mkrtc Command

Edit online

Purpose

Configures or unconfigures Power SC real-time compliance for the operating system instance.

Syntax

To configure Power SC real-time compliance:

mkrtc -e email1, email2... [ -a alertStyle ] [ -d debug ] [ -i infoLevel ] [ -s emailSubject ] [ -c minCheckTime ]

To unconfigure Power SC real-time compliance:

mkrtc -u

Description

The mkrtc command is used to configure or unconfigure Power SC real-time compliance. To configure the -e flag, the email addresses must be provided as arguments. All other flags are optional. The mkrtc command saves the options to the /etc/security/rtc/rtcd.conf file, adds the Power SC real-time compliance entry to the /etc/inittab, and starts the rtcd daemon.

On unconfiguration, the mkrtc command removes the entry from the /etc/inittab file and stops the rtcd daemon.

Flags

Flag Description
-a alertStyle
Specifies the alert style. The following are valid values:
  • Once: Alerts once for the same set of compliance violations. This is the default alert style.
  • Event: Alerts once for the same set of compliance violations, but keeps alerting for each file modification event.
  • Always: Alerts compliance violations and the file modification. It keeps alerting for the file modification.
-c minCheckTime Specifies the minimum amount of time between the compliance verifications. This flag checks the Power SC for compliance regularly even without file modification triggers, so that the mkrtc command can detect compliance implications in the files that are created by the user. For example, this flag can detect the .rhost file creation in the home directory that can have compliance implication.

The default minimum time is 30 minutes. If this value is set to 0, it indicates that the compliance check is never run unless the files are modified.
-d debug Specifies the debug option to be turned on or off. The valid values are On or Off. The default value is Off.
-e email1, email2... Provides a comma-separated list of emails to which email alerts are to be sent.
-i infoLevel Specifies the information level of file modification events.
-s emailSubject Provides the subject line to be used for the email alert.
-u Unconfigures the Power SC real-time compliance.
On configuring Power SC real-time compliance, the mkrtc command performs the following tasks:
  1. Updates the /etc/security/rtc/rtcd.conf file with the options from the command line.
  2. Updates the /etc/inittab file with pscrtc:2:wait: /usr/bin/startsrc -s rtcd.
  3. Starts the rtcd daemon.
On unconfiguration, the mkrtc command performs the following tasks:
  1. Removes the Power SC real-time compliance entry from /etc/inittab file.
  2. Stops the rtcd daemon.

Security

Only the root user and users with aix.security.aixpert authorization are authorized to run this command.

Exit Status

Value Description
0 The command runs successfully.
>0 An error occurred. The printed error message lists further details about the type of failure.

Examples

  1. To configure Power SC real-time compliance, type the following command:
    # mkrtc -e test@abc.com,dummy@abc.com -a event

    This command configures Power SC real-time compliance to send compliance violation alert and file modification events to test@abc.com and dummy@abc.com. The alert style is set to event.

  2. To unconfigure Power SC real-time compliance, type the following command:
    # mkrtc -u

Files

Mode File
rw /etc/security/rtc/rtcd.conf