Previous Topic: RULESET ClassNext Topic: SECLABEL Class


SECFILE Class

Each record in the SECFILE class defines a file to be monitored. SECFILE class records provide verification for important files in the system. However, they cannot appear in a conditional access control list.

Add sensitive system files that are not frequently modified to this class to verify that an unauthorized user has not altered them. The following are some examples of the type of files to include in class SECFILE:

For UNIX

For Windows

/.rhosts

\system32\drivers\etc\hosts

/etc/services

\system32\drivers\etc\services

/etc/protocols

\system32\drivers\etc\protocols

/etc/hosts

 

/etc/hosts.equiv

 

The Watchdog scans these files and ensures the information known about these files is not modified.

Note: Directories cannot be defined in the SECFILE class.

The key of the SECFILE class record is the name of the file that the SECFILE record protects. Specify the full path.

The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked informational.

AIXACL

AIX system ACLs.

AICEXTI

AIX system extended information.

COMMENT

Defines additional information that you want to include in the record. CA ControlMinder does not use this information for authorization.

Limit: 255 characters.

CREATE_TIME

(Informational) Displays the date and time when the record was created.

GROUPS

Defines the list of CONTAINER records that a resource record belongs to.

To modify this property in a class record, change the MEMBERS property in the appropriate CONTAINER record.

Use the mem+ or mem‑ parameter with the chres, editres or newres command to modify this property.

HPUXACL

HP-UX system ACLs.

MD5

(Informational). The RSA-MD5 signature of the file.

OWNER

Defines the user or group that owns the record.

PGMINFO

Defines the program information automatically generated by CA ControlMinder.

The Watchdog automatically verifies the information stored in this property. If it is changed, CA ControlMinder defines the program as untrusted.

You can select any of the following flags to exclude the associated information from this verification process:

crc

The cyclic redundancy check and MD5 signature.

ctime

(UNIX only) The time of the last file status change.

device

On UNIX, the logical disk that the file resides on. On Windows, the drive number of the disk containing the file.

group

The group that owns the program file.

inode

On UNIX, the file system address of the program file. On Windows, this has no meaning

mode

The associated security protection mode for the program file.

mtime

The time the program file was last modified.

owner

The user who owns the program file.

sha1

The SHA1 signature. Digital signature method called Secure Hash Algorithm that could be applied to the program or sensitive files.

size

The size of the program file.

Use the flags, flags+, or flags- parameter with the chres, editres, or newres command to modify the flags in this property.

UNTRUST

Defines whether the resource is untrusted or trusted. If the UNTRUST property is set, accessors cannot use the resource. If the UNTRUST property is not set, the other properties listed in the database for the resource are used to determine accessor's access authority. If a trusted resource is changed in any way, CA ControlMinder automatically sets the UNTRUST property.

Use the trust[-] parameter with the chres, editres, or newres command to modify this property.

Note: The resource file is used to determine access authority, when the SECFILE resource is untrusted and no access authority is set to the SECFILE resource.

UNTRUSTREASON

(Informational). The reason why the program became untrusted.

UPDATE_TIME

(Informational) Displays the date and time when the record was last modified.

UPDATE_WHO

(Informational) Displays the administrator who performed the update.