AnsweredAssumed Answered

Monitor changes on System folder

Question asked by Wael AbdelWahab Champion on Dec 22, 2015
Latest reply on Dec 28, 2015 by Wael AbdelWahab


Hi everyone

a customer required to monitor the changes of system files (in c:\windows folder , c:\program files folder) using the installed CA ControlMinder endpoint , version 12.8

is suitable to use Monitored files SECFILE class

will the following selang command might reflect a good monitor example:

NEWRES SECFILE ('C:\Windows')

CHRES SECFILE ('C:\Windows') trust

CHRES SECFILE ('C:\Windows') flags('Mtime','Size','Crc','Sha1','Inode','Device','Mode','Owner','Group')

CHRES SECFILE ('C:\Windows') owner('nobody')

 

of should I put the wild characters for example ('c:\windows\*')

if you know better way , I hope to tell me you opinion

 

thanks

Outcomes