search cancel

CA PIM all versions: deny host by ftp operation

book

Article ID: 134420

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Following host rules can deny all accesses other than ftp.

The ftp access can be done but deny ftp operation after login.

rule: 

er host 192.168.xxx.xxx audit(f) own(nobody)

auth host 192.168.xxx.xxx service(*) acc(n) 

auth host 192.168.xxx.xxx service(ftp) acc(a)


audit log:

date time  D HOST         20089                169  3 192.168.xxx.xxx        /usr/sbin/vsftpd


Cause

The access via port 20089 using ftp is denied in this case after ftp login though the access of ftp via port 21 can be done.

The port 20089 is used as ftp data port.

Environment

Privileged Identity Manager

Resolution

The data port should be authorized also.

If the data port is defined as random port, it should be fixed something like 20000-21000.

And authorize the range of port on host rule:

auth host 192.168.xxx.xxx service(20000-21000) acc(a)