Overview|Rules

Rule's attributes file is configuration file for assigning rules security attributes to objects. Each object may have up to 5 security attributes. Those attritues are used by security rules to attach their specific information to objects: labels, marks and so on. Rule attribute file has to be parsed to geswall driver acceptable form. The parser tool is gswrule.exe, usage:

gswrule.exe [rule_file|/d] [/s][/n][/r]
        rule_file - rules description file (ANSI or notepad created unicode)
        /s - apply new rules on reboot
        /n - apply new rules now
        /r - update rules revision and global settings
        /d - dump existing settings

Rules attributes file format:

Constants
[Rule1 ID]
record1
record2
...
recordN


[Rule2 ID]
record1
record2
...
recordM

....

Constant definition
ConstantName = Values

Rules ID is 4 symbols identifier of the rule

Record format:
attr1 attr2 attr3 attr4 attr5 ObjectType DetectionType DetectionString

attr1, attr2, attr3, attr4, attr5 - rules attributes, decimal numbers or constants defined at file header. All 5 attributes have to be specified, comma is used instead undefined attribute. Meaning of each attribute is not defined and depends on the rule

ObjectType may be:

• any - all objects
• file - files and named pipes
• registry - registry keys
• device - devices

DetectionType define value of DetectionString and may be:

• n - by object name, DetectionString - is begin of object name
• o - owner from security descriptor, DetectionString - is name of user or group in format [Domain\]User