Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ aliasck(1M) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

audadmin(1M)

authck(1M)

macd(1M)



aliasck(1M)              DG/UX B2 Security R4.12MU02             aliasck(1M)


NAME
       aliasck - check aliases

SYNOPSIS
       aliasck [-q] -a [alias-string]
       aliasck [-q] -l [alias-string]
       aliasck [-q] -m [alias-string]
       aliasck [-q] -c [-f file] [alias-string]
       aliasck [-q] -c [-f file] [-s flagspec alias-string]

   where:
       alias-string  An audit alias, capability alias, location and timeset
                     alias, or MAC label alias to be checked against the
                     indicated alias definition database
       file          The pathname of a capability alias definition file
       flagspec     One or more capability set flags:
                       b    Bounding capability set
                       e    Effective capability set
                       i    Inheritable capability set
                       p    Permitted capability set
                       r    Required capability set
                       all  All of the above

DESCRIPTION
       The aliasck command validates alias definitions.  The -a option
       specifies that audit aliases be checked, the -l option specifies that
       location and timeset aliases be checked, and the -m option specifies
       that MAC aliases be checked.  The -c option specifies that capability
       aliases be checked.

       The aliasck -a command checks the contents of the audit alias
       database for errors.  If an optional alias-string is given, it will
       also check this alias against the audit alias database to see if it
       is defined and valid.

       The aliasck -l command checks the contents of the location and
       timeset (loctime) alias database for errors.  If an optional alias-
       string is given, it will also check this string against the loctime
       alias database.

       The aliasck -m command checks the contents of the MAC alias database
       for errors.  If an optional alias-string is given, it will also check
       that this string is a valid MAC label alias or MAC label definition
       in the MAC alias database.

       The aliasck -c command checks the contents of the capability alias
       database for errors.  If an optional -f file is given, it will use
       this file as the location of the capability alias database.  If an
       optional alias-string is given, it will also check that this string
       is a valid capability alias definition in the capability alias
       database.  If an optional -s flagspec alias-string is given, aliasck
       will check that all sets specified in flagspec are found in the
       capability state represented by alias-string and that the following
       subset relationships between the sets present are met:

              The effective set is a subset of the permitted set.

              The permitted set is a subset of the bounding set.

              The inheritable set is a subset of the bounding set.

       For all options, if the -q option is given, the program will do its
       work silently.  In this case, no error message will be written, but
       the exit code will be set appropriately.

       The user must have appropriate privilege to invoke this command.

       For details of alias syntax, see auditaliasdefs(4M),
       capaliasdefs(4M), loctimealiasdefs(4M), macaliasdefs(4M), and
       maclabeldefs(4M).

EXAMPLES
       # aliasck -a
       In file /etc/tcb/audit/auditaliasdefs:
         (CHDIR,LINK,MKDIR,UMLINK):ALL
                           ^
       unknown class/alias name

       # aliasck -a foo
       Invalid audit mask:
         foo
         ^
       Unknown alias

       # aliasck -c -s bpe "(b:none;p:all;e:all)"

       The permitted set is not a subset of the bounding set.

FILES
       /etc/tcb/audit/auditmaskdefs   File of basic aliases for classes
                                        and reasons.
       /etc/tcb/audit/auditaliasdefs  File defining additional site-
                                        specific audit aliases.
       /etc/tcb/aa/loctimenamedefs    File of basic aliases for locations
                                        and timesets.
       /etc/tcb/aa/loctimealiasdefs   File defining additional site-
                                        specific loctime aliases.
       /etc/tcb/cap/capaliasdefs      File defining capability aliases.
       /etc/tcb/mac/maclabeldefs      File of basic aliases for MAC
                                        hierarchies and categories.
       /etc/tcb/mac/macaliasdefs      File defining additional site-
                                        specific mac aliases.

DIAGNOSTICS
       Exit status is 0 if successful, 1 on error.

       The following alias errors are detected:

            Alias parsing errors:
                 name too long
                 unknown class/alias name (audit)
                 unknown location/alias name (loctime)
                 unknown hierarchy/alias name (MAC)
                 unknown reason name (audit)
                 unknown timeset name (loctime)
                 unknown category name (MAC)
                 addition/subtraction of incomplete masks
                 addition of incomplete loctimes
                 bad syntax
                 internal errors (not user errors)
                      bad parse state encountered
                      reason found in class tree (audit)
                      class found in reason tree (audit)
                      timeset found in location tree (audit)
                      location found in timeset tree (audit)
                      hierarchy found in category tree (MAC)
                      category found in hierarchy tree (MAC)

            Alias name errors:
                 duplicate name
                 duplicate abbreviation

            Audit mask/loctime name definition file errors:
                 can't open audit_mask_defs file (audit)
                 can't open loctime_name_defs file (loctime)
                 can't open mac_label_defs file (MAC)
                 *Reason line missing (must be first section) (audit)
                 bad reason line format (must be alphanum alphanum decimal)
                 (audit)
                 *Class line missing (must be second section) (audit)
                 bad class line format (must be alphanum alphanum decimal)
                 (audit)
                 *Timeset line missing (must be first section) (loctime)
                 bad timeset line format (loctime)
                 *Location line missing (must be second section) (loctime)
                 bad location line format (loctime)
                 *hierarchy line missing (must be first section) (MAC)
                 bad hierarchy line format (must be alphanum alphanum
                 decimal) (MAC)
                 *category line missing (must be second section) (MAC)
                 bad category line format (must be alphanum alphanum
                 decimal) (MAC)
                 bad *line encountered (if third one exists, must be
                 *General)
                 extra *line encountered (only 3 above allowed)
                 bad alias def line (must be 2 alphanums & char string)

            Alias definition file errors:
                 can't open audit_alias_defs file (audit)
                 can't open loctime_alias_defs file (loctime)
                 can't open mac_alias_defs file (MAC)
                 *line found - invalid in this file
                 bad alias def line (must be 2 alphanums & char string)
                 Error reading system alias database (capability)
                 Error reading alias file (capability)

            General errors:
                 not enough memory
                 null alias-string
                 incomplete alias

       When an error is detected, an appropriate error message is written to
       the standard output (without the -q option).  If the error is a parse
       error relating to a particular alias definition, the offending
       definition is displayed with a pointer to the position where the
       error was found.  The program will stop at the first error detected.

SEE ALSO
       audadmin(1M), authck(1M), macd(1M), auditaliasdefs(4M),
       auditmaskdefs(4M), capaliasdefs(4M), loctimealiasdefs(4M),
       loctimenamedefs(4M), macaliasdefs(4M), maclabeldefs(4M).

NOTES
       The program stops at the first detected error.  It may need to be
       executed again after each error is corrected to completely check the
       alias databases.


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026