Previous Topic: Review the Audit LogNext Topic: Retrust Untrusted Programs


Protection

To prevent execution of setuid and setgid commands that are not trusted, issue the following command:

Note: CA ControlMinder automatically includes the user “nobody” in the database.

newres PROGRAM _default defaccess(none) \
owner(nobody) audit(all)

CA ControlMinder then protects you against back doors and Trojan horses by requiring approval from you before allowing any new or changed program to run.

Now suppose, for example, that you have received a new, useful program that is a setuid program. You are sure it is not a Trojan horse, and you want all users to be able to execute it. To register the program as trusted, issue the following command:

newres PROGRAM programpathname \ defaccess(EXEC)