mkCCadmin Command

Purpose

Configure a system to operate in Common Criteria enabled Security Mode.

Syntax

mkCCadmin { [ -m ] | [ -a address ] hostname }

Description

The mkCCadmin command initializes the security directories for use in a Common Criteria enabled System configuration. The distributed database directories are created and symbolic links initialized. When a system is being configured as the Administrative Host (using the -m flag), an additional file system is created to hold the master copies of the administrative database files. Those files are stored in the directory /etc/data.master which has a logical volume name of hd10sec.

The administrative database files are divided into three categories. Those files that must be shared, those files that optionally may be shared, and those files that may not be shared. Optionally sharable files are described in the file /etc/security/files.config. That file consists of multiple lines of the format:
[y|n]|filename
and is editable by the administrator. To select an optionally sharable filename, the administrator sets the first field to the value y. To make an optionally sharable file be unshared, the field is set to the value n. All hosts in the Common Criteria enabled System must have an identical /etc/security/files.config file.

The system hostname must be defined in the /etc/hosts file at the time this command is run. If not, the IP address of the new Common Criteria enabled System Administrative Host may be provided with the -a option, and an entry will be added to /etc/hosts.

Flags

Item Description
-a address Use address as the IP address of hostname.
-m Configure the host as the administrative master.

Parameters

Item Description
hostname Specifies the hostname.

Exit Status

0
The system has been properly configured to operate in the Common Criteria enabled mode.
1
The system was not installed with the Common Criteria enabled option.
2
The system could not be successfully configured to operate in Common Criteria enabled mode.
3
The system was previously configured to operate in Common Criteria enabled mode without having first been unconfigured.

Files

Item Description
/usr/sbin/mkCCadmin Contains the mkCCadmin command.