User Guides
CTE-U Quick Start Guide
- Terminology and Components
- Install and Configure CTE-U with CipherTrust Manager
  - Installation Prerequisites
  - Installation and Registration
  - Verifying Package Signatures
  - Setting the SE Linux state
- Guarding with CTE-U and CipherTrust Manager
  - Access the CipherTrust Manager Domain
  - Create an Encryption Key
  - Guarding CTE files with CTE-U
- Exporting GuardPoints over NFS
- Migrating CTE Agents to CTE-U
- Multifactor Authentication for CTE-U
  - Introduction to Multifactor Authentication
  - Using CTE-U with Multi-factor Authentication
  - Use Cases for MFA on CTE
  - Exempting some users from authentication with a Whitelist
  - Setting up Multifactor Authentication with a One-Time-Password
  - Setting up Multifactor Authentication with an Inactivity Time Out
  - Administrator Tasks for Multifactor Authentication
  - Troubleshooting Multifactor Authentication
- Phased migration from CTE-U 9.x to CTE-U 10.x
CTE-U Health Manager Utility
- Performing Health Check
- Using the Monitor
- Service Commands
- Viewing the Service Status
- Gathering the Technical Dump Information
- Troubleshooting/ Debugging CTE-U
CTE-U Advanced Configuration Guide for Linux
- Getting Started with CTE for Linux
  - Silent Installation for CTE or CTE-U on Linux
  - Using external certificates for communication between CTE Agent and CipherTrust Manager
  - Configuring CTE-U with CipherTrust Manager
- Logging
  - Setting CTE Agent Logging Preferences
  - Audit Logs
  - Concise Logging
- CTE-U Overview
- Special Cases for CTE-U Policies
  - Re-Enabling Automatic Signing for Host Settings
  - Restricting Access Overrides from Unauthorized Identities
  - Blocking ptrace system calls to prevent process injection attacks
- Enhanced Encryption Mode
  - Disk Space
  - Using the AES-CBC-CS1 Encryption Mode in CM
  - File Systems Compatibility
- CTE with systemd
  - CTE Agent Control Changes on systemd
  - Adding Applications to the secfs-fuse.service File
  - Adding Dependencies to systemd Unit Configuration Files
- Utilities
  - CTE-U Linux Authentication and Client Settings
  - Individual GuardPoint Tuning
  - Agent Health Utility
  - Secfsd Utility
    - secfsd Examples
    - Secfsd Raw and Block Devices
  - agentinfo Utility (Java version)
  - check_host Utility
  - Displaying Information for Nested File Systems with the DF tool
  - Voradmin Utility
  - Restricting Access Overrides with Client Settings
  - register_host Utility
  - Using Advanced Encryption Set New Instructions (AES-NI)
  - vmd utility
  - vmsec Utility
- Upgrading CTE-U on Linux
- Uninstalling CTE-U from Linux
Using FreeBSD with CTE-U
- FreeBSD Jail
- Install CTE-U Dependencies
- FreeBSD Services
- Upgrade CTE-U Packages
- Remove CTE-U Packages
- Unsupported Features for CTE-U with FreeBSD

Secfsd Utility

The secfsd utility displays the following attributes of CTE-U:

GuardPoints defined in the GuardPoints
Authentication parameters defined in the Client Settings tab
Lock status set by enabling FS Agent Locked and System Locked
Web destination and SSL certificate for uploading log entries
Policies applied in the GuardPoints tab
Status of required processes (secfsd and vmd)
Version of secfs

The secfsd utility is also used to mount GuardPoints for Directory (Manual Guard). Normally, CTE-U automatically mounts the secfs file system when you apply a GuardPoint to a directory. On Linux, the secfsd utility is located in <install_dir>/secfs/.sec/bin and a symbolic link to this file is placed in /usr/bin/secfsd.

secfsd syntax

Help Options

Command	Description
`-help`	Display `secfsd` options

Debug Options

Command	Description
`-log_level <4-8> [<file>\|<GP path>]`	Enable/Disable log level on GP

Status Options

Command	Description
`-grdcheck <path>`	Show status of GuardPoint at `<path>`
`-status auth`	List authentication settings
`-status devmap`	List guarded devices
`-status guard` [-v	-tree]`
`-status keys`	Show current encryption key state
`-status lockstat`	Show status of system and agent lock
`-status logger`	List logging details
`-status policy`	List configured policies

Manual GuardPoint options

Command	Description
`-guard <path>`	Manually guard `<path>`
`-unguard <path>`	Manually unguard `<path>`
`-restart <path>`	Restarts a crashed GuardPoint

Version option

Command	Description
`-version`	List version

Suggest A Change

Secfsd Utility

secfsd syntax

Help Options

Debug Options

Status Options

Manual GuardPoint options

Version option

On this page