Protecting Files with Client Settings
When any file is now marked as protected (|protect|) in the client settings, that file is protected from being modified or deleted, (even from a root process).
The file is not guarded and it can be external to a GuardPoint.
Previously, the only files that were protected were the following:
/etc/passwd
/etc/group
/etc/security/passwd
/etc/ssh/sshd_config
/etc/ssh/sshrc
/opt/testfile
If the file marked as |protect| does not exist, then CipherTrust Transparent Encryption creates a 0-length file in its place. This provides an efficient means to identify and implement file protection. When the agent is stopped or uninstalled, these 0-length files are deleted and then re-created if the agent is restarted. Additionally, an audit record is generated when a file operation is denied.
The |protect|
status is displayed using secfsd -status auth.