SECFILE Class
Each record in the SECFILE class defines a file to be monitored. SECFILE class records provide verification for important files in the system. However, they cannot appear in a conditional access control list.
capamsc141
Each record in the SECFILE class defines a file to be monitored. SECFILE class records provide verification for important files in the system. However, they cannot appear in a conditional access control list.
Add sensitive system files that are not frequently modified to this class to verify that an unauthorized user has not altered them. The following are some examples of the type of files to include in class SECFILE:
For UNIX | For Windows |
/.rhosts | \system32\drivers\etc\hosts |
/etc/services | \system32\drivers\etc\services |
/etc/protocols | \system32\drivers\etc\protocols |
/etc/hosts | |
/etc/hosts.equiv |
The Watchdog scans these files and ensures the information known about these files is not modified.
Directories cannot be defined in the SECFILE class.
The key of the SECFILE class record is the name of the file that the SECFILE record protects. Specify the full path.
The following definitions describe the properties contained in this class record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked
informational
.- AIXACLAIX system ACLs.
- AICEXTIAIX system extended information.
- COMMENTDefines additional information that you want to include in the record.Privileged Access Managerdoes not use this information for authorization.Limit:255 characters.
- CREATE_TIME(Informational) Displays the date and time when the record was created.
- GROUPSDefines the list of CONTAINER records that a resource record belongs to.To modify this property in a class record, change the MEMBERS property in the appropriate CONTAINER record.Use the mem+ or mem- parameter with the chres, editres or newres command to modify this property.
- HPUXACLHP-UX system ACLs.
- MD5(Informational). The RSA-MD5 signature of the file.
- OWNERDefines the user or group that owns the record.
- PGMINFODefines the program information automatically generated byPrivileged Access Manager.The Watchdog automatically verifies the information stored in this property. If it is changed,Privileged Access Managerdefines the program as untrusted.You can select any of the following flags toexcludethe associated information from this verification process:
- crcThe cyclic redundancy check and MD5 signature.
- ctime(UNIX only) The time of the last file status change.
- deviceOn UNIX, the logical disk that the file resides on. On Windows, the drive number of the disk containing the file.
- groupThe group that owns the program file.
- inodeOn UNIX, the file system address of the program file. On Windows, this has no meaning
- modeThe associated security protection mode for the program file.
- mtimeThe time the program file was last modified.
- ownerThe user who owns the program file.
- sha1The SHA1 signature. Digital signature method called Secure Hash Algorithm that could be applied to the program or sensitive files.
- sizeThe size of the program file.
- UNTRUSTDefines whether the resource is untrusted or trusted. If the UNTRUST property is set, accessors cannot use the resource. If the UNTRUST property is not set, the other properties listed in the database for the resource are used to determine accessor's access authority. If a trusted resource is changed in any way,Privileged Access Managerautomatically sets the UNTRUST property.Use the trust[-] parameter with the chres, editres, or newres command to modify this property.Note:The resource file is used to determine access authority, when the SECFILE resource is untrusted and no access authority is set to the SECFILE resource.
- UNTRUSTREASON(Informational). The reason why the program became untrusted.
- UPDATE_TIME(Informational) Displays the date and time when the record was last modified.
- UPDATE_WHO(Informational) Displays the administrator who performed the update.