Solidifier Command Line Reference Guide (For Integrity Monitor and Change Control)
Solidifier Command Line Reference Guide (For Integrity Monitor and Change Control)
Table of Contents
PREFACE ..................................................................................................................................................... 1
ABOUT THIS GUIDE .................................................................................................................................... 1
AUDIENCE................................................................................................................................................... 1
DOCUMENT ORGANIZATION ....................................................................................................................... 1
DOCUMENT CONVENTIONS ......................................................................................................................... 1
CONTACTING SUPPORT ............................................................................................................................... 2
SOLIDIFIER BASIC COMMAND REFERENCE ................................................................................... 3
BEGIN–UPDATE (BU) ................................................................................................................................... 3
DISABLE ...................................................................................................................................................... 3
ENABLE ....................................................................................................................................................... 4
END-UPDATE (EU) ....................................................................................................................................... 4
HELP ........................................................................................................................................................... 4
HELP-ADVANCED ........................................................................................................................................ 5
LICENSE ...................................................................................................................................................... 5
MONITOR (MON) .......................................................................................................................................... 6
PASSWD......................................................................................................................................................10
STATUS ......................................................................................................................................................10
UPDATERS ..................................................................................................................................................12
VERSION .....................................................................................................................................................14
ii
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Preface
About This Guide
The McAfee® Solidifier Command Line Reference Guide (for Integrity Monitor and Change
Control) describes the command-line interface commands used to provision and maintain
McAfee® Solidifier application for the following product suites:
McAfee® Integrity Monitor
McAfee® Change Control
Please refer McAfee® Solidifier Product Guide (for Integrity Monitor and Change Control) for
an overview and command usage of the Solidifier CLI.
Audience
The McAfee® Solidifier Command Line Reference Guide (for Integrity Monitor and Change
Control) is intended for anyone who operates Solidifier application. You are expected to have a
general understanding of basic data communication concepts and some practical knowledge of
Microsoft Windows and UNIX operating systems.
Document Organization
This guide has the following chapters.
This chapter describes the objectives of this guide, its audience and organization.
Chapter “ Solidifier Basic Command Reference ” describes the basic commands for
X X
Document Conventions
The following conventions distinguish different types of text:
1
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Names of keys on the keyboard are in square braces, such as the [Tab] key.
A control key is indicated by a caret preceding a letter: ^A means Control-A.
Note means reader take note. Notes contain helpful suggestions or references to material not
covered in the guide.
Contacting Support
World Wide Web: https://mysupport.mcafee.com/
Phone: +1(408)988-3832
Product Updates: https://secure.nai.com/apps/downloads/my_products/login.asp
2
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
If the Solidifier is currently in Enabled mode then it begins tracking all file changes.
If the Solidifier is currently in Disabled mode then after a reboot it will start tracking all
file changes.
OS Platform
Syntax
sadmin begin-update [ workflow-id [ comment ]]
Syntax Description
sadmin begin-update [ workflow-id [ comment ]]
Command Mode
disable
The disable command disables the Solidifier. It changes the Solidifier‟s operational mode from
Enabled or Update to Disabled and is effective after the next reboot. The status command reflects
X X
OS Platform
Syntax
sadmin disable
3
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Command Mode
enable
The enable command enables the Solidifier. It changes the Solidifier‟s operational mode from
Disabled mode to Enabled mode and is effective after the next reboot. The status command
X X
OS Platforms
Syntax
sadmin enable
Command Mode
end-update (eu)
The end-update command ends the Update mode and changes the Solidifier‟s operational mode
from Update to Enabled thereby preventing further software updates and installations.
OS Platform
Syntax
sadmin end-update
Syntax Description
sadmin end-update
Command Mode
help
The help command provides help information for basic Solidifier commands.
OS Platforms
4
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Syntax
sadmin help
sadmin help command
Syntax Description
sadmin help
Command Mode
help-advanced
The help-advanced command provides help information for advanced Solidifier commands.
OS Platforms
Syntax
sadmin help-advanced
sadmin help-advanced command
Syntax Description
sadmin help-advanced
Command Mode
license
The license command displays the licensing information of the product and also allows you to
add the product license.
OS Platforms
Syntax
sadmin license add licensekey
5
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Syntax Description
sadmin license add licensekey
Command Mode
The sadmin license list command can be issued in any mode. The sadmin license add
command can be issued in Disabled mode only.
monitor (mon)
The monitor command helps you to display or modify the rules for monitoring changes.
Network monitoring is only supported on Windows.
