System security review

It is the responsibility of the ISSO to review the security status of the system. A system security review needs to be carried out immediately after installation and at any other time that the system integrity may have been compromised, and system security reviews should also be conducted periodically.

The system integrity database directory, which is stored in the /etc/security/tsd/tsd.dat file, contains security-related information of filesystem objects such as critical commands and system devices. This database must be updated when a new device is added or the security information of the files is modified. See the trustchk command for more information.

The trustchk command compares the current security settings of a file, directory, or device with the corresponding entry in the system integrity database and repairs any security attribute inconsistencies. The trustchk command can only be run by an ISSO-authorized user.