Authentication database internal consistency (UNIX)

Module: System Auditing

This check looks for inconsistencies within the authentication database on operating systems running in trusted or enhanced security mode. The trusted database is usually located in /tcb, so the files in that directory should be consistent with the /etc/passwd files. You should research each inconsistency reported.

The following table lists the error messages for the check.

Table: Error messages for Authentication database internal consistency

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_INCONSISTENT Category: Policy Compliance	UNIX (6133)	Title: Inconsistent Description:ESM cannot find the command /tcb/bin/authck. Please check to determine whether you have trusted security installed on this system.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_RETRIEVE Category: Policy Compliance	UNIX (6134)	Title: Cannot retrieve Description:The name given is in the Protected Password Database but cannot be retrieved by the getprpwent system call. This may be caused by running NIS on a trusted machine. You should not run NIS and trusted mode at the same time.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_NOTIN Category: Policy Compliance	UNIX (6135)	Title: Not in /etc/passwd Description:The name given is not in /etc/passwd but is in the Protected Password Database. There should be entries both in /etc/passwd and in the /tcb directory for each user.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_MULTIPLY Category: Policy Compliance	UNIX (6136)	Title: Multiple listings Description:The named user is listed multiple times in the password file. The file should contain only one entry for each user name.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_UID Category: Policy Compliance	UNIX (6137)	Title: UID inconsistency Description:Each user should have a unique UID. Users with two or more UIDs can cause confusion in giving file permissions.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_NOTLISTED Category: Policy Compliance	UNIX (6138)	Title: Not listed Description:The named user was not listed in /etc/passswd or in the Protected Password Database. Users should have listings in both of these places. This may be because NIS is running. You should not run NIS on a trusted system.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_UNKNOWN Category: Policy Compliance	UNIX (6139)	Title: Warning Description:An inconsistency has been detected in the Protected Password Database.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_AIXUSER Category: Policy Compliance	UNIX (6140)	Title: AIX user warning Description:An inconsistency has been detected in the Protected Password Database. On AIX, the command "pwdck -n ALL" is used to generate this report.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_AIXFILE Category: Policy Compliance	UNIX (6141)	Title: AIX file warning Description:An inconsistency has been detected between the system files and /etc/security/sysck.cfg. On AIX, the command "tcbck -n ALL" is used to generate this report.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_HPCONSISTENT Category: Policy Compliance	UNIX (6142)	Title: HP warning Description:An inconsistency has been detected between the system files and the trusted database on HP. On HP, ESM uses the command "authck -a" to generate this report and stops after 300 items.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_INCONSISTENT

Category: Policy Compliance

UNIX (6133)

Title: Inconsistent

Description:ESM cannot find the command /tcb/bin/authck. Please check to determine whether you have trusted security installed on this system.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_RETRIEVE

Category: Policy Compliance

UNIX (6134)

Title: Cannot retrieve

Description:The name given is in the Protected Password Database but cannot be retrieved by the getprpwent system call. This may be caused by running NIS on a trusted machine. You should not run NIS and trusted mode at the same time.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_NOTIN

Category: Policy Compliance

UNIX (6135)

Title: Not in /etc/passwd

Description:The name given is not in /etc/passwd but is in the Protected Password Database. There should be entries both in /etc/passwd and in the /tcb directory for each user.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_MULTIPLY

Category: Policy Compliance

UNIX (6136)

Title: Multiple listings

Description:The named user is listed multiple times in the password file. The file should contain only one entry for each user name.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_UID

Category: Policy Compliance

UNIX (6137)

Title: UID inconsistency

Description:Each user should have a unique UID. Users with two or more UIDs can cause confusion in giving file permissions.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_NOTLISTED

Category: Policy Compliance

UNIX (6138)

Title: Not listed

Description:The named user was not listed in /etc/passswd or in the Protected Password Database. Users should have listings in both of these places. This may be because NIS is running. You should not run NIS on a trusted system.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_UNKNOWN

Category: Policy Compliance

UNIX (6139)

Title: Warning

Description:An inconsistency has been detected in the Protected Password Database.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_AIXUSER

Category: Policy Compliance

UNIX (6140)

Title: AIX user warning

Description:An inconsistency has been detected in the Protected Password Database. On AIX, the command "pwdck -n ALL" is used to generate this report.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_AIXFILE

Category: Policy Compliance

UNIX (6141)

Title: AIX file warning

Description:An inconsistency has been detected between the system files and /etc/security/sysck.cfg. On AIX, the command "tcbck -n ALL" is used to generate this report.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_HPCONSISTENT

Category: Policy Compliance

UNIX (6142)

Title: HP warning

Description:An inconsistency has been detected between the system files and the trusted database on HP. On HP, ESM uses the command "authck -a" to generate this report and stops after 300 items.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]