Reference Guide › Utilities › Services and Daemons in Detail › seoswd Daemon

seoswd Daemon

Valid on UNIX

The CA Access Control watchdog daemon.

The watchdog (seoswd) monitors the file information and digital signatures of programs that are defined in the database as trusted programs. Monitoring is performed in the background with a minimal load on the system. The CA Access Control agent daemon seagent automatically starts seoswd.

The seoswd daemon performs the following functions:

• It monitors the programs that you defined in the PROGRAM class of the database. If the watchdog detects that a program was modified, it notifies the CA Access Control daemon, seosd, which marks the program as untrusted. The seosd daemon does not allow an untrusted program to run. The seosd daemon also marks the program's status change to untrusted in the database and creates an audit record.
• It monitors files that are defined as secured files. These files are defined in the SECFILE class in the database.
• It monitors seosd to ensure it is running. If the watchdog detects a problem with seosd, it automatically restarts it.
• The seoswd daemon uses the system log syslogd to notify the security administrators when it detects that seosd has stopped responding. All system log messages are submitted as AUTH facility. For more information on the system log facility, see your system man pages under the syslogd and syslog.conf sections.
• It reports several events to CA Access Control, and creates audit records for programs and secured files that were found to be altered.
• It allows you to specify interval and fixed scanning schedules for trusted programs and secure files.
• The watchdog ignores any signal except SIGHUP; you cannot kill the seoswd daemon unless you first shut down seosd. However, if you execute the command kill ‑SIGHUP pid, the watchdog scans all trusted programs and secure files in the database.

There are two ways in which you can set up the Watchdog scanning mechanism:

1. Determine a start time and then repeat scans at a given interval.

   For example, when checking trusted programs, the Watchdog will start the first scan at PgmTestStartTime and will check all the trusted programs. Rescanning will take place PgmTestInterval seconds after the beginning of the previous scan.

2. Scan at given times.

Note: In both cases, the Watchdog will sleep periodically for a predetermined rest period (PgmRest seconds) during each scan. The Watchdog rests in order to prevent system overload.

You can choose to use one mechanism or both simultaneously. For example, starting at 12:00, scan every 4 hours as well as at 13:00 and 17:30.

In addition to the above mentioned mechanisms for routine scanning of the trusted programs and secured files, there is a way to perform a one-time scan on demand by sending a HUP signal (see token SignalMinInterval).

If you invoke seoswd without an argument, it runs as a daemon. If you invoke seoswd with the ‑d argument, it runs as a daemon, but displays all debug information on the terminal from which you invoked it.

More information:

seuidpgm Utility—Extract Trusted Programs