How to check out if Real-Time File Integrity Monitoring is enabled or not ?
File integrity monitoring can be used to help monitor the following items that are called out by PCI Data Security Standard . Real-Time File Integrity Monitoring is enabled by default and will be used automatically whenever possible.
In the var\log\scsplog\SISIDSEvents.csv that the monitor is on
MSTD,1,2012-03-31 16:03:50.000 Z+0800,I,0,R,,,IA_0023,,,,Main Module,,,,,IA_0023,,,,IA_0023: Symantec IDS Service has started
There are a few other options for real-time file integrity monitoring that can be accessed via sisipsconfig.sh. -rtfim enables itYou can see if FIM is enabled using this command ./sisipsconfig.sh -export | grep fim *fim.enabled
Next option is check /opt/Symantec/scspagent/IDS/system/agent.ini under [Driver] section see if mentioned
AIX 6.1 AIX 5.3 64 bit
Imported Document ID: TECH186223
Subscribing will provide email updates when this Article is updated. Login is required.