166
an alert if file differs
from baselined
information.
-d, --delete target ... Remove target[s] from the
known files list. A new baseline needs to
be generated after all file deletions have
been performed.
verify action reports
If --show-all is specified, then also clean files are reported, as
follows.
[ OK ] PRA /bin/ls
[ OK ] P.D /bin/chmod
Characters on second column tell how file is handled in integ-
rity checking. P implies Protected, R is for Report (send alert
for every access to this file if file differs from baselined), A is
Allow access even if differs from baseline, D means that
access is denied if file does not match with baselined infor-
mation. '.' on either P or R column means that Protection or
Reporting respectively is not enabled.
If a change is detected against the baseline, it is reported as
follows
[Note] .RA /bin/ls Hash does not match
baselined hash
[Note] .RA /bin/ls inode information
does not match baselined data
To Next Page
Loading...