To define a protected file in selang, enter the following command:
newres FILE filename
For example, to register a file named/tmp/binary.bkup, enter the following command:
newres FILE /tmp/binary.bkup
Note: When you define a file rule without specifying its access type, the default access of NONE is assigned. In this case, the file's owner is the only one who can access the file.
Most protected files should be protected from access by the superuser. Otherwise, any user who knows the superuser's password gains automatic access to the files. At the same time, you can prevent all other users except the file's owner from accessing the file.
To protect several similarly named files, use a file name pattern that includes a wildcard. The wildcards are * (which indicates zero or more characters) and ? (which indicates any one character, other than /).
The pattern that you specify is matched against the file's full path name so that the pattern /tmp/x* matches files named /tmp/x1, /tmp/xxx, and even /tmp/xdir/a.
Patterns that CA ControlMinder does not let you specify are: /*, /tmp/*, and /etc/*.
Important! Because file name patterns are such a powerful tool, you should not experiment freely with them.
For example, the following command defines as protected every file in the /tmp directory that has a name starting with a, and ending with b (this would include a file like /tmp/axyz/axyzb):
newres FILE /tmp/a*b
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|