Monitored Files (SECFILE) Properties

Use the Monitored Files (SECFILE class) properties windows for creating, modifying, or viewing a record of this class. Each record defines a file to be monitored. The monitored file records provide verification for important files in the system. However, they cannot appear in a conditional access control list. To verify that an unauthorized user has not altered a file, add sensitive system files that rarely get modified to this class.
cminderpim14
Use the Monitored Files (SECFILE class) properties windows for creating, modifying, or viewing a record of this class. Each record defines a file to be monitored. The monitored file records provide verification for important files in the system. However, they cannot appear in a conditional access control list. To verify that an unauthorized user has not altered a file, add sensitive system files that rarely get modified to this class.
This window contains the following fields in the General tab:
  • Name
    Defines the name of the resource. Indicates the full pathname of the file that the record protects.
  • Comment
    Defines extra information that you want to include in the record. CA Privileged Identity Manager does not use this information for authorization.
    Limit:
     255 alphanumeric characters
  • Owner
    Defines the owner of a record.
  • Blockrun
    Specifies whether to check if the program is trusted and blocks the execution of untrusted programs. The execution blocking is performed regardless whether the program is a setuid or a regular program.
  • Flags
    Defines the program information that CA Privileged Identity Manager generates automatically.
    The Watchdog automatically verifies the information that is stored in this property. If it is changed, CA Privileged Identity Manager defines the program as untrusted.
    You can select any of the following flags to 
    exclude
     the associated information from this verification process:
    • SHA1
      The SHA1 signature. Secure Hash Algorithm is a Digital signature method that is applied to a program or sensitive files.
    • Size
      The size of the program file.
    • CRC
      The cyclic redundancy check and MD5 signature.
    • MTime
      The time the program file was last modified.
    • CTime
      (UNIX only) The time of the last file status change.
    • INode
      On UNIX, the file system address of the program file. On Windows, has no importance.
    • Device
      On UNIX, the logical disk that the file resides on. On Windows, the drive number of the disk containing the file.
    • Mode
      The associated security protection mode for the program file.
    • Owner
      The user who owns the program file.
    • Group
      The group that owns the program file.
This window contains the following fields in the Audit tab:
  • Audit Modes
    Defines the types of access events that CA Privileged Identity Manager records in the audit log. You can select any combination of the following activities:
    • Audit Success
      Granted access requests.
    • Audit Failure
      Denied access requests (default).
    • Warning Mode
      Specifies whether Warning mode is enabled. When Warning mode is enabled on a resource, all resource access requests are granted. If an access request violates an access rule, a record is written to the audit log.
    • Trust
      Defines whether the resource is trusted. If you do not specify this option, accessors cannot use the resource. Otherwise, the other properties that are listed in the database for the resource are used to determine access authority of an accessor. If a trusted resource is changed in any way, CA Privileged Identity Manager automatically clears this option.
This window contains the following fields in the Information tab:
  • Update Time
    Displays the date and time when the record was last modified.
  • Updated By
    Displays the administrator who performed the update.
  • Create Time
    Indicate the date and time when a record gets created.