Next: Secure Checksum Up: Software Components Previous: EtherGuard

Vulture

The second level of security is handled by Vulture. It detects processes running on the G box that are (a) not part of the underlying operating system and (b) not part of the Eagle software, and kills them. This is also called active security to differentiate it from the passive first level of security, which only acts when connection requests are received. By default, the Vulture's activation frequency is one minute, but you can change it by creating the file /usr/adm/sg/vulture.runtime and placing the new frequency (in seconds) in the file. A value of -1 disables the Vulture. You can exempt non-root administrative processes on an individual basis, such as the sendmail program, which under AIX runs under the authority of the bin user. To exempt a user, add a userid after the number of seconds parameter in in the /usr/adm/sg/vulture.runtime file. For example,

90 bin

This example sets the Vulture activation frequency to 90 seconds, and exempts the user bin.


tkevans@delmarva.com