If kernel module protection is enabled, you can also enable file path checking on kernel module loading. When this is enabled, CA ControlMinder checks that the kernel module to be loaded matches the filepath property of the KMODULE record (for non-Linux systems), or matches the signature of the KMODULE record (for Linux systems).
To enable file path checking, in the seosd section of the configuration file seos.in, set the special_check token to yes (the default is no).
CA ControlMinder does file path checking only if file path checking and kernel mode protection are both enabled.
Example: Enable File Path Checking for Kernel Module Loads Using the seini Utility
To enable file path checking for kernel module loads, you can use the seini and secons utilities as follows:
seini -s seosd.special_check yes secons -rl
Copyright © 2013 CA Technologies.
All rights reserved.
|
|