We have a rule like this

editres SUDO ('mycommand') audit(FAILURE) comment('/opt/software/<version>/bin/command') defaccess(NONE) owner('secown') targuid('root')

This means we have to modify the rule every time we upgrade. Is there a way to replace <version> with a wildcard?

Release : 12.8

Component : CA ControlMinder

Wild cards are not allowed in the command part of the data property of the SUDO class, so what you want to do is not possible.

The only thing I can think of that might work is to use symlinks.

e.g.

/opt/software/<version>/bin/command

ln -s /opt/software/<version> /opt/software/latest

editres SUDO ('mycommand') audit(FAILURE) comment('/opt/software/<version>/bin/command') defaccess(NONE) owner('secown') targuid('root')

Then when you upgrade make sure you do:

ln -sf /opt/software/<version> /opt/software/latest

This might be easier than changing a few rules.

Please test this before deploying to production though as it is possible that something might not like the symlink.