OS Platforms
Syntax
sadmin monitor file [ -i ] pathname1 ... pathnameN
sadmin monitor file -e pathname1 ... pathnameN
sadmin monitor file -r pathname1 ... pathnameN
sadmin monitor file –f
sadmin monitor reg [ -i ] registrykey1 ... registrykeyN
sadmin monitor reg -e registrykey1 ... registrykeyN
sadmin monitor reg -r registrykey1 ... registrykeyN
sadmin monitor reg -f
sadmin monitor extn [ -i ] file-extn1 ... file-extnN
sadmin monitor extn -e file-extn1 ... file-extnN
sadmin monitor extn -r file-extn1 ... file-extnN
sadmin monitor extn -f
sadmin monitor process [ -i ] processname1 ... processnameN
sadmin monitor process -e processname1 ... processnameN
sadmin monitor process -r processname1 ... processnameN
sadmin monitor process -f
sadmin monitor user -e username1 ... usernameN
sadmin monitor user -r username1 ... usernameN
sadmin monitor user –f
sadmin monitor procexec [ -i ]
pathname1/processname1 ... pathnameN/processnameN
| dirname1 ... dirnameN
sadmin monitor procexec -e pathname1/processname1 ... pathnameN/processnameN
| dirname1 ... dirnameN
sadmin monitor procexec -r pathname1/processname1 ... pathnameN/processnameN
| dirname1 ... dirnameN
sadmin monitor procexec -f
sadmin monitor list
sadmin monitor flush
6
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Syntax Description
sadmin monitor file [ -i ] pathname1 ... pathnameN
Adds monitoring rules to exclude paths pathname1 ... pathnameN from monitoring.
Use this command to exclude from monitoring specific paths belonging to a monitored
set of paths (folders/directories or volumes).
sadmin monitor file -r pathname1 ... pathnameN
Deletes all monitoring rules for paths (files, folders/directories, or system volumes).
sadmin monitor reg [ -i ] registrykey1 ... registrykeyN
Adds monitoring rules to exclude registry keys registrykey1 ... registrykeyN from
monitoring.
Use this command to exclude from monitoring specific registry keys belonging to a
monitored group of registry keys.
Note: The sadmin monitor reg sub-command is available on Windows only.
sadmin monitor reg -r registrykey1 ... registrykeyN
Deletes all monitoring rules for registry keys registrykey1 ... registrykeyN.
These registry key monitoring rules may have been added using the –i argument or the
-e argument.
Adds monitoring rules for all files with extensions file-extn1 ... file-extnN.
7
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Adds monitoring rules to exclude files with extensions file-extn1 ... file-extnN from
monitoring.
Use this command to exclude from monitoring files with specific file extensions
belonging to a monitored group of file extensions.
sadmin monitor extn -r file-extn1 ... file-extnN
Deletes all monitoring rules for files with extensions file-extn1 ... file-extnN.
These file extension monitoring rules may have been added using the –i argument or the
–e argument.
sadmin monitor extn –f
Adds monitoring rules to exclude users username1 ... usernameN from monitoring.
Note: All users are monitored by default. Thus, you can only exclude users from
monitoring.
Use this command to exclude from monitoring specific users belonging to a monitored
group of users.
sadmin monitor user -r username1 ... usernameN
8
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Usage Guidelines
1. For monitoring over mounted network file systems, the network path can be specified with
sadmin monitor file sub command. For example, on Windows:
2. For file extension rules, the rule can be specified with or without the dot (.) character. For
both cases, the rule is constructed without the dot (.) character.
Command Mode
9
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
passwd
The passwd command is used to set password for the Solidifier Command line interface.
Once the password has been set, critical sadmin commands can only be executed on verification
of the password.
OS Platforms
Syntax
sadmin passwd
sadmin passwd -d
Syntax Description
sadmin passwd
Command Mode
status
The status command displays the current status of the Solidifier in terms of operational mode,
its connectivity status with System Controller, access status of the Local CLI, etc.
OS Platforms
Syntax
sadmin status
sadmin status volumename
Syntax Description
sadmin status
10
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Usage Details
2. An example of output of the sadmin status command on the UNIX platforms is as follows:
Command Mode
11
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
updaters
The updaters command adds, deletes, lists or flushes programs in the list of authorized
updaters.
OS Platforms
Syntax (Windows)
sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] exename
sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] -l libraryname exename
sadmin updaters add [ -d ] [ -n ] [ -t rule-id ] -p parent-exename exename
sadmin updaters add [ -t rule-id ] –u username
sadmin updaters add scriptname
sadmin updaters remove exename
sadmin updaters remove -l libraryname exename
sadmin updaters remove -p parent-exename exename
sadmin updaters remove -u username
sadmin updaters remove scriptname
sadmin updaters list
sadmin updaters flush
12
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Adds an updater rule for user username so that all update events by the user are
authorized.
