PAMSC(EP) login user on FTP is missing to root

book

Article ID: 211445

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

File access control does not work On the server which is installed PAMSC r14.1 CP2 on Solaris 11.4.

Rules:
editres FILE ('/opt/CA/AccessControl/log/*') audit(FAILURE) defaccess(NONE) owner('nobody')
authorize FILE ('/opt/CA/AccessControl/log/*') access(READ) uid('eacadm')

Audit log:

06 Jan 2021 01:00:00 D FILE        root      Read      69 2 /opt/CA/AccessControl/log/2020.12.30.txt.Z /usr/lib/inet/proftpd SRCHOST           eacadm

Cause

This audit log shows login and access as root.

Rules:
editres LOGINAPPL ('PROFTP') audit(FAILURE) defaccess(EXECUTE) loginflags(NONE) loginmethod(NORMAL) loginseq(SGRP SUID) loginpath(/usr/lib/inet/proftpd)

Audit log:
06 Jan 2021 01:00:24 P LOGIN        root                  59  2 SRCHOST          PROFTP                               
06 Jan 2021 01:00:25 D FILE         root       Read       69  2 /opt/CA/AccessControl/log/2020.12.30.txt.Z /usr/lib/inet/proftpd SRCHOST                  eacadm    
06 Jan 2021 01:00:25 O LOGOUT       root                  49  2 SRCHOST                                               

Environment

Release : 14.1 CP2

Component : PAM SERVER CONTROL ENDPOINT UNIX/LINUX

OS: Solaris 11.4

Resolution

Customer need to update loginseq for find correct login account

for example:

  PAMSC> er LOGINAPPL PROFTP loginseq(N3UID FUID SGRP SUID)