SECFILE Class

Each record in the SECFILE class defines a file to be monitored. SECFILE class records provide verification for important files in the system. However, they cannot appear in a conditional access control list.
capamsc141
Each record in the SECFILE class defines a file to be monitored. SECFILE class records provide verification for important files in the system. However, they cannot appear in a conditional access control list.
Add sensitive system files that are not frequently modified to this class to verify that an unauthorized user has not altered them. The following are some examples of the type of files to include in class SECFILE:
For UNIX
For Windows
/.rhosts
\system32\drivers\etc\hosts
/etc/services
\system32\drivers\etc\services
/etc/protocols
\system32\drivers\etc\protocols
/etc/hosts
 
/etc/hosts.equiv
 
The Watchdog scans these files and ensures the information known about these files is not modified.
Directories cannot be defined in the SECFILE class.
The key of the SECFILE class record is the name of the file that the SECFILE record protects. Specify the full path.
The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked
informational
.
  • AIXACL
    AIX system ACLs.
  • AICEXTI
    AIX system extended information.
  • COMMENT
    Defines additional information that you want to include in the record. 
    PAM Server Control
    does not use this information for authorization.
    Limit:
    255 characters.
  • CREATE_TIME
    (Informational) Displays the date and time when the record was created.
  • GROUPS
    Defines the list of CONTAINER records that a resource record belongs to.
    To modify this property in a class record, change the MEMBERS property in the appropriate CONTAINER record.
    Use the mem+ or mem- parameter with the chres, editres or newres command to modify this property.
  • HPUXACL
    HP-UX system ACLs.
  • MD5
    (Informational). The RSA-MD5 signature of the file.
  • OWNER
    Defines the user or group that owns the record.
  • PGMINFO
    Defines the program information automatically generated by
    PAM Server Control
    .
    The Watchdog automatically verifies the information stored in this property. If it is changed, 
    PAM Server Control
    defines the program as untrusted.
    You can select any of the following flags to
    exclude
    the associated information from this verification process:
    • crc
      The cyclic redundancy check and MD5 signature.
    • ctime
      (UNIX only) The time of the last file status change.
    • device
      On UNIX, the logical disk that the file resides on. On Windows, the drive number of the disk containing the file.
    • group
      The group that owns the program file.
    • inode
      On UNIX, the file system address of the program file. On Windows, this has no meaning
    • mode
      The associated security protection mode for the program file.
    • mtime
      The time the program file was last modified.
    • owner
      The user who owns the program file.
    • sha1
      The SHA1 signature. Digital signature method called Secure Hash Algorithm that could be applied to the program or sensitive files.
    • size
      The size of the program file.
    Use the flags, flags+, or flags- parameter with the chres, editres, or newres command to modify the flags in this property.
  • UNTRUST
    Defines whether the resource is untrusted or trusted. If the UNTRUST property is set, accessors cannot use the resource. If the UNTRUST property is not set, the other properties listed in the database for the resource are used to determine accessor's access authority. If a trusted resource is changed in any way, 
    PAM Server Control
    automatically sets the UNTRUST property.
    Use the trust[-] parameter with the chres, editres, or newres command to modify this property.
    Note:
    The resource file is used to determine access authority, when the SECFILE resource is untrusted and no access authority is set to the SECFILE resource.
  • UNTRUSTREASON
    (Informational). The reason why the program became untrusted.
  • UPDATE_TIME
    (Informational) Displays the date and time when the record was last modified.
  • UPDATE_WHO
    (Informational) Displays the administrator who performed the update.