For (volatile) files whose content can change, it must be decided on a case-by-case basis whether their content should be checked or whether checking the file attributes is sufficient.

As an example of such a file, we consider the file /etc/pwrcmps/etc/config. This file is occasionally modified and only the file attributes owner, group owner, and access rights (mode) are to be monitored:

$ ls -l /opt/pwrcmps/etc/config
-rw-r--r--    1 root     system           72 Mar 24 14:45 /opt/pwrcmps/etc/config
$

To add an entry for such a file to the TSD, the attribute size with the value “VOLATILE” must be specified in addition to the absolute path of the file:

# trustchk -a /opt/pwrcmps/etc/config size=VOLATILE
# 

File type, owner, and access rights cannot be specified explicitly; they are determined from the file. It is therefore important that the file has the correct attributes before adding it to the TSD.

You can easily check which attributes have been saved for the file using “trustchk -q”:

# trustchk -q /opt/pwrcmps/etc/config
/opt/pwrcmps/etc/config:
        type = FILE
        owner = root
        group = system
        mode = 644
        size = VOLATILE
        hash_value = VOLATILE
        cert_tag = VOLATILE
        signature = VOLATILE

#