IBM Support

IV56799: AIXPERT RULE "HLS_DISRMTDMNS" MAY FAIL WHEN TCB IS ENABLED APPLIES TO AIX 7100-03

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • In case a system is installed with the Trusted Computing
    Base option, applying rule "hls_disrmtdmns" with the
    "aixpert" command may fail to disable some of the
    affected
    TCP/IP daemons: "rlogind", "rshd" or "tftpd".
    

Local fix

  • Before applying an xml file which includes
    rule "hls_disrmtdmns":
    
    - check if one of the daemons is without TCB flag set:
    
    # chtcb query <path_of_daemon>
    
    # ls -l <path_of_daemon>
    
    # chtcb on <path_of_daemon>
    
    # tcbck -a <path_of_daemon> mode=TCB,<mode_of_daemon>
    
    The impact of this work-around is that you enable the TCB
    flag for the affected daemon. Enabling the TCB flag of a
    command means it can be executed in the Trusted Shell
    (tsh
    command).
    

Problem summary

  • The "hls_disrmtdmns" aixpert rule will fail if TCB is
    enabled on a system.  Aixpert will not show an error when the
    rule is applied but when aixpert -c is run to check the system
    it will show that this rule has failed.
    

Problem conclusion

  • Modify the disrmtdmns script to properly disable the tftpd
    daemon.
    

Temporary fix

Comments

  • 6100-07 - use AIX APAR IV58733
    6100-08 - use AIX APAR IV58668
    6100-09 - use AIX APAR IV58093
    6100-09 - use AIX APAR IV58093
    6100-09 - use AIX APAR IV58093
    7100-01 - use AIX APAR IV58255
    7100-02 - use AIX APAR IV58184
    7100-03 - use AIX APAR IV56799
    7100-04 - use AIX APAR IV58099
    

APAR Information

  • APAR number

    IV56799

  • Reported component name

    AIX V7.1

  • Reported component ID

    5765H4000

  • Reported release

    710

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2014-03-18

  • Closed date

    2014-03-25

  • Last modified date

    2016-05-10

Fix information

  • Fixed component name

    AIX V7.1

  • Fixed component ID

    5765H4000

Applicable component levels

  • R710 PSY U859460

       UP14/05/22 I 1000

PTF to Fileset Mapping



Document information

More support for: AIX Enterprise Edition

Software version: 710

Operating system(s): AIX

Reference #: IV56799

Modified date: 10 May 2016