Hi everyone,
We have change control installed on Solaris server & it is configured in enabled mode,we have write protected some path.
We are getting the solidcore events for the path which is write protected but we are also getting the solidcore events which are accepted.For eg.in screenshot we are getting the events for the path starting with /etc though we have not write protected the path.
Do anyone have an idea???
Haaris,
Please provide a screenshot of your monitoring policies.
Please find the attached policy
Also the mentioned solid core events are generating in large amount and very frequently
Hi Neelima,
Any update???
You should not see events due to these policies. The events are raised due to the monitoring policies.
Please check if the right folders are being monitored in your Integrity monitoring Policy.
I have seen my ruleset & found the same thing as mentioned in your screenshot, but content change tracking is disabled for all paths mentioned in Solaris rule group.Then how come events are generated
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA