When auditing a system’s security status, the security attributes of trusted files stored in the TSD are compared with the current state of the system. Comparing such a trusted file can result in two possible outcomes:

• • The actual state of the file on the system matches the entry in the TSD.
  • The actual state of the file on the system does not match the target state from the TSD.

In the event of a discrepancy, the question arises, whether it should be corrected or not. When starting such a check with the trustchk command, you must specify what should be done in the event of a discrepancy. The following options are available:

-n   # Deviations are output, but not automatically korrigiert. (no correction)
-t   # Deviations are displayed, and for each deviation, an interactive query appears asking whether the deviation should be corrected. (prompt)
-y   # Deviations are output and automatically corrected without prompting. (yes)

Individual files can be checked or all trusted files can be checked by specifying “ALL”:

# trustchk -n ALL
# echo $?
0
# 

All trusted files were checked and no deviations were detected. The exit status is 0.

If there are deviations on a system, these are displayed and the exit status has a value different from 0:

# trustchk -n ALL
trustchk: File or directory or device not existing: /var/perf/pm/bin/pmcfg
trustchk: /etc/filesystems: Verification of attributes failed: mode
trustchk: /etc/security/audit/objects: Verification of attributes failed: mode
…
# echo $?
114
# 

Note: This review was performed on a second system.

The exit status of the check is 114 (ENOTRUST).