Changed services (UNIX)

Module: Startup Files

This option reports any services with configurations that have been changed since the last time the ESM service snapshot was updated. Changes in service owner, full path, and parameters are reported. Services that are listed as Ignored in the Services template are not reported when found.

The following table lists the error messages for the check.

Table: Error messages for Changed services

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_CHANGED_PROCESS_PARAMS Category: Policy Compliance	UNIX (5860)	Title: Changed process parameters Description:ESM found a process parameter that has changed on the system. This could indicate a security problem. You should review the reported processes for security problems. You should also review all other security reports from ESM for possible related problems.	Severity: yellow-1 Correctable: false Snapshot Updatable: true Template Updatable: false Information Field Format: [Parameters: %s; expected: %s]
String ID: STKU_CHANGED_PROCESS_FULLPATH Category: Policy Compliance	UNIX (5861)	Title: Changed process full path Description:ESM found a process full path name that has changed on the system. This could indicate a security problem. You should review the reported processes for security problems. You should also review all other security reports from ESM for possible related problems.	Severity: yellow-1 Correctable: false Snapshot Updatable: true Template Updatable: false Information Field Format: [Full path: %s; expected: %s]
String ID: STKU_CHANGED_PROCESS_OWNER Category: Policy Compliance	UNIX (5863)	Title: Changed process owner Description:ESM found a process owner that has changed since the last time the snapshot file was updated. This could indicate a security problem. You should review the reported processes for security problems. You should also review all other security reports from ESM for possible related problems.	Severity: yellow-1 Correctable: false Snapshot Updatable: true Template Updatable: false Information Field Format: [Owner: %s; expected: %s]
String ID: STKU_NOTEMPLATES Category: Policy Compliance	UNIX (5848)	Title: No template files specified Description:No templates were found. Templates allow a much greater control over what is monitored on your system. By not having templates, you have no way of determining what should or should not be running on your system.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_FORBIDDEN_PARAMETER_FOUND Category: Policy Compliance	UNIX (5852)	Title: Forbidden parameter Description:ESM found a forbidden parameter running with a system-owned process on the agent. The parameter was defined as forbidden in the Services template. You should terminate the process because it may be causing security problems or damaging your system.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Forbidden parameter: %s; found parameter: %s; process: %s; found template: %s; comment: %s]
String ID: STKU_MANDATORY_PARAMETER_NOT_FOUND Category: Policy Compliance	UNIX (5853)	Title: Mandatory parameter not found Description:ESM found that a Mandatory parameter was not running with a system- owned process on the agent. Since the parameter was defined as Mandatory in your Services template, this could indicate a security problem. You should review all listed processes for problems.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Mandatory parameter: %s; process: %s; template: %s; comment: %s]
String ID: STKU_FORBIDDEN_PROCESS_FOUND Category: Policy Compliance	UNIX (5850)	Title: Forbidden process found Description:A system-owned process that is defined as Forbidden in the Services template is running on the agent. You should terminate the process because it may be causing security problems or damaging your system.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Template: %s; comment: %s]
String ID: STKU_MANDATORY_PROCESS_NOT_FOUND Category: Policy Compliance	UNIX (5851)	Title: Mandatory process not found Description:ESM found that a system-owned process set to Mandatory in the Services template is not running on the agent. This could indicate a security problem. You should review all listed processes for problems.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Template: %s; comment: %s]
String ID: STKU_CREATED_SNAPSHOT_FILE Category: Policy Compliance	UNIX (5862)	Title: Process snapshot file created Description:The process snapshot file has been created.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: []

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_CHANGED_PROCESS_PARAMS

Category: Policy Compliance

UNIX (5860)

Title: Changed process parameters

Description:ESM found a process parameter that has changed on the system. This could indicate a security problem. You should review the reported processes for security problems. You should also review all other security reports from ESM for possible related problems.

Severity: yellow-1

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [Parameters: %s; expected: %s]

String ID: STKU_CHANGED_PROCESS_FULLPATH

Category: Policy Compliance

UNIX (5861)

Title: Changed process full path

Description:ESM found a process full path name that has changed on the system. This could indicate a security problem. You should review the reported processes for security problems. You should also review all other security reports from ESM for possible related problems.

Severity: yellow-1

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [Full path: %s; expected: %s]

String ID: STKU_CHANGED_PROCESS_OWNER

Category: Policy Compliance

UNIX (5863)

Title: Changed process owner

Description:ESM found a process owner that has changed since the last time the snapshot file was updated. This could indicate a security problem. You should review the reported processes for security problems. You should also review all other security reports from ESM for possible related problems.

Severity: yellow-1

Correctable: false

Snapshot Updatable: true

Template Updatable: false

Information Field Format: [Owner: %s; expected: %s]

String ID: STKU_NOTEMPLATES

Category: Policy Compliance

UNIX (5848)

Title: No template files specified

Description:No templates were found. Templates allow a much greater control over what is monitored on your system. By not having templates, you have no way of determining what should or should not be running on your system.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_FORBIDDEN_PARAMETER_FOUND

Category: Policy Compliance

UNIX (5852)

Title: Forbidden parameter

Description:ESM found a forbidden parameter running with a system-owned process on the agent. The parameter was defined as forbidden in the Services template. You should terminate the process because it may be causing security problems or damaging your system.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Forbidden parameter: %s; found parameter: %s; process: %s; found template: %s; comment: %s]

String ID: STKU_MANDATORY_PARAMETER_NOT_FOUND

Category: Policy Compliance

UNIX (5853)

Title: Mandatory parameter not found

Description:ESM found that a Mandatory parameter was not running with a system- owned process on the agent. Since the parameter was defined as Mandatory in your Services template, this could indicate a security problem. You should review all listed processes for problems.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Mandatory parameter: %s; process: %s; template: %s; comment: %s]

String ID: STKU_FORBIDDEN_PROCESS_FOUND

Category: Policy Compliance

UNIX (5850)

Title: Forbidden process found

Description:A system-owned process that is defined as Forbidden in the Services template is running on the agent. You should terminate the process because it may be causing security problems or damaging your system.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Template: %s; comment: %s]

String ID: STKU_MANDATORY_PROCESS_NOT_FOUND

Category: Policy Compliance

UNIX (5851)

Title: Mandatory process not found

Description:ESM found that a system-owned process set to Mandatory in the Services template is not running on the agent. This could indicate a security problem. You should review all listed processes for problems.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Template: %s; comment: %s]

String ID: STKU_CREATED_SNAPSHOT_FILE

Category: Policy Compliance

UNIX (5862)

Title: Process snapshot file created

Description:The process snapshot file has been created.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: []