We have started OnePAM Project at one of our clients, testing Utility Appliance and PAMSC capabilities via PAM GUI to deploy Policy.
We created a simple policy to filter out noise from seaudit logs on the local machine.
We tested manually deploying the policy commands via selang, all works fine.
However, once we try to deploy via PAM GUI, we get the error:
ERROR: '{0}' '{1}' is not finalized.
The policy remains in the queue only and does get deployed.
Error Message:
Release : 4.1
Once the PAM sends the deployment script details to endpoint, the endpoint will try to validate/deploy the script. If any errors occur during the validation/deployment time the endpoint will send the error code and error parameters back to PAM.
e.g. If the deploy script contains the following invalid text "invalid_script_command"
Then the endpoint will send the editres DEPLOYMENT ("1677588210853#e7dd7215-4a5c-477f-9a3e-032cca876efa") result+('9993!$!invalid_script_command') in this 9993 is the error code and invalid_script_command is the error parameter.
However, in this case of the above deployment, the endpoint is sending only the error code but not the error parameters.
editres DEPLOYMENT ("1677587787278#6bff5ca8-49ae-4f50-a192-59eb41fb3048") result+('36972') as PAM is not received any error parameters in the response we are displaying the message as is.
In this deployment, since the policy is containing single quotes the validation is failing.
Policy script can't contain any single quotes. We can see that the sample script used in this deployment contains single quotes. We need to use double quotes for the script.
e.g:
Deploy Script:
er specialpgm ("C:\Program Files (x86)\BigFix Enterprise\BESClient.exe") pgmtype(kill)
er specialpgm ("C:\Windows\system32\conhost.exe") pgmtype(kill)
er specialpgm ("C:\Program Files\CA\PAMSC\bin\AgentManager.exe") pgmtype(kill)
UnDeploy Script:
rr specialpgm ("C:\Program Files (x86)\BigFix Enterprise\BESClient.exe")
rr specialpgm ("C:\Windows\system32\conhost.exe")
rr specialpgm ("C:\Program Files\CA\PAMSC\bin\AgentManager.exe")