Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

TCB Trusted Computing Base install (good or bad)?

32 views
Skip to first unread message

Mr.E

unread,
Apr 3, 2001, 10:16:54 PM4/3/01
to
Anyone using the "Trusted" install. ? You were given the choice when
you first installed AIX 4.3.3 to do a trusted or regular
installation. Basically it sets up a baseline file of all the files
installed against which you can later run a comparison check; to see if
anything has changed. I don't know how effective it is. I'd like to
hear from anyone who uses it, or anyone who knows if its a good tool or
not.
thanks
jafl...@kc.rr.com

MicroSucks

unread,
Apr 4, 2001, 6:47:19 AM4/4/01
to
You  shuld allways install TCB, due to You have to reinstall OS if You want it later.
You do not have to enable it, and it only steal few megs of your system.

If you need it or not, is dependent to Your security, and speed.
It does not take a lot of  the speed, but some as all of security.

If You go for TCB You may allso have som other security items too, ie FW.
And it is, in general a good tool to use, allso look at dual passwd as root. 

-- 
Rolf Bilet   Senior Systemkonsulent, Unix
_______________________________________________________________
Direkte +47 2209 5069 - Sentralbord +47 2209 5000 - Telefax +47 2409 9101
Merkantildata Services Brynsaléen 2-4, Postboks 6472 Etterstad, 0605 Oslo
rolf....@eterra.no   www.eterra.no   www.merkantildata.no
 

Connie L. Graff

unread,
Apr 4, 2001, 2:02:34 PM4/4/01
to

I've heard people argue both sides of this issue. One of the best
endorcements of installing TCB came from someone who saved himself a
lot of work by having TCB enabled. A vendor/consultant managed to
change ownership and permissions on key system files while installing
and configuring additional software. The SA was able to run the TCB
commands to fix the files that were part of the Trusted Computing
Base. Saved a lot of time and a potential re-install. It can be
a cheap insurance policy.

Connie
cgr...@us.ibm.com

Urban A. Haas

unread,
Apr 5, 2001, 2:00:45 AM4/5/01
to
Hi Connie,

That was me. I had TCB installed on a SAP R/3 database server. Actually, the
I was the AIX consultant and a high priced SAP consultant came in to do the
SAP install. From the root directory, he ran chown -R sappr1:oracle . and
then AIX became really unhappy when it couldn't get permissions to run
commands in /bin /sbin and security related information under /etc.

The machine wouldn't boot either, except from CD, where I accessed the
maintenance shell and ran a tcb repair command where it restored the proper
permissions on all system files. Saved me from a lengthy restore and was
very clean.

I recommend TCB for anyone running a system that has the potential for hack
either intentionally or unintentionally. You can audit your system after a
suspected compromise and verify via permissions and checksums that no one
has modified any of your system files.

--
Urban A. Haas
CEO - Urban Technology, Inc.
Minneapolis, MN USA
Phone: (952) 595-8810 Fax: (952) 595-8710
E-mail: uh...@urbantechnology.com (mailto:uh...@urbantechnology.com)
Web: http://www.urbantechnology.com

This e-mail was composed of 100% recycled bits.
"Connie L. Graff" <cgr...@ppsclnt6.pok.ibm.com> wrote in message
news:9afnjq$15p6$2...@poknews.pok.ibm.com...

0 new messages