System Administration Commands                        tnchkdb(1M)



NAME
     tnchkdb - check file syntax of trusted network databases

SYNOPSIS
     /usr/sbin/tnchkdb  [-h path] [-t path] [-z path]


DESCRIPTION
     tnchkdb checks the syntax of the tnrhtp, tnrhdb,  and  tnzo-
     necfg databases. By default, the path for each file is:

         o    /etc/security/tsol/tnrhtp

         o    /etc/security/tsol/tnrhdb

         o    /etc/security/tsol/tnzonecfg


     You can specify an alternate path for  any  or  all  of  the
     files  by  specifying that path on the command line by using
     the -h (tnrhdb), -t (tnrhtp) and -z (tnzonecfg) options. The
     options  are  useful  when  testing  a set of modified files
     before installing the files as new system databases.


     All three database files are checked for integrity.  tnchkdb
     returns  an exit status of 0 if all of the files are syntac-
     tically and, to the extent possible,  semantically  correct.
     If  one  or more files have errors, then an exit status of 1
     is returned. If there are command line problems, such as  an
     unreadable file, an exit status of 2 is returned. Errors are
     written to standard error.


     To avoid cascading errors, when there are errors in  tnrhtp,
     the template names in tnrhdb are not validated.


     tnchkdb  can  be  run  at  any  label,  but   the   standard
     /etc/security/tsol  files  are  visible  only  in the global
     zone.

OPTIONS
     -h [ path ]    Check path for proper tnrhdb syntax. If  path
                    is      not     specified,     then     check
                    /etc/security/tsol/tnrhdb.


     -t [ path ]    Check path for proper tnrhtp syntax. If  path
                    is      not     specified,     then     check
                    /etc/security/tsol/tnrhtp.




SunOS 5.11          Last change: 20 Jul 2007                    1






System Administration Commands                        tnchkdb(1M)



     -z [ path ]    Check path for proper  tnzonecfg  syntax.  If
                    path    is    not   specified,   then   check
                    /etc/security/tsol/tnzonecfg.


EXAMPLES
     Example 1 Sample Error Message


     The tnchkdb command checks for CIPSO errors. In  this  exam-
     ple,  the  adminlow  template  has  an  incorrect  value of
     ADMINHIGH for its default label.


       # tnchkdb
       checking /etc/security/tsol/tnrhtp ...
       tnchkdb: deflabel classification 7fff is invalid for cipso labels:
       line 14 entry adminlow
       tnchkdb: deflabel compartments 241-256 must be zero for cipso labels:
       line 14 entry adminlow
       checking /etc/security/tsol/tnrhdb ...
       checking /etc/security/tsol/tnzonecfg ...



FILES
     /etc/security/tsol/tnrhdb

         Trusted network remote-host database


     /etc/security/tsol/tnrhtp

         Trusted network remote-host templates


     /etc/security/tsol/tnzonecfg

         Trusted zone configuration database


ATRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:











SunOS 5.11          Last change: 20 Jul 2007                    2






System Administration Commands                        tnchkdb(1M)



     
           ATRIBUTE TYPE               ATRIBUTE VALUE       
    
     Availability                 SUNWtsu                     
    
     Interface Stability          See below.                  
    



     The command line is Committed. The output is Uncommitted.

SEE ALSO
     tnd(1M), tnctl(1M), attributes(5)


     How to Check the Syntax  of  Trusted  Network  Databases  in
     Solaris Trusted Extensions Administrator's Procedures

NOTES
     The functionality described on this manual page is available
     only if the system is configured with Trusted Extensions.


     It is possible to have inconsistent but valid configurations
     of  tnrhtp  and  tnrhdb  when LDAP is used to supply missing
     templates.




























SunOS 5.11          Last change: 20 Jul 2007                    3