IBM Support

IV58093: AIXPERT RULE "HLS_DISRMTDMNS" MAY FAIL WHEN TCB IS ENABLED APPLIES TO AIX 6100-09

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • In case a system is installed with the Trusted Computing
    Base option, applying rule "hls_disrmtdmns" with the
    "aixpert" command may fail to disable some of the
    affected
    TCP/IP daemons: "rlogind", "rshd" or "tftpd".
    

Local fix

  • Before applying an xml file which includes
    rule "hls_disrmtdmns":
    
    - check if one of the daemons is without TCB flag set:
    
    # chtcb query <path_of_daemon>
    
    # ls -l <path_of_daemon>
    
    # chtcb on <path_of_daemon>
    
    # tcbck -a <path_of_daemon> mode=TCB,<mode_of_daemon>
    
    The impact of this work-around is that you enable the TCB
    flag for the affected daemon. Enabling the TCB flag of a
    command means it can be executed in the Trusted Shell
    (tsh
    command).
    

Problem summary

  • The "hls_disrmtdmns" aixpert rule will fail if TCB is
    enabled on a system.  Aixpert will not show an error when the
    rule is applied but when aixpert -c is run to check the system
    it will show that this rule has failed.
    

Problem conclusion

  • Modify the disrmtdmns script to properly disable the tftpd
    daemon.
    

Temporary fix

Comments

  • 6100-07 - use AIX APAR IV58733
    6100-08 - use AIX APAR IV58668
    6100-09 - use AIX APAR IV58093
    6100-09 - use AIX APAR IV58093
    6100-09 - use AIX APAR IV58093
    7100-01 - use AIX APAR IV58255
    7100-02 - use AIX APAR IV58184
    7100-03 - use AIX APAR IV56799
    7100-04 - use AIX APAR IV58099
    

APAR Information

  • APAR number

    IV58093

  • Reported component name

    AIX 610 STD EDI

  • Reported component ID

    5765G6200

  • Reported release

    610

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2014-03-28

  • Closed date

    2014-03-28

  • Last modified date

    2016-05-10

  • APAR is sysrouted FROM one or more of the following:

    IV56799

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    AIX 610 STD EDI

  • Fixed component ID

    5765G6200

Applicable component levels

  • R610 PSY U861300

       UP14/10/28 I 1000

PTF to Fileset Mapping



Document information

More support for: AIX Standard Edition

Software version: 610

Operating system(s): AIX

Reference #: IV58093

Modified date: 10 May 2016