Listing Extended Attributes
You can list extended attributes of files by using native operating system commands, or system calls. As part of GuardPoint administration, CTE can modify or delete extended attributes.
This functionality is only available for local file systems. It is not supported for files in NFS Share GuardPoints.
In Linux, CTE-LDT attributes are set on GuardPoint directories and regular files in GuardPoint directories protected with CTE-LDT policies. The CTE extended attribute name is ::secfs:xattr:
.
The following examples use the native Linux operating system command attr
to display the CTE-LDT attribute for the GuardPoint /oxf-fs1/gp1
and the file /oxf-fs1/gp1/File_1.txt
.
Example Getting File Attributes
attr -l /oxf-fs1/gp1/File_1.txt
Attribute "::secfs:xattr:" has a 1044 byte value for /oxf-fs1/gp1/File_1.txt
Attribute "selinux" has a 37 byte value for /oxf-fs1/gp1/File_1.txt
Example Getting GuardPoint Attributes
attr -l /oxf-fs1/gp1
Attribute "::secfs:xattr:" has a 1044 byte value for /oxf-fs1/gp1
Attribute "selinux" has a 37 byte value for /oxf-fs1/gp1
Example of voradmin ldt attr get
for Linux File Attributes
In the following example, the file /oxf-fs1/gp1/File_1.txt
has the same name for current and new keys at the same key version. In the following example, if the versioned key LDT_KEY is at version 755, the file is rekeyed to the latest key version under the CTE-LDT policy.
voradmin ldt attr get /oxf-fs1/gp1/File_1.txt
CTE-LDT attributes: rekeyed_size=4096, rekey_status=none
Key: name=LDT_KEY, version=755
Example of voradmin ldt attr get
for Linux GuardPoint Attributes
The following is example of an CTE-LDT attribute on a GuardPoint directory on Linux:
voradmin ldt attr get /oxf-fs1/gp1
LDT stats: version=1, rekey_status=rekeying
Number of times rekeyed: 3 times
Rekey start time: 2018/08/04 16:24:45
Last rekey completion time: 2018/07/04 16:24:04
Estimated rekey completion time: N/A
Policy key version: 2043
Data stats:
total=3.3GB, rekeyed=1.5GB, truncated=0.0MB
File stats:
total=4307, rekeyed=1181,
passed=2, skipped=0, created=0, removed=0
Example of voradmin ldt attr get
for Linux NFS Share GuardPoint Attributes
The following example shows how to use the voradmin ldt attr get
command to view the LDT attribute on GuardPoint directories over NFS shares:
secfsd -unguard /nfs-oxf-fs1/gp2
secfsd: Path is not guarded
voradmin ldt attr get /nfs-oxf-fs1/gp2
LDT stats: version=3, rekey_status=rekeyed
Number of times rekeyed: 1 time
Rekey start time: 2021/01/04 08:19:02
Last rekey completion time: 2021/01/04 08:19:03
Estimated rekey completion time: N/A
Policy key version: 0
Policy ID:
23785
Data stats:
total=0.0MB, rekeyed=0.0MB
truncated=0.0MB, sparse=0.0MB
File stats:
total=3, rekeyed=1, failed=0
passed=0, skipped=0, created=0, removed=0, excluded=0
Example of voradmin ldt attr get
for Windows GuardPoint Attributes
The attribute for the GuardPoint c:\GP 1
contains the status (rekeyed) and statistics specific to the GuardPoint and CTE-LDT. Following is sample output of voradmin command on Windows for statistics on a file:
C:\> voradmin ldt attr get c:\GP\Test.txt
LDT attributes:
Rekey Status Rekeyed
Initial Rekeyed Size 10 Bytes
Key:
Key Name/Version (LDT_KEY, 28)
The attribute for GuardPoint C:\GP contains the status (rekeyed) and statistics specific to the GuardPoint and CTE-LDT:
C:\> voradmin ldt attr get c:\gp\
LDT Stats
-------------------------------
Rekey Status LDT_ST_REKEYED
Last rekey completion time 10/2/2017 4:26:50
Rekey Start time 10/2/2017 4:26:17
Estimated rekey completion time 000:00:00
File Stats:
Total 444
Rekeyed 444
Skipped 0
Errored 0
Passed 0
Removed 0
Data Stats:
Total 11 GB (12649143417 Bytes)
Rekeyed 11 GB (12649143417 Bytes)
Truncated 0 Bytes
Example of voradmin ldt attr get
for Windows CIFS Share GuardPoint Attributes
The following example shows how to get the CTE-LDT attributes for the CIFS GuardPoint \\myhost\share\HR-Files\
.
C:\>voradmin ldt attr get \\myhost\share\HR-Files\
Live Data Transformation Stats
--------------------------------
Rekey Status LDT_ST_REKEYED
Last rekey completion time 2/24/2021 13:42:40
Rekey Start time 2/24/2021 13:36:47
Estimated rekey completion time 000:00:00
File Stats:
Total 19087
Rekeyed 19087
Skipped 0
Errored 0
Passed 0
Removed 0
Excluded 0
Data Stats:
Total 1 GB (1083187108 Bytes)
Rekeyed 958 MB (1005006756 Bytes)
Truncated 0 Bytes
Example of voradmin ldt attr get
for Windows CIFS Share File Attributes
The following example shows how to get the CTE-LDT attributes for the file employees.doc
on the CIFS share \\myhost\share\HR-Files\
.
C:\>voradmin ldt attr get \\myhost\share\HR-Files\employees.doc
LDT attributes:
Rekey Status Rekeyed
Initial Rekeyed Size 0 Bytes
Key:
Key Name/Version (AES_256_LDTKey_CBC,15)