ISO8859-1d#&#Dh      -=k" 7 ' C W k  ) +  !! :"" \#' $% % & ' ( )G )*# q+B ,& -- .4 -/+ b0b 1I 2n ;3@ 40 5C6)`7%8)9%:#;$<%A='g>0?1@>A91B9kC\D>EAF!EG!gHIJKLMN O("P5KQGR1S7T3ULV'gWX5YZb[!Z\'|]'^$_&`az0bc.kd 0!! B\z   &   8W)v2@,  A, ^*  O \!!q"j"O#X#^S# Q$ $] $ % &j'h(d(()*c*+-Usage: trustchk -d { ... | -f } trustchk -F -{a|d|g|q|y|n|t} trustchk -g trustchk [-@ {wparname | ALL}] -p trustchk -q { ... | ALL | -f } trustchk [-s -v ] [-w] -a { [=value] ... | -f } trustchk [-l] [-r] -{y|n|t} { ... | ALL} trustchk [-i] [-x] -{y|n|t} tree { ...} trustchk -u [=value]... Error while accessing the file: %s Hash value calculation failed Error while processing stanza Memory allocation failed Verification of attributes failed: %s Correction of attribute failed: %s Deletion of stanzas failed Invalid attribute: %s Error opening the file: %s Error reading stanza Error adding stanza: %s Error writing to database file Duplicate stanza: %s Error processing default Stanza File or directory or device not existing: %s Error deleting stanza: %s Internal Error Verification of stanza failed: %s Stanza not found: %s Invalid Mode Invalid Link: %s Invalid file or directory or device name specified: %s Error while processing TSD Owner not existing Group not existing Invalid hash algorithm: %s Symlink stanza not allowed: %s Socket stanza not allowed: %s Stanza not found or duplicate stanza: %s Copying of verification certificate failed Signature calculation failed Unable to extract certificate id No matching certificate found: %s Error retrieving %s attribute from odm Error updating %s attribute from odm Error loading TSD Error retrieving policy Error setting policy Error writing to file %s trustchk cannot run on a machine with Trusted Computing Base installed Error retrieving trusted path list CLiC Kernel Extension not found, cannot proceed. Install clic.rte Boot time policy configuration failed Certificate and Key required to add file: %s Policy in use. Changes applicable on next boot only Trusted AIX is not enabled on this machine Stanza %s has %s value "%s" in %s and value "%s" in TSD. Change the value in %s to that as in TSD?Stanza %s has an invalid %s label on the filesystem. Reset label to "%s"?Stanza %s has %s value "%s" in TSD and %s on the filesystem. Change the value on filesystem to that as in TSD? Unable to retrieve labels and security flags attributes for %s Warning: Stanza %s has invalid %s value in TSD. Warning: Unable to change security attributes on filesystem for %s Warning: Invalid security flag %s in TSD Warning: Invalid privilege %s in TSD Warning: Invalid authorization %s in TSD Error initializing label database %s %s: Attribute missing from stanzas Loading of stanza failed:%s %s: Verification of attributes failedPath name cannot exceed %d characters Cyclic symbolic link is detected in the file %s Symbolic link %s does not point to absolute path The untrusted file %s has entry in privilege command database The untrusted file %s is an unregistered set-UID program The untrusted file %s is an unregistered set-GID program WARNING : Security database is modified, update the kernel table by running setkst command Verification of symlinks attribute is failing for the file %s Usage: trustchk -R trustchk -d { ... | -f } trustchk -F -{a|d|g|q|y|n|t} trustchk -g trustchk [-@ {wparname | ALL}] -p trustchk -q { ... | ALL | -f } trustchk [-s -v ] [-w] -a { [=value] ... | -f } trustchk [-l] [-r] -{y|n|t} { ... | ALL} trustchk [-i] [-x] -{y|n|t} tree { ...} trustchk -u [=value]... Error while setting the secorder Error while setting the gecorder LDAP operation failed LDAP entry missing %s LDAP: No permission LDAP: No TSD entry LDAP: No TEPolicy entry System call failed Base-64 Encode Fail Error retrieving %s attribute from file The file %s is a symbolic link and has entry in TSD WARNING: Remove the stanza for the file %s from TSD database, manually Failed on LDAP (TSD), trying next domain if any. Failed on LDAP (TE Policy), trying next domain if any. Duplicate attribute: %s Processing library failed Creation of temporary directory failed Keygeneration failed Key file not accessible,Signature calculation failed Key File Decryption Failed Usage: trustchk -R trustchk -d { ... | -f } trustchk -F -{a|dg|q|y|n|t} trustchk -g trustchk [-@ {wparname | ALL}] -p trustchk -q { ... | ALL | -f } trustchk [-s -v [-P] [-w] -a [tree] { [=value] ... | -f } trustchk [-l] [-r] -{y|n|t} { ... | ALL} trustchk [-i] [-x] -{y|n|t} tree { ...} trustchk -u [=value]... trustchk -k -s -v [-N] {[-D] } Invalid value for Type attribute Invalid value for accessauth attribute Invalid value for privilege attributes Invalid value for secflag attribute Invalid value for authprivs attribute File %s already exists Certificates conflict,cert with certID filename %s already exists, copying cert to /etc/security/certificates path failed Usage: trustchk -R trustchk -d { ... | -f } trustchk -F -{a|d|g|q|y|n|t} trustchk -g trustchk [-@ {wparname | ALL}] -p trustchk -q { ... | ALL | -f } trustchk [-s -v ] [-P] [-w] -a [tree] { [=value] ... | -f } trustchk [-l] [-r] -{y|n|t} { ... | ALL} trustchk [-i] [-x] -{y|n|t} tree { ...