The Agent provides variables that allow you to customize the access to rule sets. By default, the variables and associated parameters are specified in the vsaunix.cfg file. Some environments might benefit from limiting access to the rule sets to improve security or performance. The following table describes the variables.
|
Commands |
Description |
|---|---|
|
DETECTD_OPS |
This command allows you to define opcodes or opgroups allowed to access the rule sets. Separated the opcodes or opcode groups with a space. If you want to include an opcode group, but deny access to one of the opcodes in that group, prepend the opcode with a hyphen (-). Example: DETECTD_OPS="sleep time unpack sort :browse" |
|
DETECTD_SAFE_MODULES |
This command allows you to define which Perl modules _loadModule() loads. Separate the modules with a space. You can use wildcards to replace a single character or a set of characters. Example: DETECTD_SAFE_MODULES="NONE" |
|
DETECTD_TOUCH_ALLOW |
This command allows you to define which log files _touchLogfile() creates. Separate the file names with a space. You can use wildcards to replace a single character or a set of characters. Example: DETECTD_TOUCH_ALLOW="/var/adm/pacct /var/account/pacct" |
|
DETECTD_TRUNC_ALLOW |
This command allows you to define which log files _truncateLogfile() creates. Separate the file names with a space. You can use wildcards to replace a single character or a set of characters. Example: DETECTD_TRUNC_ALLOW="/audit/stream.out" |
|
DETECTD_CMD_PATH |
This command allows you to define the directories for command actions. Separate the file names with either a comma or a space. Example: DETECTD_CMD_PATH="../local/script" |
|
DETECTD_LOG_DIR |
This command allows you to define the directory for log actions. Example: DETECTD_LOG_DIR="../local/log" |