Kernel Tables

Kernel tables list frequently-accessed information to help improve Privileged Identity Manager performance. Kernel tables improve performance because Privileged Identity Manager does not need to check the database to permit, deny, or resolve events that are listed in the kernel tables.
cminder12801
Kernel tables list frequently-accessed information to help improve Privileged Identity Manager performance. Kernel tables improve performance because Privileged Identity Manager does not need to check the database to permit, deny, or resolve events that are listed in the kernel tables.
Privileged Identity Manager includes the following types of kernel tables:
  • Cache tablesList the results of previous resource access requests, resolved inode numbers, and accepted incoming TCP requests.
  • Protected resource tablesList resources for which, when access is requested, Privileged Identity Manager always sends an authorization request to the Privileged Identity Manager engine.
  • Bypass tablesList resources for which, when access is requested, Privileged Identity Manager permits access without sending an authorization request to the Privileged Identity Manager engine.
  • Process tableLists information about all the processes running in the system.
The following table provides information about each kernel table:
Table Name
Type
Lists
Column Names
Configuration Setting
SpecPgm
Protected resource
All objects in the SPECIALPGM class
flags; user; oid; i-node; device; program
SPECIALPGM class records
TrustPg
Protected resource
All objects in the PROGRAM class
flags; i-node; device; program
PROGRAM class records
LoginPg
Protected resource
All objects in the LOGINAPPL class
flags; i-node; device; program name
LOGINAPPL class records
DBfiles
Protected resource
All objects in the FILE class
file ID; i-node; device; program
FILE class records
Note:
The maximum number of records in this table is defined by max_regular_file_rules in the SEOS_syscall section of the seos.ini file
FRegExp
Protected resource
Generic file access rules that are defined in the FILE class
fid; expression
Defined by a generic rule in a FILE class record
Note:
The maximum number of records in this table is defined by max_general_file_rules in the SEOS_syscall section of the seos.ini file
DCMfile
Bypass
Do-not-call-me files that you define using GAC
fid; user; type; access
GAC.init file
ACpids
Bypass
Process IDs for the Privileged Identity Manager daemons
pid; service; contractID
-
InoCach
Cache
Cached inodes
i-node; device; priority; entry
cache_enabled in the SEOS_syscall section of the seos.ini file
F cache
Cache
Cached file access authorization results
file ID; access; acee; answer; phash; prio
-
NetwDCM
Cache
Cached accepted incoming TCP connections
peer; port; local port; flag; prio
UseNetworkCache in the seosd section of the seos.ini file
MntDirs
Protected resource
Directories that Privileged Identity Manager protects from mounting
dir ID; i-node; device; mount point
-
F inode
Protected resource
Inode and device number of objects in the FILE class
file ID; i-node; device; links
-
STOPbyp
Bypass
Objects in the PROGRAM class for which Privileged Identity Manager does not provide STOP protection
i-node; device; program
If STOP is enabled, objects in this table have a SPECIALPGM record with the property pgmtype(STOP)
STOPexp
Bypass
Regular expressions that define objects in the PROGRAM class for which Privileged Identity Manager does not provide STOP protection
priority; n-chars; expression
If STOP is enabled, objects in this table are defined by a generic rule in a SPECIALPGM record with the property pgmtype(STOP)
Family
Bypass
Privileged Identity Manager daemons
service; pid; contractID
-
DbgProt
Protected resource
Privileged Identity Manager binaries that Privileged Identity Manager protects from debugging
pid; access; name in proc
-
TCPport
Bypass
Ports for which seos_syscall will not pass events to seosd
TCP port
bypass_TCPIP in the seosd section of the seos.ini file
TCPoutp
Bypass
Ports for which seos_syscall will not pass outgoing connection events to seosd
TCP port
bypass_outgoing_TCPIP in the seosd section of the seos.ini file
ProcServ
Process
Lists information about all the processes running in the system
#n; pid; ppid; acee; flags; uid; euid; zone; arg0; ACuser
Note:
There are many more internal columns in this table that are not displayed by the secons utility
-