HPUX Box not vaulting root due to script processor

book

Article ID: 225330

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We've been having a issue vaulting root for this HPUX box, we were able to vault the pammstr account that rotates root but when we try to add the root account it says that there is an error with the script processor, This works for 3 other servers but not this one, below is the error in the tomcat catalina log:

Sep 07, 2021 5:53:03 PM com.cloakware.cspm.server.plugin.CSPMClientChannel write
INFO: sent data 'sudo passwd root
'
Sep 07, 2021 5:53:09 PM com.cloakware.cspm.server.plugin.CSPMClientChannel readUntil
INFO: received data 'sudo passwd root
' does NOT MATCH any of the pattern(s): '[(?si)(.*?password(\sfor|\sagain|:).*?)]'
Sep 07, 2021 5:53:09 PM com.cloakware.cspm.server.plugin.BeanShellScriptProcessorImpl executeScript
INFO: stopping script processor
Sep 07, 2021 5:53:09 PM com.cloakware.cspm.server.plugin.SSHConnector$1 log
INFO: jsch: Disconnecting from ga088hps.unix.us.ups.com port 22
Sep 07, 2021 5:53:09 PM com.cloakware.cspm.server.plugin.SSHConnector$1 log
INFO: jsch: Caught an exception, leaving main loop due to Socket closed
Sep 07, 2021 5:53:09 PM com.cloakware.cspm.server.app.impl.AddTargetAccountCmd invoke
SEVERE: AddTargetAccountCmd.invoke 15220: PAM-CM-1349: A problem occurred while executing the script processor.  Please try your request again or contact your Administrator.
com.cloakware.cspm.server.app.ApplicationException: PAM-CM-1349: A problem occurred while executing the script processor.  Please try your request again or contact your Administrator.
 at com.cloakware.cspm.server.plugin.targetmanager.UnixAdvancedTargetManager.updateCredentials(UnixAdvancedTargetManager.java:67)
 at com.cloakware.cspm.server.app.TargetManager.performUpdate(TargetManager.java:722)
 at com.cloakware.cspm.server.app.TargetManager.run(TargetManager.java:668)
Caused by: com.cloakware.cspm.server.plugin.ScriptProcessorException: PAM-CM-1329: Failed to process a target connector script.  Refer to the log file for further information.
 at com.cloakware.cspm.server.plugin.BeanShellScriptProcessorImpl.executeScript(BeanShellScriptProcessorImpl.java:286)
 at com.cloakware.cspm.server.plugin.ChannelBeanShellScriptProcessorImpl.executeScriptAndDisconnect(ChannelBeanShellScriptProcessorImpl.java:201)
 at com.cloakware.cspm.server.plugin.ChannelBeanShellScriptProcessorImpl.executeDefaultScriptAndDisconnect(ChannelBeanShellScriptProcessorImpl.java:213)
 at com.cloakware.cspm.server.plugin.targetmanager.UnixAdvancedTargetManager.updateCredentials(UnixAdvancedTargetManager.java:57)
 ... 2 more
Caused by: Sourced file: inline evaluation of: ``// *************************************************************************** / . . . '' : Method Invocation channel.readUntil : at Line: 280 : in file: inline evaluation of: ``// *************************************************************************** / . . . '' : channel .readUntil ( passwordEntryPrompt ) 

Target exception: com.cloakware.cspm.server.plugin.ClientChannelTimeoutException: PAM-CM-1336: Failed to find regular expression patterns while reading from the communications channel: [(?si)(.*?password(\sfor|\sagain|:).*?)]

Environment

Release : 3.3

Component :

Resolution

On the webex we found that the time to connect to the server directly was taking longer than the default script time out of 5000 miliseconds, so PAM was sending the sudo passwd root command before the prompt was able to accept the command and the script processor was expecting the confirm password and not receiving it, so errored out on that line. increasing the value from 5000 to 20,000 allows for a 20 second delay before sending the password change command. This only covers up for the real issue of DNS resolution time of the hostnames and that should be looked at by their network team.