tnchkdb checks the syntax of the tnrhtp(4), tnrhdb(4), or tnidb(4) databases at pathname. (pathname is the full pathname and filename of the file.) If no database is specified, all three databases in /etc/security/tsol are checked. tnchkdb returns an exit status of 0 (true) and no output if the file is syntactically and semantically correct. Otherwise, tnchkdb returns a nonzero (false) exit status and writes an error diagnostic to the standard output file. tnchkdb also examines the label and DAC information on the specified database files and reports mismatches as WARNINGS rather than ERRORS.
tnchkdb can be run at any sensitivity label that dominates the sensitivity label of the database file. This restriction can be overridden by the
Check pathname for proper tnrhtp syntax. If the pathname is not specified, then check /etc/security/tsol/tnrhtp.
Check pathname for proper tnrhdb syntax. If the pathname is not specified, then check /etc/security/tsol/tnrhdb.
Check t_pathname for proper tnrhtp syntax and check h_pathname for proper tnrhdb syntax. This option complains about template names assigned in tnrhdb but not defined in tnrhtp. If the pathname is not specified, then check /etc/security/tsol/tnrhtp for the -t option and /etc/security/tsol/tnrhdb for the -h option.
Check pathname for proper tnidb syntax. If the pathname is not specified, then check /etc/security/tsol/tnidb.
The tnchkdb command prints an error message if the tnrhdb entry does not exactly match its tnrhtp template entry. In the following example, a space after 192.168.113.170:tsol in the tnrhdb file causes an error. Note that the $ are included to indicate the end of the lines, but do not exist in the file.
% grep tsol /etc/security/tsol/tnrhdb # Assume that template tsol is defined in the tnrhtp database.$ 192.168.113.170:tsol $ % tnchkdb -t -h checking /etc/security/tsol/tnrhtp ... checking /etc/security/tsol/tnrhdb ... Error: Unknown template name: tsol done.
See attributes(5) for descriptions of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
Trusted network interface-control database
Trusted network remote-host database
Trusted network remote-host templates
It is possible to have inconsistent but valid configurations of tnrhtp and tnrhdb, since NIS+ may be used to supply missing templates.