Monitor System-Critical Files

Description of the
Core System Files
parameters used
Parameter
Description
Core System Files to be Monitored
/bin/*
/lib/*
/sbin/*
/stand/vmunix
/unix
/usr/bin/*
/usr/lib/*
/usr/sbin/*
/usr/spool/cron/*
/var/adm/cron/*
/var/lib/*
/var/spool/cron/*
Files and Directories to be excluded from Detection
/usr/lib/cron/log
/usr/lib/objrepos
/usr/spool/cron/tmp
/var/adm/cron/FIFO
/var/adm/cron/log
/var/lib/objrepos
/var/log
/var/spool/cron/tmp
Description
Lets you monitor the core system files that the operating system maintains. If you check this option, you must specify at least one path in the subsequent list.
Symantec recommends that you only use the Report File Differences option on a select number of files. If you enable the reporting of file differences for a large number of files, that is, more than 1000, it may affect system resources. Symantec recommends that you test scenarios if large numbers of files require this detection functionality or if wildcard paths are used with this feature.
Description of the
Core System Configuration Files to be Monitored
parameters used
Parameter
Description
Core System Configuration Files to be Monitored
/etc/*.conf
/etc/*.config
/etc/*_conf
/etc/*_config
/etc/sudoers
Files and Directories to be excluded from Detection
/etc/*.log
/etc/*.pid
/etc/btmp
/etc/btmps
/etc/cron.d/FIFO
/etc/security/*log
/etc/sisips
/etc/sisips/*
/etc/sulogin
/etc/symantec/*
/etc/utmp
/etc/utmppipe
/etc/utmps
/etc/utmpx
/etc/wtmps
/etc/wtmpx
Description
Lets you monitor the core system configuration files that the operating system maintains. If you check this option, you must specify at least one path in the subsequent list.
Symantec recommends that you only use the Report File Differences option on a select number of files. If you enable the reporting of file differences for a large number of files, that is, more than 1000, it may affect system resources. Symantec recommends that you test scenarios if large numbers of files require this detection functionality or if wildcard paths are used with this feature.
Description of the
Setup Programs and Packages
parameters used
Parameter
Description
Setup files to be Monitored
/usr/sbin/pkg*
/var/lib/rpm/*
/var/sadm/install/admin/*
/var/sadm/pkg/*
Files and Directories to be excluded from Detection
*.log*
Description
Lets you monitor the setup programs and packages that the operating system maintains. If you check this option, you must specify at least one path in the subsequent list.
Symantec recommends that you only use the Report File Differences option on a select number of files. If you enable the reporting of file differences for a large number of files, that is, more than 1000, it may affect system resources. Symantec recommends that you test scenarios if large numbers of files require this detection functionality or if wildcard paths are used with this feature.
Description of the
Common Daemon Files
parameters used
Parameter
Description
Common Program Files to be Monitored
/etc/cron.d/logchecker
/etc/fs/*/mount
/lib/svc/nfs/lockd
/lib/svc/nfs/statd
/opt/sbin/in.named
/opt/sbin/lwresd
/opt/sbin/name
/sbin/auditd
/sbin/klogd
/sbin/syslogd
/usr/lib/cups/daemon/cups-lpd
/usr/lib/fs/*/moun
/usr/lib/sendmail
/usr/lib/ssh/sshd
/usr/lib/zones/zoneadmd
/usr/local/sbin/in.named
/usr/local/sbin/in.tnamed
/usr/local/sbin/lwresd
/usr/local/sbin/named
/usr/local/sbin/sshd
/usr/sbin/atd
/usr/sbin/automount
/usr/sbin/cron
/usr/sbin/crond
/usr/sbin/cupsd
/usr/sbin/in.named
/usr/sbin/in.tnamed
/usr/sbin/inetd
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/nmbd
/usr/sbin/rpc.mountd
/usr/sbin/smbd
/usr/sbin/sshd
/usr/sbin/syslogd
/usr/sbin/xinetd
Files and Directories to be excluded from Detection
blank value
The user specifies this value.
Description
Lets you monitor the common daemon files that the operating system maintains. If you check this option, you must specify at least one path in the subsequent list.
Symantec recommends that you only use the Report File Differences option on a select number of files. If you enable the reporting of file differences for a large number of files, that is, more than 1000, it may affect system resources. Symantec recommends that you test scenarios if large numbers of files require this detection functionality or if wildcard paths are used with this feature.
Description of the
Monitor Script Files and Cron Files
parameters used
Parameter
Description
Script files to be Monitored
blank value
The user specifies this value.
Files and Directories to be excluded from Detection
blank value
The user specifies this value.
Description
Lets you monitor the user-defined script files and cron files that are used on the device. If you check this option, you must specify at least one path in the subsequent list.
Symantec recommends that you only use the Report File Differences option on a select number of files. If you enable the reporting of file differences for a large number of files, that is, more than 1000, it may affect system resources. Symantec recommends that you test scenarios if large numbers of files require this detection functionality or if wildcard paths are used with this feature.
Description of the
Linux Specific Files
parameters used
Parameter
Description
Other Files to be Monitored
blank value
The user specifies this value.
Files and Directories to be excluded from Detection
blank value
The user specifies this value.
Description
Lets you monitor the critical user-defined files that are specific to Linux operating systems. If you check this option, you must specify at least one path in the subsequent list.
Symantec recommends that you only use the Report File Differences option on a select number of files. If you enable the reporting of file differences for a large number of files, that is, more than 1000, it may affect system resources. Symantec recommends that you test scenarios if large numbers of files require this detection functionality or if wildcard paths are used with this feature.