I have strange behaviour on two nodes where the ping command is not working. but while we stop PAMSC, ping starts working.

seaudit shows

09 Aug 2025 23:44:45 D FILE         UserName    Exec       69  2 /usr/bin/ping        /path/java  ServerName                  

I would like to know how and why PAMSC is blocking it and how to fix it.

The error 69 specifically states " No Step that allowed access " . The file rule to protect the ping command did not have a corresponding rule to authorize any user or group to access that file fro execute (nor any other access).

The rule that protected this file was

editres FILE ('/bin/ping') audit(FAILURE) defaccess(NONE) owner('nobody')

Adding an authorize command similar to this would be how you would then grant the ability to run ping for a specific user

authorize FILE ('/bin/ping')  access(READ WRITE DELETE RENAME CREATE EXECUTE CHOWN CHMOD UTIME SEC CHDIR) uid('username')

You should note that the rule added was for /bin/ping but that also protects /usr/bin/ping because the file is hardlinked which means it has the same inode

[root@server ~]# ls -i /bin/ping

950852 /bin/ping

[root@server ~]# ls -i /usr/bin/ping

950852 /usr/bin/ping