How to check out if Real-Time File Integrity Monitoring is enabled or not ?

Article:TECH186223  |  Created: 2012-04-11  |  Updated: 2012-07-21  |  Article URL http://www.symantec.com/docs/TECH186223
Article Type
Technical Solution

Product(s)

Environment

Issue



How to check out if Real-Time File Integrity Monitoring is enabled or not ?


Error



n/a


Environment



AIX 6.1
AIX 5.3 64 bit

 


Solution



File integrity monitoring can be used to help monitor the following items that are called out by PCI Data Security Standard .
Real-Time File Integrity Monitoring is enabled by default and will be used automatically whenever possible.

In the var\log\scsplog\SISIDSEvents.csv that the monitor is on


MSTD,1,2012-03-31 16:03:50.000 Z+0800,I,0,R,,,IA_0023,,,,Main Module,,,,,IA_0023,,,,IA_0023: Symantec IDS Service has started


There are a few other options for real-time file integrity monitoring that can be accessed via sisipsconfig.sh.
-rtfim enables itYou can see if FIM is enabled using this command
./sisipsconfig.sh -export | grep fim
*fim.enabled
 

Next option is check  /opt/Symantec/scspagent/IDS/system/agent.ini
under [Driver] section see if mentioned

fim.enabled=true




Article URL http://www.symantec.com/docs/TECH186223


Terms of use for this information are found in Legal Notices