CSA 6.0 Rule Creation

Unanswered Question
Jan 23rd, 2009
User Badges:

I would like to create a File Access Control rule to generate an alert when the /var/adm/csalog is attempted to be modified on *nix systems. An Agent Service Control rule already generates an alert when this file is modified, however we need to isolate this activity down to a File Access Control rule. I have attempted to define the rule from scratch, however it's not working. Any guidance on this would be appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
jan.nielsen Fri, 01/23/2009 - 14:47
User Badges:
  • Gold, 750 points or more

Create a new File Access control rule, make it as specific as possible on src application and filename/directory, and then make it a monitor rule, it will then log it no matter what other rules are in place.

rz7dzmeds Fri, 01/23/2009 - 14:56
User Badges:

I will configure that, and update the thread. Thanks.

Actions

This Discussion