Warnings or denials due to tripAccept on Outbound network connection
search cancel

Warnings or denials due to tripAccept on Outbound network connection

book

Article ID: 422442

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

The following Warning or Deny records are shown in the audit log

08 Oct 2025 00:55:08 W TCP          54370      root      202  4 xxx.xxx.xxx.xxx      /optl/CA/AccessControl/bin/tripAccept
08 Oct 2025 07:35:03 D TCP          1234      root      408  2 xxx.xxx.xxx.xxx       /opt/CA/AccessControl/bin/tripAccept

We also noticed sendmail queues the outgoing emails. PAMSC agent restart releases the emails from the sendmail queue. 

Environment

Solaris: SunOS 5.11 11.4.84.201.1 sun4v sparc sun4v logical-domain
PAMSC Endpoint: 14.1 CP07 (14.10.70.54)

Cause

The default TCP rule has blocked all the connect system calls. 

Resolution

The _default TCP rule was modified to the following with Defaccess set None.

Data for TCP '_default'
-----------------------------------------------------------
Defaccess         : None
Warning           : Yes
ACLs              :
   Accessor                Access
   xxxx  (zzzzz  ) R
   yyyy  (zzzzz  ) None
Condition ACLs    :
   Accessor                Access        Conditions
   root          (USER   ) W             xxxx(zzzzz  )
   root          (USER   ) W             yyyy (zzzzz )
Audit mode        : Failure
Update time       : 22-Oct-2025 15:35
Updated by        : root          (USER   )

Restoring _default TCP rule to default like the following resolve the problem\

Data for TCP '_default'
-----------------------------------------------------------
Defaccess         : R, W
Audit mode        : Failure

 

 

 

Powered by Wolken Software