Each record in the SECFILE class defines a file to be monitored. SECFILE class records provide verification for important files in the system. However, they cannot appear in a conditional access control list.
Add sensitive system files that are not frequently modified to this class to verify that an unauthorized user has not altered them. The following are some examples of the type of files to include in class SECFILE:
For UNIX |
For Windows |
---|---|
/.rhosts |
\system32\drivers\etc\hosts |
/etc/services |
\system32\drivers\etc\services |
/etc/protocols |
\system32\drivers\etc\protocols |
/etc/hosts |
|
/etc/hosts.equiv |
|
The Watchdog scans these files and ensures the information known about these files is not modified.
Note: Directories cannot be defined in the SECFILE class.
The key of the SECFILE class record is the name of the file that the SECFILE record protects. Specify the full path.
The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked informational.
AIX system ACLs.
AIX system extended information.
Defines additional information that you want to include in the record. CA ControlMinder does not use this information for authorization.
Limit: 255 characters.
(Informational) Displays the date and time when the record was created.
Defines the list of CONTAINER records that a resource record belongs to.
To modify this property in a class record, change the MEMBERS property in the appropriate CONTAINER record.
Use the mem+ or mem‑ parameter with the chres, editres or newres command to modify this property.
HP-UX system ACLs.
(Informational). The RSA-MD5 signature of the file.
Defines the user or group that owns the record.
Defines the program information automatically generated by CA ControlMinder.
The Watchdog automatically verifies the information stored in this property. If it is changed, CA ControlMinder defines the program as untrusted.
You can select any of the following flags to exclude the associated information from this verification process:
The cyclic redundancy check and MD5 signature.
(UNIX only) The time of the last file status change.
On UNIX, the logical disk that the file resides on. On Windows, the drive number of the disk containing the file.
The group that owns the program file.
On UNIX, the file system address of the program file. On Windows, this has no meaning
The associated security protection mode for the program file.
The time the program file was last modified.
The user who owns the program file.
The SHA1 signature. Digital signature method called Secure Hash Algorithm that could be applied to the program or sensitive files.
The size of the program file.
Use the flags, flags+, or flags- parameter with the chres, editres, or newres command to modify the flags in this property.
Defines whether the resource is untrusted or trusted. If the UNTRUST property is set, accessors cannot use the resource. If the UNTRUST property is not set, the other properties listed in the database for the resource are used to determine accessor's access authority. If a trusted resource is changed in any way, CA ControlMinder automatically sets the UNTRUST property.
Use the trust[-] parameter with the chres, editres, or newres command to modify this property.
Note: The resource file is used to determine access authority, when the SECFILE resource is untrusted and no access authority is set to the SECFILE resource.
(Informational). The reason why the program became untrusted.
(Informational) Displays the date and time when the record was last modified.
(Informational) Displays the administrator who performed the update.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|