/etc/security/rtc/rtcd_policy.conf file format for real-time compliance

Edit online

Purpose

Defines a list of files and the associated events to be monitored by the real-time compliance subsystem.

Description

The /etc/security/rtc/rtcd_policy.conf file contains a list of files and the associated events to be monitored by the real-time compliance subsystem. The file is a stanza file with each stanza name being a file name followed by a colon.

The attributes are in the following form:

attribute: value

Any change to this file becomes effective immediately, it is not required to restart the rtcd daemon.

Users can add or remove files from the /etc/security/rtc/rtcd_policy.conf file using the chsec command. It is recommended to stop the real-time compliance subsystem if you are adding large number of files using the chsec command to avoid potential alerts from these additions.

The /etc/security/rtc/rtcd_policy.conf file has the following attribute:

  • eventtype
    Defines the even type to be monitored. It can be one or both of the following values, separated by a comma:
    ModFile
    File content modifications.
    modFileAttr
    File attribute modifications.

Security

The /etc/security/rtc/rtcd_policy.conf file is owned by the root user and the security group. It grants read (r) and write (w) access only to the root user.

Examples

The following are examples of an entry in the /etc/security/rtc/rtcd.conf file:

/etc/inetd.conf:
  	eventtype = modFile
/etc/security/audit/config:
	eventtype = modFile,modFileAttr
/usr/bin/chsec:
	eventtype = modFileAttr