Changed files (signature) (UNIX)

Module: File Attributes

This check performs checksum checks on files that have the CRC and/or MD5 options checked in their associated template records. Disabling this check prevents Symantec ESM from reading each of the files in the templates. This reduces I/O on your disks and makes File Attributes run faster. However, because checksum checks are the most difficult security checks for a hacker to circumvent, you should enable this check.

The following table lists the error messages for the check.

Table: Error messages for Changed files (signature)

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_DIFFATTRIB_R

Category: System Information

UNIX (5561)

Title: File attributes have changed

Description:At least one attribute in each of the listed files does not match a related value in the Symantec ESM snapshot file. These changes may represent a security problem. If the changes were made by the system administrator, you should update the snapshot file. If the changes were not authorized, you should restore the files from a backup or from the original distribution media. You should also run CRC and/or MD5 checks on the files to ensure file integrity. It is possible for an intruder to modify a file without changing the modification time.

Severity: red-4

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_DIFFATTRIB_Y

Category: System Information

UNIX (5562)

Title: File attributes have changed

Description:At least one attribute in each of the listed files does not match a related value in the Symantec ESM snapshot file. These changes may represent a security problem. If the changes were made by the system administrator, you should update the snapshot file. If the changes were not authorized, you should restore the files from a backup or from the original distribution media. You should also run CRC and/or MD5 checks on the files to ensure file integrity. It is possible for an intruder to modify a file without changing the modification time.

Severity: yellow-1

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_DIFFATTRIB_G

Category: System Information

UNIX (5563)

Title: File attributes have changed

Description:At least one attribute in each of the listed files does not match a related value in the Symantec ESM snapshot file. These changes may represent a security problem. If the changes were made by the system administrator, you should update the snapshot file. If the changes were not authorized, you should restore the files from a backup or from the original distribution media. You should also run CRC and/or MD5 checks on the files to ensure file integrity. It is possible for an intruder to modify a file without changing the modification time.

Severity: green-0

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [%s]