I administrate a number of accounts with ePO environments. One has approached me who already has MAC in part of their environment and is asking if they can use it to control modifications to a SQL DB on a Production Server. Ultimately they only want a few individuals/services to make changes to this DB and they want to track/log any attempts to do so. I am thinking MAC is overkill in that I would be solidifying the whole system just to track/control changes on one dir and/or file. I would imagine I would then create Updaters for SQL, then collect the logs "File Modified" for just this DB. To do this I believe I would have to export all the "File Modified" events from ePO or local system and filter them down to those that apply to just this file/dir. Sounds administratively heavy to me... Am I right in thinking they need to look at TripWire or some other 3rd party product if all they want is to control this specific area?
Server: Win 2008
ePO 4.6 (upgrading to 5 in a few weeks)
Solved! Go to Solution.
Thank you neelima,
I will contact Shriki for more information. However, I still have a lingering question. What if it wasn't a SQL DB? What if it was just a particular application directory? Would MAC be "overkill" or is there a better way?
Mcafee Change Control will provide you with that option. It has File Integrity monitoring capabilties. You can monitor the given application directory for changes by adding the path to the policy. If required, you can also track content for changes along for monitoring.