Entries in the TSD that are no longer needed can be easily removed using trustchk and the “-d” (delete) option:

# trustchk -d /usr/local/bin/myprog
# 

In this example, a program that no longer exists is deleted from the TSD. If an entry is missing, the following error message is displayed during deletion:

# trustchk -d /usr/local/bin/myprog
trustchk: Stanza not found or duplicate stanza: /usr/local/bin/myprog
trustchk: Deletion of stanzas failed
# 

The change will only take effect the next time the TSD is loaded into the kernel. However, this can be enforced immediately by running “trustchk -p te=on“.

Before deleting an entry in the TSD, you should be absolutely certain that it is no longer needed! Depending on the configured TE policy, the associated binary may no longer be executable.

We demonstrate this using the example of /usr/bin/ls, which we mistakenly delete from the TSD:

# trustchk -d /usr/bin/ls
#

However, this only takes effect after updating the TSD in the kernel:

# trustchk -p te=on
#

This automatically makes /usr/bin/ls an untrusted program! If the configured TE policy prohibits the execution of such programs (STOP_UNTRUSTD=ON), the ls command will no longer run. It will then simply return the following error message:

# ls -l
/usr/bin/ksh: ls: cannot execute
#

Note: This applies to all users, including the root user!

When using syslogd, the following two messages are logged:

Mar 20 20:11:42 aixe03 kern:info unix: Trusted Execution: pid=15270340, euid=0, ruid=0: File not in TSD: /bin/ls
Mar 20 20:11:42 aixe03 kern:err|error unix: Trusted Execution: pid=15270340, euid=0, ruid=0: Crypto hash verification failed: /bin/ls