How to use SCSP to monitor Apache Files, and Ignore Apache Process

Article:TECH187062  |  Created: 2012-04-23  |  Updated: 2012-08-30  |  Article URL http://www.symantec.com/docs/TECH187062
Article Type
Technical Solution


Environment

Issue



How to Symantec Critical System Protection to monitor Apache web server files for changes and access, but ignore access by the Apache process itself.


Solution



Enable to auditd daemon and configure it to monitor file access.   Then use a Intrusion Detection System policy to monitor the auditd log file, and trigger an event when something or someone besides the Apache Process accesses or changes the files in the Apache directory. 




Article URL http://www.symantec.com/docs/TECH187062


Terms of use for this information are found in Legal Notices