Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
381
Views
4
Helpful
2
Replies

CSA 6.0 Rule Creation

rz7dzmeds
Level 1
Level 1

‎01-23-2009 08:06 AM - edited ‎03-10-2019 04:28 AM

I would like to create a File Access Control rule to generate an alert when the /var/adm/csalog is attempted to be modified on *nix systems. An Agent Service Control rule already generates an alert when this file is modified, however we need to isolate this activity down to a File Access Control rule. I have attempted to define the rule from scratch, however it's not working. Any guidance on this would be appreciated.

Labels:
0 Helpful
2 Replies 2

jan.nielsen
Level 7
Level 7

‎01-23-2009 02:47 PM

Create a new File Access control rule, make it as specific as possible on src application and filename/directory, and then make it a monitor rule, it will then log it no matter what other rules are in place.

rz7dzmeds
Level 1
Level 1
In response to jan.nielsen

‎01-23-2009 02:56 PM

I will configure that, and update the thread. Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card