Trusted Signature Database Management
Similar to that of Trusted Computing Base (TCB) there exists a database which is used to store critical security parameters of trusted files present on the system. This database, called Trusted Signature Database (TSD), resides in the /etc/security/tsd/tsd.dat.
A trusted file is a file that is critical from the security perspective
of the system, and if compromised, can jeopardize the security of the entire
system. Typically the files that match this description are the following:
- Kernel (operating system)
- All setuid root programs
- All setgid root programs
- Any program that is exclusively run by the root user or by a member of the system group
- Any program that must be run by the administrator while on the trusted communication path (for example, the ls command)
- The configuration files that control system operation
- Any program that is run with the privilege or access rights to alter the kernel or the system configuration files
Every trusted file should ideally have an associated stanza or a file definition stored in the Trusted Signature Database (TSD). A file can be marked as trusted by adding its definition in the TSD using the trustchk command. The trustchk command can be used to add, delete, or list entries from the TSD.