries. The procedure differs depending on the type of entry being added. Generally, a distinction must be made between entries for volatile files and non-volatile files. For volatile files, i.e., files whose content can change frequently, verifying the file contents using a hash value or signature often makes no sense. Otherwise, after each change, the file’s hash value and signature would have to be recalculated, and the entry in the TSD would have to be updated. Examples of volatile data include configuration files, log files, status files, etc.

Note: However, for critical configuration files, this can be useful in special cases. But then, as an additional step, any configuration changes will require the TSD entry to be adjusted.

It is also important to distinguish whether the files belong to AIX, PowerHA, or another IBM product. For files belonging to AIX or PowerHA (and likely other IBM products as well), the manufacturer, IBM, typically determines the hash value and, in particular, the signature of the files. The attributes specified by IBM should then be used for these files in the TSD. For proprietary files or files from products for which the manufacturer has not provided hash values ​​or signatures, these can be generated by the AIX administrator.

Below we look at the different options in more detail.