File access control does not work On the server which is installed PAMSC r14.1 CP2 on Solaris 11.4.
Rules:
editres FILE ('/opt/CA/AccessControl/log/*') audit(FAILURE) defaccess(NONE) owner('nobody')
authorize FILE ('/opt/CA/AccessControl/log/*') access(READ) uid('eacadm')
Audit log:
06 Jan 2021 01:00:00 D FILE root Read 69 2 /opt/CA/AccessControl/log/2020.12.30.txt.Z /usr/lib/inet/proftpd SRCHOST eacadm
Release : 14.1 CP2
Component : PAM SERVER CONTROL ENDPOINT UNIX/LINUX
OS: Solaris 11.4
This audit log shows login and access as root.
Rules:
editres LOGINAPPL ('PROFTP') audit(FAILURE) defaccess(EXECUTE) loginflags(NONE) loginmethod(NORMAL) loginseq(SGRP SUID) loginpath(/usr/lib/inet/proftpd)
Audit log:
06 Jan 2021 01:00:24 P LOGIN root 59 2 SRCHOST PROFTP
06 Jan 2021 01:00:25 D FILE root Read 69 2 /opt/CA/AccessControl/log/2020.12.30.txt.Z /usr/lib/inet/proftpd SRCHOST eacadm
06 Jan 2021 01:00:25 O LOGOUT root 49 2 SRCHOST
Customer need to update loginseq for find correct login account
for example:
PAMSC> er LOGINAPPL PROFTP loginseq(N3UID FUID SGRP SUID)