Duplicate services (UNIX)

Module: Startup Files

This option reports all system-owned services/processes/commands that are duplicated or found to be running multiple times in the process table. System-owned processes are identified in the process table by PPIDs of 0 or 1 on all systems except AIX. On AIX, system-owned processes are identified by PPIDs that are equal to the process ID of the System Resource Controller. Services/processes/commands that are listed as Ignored in the Services template are not reported when found.

The following table lists the error messages for the check.

Table: Error messages for Duplicate services

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_DUPLICATE_PROCESSES Category: Policy Compliance	UNIX (5855)	Title: Duplicate process Description:ESM found a duplicate system-owned process in the process table. All duplicate entries are not necessarily problems. For example, it is possible to have duplicate entries for /etc/nfsd, which is the NFS daemon. However, you should examine the duplicate entries and determine which processes are valid duplicates. Invalid process entries could be a sign of a security breach.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_NO_DUPLICATE_PROCESSES Category: Policy Compliance	UNIX (5856)	Title: No duplicate processes found Description:ESM found no duplicate system-owned processes in the process table.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: []
String ID: STKU_NOTEMPLATES Category: Policy Compliance	UNIX (5848)	Title: No template files specified Description:No templates were found. Templates allow a much greater control over what is monitored on your system. By not having templates, you have no way of determining what should or should not be running on your system.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_FORBIDDEN_PARAMETER_FOUND Category: Policy Compliance	UNIX (5852)	Title: Forbidden parameter Description:ESM found a forbidden parameter running with a system-owned process on the agent. The parameter was defined as forbidden in the Services template. You should terminate the process because it may be causing security problems or damaging your system.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Forbidden parameter: %s; found parameter: %s; process: %s; found template: %s; comment: %s]
String ID: STKU_MANDATORY_PARAMETER_NOT_FOUND Category: Policy Compliance	UNIX (5853)	Title: Mandatory parameter not found Description:ESM found that a Mandatory parameter was not running with a system- owned process on the agent. Since the parameter was defined as Mandatory in your Services template, this could indicate a security problem. You should review all listed processes for problems.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Mandatory parameter: %s; process: %s; template: %s; comment: %s]
String ID: STKU_FORBIDDEN_PROCESS_FOUND Category: Policy Compliance	UNIX (5850)	Title: Forbidden process found Description:A system-owned process that is defined as Forbidden in the Services template is running on the agent. You should terminate the process because it may be causing security problems or damaging your system.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Template: %s; comment: %s]
String ID: STKU_MANDATORY_PROCESS_NOT_FOUND Category: Policy Compliance	UNIX (5851)	Title: Mandatory process not found Description:ESM found that a system-owned process set to Mandatory in the Services template is not running on the agent. This could indicate a security problem. You should review all listed processes for problems.	Severity: red-4 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Template: %s; comment: %s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_DUPLICATE_PROCESSES

Category: Policy Compliance

UNIX (5855)

Title: Duplicate process

Description:ESM found a duplicate system-owned process in the process table. All duplicate entries are not necessarily problems. For example, it is possible to have duplicate entries for /etc/nfsd, which is the NFS daemon. However, you should examine the duplicate entries and determine which processes are valid duplicates. Invalid process entries could be a sign of a security breach.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_NO_DUPLICATE_PROCESSES

Category: Policy Compliance

UNIX (5856)

Title: No duplicate processes found

Description:ESM found no duplicate system-owned processes in the process table.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: []

String ID: STKU_NOTEMPLATES

Category: Policy Compliance

UNIX (5848)

Title: No template files specified

Description:No templates were found. Templates allow a much greater control over what is monitored on your system. By not having templates, you have no way of determining what should or should not be running on your system.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_FORBIDDEN_PARAMETER_FOUND

Category: Policy Compliance

UNIX (5852)

Title: Forbidden parameter

Description:ESM found a forbidden parameter running with a system-owned process on the agent. The parameter was defined as forbidden in the Services template. You should terminate the process because it may be causing security problems or damaging your system.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Forbidden parameter: %s; found parameter: %s; process: %s; found template: %s; comment: %s]

String ID: STKU_MANDATORY_PARAMETER_NOT_FOUND

Category: Policy Compliance

UNIX (5853)

Title: Mandatory parameter not found

Description:ESM found that a Mandatory parameter was not running with a system- owned process on the agent. Since the parameter was defined as Mandatory in your Services template, this could indicate a security problem. You should review all listed processes for problems.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Mandatory parameter: %s; process: %s; template: %s; comment: %s]

String ID: STKU_FORBIDDEN_PROCESS_FOUND

Category: Policy Compliance

UNIX (5850)

Title: Forbidden process found

Description:A system-owned process that is defined as Forbidden in the Services template is running on the agent. You should terminate the process because it may be causing security problems or damaging your system.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Template: %s; comment: %s]

String ID: STKU_MANDATORY_PROCESS_NOT_FOUND

Category: Policy Compliance

UNIX (5851)

Title: Mandatory process not found

Description:ESM found that a system-owned process set to Mandatory in the Services template is not running on the agent. This could indicate a security problem. You should review all listed processes for problems.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Template: %s; comment: %s]