CA ControlMinder creates default file rules during installation to protect sensitive files. Default file rules are visible in selang and can be deleted.
The following table lists the sensitive files that CA ControlMinder protects with default file rules, and the access rights and permitted accessors for the files.
In the table, PMDBDir is the directory in which the policy model databases (PMDBs) reside, and pmd_name is the name of each policy model. By default, PMDBDir is located at ACInstallDir/policies. The location of PMDBDir is defined in the _pmd_directory_ token in the pmd section of the seos.ini file.
File |
Default Access |
Permitted Accessors |
---|---|---|
ACInstallDir/data/crypto/crypto.dat |
None |
sechkey |
ACInstallDir/data/crypto/def_root.pem* |
None |
sechkey |
ACInstallDir/data/crypto/sub.key |
None |
sechkey |
ACInstallDir/data/crypto/sub.pem |
None |
sechkey |
ACInstallDir/log/policyfetcher.log |
Read |
+policyfetcher |
ACInstallDir/ladb/*db.la* |
Read |
sebuildla |
/etc/passwd |
All |
All |
/etc/shadow |
All |
All |
PMDBDir/pmd_name/hsock |
Read, Write, Execute, Cre, Chown, Chmod, Utime |
seagent, sepmdd |
PMDBDir/pmd_name/pmd.ini |
Read |
seagent, sepmdd |
PMDBDir/pmd_name/seos_* |
Read, Write, Execute, Cre, Chown, Chmod, Utime |
seagent, sepmdd |
PMDBDir/pmd_name/socket |
Read, Write, Execute, Cre, Chown, Chmod, Utime |
seagent, sepmdd |
Copyright © 2013 CA Technologies.
All rights reserved.
|
|