|
|
|
CA Access Control creates default file rules during installation to protect sensitive files. Default file rules are visible in selang and can be deleted.
The following table lists the sensitive files that CA Access Control protects with default file rules, and the access rights and permitted accessors for the files.
In the table, PMDBDir is the directory in which the policy model databases (PMDBs) reside, and pmd_name is the name of each policy model. By default, PMDBDir is located at ACInstallDir/policies. The location of PMDBDir is defined in the _pmd_directory_ token in the pmd section of the seos.ini file.
|
File |
Default Access |
Permitted Accessors |
|---|---|---|
|
ACInstallDir/data/crypto/crypto.dat |
None |
sechkey |
|
ACInstallDir/data/crypto/def_root.pem* |
None |
sechkey |
|
ACInstallDir/data/crypto/sub.key |
None |
sechkey |
|
ACInstallDir/data/crypto/sub.pem |
None |
sechkey |
|
ACInstallDir/log/policyfetcher.log |
Read |
+policyfetcher |
|
ACInstallDir/ladb/*db.la* |
Read |
sebuildla |
|
/etc/passwd |
All |
All |
|
/etc/shadow |
All |
All |
|
PMDBDir/pmd_name/hsock |
Read, Write, Execute, Cre, Chown, Chmod, Utime |
seagent, sepmdd |
|
PMDBDir/pmd_name/pmd.ini |
Read |
seagent, sepmdd |
|
PMDBDir/pmd_name/seos_* |
Read, Write, Execute, Cre, Chown, Chmod, Utime |
seagent, sepmdd |
|
PMDBDir/pmd_name/socket |
Read, Write, Execute, Cre, Chown, Chmod, Utime |
seagent, sepmdd |
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |