Watchdog Service
Valid on Windows
capamsc141
Valid on Windows
The watchdog monitors the file information and digital signatures of programs that are defined in the database as trusted programs. Monitoring is performed in the background with a minimal load on the system. The
PAM Server Control
agent service automatically starts the watchdog service.The watchdog service performs the following functions:
- It monitors the programs that you defined in the PROGRAM class of the database. If the watchdog detects that a program was modified, it notifies thePAM Server ControlEngine, which marks the program as untrusted. The engine service does not allow an untrusted program to run. The engine service also marks the status change of the program to untrusted in the database and creates an audit record.
- It monitors files that are defined as secured files. These files are defined in the SECFILE class in the database.
- It monitors thePAM Server Controlengine service to ensure it is running. If the watchdog detects a problem with the service, it automatically restarts it.
- The service uses the system log to notify the security administrators when it detects that the engine service has stopped responding. All system log messages are submitted as AUTH facility.
- It reports several events toPAM Server Control, and creates audit records for programs and secured files that were found to be altered.
- It allows you to specify interval and fixed scanning schedules for trusted programs and secure files.
You can run
PAM Server Control
watchdog service from a command-prompt window. This command has the following format:seoswd [start|remove|debug]
- StartSpecifies to start thePAM Server Controlwatchdog service
- RemoveSpecifies to remove thePAM Server Controlwatchdog service from the operating system
- DebugSpecifies to run thePAM Server Controlwatchdog service as a console for debugging purposes