PAM SC(EP) : appears SURROGATE log non-root to another user and non-root to root by only one su command
Article ID: 108051
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
Customer add following rule to find switch user.
editres SURROGATE ('USER._default') audit(SUCCESS FAILURE) defaccess(READ) owner('nobody')
When non-root user switch to another user, it appears both surrogate log as non-root user to another user and non-root to root user.
editres SURROGATE ('USER._default') audit(SUCCESS FAILURE) defaccess(READ) owner('nobody')
When non-root user switch to another user, it appears both surrogate log as non-root user to another user and non-root to root user.
Environment
OS: RHEL
Prod: CA Privilege Access Manager Server Control r14.0 for Endpoint.
It may occur on Privileged Identity Manager r12.8 SP1 or so.
Prod: CA Privilege Access Manager Server Control r14.0 for Endpoint.
It may occur on Privileged Identity Manager r12.8 SP1 or so.
Resolution
Customer found the problem is occurred when SELinux is 'permissive'.
So, it works as expected after disable SELinux.
So, it works as expected after disable SELinux.
Feedback
Yes
No
Powered by
