Kernel Tables
Kernel tables list frequently-accessed information to help improve performance. Kernel tables improve performance because does not need to check the database to permit, deny, or resolve events that are listed in the kernel tables.
capamsc141
Kernel tables list frequently-accessed information to help improve
Privileged Access Manager
performance. Kernel tables improve performance because Privileged Access Manager
does not need to check the database to permit, deny, or resolve events that are listed in the kernel tables.Privileged Access Manager
includes the following types of kernel tables:- Cache tablesList the results of previous resource access requests, resolved inode numbers, and accepted incoming TCP requests.
- Protected resource tablesList resources for which, when access is requested,Privileged Access Manageralways sends an authorization request to thePrivileged Access Managerengine.
- Bypass tablesList resources for which, when access is requested,Privileged Access Managerpermits access without sending an authorization request to thePrivileged Access Managerengine.
- Process tableLists information about all the processes running in the system.
The following table provides information about each kernel table:
Table Name | Type | Lists | Column Names | Configuration Setting |
SpecPgm | Protected resource | All objects in the SPECIALPGM class | flags; user; oid; i-node; device; program | SPECIALPGM class records |
TrustPg | Protected resource | All objects in the PROGRAM class | flags; i-node; device; program | PROGRAM class records |
LoginPg | Protected resource | All objects in the LOGINAPPL class | flags; i-node; device; program name | LOGINAPPL class records |
DBfiles | Protected resource | All objects in the FILE class | file ID; i-node; device; program | FILE class records Note: The maximum number of records in this table is defined by max_regular_file_rules in the SEOS_syscall section of the seos.ini file |
FRegExp | Protected resource | Generic file access rules that are defined in the FILE class | fid; expression | Defined by a generic rule in a FILE class record Note: The maximum number of records in this table is defined by max_general_file_rules in the SEOS_syscall section of the seos.ini file |
DCMfile | Bypass | Do-not-call-me files that you define using GAC | fid; user; type; access | GAC.init file |
ACpids | Bypass | Process IDs for the Privileged Access Manager daemons | pid; service; contractID | - |
InoCach | Cache | Cached inodes | i-node; device; priority; entry | cache_enabled in the SEOS_syscall section of the seos.ini file |
F cache | Cache | Cached file access authorization results | file ID; access; acee; answer; phash; prio | - |
NetwDCM | Cache | Cached accepted incoming TCP connections | peer; port; local port; flag; prio | UseNetworkCache in the seosd section of the seos.ini file |
MntDirs | Protected resource | Directories that Privileged Access Manager protects from mounting | dir ID; i-node; device; mount point | - |
F inode | Protected resource | Inode and device number of objects in the FILE class | file ID; i-node; device; links | - |
STOPbyp | Bypass | Objects in the PROGRAM class for which Privileged Access Manager does not provide STOP protection | i-node; device; program | If STOP is enabled, objects in this table have a SPECIALPGM record with the property pgmtype(STOP) |
STOPexp | Bypass | Regular expressions that define objects in the PROGRAM class for which Privileged Access Manager does not provide STOP protection | priority; n-chars; expression | If STOP is enabled, objects in this table are defined by a generic rule in a SPECIALPGM record with the property pgmtype(STOP) |
Family | Bypass | Privileged Access Manager daemons | service; pid; contractID | - |
DbgProt | Protected resource | Privileged Access Manager binaries that Privileged Access Manager protects from debugging | pid; access; name in proc | - |
TCPport | Bypass | Ports for which seos_syscall will not pass events to seosd | TCP port | bypass_TCPIP in the seosd section of the seos.ini file |
TCPoutp | Bypass | Ports for which seos_syscall will not pass outgoing connection events to seosd | TCP port | bypass_outgoing_TCPIP in the seosd section of the seos.ini file |
ProcServ | Process | Lists information about all the processes running in the system | #n; pid; ppid; acee; flags; uid; euid; zone; arg0; ACuser Note: There are many more internal columns in this table that are not displayed by the secons utility | - |