If the –t argument is specified, the tag rule-id will be present in the Event Log for all the
files processed due to this updater rule.
sadmin updaters add scriptname
Adds an updater rule for script scriptname so that all update events by the scripts are
authorized.
sadmin updaters remove exename
Removes the updater rule for execution file exename having associated library
libraryname.
sadmin updaters remove -p parent-exename exename
Removes the updater rule for execution file exename having associated parent execution
file parent-exename.
sadmin updaters remove scriptname
13
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Removes the updater rule for execution file binaryname or scriptname having associated
parent execution file parent-programname.
sadmin updaters list
Usage Guidelines
The absolute path of the executable should be specified. Either the file name alone or one or more
folders/directories up the tree is specified. If 'dir\file.exe' is specified, the rule applies if and only
if, 'file.exe' is in a folder/directory named 'dir'. On Windows, full path names containing the drive
letter or starting with a slash character are not a valid entry for the rule names; such names are
ignored. For example, if you specify „c:\foo\bar.exe‟, the updater rule is added for \foo\bar.exe
ignoring the drive letter.
Command Mode
version
The version command displays the version of the Solidifier installed on the system.
OS Platforms
14
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Syntax
sadmin version
Command Mode
15
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
-a Y Y N
always authorized attribute
-i Y N N
bypassed from installer detection attribute
-p Y Y Y
Process context file operations bypass
attribute
-u Y Y N
always unauthorized attribute
Note: You can specify one or more configuration attributes in any combination.
The second column lists the corresponding argument to be used for the attributes.
OS Platforms
Syntax (Windows)
sadmin attr add [ -a | -i | -p | -u ] filename1 ... filenameN
sadmin attr add –o parent=filename2 –p filename1
sadmin attr remove [ -a | -i | -p | -u ] filename1 ... filenameN
sadmin attr list [ -a | -i | -p | -u ] [ filename1 ... filenameN ]
sadmin attr flush [ -a | -i | -p | -u ]
16
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Note: You must specify the argument for at least one configuration attribute with the
sadmin attr add command.
sadmin attr add –o parent=filename2 –p filename1
Adds the –p Solidifier Configuration attribute to solidified file filename1 so that it can
passthru if and only if it was invoked by filename2.
sadmin attr remove [ -a | -i | -p | -u ] filename1 ... filenameN
Removes the Solidifier Configuration attribute set on solidified files filename1 ...
filenameN.
Use the attribute argument based on “ Table 1: Supported Configuration Attributes ”.
X X
Note: You need not specify any argument for configuration attributes with the
sadmin attr remove command. When no arguments for any configuration attribute are
specified, it is assumed that arguments for all configuration attributes have been
specified.
sadmin attr list [ -a | -i | -p | -u ] [ filename1 ... filenameN ]
Lists Solidifier Configuration attributes set on solidified files filename1 ... filenameN.
Use the attribute argument based on “ Table 1: Supported Configuration Attributes ”.
X X
If file names are not specified, the configuration attributes for all solidified files are
listed.
Note: You need not specify any argument for configuration attributes with the
sadmin attr list command. When no arguments for any configuration attribute are
specified, it is assumed that arguments for all configuration attributes have been
specified.
sadmin attr flush [ -a | -i | -p | -u ]
Note: When no arguments for any configuration attribute are specified with the
sadmin attr flush command, it is assumed that arguments for all configuration
attributes have been specified and hence, all Solidifier Configuration attributes from all
files are removed.
Note: You must specify the argument for at least one configuration attribute with the
sadmin attr add command.
sadmin attr add –o parent=filename2 –p filename1
17
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Adds the –p Solidifier Configuration attribute to solidified file filename1 so that it can
passthru if and only if it was invoked by filename2.
sadmin attr remove [ -a | -p | -u ] filename1 ... filenameN
Removes the Solidifier Configuration attribute set on solidified files filename1 ...
filenameN.
Use the attribute argument based on “ Table 1: Supported Configuration Attributes ”.
X X
Note: You need not specify any argument for configuration attributes with the
sadmin attr remove command. When no arguments for any configuration attribute are
specified, it is assumed that arguments for all configuration attributes have been
specified.
sadmin attr list [ -a | -p | -u ] [ filename1 ... filenameN ]
Lists Solidifier Configuration attributes set on solidified files filename1 ... filenameN.
Use the attribute argument based on “ Table 1: Supported Configuration Attributes ”.
X X
If file names are not specified, the configuration attributes for all solidified files are
listed.
Note: You need not specify any argument for configuration attributes with the
sadmin attr list command. When no arguments for any configuration attribute are
specified, it is assumed that arguments for all configuration attributes have been
specified.
sadmin attr flush [ -a | -p | -u ]
Note: When no arguments for any configuration attribute are specified with the
sadmin attr flush command, it is assumed that arguments for all configuration
attributes have been specified and hence, all Solidifier Configuration attributes from all
files are removed.
