Example of CO-fmon.cnf

CO-fmon.cnf is the central configuration file that the BMC Defender FIM Adapter service uses. An administrator or system developer can edit this file to specify the directories and parameters that the File Integrity Monitor uses.

As stated in CO-fmon-configuration-file, the configuration file does not necessarily require modification. The default configuration, which the installation utility creates, is adequate for most environments. However, if you want to create a highly customized installation, targeting specific types of event log messages, you can do so by modifying the directives in CO-fmon.cnf.

This file resides in the same directory as the CO-fmon program. The following example shows the default Windows configuration that comes with the system. The actual file depends on the particular package that is installed and varies between UNIX target systems.

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# FMON - UNIX BMC-Defender File Integrity Monitor, Configuration File.
# LINUX Version

# See "BMC-Defender Unix Tool Set Reference Manual" for detailed notes.
# Copyright (c) 2009 - 2018, CorreLog, Inc. All rights reserved.
# Copyright 2018 - 2019, BMC Software, Inc. http://www.bmc.com
# All rights reserved.
# DO NOT DISCLOSE.

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# The following two items are the only items actually required.
# They are configured manually, or by the installation procedure,
# and are not affected by remote configuration operations.

DestinationAddress  127.0.0.1
DestinationPort     514

# Parameters used for remote configuration of this process via the
# BMC-Defender web interface. The user can comment these values out to
# disable remote configuration. The "ListenAuthMode" can take values
# 0=No Auth, 1=Source Address, 2=PassKey, 3=Address and Key. These
# values cannot be changed via remote configuration.

ListenAuthMode      0
ListenPassKey       Default
ListenPort          55515

# General Parameters

Schedule            hourly
ChangeSeverity      warning
AddSeverity         notice
DeleteSeverity      notice
AutoGenImage        True
UseChecksum         False
PollDelayMsec       10

# Prefix all messages with the computer hostname.

MessagePrefix       Location: %HOSTNAME% -

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# Directory Monitor parameters.

Directory           /etc
MatchPatt           .conf
MatchPatt           passwd
MatchPatt           group
MatchPatt           hosts
MatchPatt           sudo
ExclPatt            .tmp
ExclPatt            .log

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

Directory           /bin
MatchPatt           *
ExclPatt            .tmp
ExclPatt            .log

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

Directory           /usr/bin
MatchPatt           *
ExclPatt            .tmp
ExclPatt            .log

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

# Up to 50 directories may be added.

#
# Force all output messages to be in UTF-8 character encoding.
# This is often necessary in Z/OS USS environments that send messages
# to a Windows or Linux system.
#

ForceUTF8output     true

# END OF FILE

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*