Previous Topic: Sun Solaris LimitationsNext Topic: Internal File Protection


Monitoring Sensitive Files

The Watchdog can protect the binaries of your setuid/setgid programs, as well as any other files you specify. The seoswd utility (the Watchdog daemon) continually checks two issues:

When the seosd daemon forks, it automatically executes the seoswd program to start the Watchdog.

Note: For more information about seoswd, see the Reference Guide.

The seos.ini file contains several tokens that control the scanning and time‑out values of the watchdog. It also contains the most up‑to‑date documentation on these values.

Note: For a description of the seos.ini file, see the Reference Guide.

You can use the Watchdog to perform the same background checks as those made for the setuid and setgid programs on ordinary files, including generating audit records when these files are altered.

For example, consider a configuration where only the security administrator is allowed to modify the file /etc/inittab. To make CA ControlMinder monitor the file and generate an alert in any case of modification, use the following command in selang:

newres SECFILE /etc/inittab

The file /etc/inittab is now constantly monitored for modifications.