Previous Topic: Enable and Disable Kernel Module ProtectionNext Topic: Protecting Binary Files from the kill Command


Enable and Disable File Path Checking on Kernel Module Loads

If kernel module protection is enabled, you can also enable file path checking on kernel module loading. When this is enabled, CA ControlMinder checks that the kernel module to be loaded matches the filepath property of the KMODULE record (for non-Linux systems), or matches the signature of the KMODULE record (for Linux systems).

To enable file path checking, in the seosd section of the configuration file seos.in, set the special_check token to yes (the default is no).

CA ControlMinder does file path checking only if file path checking and kernel mode protection are both enabled.

Example: Enable File Path Checking for Kernel Module Loads Using the seini Utility

To enable file path checking for kernel module loads, you can use the seini and secons utilities as follows:

seini -s seosd.special_check yes
secons -rl