How to check out if Real-Time File Integrity Monitoring is enabled or not ?
| Article:TECH186223 | | | Created: 2012-04-11 | | | Updated: 2012-07-21 | | | Article URL http://www.symantec.com/docs/TECH186223 |
Problem
How to check out if Real-Time File Integrity Monitoring is enabled or not ?
Error
n/a
Environment
AIX 6.1
AIX 5.3 64 bit
Solution
File integrity monitoring can be used to help monitor the following items that are called out by PCI Data Security Standard .
Real-Time File Integrity Monitoring is enabled by default and will be used automatically whenever possible.
In the var\log\scsplog\SISIDSEvents.csv that the monitor is on
MSTD,1,2012-03-31 16:03:50.000 Z+0800,I,0,R,,,IA_0023,,,,Main Module,,,,,IA_0023,,,,IA_0023: Symantec IDS Service has started
There are a few other options for real-time file integrity monitoring that can be accessed via sisipsconfig.sh.
-rtfim enables itYou can see if FIM is enabled using this command
./sisipsconfig.sh -export | grep fim
*fim.enabled
Next option is check /opt/Symantec/scspagent/IDS/system/agent.ini
under [Driver] section see if mentioned
fim.enabled=true
|
|
Article URL http://www.symantec.com/docs/TECH186223
Terms of use for this information are found in Legal Notices
Thank you.