Using check to Validate the rules File

Before the rules file and profiles can be used, you must run the check(1M) command to validate that these files are set up correctly. The check script performs the following steps:

1. The rules file is checked for syntax.

   check makes sure that the rule keywords are legitimate, and the begin, class, and finish fields are specified for each rule (the begin and finish fields may be a minus sign [-] instead of a file name).

2. If no errors are found in the rules file, each profile specified in the rules is checked for syntax.

3. If no errors are found, check creates the rules.ok file from the rules file, removing all comments and blank lines, retaining all the rules, and adding the following comment line to the end:

   # version=2 checksum=num

How to Use check to Validate the rules File

Overview - The procedure to use the check command to validate the rules file involves:

• Making sure the check script resides in the JumpStart directory

• Running the check script

  Follow this procedure to use check to validate the rules file.

1. As root, at label admin_low, make sure that the check script resides in the JumpStart directory.

   ---

   Note -

   The check script is provided in the jumpstart_sample directory on the Trusted Solaris CD.

   ---

2. Change the directory to the JumpStart directory:

   # cd jumpstart_dir_path

3. Run the check script to validate the rules file:

   # ./check [ -p path ] [ -r file_name ]

   In this command,

   -p path

   Is the path to the Trusted Solaris 7 CD. You can use a Trusted Solaris CD image on a local disk or a mounted Trusted Solaris CD. This option ensures that you are using the most recent version of the check script. You should use this option if you are using check on a workstation that is running a previous version of Trusted Solaris.

   -r file_name

   Specifies a rules file other than the one named rules. Using this option, you can test the validity of a rule before integrating it into the rules file.

   As the check script runs, it reports that it is checking the validity of the rules file and the validity of each profile. If no errors are encountered, it reports:

   The custom JumpStart configuration is ok.

   and creates a file called rules.ok.

   The rules files is now validated.