Services not in template (UNIX)

Module: Startup Files

This option reports system-owned processes that are running on your system but are not listed in the Services template. System-owned processes are identified in the process table by PPIDs of 0 or 1 on all systems except AIX. On AIX, system-owned processes are identified by PPIDs that are equal to the process ID of the System Resource Controller.

The following table lists the error messages for the check.

Table: Error messages for Services not in template

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_PROCESS_NOT_IN_TEMPLATE

Category: Policy Compliance

UNIX (5857)

Title: Processes not listed in template

Description:ESM found the following system-owned processes that were not listed in the Services template. These may be fine, but they should be reviewed for validity. Any process that is suspected of security or other problems should not be running on the system. Your system administrator should look closely at these processes to make sure they are valid.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_NOTEMPLATES

Category: Policy Compliance

UNIX (5848)

Title: No template files specified

Description:No templates were found. Templates allow a much greater control over what is monitored on your system. By not having templates, you have no way of determining what should or should not be running on your system.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_FORBIDDEN_PARAMETER_FOUND

Category: Policy Compliance

UNIX (5852)

Title: Forbidden parameter

Description:ESM found a forbidden parameter running with a system-owned process on the agent. The parameter was defined as forbidden in the Services template. You should terminate the process because it may be causing security problems or damaging your system.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Forbidden parameter: %s; found parameter: %s; process: %s; found template: %s; comment: %s]

String ID: STKU_MANDATORY_PARAMETER_NOT_FOUND

Category: Policy Compliance

UNIX (5853)

Title: Mandatory parameter not found

Description:ESM found that a Mandatory parameter was not running with a system- owned process on the agent. Since the parameter was defined as Mandatory in your Services template, this could indicate a security problem. You should review all listed processes for problems.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Mandatory parameter: %s; process: %s; template: %s; comment: %s]

String ID: STKU_FORBIDDEN_PROCESS_FOUND

Category: Policy Compliance

UNIX (5850)

Title: Forbidden process found

Description:A system-owned process that is defined as Forbidden in the Services template is running on the agent. You should terminate the process because it may be causing security problems or damaging your system.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Template: %s; comment: %s]

String ID: STKU_MANDATORY_PROCESS_NOT_FOUND

Category: Policy Compliance

UNIX (5851)

Title: Mandatory process not found

Description:ESM found that a system-owned process set to Mandatory in the Services template is not running on the agent. This could indicate a security problem. You should review all listed processes for problems.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Template: %s; comment: %s]