} trustchk -u [=value]... trustchk -p { [ TE [= ON | OFF ] ] [ CHKEXEC [=ON | OFF ] ] [ CHKSHLIB [ =ON | OFF ] ] [ CHKSCRIPT [ =ON | OFF ] ] [ CHKKERNEXT [ = ON | OFF ] ] [ STOP_UNTRUSTD [ = ON | OFF ] ] [ STOP_ON_CHKFAIL [ = ON | OFF ] ] [ TEP [ = ON | OFF | PathList ] ] [ TLP [ = ON | OFF | PathList [ TSD_FILES_LOCK [ = ON | OFF ] ] [ TSD_LOCK [ = ON | OFF ] ] } trustchk -k -s -v [-N] {[-D] } Symbolic link %s does not point to valid path Updating cert status failed: %s Trusted ExecutionChange/Show characteristics of Trusted ExecutionManage Trusted Signature DatabaseChange/Show Current Policy StatusChange/Show Trusted PathsAdd a new Trusted File to TSDDelete a Trusted File from TSDFile path nameSigning KeyCertificateChange/Show Trusted Execution PoliciesChange/Show Trusted PathsTrusted Execution(TE)Executable Verification(CHKEXEC)Library Verification(CHKSHLIB)Script Verification(CHKSCRIPT)Kernel Extension Verification(CHKKERNEXT)Stop un-trusted files from loading(STOP_UNTRUSTED)Stop loading of files on hash verification fail(STOP_ON_CHKFAIL)Lock writes to trusted files(TSD_FILES_LOCK)Lock writes to TSD(TSD_LOCK)Verification of Trusted Execution Paths(TEP)Verification of Trusted Library Paths(TLP)Trusted PathsProvides options for viewing and modifying various Trusted Execution policies.Provides options for viewing and modifying Trusted Execution Path and Trusted Library Paths.Enter new set of comma separated paths which contain the trusted files. Trusted Execution will allow only the files from these paths to get loaded.Enter new set of comma separated paths which contain the trusted libraries. Trusted Execution will allow only the libraries from these paths to get loaded.Enable or disable Trusted Execution. Other policies can only be activated when the TE option is set to ON.Check the integrity of executables that belongs to the TSD before loading them.Check the integrity of the kernel extensions that belong to the TSD before loading them.Check the integrity of shared libraries that belong to the TSD before loading them.Checks the integrity of shell scripts that belong to the TSD before loading them.Stop the loading of files whose integrity check fails. If this is not enabled, only a message is logged and the files will be allowed to get loadedStop the loading of files that do not belong to the TSD. If this is not enabled, only a message is logged and the files will be allowed to get loadedEnable/disable Trusted Execution Path checks, The Trusted Execution Path consists of a list of colon-separated absolute paths, for example, the TEP=/usr/bin:/usr/sbin. When this policy is enabled, the files belonging to only these directory paths are allowed to be loaded.Enable/disable Trusted Library Path checks, The Trusted Library Path consists of a list of colon-separated absolute paths, for example, the TLP=/usr/lib:/usr/ccs/lib. When this policy is enabled, the libraries belonging to only these directory paths are allowed to be loaded.Disallow opening of files belonging to the TSD in write mode. You cannot make any change to any TSD files.Disallow opening of a TSD file (/etc/security/tsd/tsd.dat) in write mode to disable editing of the TSD.Provides options to manage the Trusted Signature Database. Options include add/delete stanzas in TSDProvides options to add new file entries to Trusted Signature Database. A new security attributes stanza will be created for the specified file and added into TSD. This will make the specified file trustedProvides options to delete file entries from Trusted Signature Database. A stanza for the specified file will be removed from TSD. This will make the specified file untrustedEnter the absolute path of the file to be added to Trusted Signature Database Note that this will make Trusted Execution to treat the file as trustedSpecify the signing key to be used to generate signature of file being added to TSD. The signing key is an RSA private key in ASN.1/DER in PKCS#8 format without pass phrase (that is, password) protection. This should be an absolute pathSpecify the verification certificate that is associated with the signing key. This certificate is copied into a certificate store in the /etc/security/certificate and is used to verify the file signature during auditing. If a certificate with the same certificate ID already exists in the store, then it is overwritten with a new certificate. The verification certificate is in ASN.1/DER format. This should be an absolute pathEnter the absolute path of the file to be deleted from Trusted Signature Database Note that this will make Trusted Execution to treat the file as untrusted