System file integrity checking: integrity(ADM)
program compares the entries of the File Control database
against the actual file permissions on the system.
It does not alter permissions. To repair permissions, see
``System file permission repair: fixmog(ADM)''.
If your system is configured with the Low or Traditional security defaults, permission problems reported by integrity have no effect on system operation.
You should run integrity as follows:
/tcb/bin/integrity -m -e > int.report
Print the file int.report and examine it. integrity reports files and directories that are missing or have incorrect permissions or ownership. Here are sample messages generated by integrity:
/etc/utmp (entry 83) is wrong. Owner is root, should be bin. Group is root, should be bin. Mode is 0644, should be 0664. /usr/spool/lp (entry 233) is wrong. Group is bin, should be lp. Mode is 0755, should be 0070. /etc/inittab (entry 71) is wrong. Type is d. should be r. /usr/lib/mkuser/csh (wildcard entry 216) is wrong. Owner is bin, should be root. Mode is 0700, should be 0750.The owner, group, and mode refer to the file permissions. The file types ``d'' and ``r'' refer to directory, and regular file, respectively. Missing files should be replaced by restoring them from backups. Permission and ``type'' problems can be fixed with the fixmog utility. All errors found during the integrity check are packaged as audit records that show the audit event as a Database Event in the audit trail.