Previous Topic: Internal File RulesNext Topic: Protecting setuid and setgid Programs


Default File Rules

CA ControlMinder creates default file rules during installation to protect sensitive files. Default file rules are visible in selang and can be deleted.

The following table lists the sensitive files that CA ControlMinder protects with default file rules, and the access rights and permitted accessors for the files.

In the table, PMDBDir is the directory in which the policy model databases (PMDBs) reside, and pmd_name is the name of each policy model. By default, PMDBDir is located at ACInstallDir/policies. The location of PMDBDir is defined in the _pmd_directory_ token in the pmd section of the seos.ini file.

File

Default Access

Permitted Accessors

ACInstallDir/data/crypto/crypto.dat

None

sechkey

ACInstallDir/data/crypto/def_root.pem*

None

sechkey

ACInstallDir/data/crypto/sub.key

None

sechkey

ACInstallDir/data/crypto/sub.pem

None

sechkey

ACInstallDir/log/policyfetcher.log

Read

+policyfetcher

ACInstallDir/ladb/*db.la*

Read

sebuildla

/etc/passwd

All

All

/etc/shadow

All

All

PMDBDir/pmd_name/hsock

Read, Write, Execute, Cre, Chown, Chmod, Utime

seagent, sepmdd

PMDBDir/pmd_name/pmd.ini

Read

seagent, sepmdd

PMDBDir/pmd_name/seos_*

Read, Write, Execute, Cre, Chown, Chmod, Utime

seagent, sepmdd

PMDBDir/pmd_name/socket

Read, Write, Execute, Cre, Chown, Chmod, Utime

seagent, sepmdd