How to prevent a binary from being executed once it is modified

book

Article ID: 101538

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

This is an example how to use PIM to prevent execution of a program once its binary file was modified for whatever reason.

Environment

Release:
Component: SEOSU

Resolution

This you would accomplish using the PROGRAM class, e.g.
AC> er program /opt/CA/AccessControl/bin/sesu audit(all) defaccess(none) owner(nobody)
and you want to allow only certain users to execute the binary
AC> authorize program /opt/CA/AccessControl/bin/sesu uid(tester) access(execute)

Additional Information

More information about the PROGRAM class and how to use them you find
https://docops.ca.com/ca-privileged-access-manager-server-control/14-0/EN/reference/selang-reference-guide/classes-in-the-ac-environment/program-class
https://docops.ca.com/ca-privileged-access-manager-server-control/14-0/EN/administrating/endpoint-administration-for-unix/protect-setuid-and-setgid-programs