How to check out if Real-Time File Integrity Monitoring is enabled or not ?

book

Article ID: 156215

calendar_today

Updated On:

Products

Critical System Protection

Issue/Introduction

How to check out if Real-Time File Integrity Monitoring is enabled or not ?

n/a

Resolution

File integrity monitoring can be used to help monitor the following items that are called out by PCI Data Security Standard .
Real-Time File Integrity Monitoring is enabled by default and will be used automatically whenever possible.

In the var\log\scsplog\SISIDSEvents.csv that the monitor is on


MSTD,1,2012-03-31 16:03:50.000 Z+0800,I,0,R,,,IA_0023,,,,Main Module,,,,,IA_0023,,,,IA_0023: Symantec IDS Service has started


There are a few other options for real-time file integrity monitoring that can be accessed via sisipsconfig.sh.
-rtfim enables itYou can see if FIM is enabled using this command
./sisipsconfig.sh -export | grep fim
*fim.enabled
 

Next option is check  /opt/Symantec/scspagent/IDS/system/agent.ini
under [Driver] section see if mentioned

fim.enabled=true


Applies To

AIX 6.1
AIX 5.3 64 bit