Previous Topic: seosdb

Next Topic: serevu

Reference GuideConfiguration FilesThe seos.ini Initialization Fileseoswd

seoswd

In the [seoswd] section, the tokens determine the behavior of the Watchdog.

agent_manager_check_enabled

Specifies whether to protect the AgentManager daemon.

Default Value: no

agent_manager_refresh_interval

Specifies the interval when the watchdog checks if Agent Manager daemon is running or not.

Default Value: 10 Minutes

BlockingInterval

Specifies the interval, in seconds, that the watchdog waits for a response from the main daemon. When elapsed, the watchdog sends a signal to the main daemon.

Default: 60

IgnoreScanInterval

Specifies whether to scan programs and files at specific intervals.

If the token value is no, then the watchdog performs interval scanning; if yes, then it does not scan at intervals.

Note: If you do not specify the scan times with the PgmTestTime or SecFileTestTime tokens, and this token is set to yes, then the watchdog does not scan trusted programs or secured files respectively.

Default: no

PgmRest

Specifies the period, in seconds, after the last event and before checking programs again. The program rests to prevent system overload.

Default: 10

PgmTestInterval

Specifies the time interval, in seconds, between the rescanning of trusted programs.

Note: If the value equals to or, is greater than one day (86400 seconds) then IgnoreScanInterval defaults to yes.

Default: 18000 (five hours)

PgmTestStartTime

Specifies the start time, in hh:mm format, of the first trusted program scan.

If you do not set this token, the Watchdog performs the first scan shortly after startup.

No default.

PgmTestTime

Specifies fixed scan times, in hh:mm format, for trusted programs. You can specify more than one scan time by separating them with spaces.

Note: If you do not specify scan times, and you set the IgnoreScanInterval token to yes, then the Watchdog does not scan trusted programs.

No default.

policyfetcher_refresh_interval

Specifies the interval, in seconds, to verify that the policyfetcher daemon is running.

Default: 600

ProcRestartHours

Specifies the hours when the watchdog restarts high memory size process.

Valid values: 0 - 23 (value in hours)

Default Value: 0 - 5

ProcVSizeCritical

Specifies the process critical memory size, the watchdog restarts the process immediately.

Default Value: 500 (value in megabytes)

ProcVSizeHigh

Specifies the process memory size high watermark, the watchdog restarts during the restart hours.

Default Value: 300 (value in megabytes)

ProcVSizeInterval

Specifies the interval between process memory size verification. The watchdog checks seosd and uxauthd processes.

Default Value: 900 (value in seconds)

RefreshParams

Specifies the time interval, in seconds, between successive reads by the Watchdog of the seos.ini tokens.

Default: 86400 (one day)

SecFileRest

Specifies the period, in seconds, after the last event and before checking secured files again. The Watchdog rests in order to prevent system overload.

Note: If you do not specify scan times, and you set the IgnoreScanInterval token to yes, then seoswd does not scan secured files.

Default: 10

SecFileTestInterval

Specifies the time interval, in seconds, between the rescanning of secured files.

Default: 36000 (ten hours)

SecFileTestStartTime

Specifies the start time, in hh:mm format, of the first scan of secured files.

If no value is given, the Watchdog performs the first scan a short time after CA Access Control daemons start.

No default.

SecFileTestTime

Specifies fixed scan times, in hh:mm format, for secured files. You can specify more than one scan time by separating them with spaces.

No default.

SeosAYT

Specifies the time interval, in seconds, between Watchdog checks of the daemon seosd.

Important! Do not modify this token by yourself because incorrect value may cause major problems in CA Access Control operation. For assistance, contact CA Support at http://ca.com/support.

Default: 60

SignalMinInterval

Specifies the interval, in seconds, between scans after a HUP signal triggers a one‑time scan on demand, to protect the system against overload.

Note: Scan on demand is performed both on trusted programs and secured files.

Default: 60

UnTrustMissing

Determines whether the Watchdog should attempt to untrust a program or file, even though it cannot find it. For example, if the file was deleted or the relevant NFS partition is not mounted.

The following list includes the valid values:

yes-Attempt to untrust the missing file.

no-Do not attempt to untrust the missing file.

Default: yes

unab_check_enabled

Specifies whether to protect the authentication daemon.

Values: yes, no

Default: no

unab_refresh_interval

Specifies the interval, in seconds, to verify that the authentication daemon is running.

Default: 600

VerifyCtime

Specifies whether CA Access Control Watchdog checks the time of the last file status change of trusted programs and secure files.

Valid values are yes or no.

Default: no