How to Make PIM run in parallel with SELinux in enforce mode.
search cancel

How to Make PIM run in parallel with SELinux in enforce mode.

book

Article ID: 30999

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Summary:

Sometimes we get a scenario where we need run the Privileged Identity Manager (Control Minder) in parallel with the SELinux. If both are running on the same server at a given time, then PIM (Control Minder) Endpoint Agent's sewhoami utility detects every user who logs in to the server as root user.

To mitigate this, PIM (Control Minder) Endpoint Agent is packed with an executable which allows both SELinux and Privileged Identity Manager to run in conjunction.

 

Instructions: 

 

  • On the endpoint server  login as the root user, navigate to <Access_Control_InstallDirectory>/lbin
  • ./sshd_policy.sh

 

[SAMPLE OUTPUT]

[root@Server lbin]# ./sshd_policy.sh

/usr/bin/checkmodule:  loading policy configuration from /tmp/AC_TMP.31027/CAeAC.te

/usr/bin/checkmodule:  policy configuration loaded

/usr/bin/checkmodule:  writing binary representation (version 6) to /tmp/AC_TMP.31027/CAeAC.mod

Additional Information:

<Access_Control_InstallDirectory> in this document refers to the root directory where endpoint agent is installed

Environment

Release: ACP1M005900-12.9-Privileged Identity Manager
Component: