/etc/security/rtc/rtcd.conf file format for real-time compliance

Purpose

Contains configuration information for the rtcd daemon.

Description

The /etc/security/rtc/rtcd.conf file is the configuration file for the rtcd daemon. This file is updated by the mkrtc command when configuring the real-time compliance subsystem. You can modify the /etc/security/rtc/rtcd.conf file by using a file editor. If the real-time compliance subsystem is configured and running, any change to this file becomes effective immediately and it is not necessary to restart the rtcd daemon.

Each line is of the form:

attribute: value

The /etc/security/rtc/rtcd.conf file has the following attributes:

  • alertStyle
    Specifies the alert style. The valid values follows:
    once
    Alert once for the same set of compliance violations. This is default value.
    event
    Alert once for the same set of compliance violations, but keep alerting for each file modification event.
    always
    Alert compliance violations and file modification on each file change event.
  • alertMsgSize
    Specifies the alert message size. The limited size is suitable for email addresses that are directed at the smartphone SMS messaging. The valid values follows:
    verbose
    Provides the entire message. This is the default value.
    limited
    Limits the size of the alert message to the first violation and the first event. If there are more than one violations or events, it is indicated in the message.
  • debug
    Specifies whether to turn on debug messages on. The valid values are on and off. The default value is off.
  • email
    Specifies the email address to which the alerts will be sent. It allows multiple email:<email address> pairs, each pair on a separate line.
  • infolevel
    Specifies the information level of file modification events. The valid values are 1, 2, and 3. The default value is 1. A higher value indicates more details.
  • emailSubject
    Specifies the subject line that is used for the email alert.
  • minCheckTime
    Specifies the minimum amount of time between compliance verifications. This setting ensures regular compliance check without file modification triggers, to check whether the files created by user have compliance implications. For example, the .rhost file in the home directory of a user can be checked by using this setting. The default minimum time is 30 minutes. If this value is set to 0, the compliance check is never done.
  • snmptrap
    Specifies the parameters for the snmptrap notifications. See the snmptrap command for setting the parameters for the snmptrap notifications. To enable the snmptrap alert, set it to yes. To disable the snmptrap alert, set it to no. The following parameters are set to disable the snmptrap alert: 
    snmptrap_enable: no
snmptrap_host:localhost
snmptrap_community:myCommunity
snmptrap_oid:myOid

Security

The /etc/security/rtc/rtcd.conf file is owned by the root user and the security group. The /etc/security/rtc/rtcd.conf file grants read (r) and write (w) access only to the root user.

Examples

The following list is an example of an entry in the /etc/security/rtc/rtcd.conf file:

  • Lists the email addresses to send alerts to.
    email: foo@abc.com
email: dummy@abc.com
  • Specifies the subject of the email alert:
    emailSubject: Compliance Alert
  • Specifies the information level of file modifications:
    infolevel: 1
  • Specifies the alertStyle attribute of the email alert:
    alertStyle: once
  • Specifies whether to turn on debug.
    debug: on