Previous Topic: secons -kt Function—Display Kernel Tables on UNIXNext Topic: Kernel Table Column Names


Kernel Tables

Kernel tables list frequently-accessed information to help improve CA ControlMinder performance. Kernel tables improve performance because CA ControlMinder does not need to check the database to permit, deny, or resolve events that are listed in the kernel tables.

CA ControlMinder includes the following types of kernel tables:

The following table provides information about each kernel table:

Table Name

Type

Lists

Column Names

Configuration Setting

SpecPgm

Protected resource

All objects in the SPECIALPGM class

flags; user; oid; i-node; device; program

SPECIALPGM class records

TrustPg

Protected resource

All objects in the PROGRAM class

flags; i-node; device; program

PROGRAM class records

LoginPg

Protected resource

All objects in the LOGINAPPL class

flags; i-node; device; program name

LOGINAPPL class records

DBfiles

Protected resource

All objects in the FILE class

file ID; i-node; device; program

FILE class records

Note: The maximum number of records in this table is defined by max_regular_file_rules in the SEOS_syscall section of the seos.ini file

FRegExp

Protected resource

Generic file access rules that are defined in the FILE class

fid; expression

Defined by a generic rule in a FILE class record

Note: The maximum number of records in this table is defined by max_general_file_rules in the SEOS_syscall section of the seos.ini file

DCMfile

Bypass

Do-not-call-me files that you define using GAC

fid; user; type; access

GAC.init file

ACpids

Bypass

Process IDs for the CA ControlMinder daemons

pid; service; contractID

-

InoCach

Cache

Cached inodes

i-node; device; priority; entry

cache_enabled in the SEOS_syscall section of the seos.ini file

F cache

Cache

Cached file access authorization results

file ID; access; acee; answer; phash; prio

-

NetwDCM

Cache

Cached accepted incoming TCP connections

peer; port; local port; flag; prio

UseNetworkCache in the seosd section of the seos.ini file

MntDirs

Protected resource

Directories that CA ControlMinder protects from mounting

dir ID; i-node; device; mount point

-

F inode

Protected resource

Inode and device number of objects in the FILE class

file ID; i-node; device; links

-

STOPbyp

Bypass

Objects in the PROGRAM class for which CA ControlMinder does not provide STOP protection

i-node; device; program

If STOP is enabled, objects in this table have a SPECIALPGM record with the property pgmtype(STOP)

STOPexp

Bypass

Regular expressions that define objects in the PROGRAM class for which CA ControlMinder does not provide STOP protection

priority; n-chars; expression

If STOP is enabled, objects in this table are defined by a generic rule in a SPECIALPGM record with the property pgmtype(STOP)

Family

Bypass

CA ControlMinder daemons

service; pid; contractID

-

DbgProt

Protected resource

CA ControlMinder binaries that CA ControlMinder protects from debugging

pid; access; name in proc

-

TCPport

Bypass

Ports for which seos_syscall will not pass events to seosd

TCP port

bypass_TCPIP in the seosd section of the seos.ini file

TCPoutp

Bypass

Ports for which seos_syscall will not pass outgoing connection events to seosd

TCP port

bypass_outgoing_TCPIP in the seosd section of the seos.ini file

ProcServ

Process

Lists information about all the processes running in the system

#n; pid; ppid; acee; flags; uid; euid; zone; arg0; ACuser

Note: There are many more internal columns in this table that are not displayed by the secons utility

-