Kernel tables list frequently-accessed information to help improve CA ControlMinder performance. Kernel tables improve performance because CA ControlMinder does not need to check the database to permit, deny, or resolve events that are listed in the kernel tables.
CA ControlMinder includes the following types of kernel tables:
The following table provides information about each kernel table:
Table Name |
Type |
Lists |
Column Names |
Configuration Setting |
---|---|---|---|---|
SpecPgm |
Protected resource |
All objects in the SPECIALPGM class |
flags; user; oid; i-node; device; program |
SPECIALPGM class records |
TrustPg |
Protected resource |
All objects in the PROGRAM class |
flags; i-node; device; program |
PROGRAM class records |
LoginPg |
Protected resource |
All objects in the LOGINAPPL class |
flags; i-node; device; program name |
LOGINAPPL class records |
DBfiles |
Protected resource |
All objects in the FILE class |
file ID; i-node; device; program |
FILE class records Note: The maximum number of records in this table is defined by max_regular_file_rules in the SEOS_syscall section of the seos.ini file |
FRegExp |
Protected resource |
Generic file access rules that are defined in the FILE class |
fid; expression |
Defined by a generic rule in a FILE class record Note: The maximum number of records in this table is defined by max_general_file_rules in the SEOS_syscall section of the seos.ini file |
DCMfile |
Bypass |
Do-not-call-me files that you define using GAC |
fid; user; type; access |
GAC.init file |
ACpids |
Bypass |
Process IDs for the CA ControlMinder daemons |
pid; service; contractID |
- |
InoCach |
Cache |
Cached inodes |
i-node; device; priority; entry |
cache_enabled in the SEOS_syscall section of the seos.ini file |
F cache |
Cache |
Cached file access authorization results |
file ID; access; acee; answer; phash; prio |
- |
NetwDCM |
Cache |
Cached accepted incoming TCP connections |
peer; port; local port; flag; prio |
UseNetworkCache in the seosd section of the seos.ini file |
MntDirs |
Protected resource |
Directories that CA ControlMinder protects from mounting |
dir ID; i-node; device; mount point |
- |
F inode |
Protected resource |
Inode and device number of objects in the FILE class |
file ID; i-node; device; links |
- |
STOPbyp |
Bypass |
Objects in the PROGRAM class for which CA ControlMinder does not provide STOP protection |
i-node; device; program |
If STOP is enabled, objects in this table have a SPECIALPGM record with the property pgmtype(STOP) |
STOPexp |
Bypass |
Regular expressions that define objects in the PROGRAM class for which CA ControlMinder does not provide STOP protection |
priority; n-chars; expression |
If STOP is enabled, objects in this table are defined by a generic rule in a SPECIALPGM record with the property pgmtype(STOP) |
Family |
Bypass |
CA ControlMinder daemons |
service; pid; contractID |
- |
DbgProt |
Protected resource |
CA ControlMinder binaries that CA ControlMinder protects from debugging |
pid; access; name in proc |
- |
TCPport |
Bypass |
Ports for which seos_syscall will not pass events to seosd |
TCP port |
bypass_TCPIP in the seosd section of the seos.ini file |
TCPoutp |
Bypass |
Ports for which seos_syscall will not pass outgoing connection events to seosd |
TCP port |
bypass_outgoing_TCPIP in the seosd section of the seos.ini file |
ProcServ |
Process |
Lists information about all the processes running in the system |
#n; pid; ppid; acee; flags; uid; euid; zone; arg0; ACuser Note: There are many more internal columns in this table that are not displayed by the secons utility |
- |
Copyright © 2013 CA Technologies.
All rights reserved.
|
|