Command Mode
config
The config command is used to export configuration of Solidifier installation to a file or import
configuration from a file. The configuration settings are applied to current installation once the
import operation completes successfully.
OS Platforms
Syntax
sadmin config export filename
sadmin config import [ -a ] filename
18
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Syntax Description
sadmin config export filename
Command Mode
event
The event command lets you configure the log targets (sinks) for generated change events.
OS Platforms
Syntax
sadmin event sink
sadmin event sink eventname
sadmin event sink -a { eventname | ALL } { sinkname | ALL }
sadmin event sink -r { eventname | ALL } { sinkname | ALL }
Syntax Description
sadmin event sink
Specifies that the event eventname should be logged in sink type sinkname.
19
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
You can also specify ALL as the event name so that the specified sink type is applicable
for all events. Similarly, you can specify ALL as the sink type name so that the specified
event is logged with all sink types. Also, you can specify ALL as both the event name
and the sink type name so that all events are logged with all sink types.
You can also specify the command multiple times to add more than one sink type for an
event.
sadmin event sink -r { eventname | ALL } { sinkname | ALL }
Removes the association of event eventname with sink type sinkname so that event
eventname is no longer logged with sink type sinkname.
You can also specify ALL as the event name so that all events are disassociated from the
specified sink type. Similarly, you can specify ALL as the sink type name so that the
specified event is disassociated from all sink types.
Note: While you can specify ALL as both the event name and the sink type name so that
all event-sink associations are removed, it is not a recommended use model.
You can also specify the command multiple times to disassociate more than one user-
specified sink type for an event.
Command Mode
features
The features command can be used to enable or disable a feature. A complete listing of the
features along with their operational state can also be obtained using this command.
OS Platform
Syntax
sadmin features enable featurename
sadmin features disable featurename
sadmin features [ list ]
Syntax Description
sadmin features enable featurename
Lists all Solidifier features and their current status (allowed or not allowed).
Note: The list argument is optional.
20
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Command Mode
lockdown
The lockdown command disables the local CLI.
Under the lockdown, no commands (other than help, help-advanced, status, version,
lockdown, recover, and license) can be executed.
OS Platforms
Syntax
sadmin lockdown
Command Mode
read-protect (rp)
The read-protect command modifies or displays the read protection rules.
Note: Unlike other commands, you must specify complete file or folder/directory names with the
read-protect command.
OS Platforms
Syntax
sadmin read-protect [ -i ] pathname1 ... pathnameN
sadmin read-protect -e pathname1 ... pathnameN
sadmin read-protect -r pathname1 ... pathnameN
sadmin read-protect -l
sadmin read-protect -f
Syntax Description
sadmin read-protect [ -i ] pathname1 ... pathnameN
21
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Adds read-protection rules to exclude paths pathname1 ... pathnameN from read-
protection.
Use this command to exclude from read-protection specific paths belonging to a read-
protected group of paths (folders/directories and volumes).
sadmin read-protect -r pathname1 ... pathnameN
Command Mode
recover
The recover command enables a local administrator to recover the local CLI. It should be used
when Solidifier-System Controller communication is down. It prompts for master password if it
has been set.
OS Platforms
Syntax
sadmin recover
Command Mode
write-protect (wp)
The write-protect command write-protects specified files including solidified files.
Note: Unlike other commands, you must specify complete file or folder/directory names with the
write-protect command.
OS Platforms
Syntax
sadmin write-protect [ -i ] pathname1 ... pathnameN
22
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Syntax Description
sadmin write-protect [ -i ] pathname1 ... pathnameN
Adds write protection rules to exclude paths pathname1 ... pathnameN from write
protection.
Use this command to exclude from write-protection specific paths belonging to a write-
protected group of paths (folders/directories and volumes).
sadmin write-protect -r pathname1 ... pathnameN
Command Mode
write-protect-reg (wpr)
The write-protect-reg command is used to modify or display the enforcement protection
rules.
OS Platforms
Windows
Syntax
sadmin write-protect-reg [ -i ] registrykeyname1 ... registrykeynameN
sadmin write-protect-reg -e registrykeyname1 ... registrykeynameN
sadmin write-protect-reg -r registrykeyname1 ... registrykeynameN
sadmin write-protect-reg -l
sadmin write-protect-reg –f
23
McAfee, Inc. Solidifier Command Line Reference Guide (for Integrity Monitor and Change Control)
Syntax Description
sadmin write-protect-reg [ -i ] registrykeyname1 ... registrykeynameN
Command Mode
24