Improper "PROGRAM" audit logs are recorded.
search cancel

Improper "PROGRAM" audit logs are recorded.

book

Article ID: 46859

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Problems:

Improper audit logs with PROGRAM class are recorded.

Environment:

CA Privileged Identity Manager Unix / Linux Endpoint r12.8 SP1 + RO87979

OS: Unix / Linux

Details:

Following improper "PROGRAM" audit logs are recorded.

<Date and Time>;W;PROGRAM;net1;Exec; 202;4;/opt/net1/*;/opt/net1/net1_comp/bin/vci_lcp;10.128.136.250; ;net1

<Date and Time>;P;PROGRAM;net1;Exec;1059;2;/opt/net1/*;/opt/net1/net1_comp/bin/vci_lcp;10.128.136.250; ;net1

But rules are as follows.

editres FILE ('/opt/net1') audit(ALL) defaccess(NONE) warning  owner('nobody')

editres FILE ('/opt/net1/*') audit(ALL) defaccess(NONE) warning  owner('nobody')

chres  PROGRAM ('_default') audit(FAILURE) defaccess(EXECUTE)

Cause of the Problem:

Degrade.

Workaround:

Disable "PROGRAM" class.

AC> so class-(PROGRAM)

Resolution:

With Solaris platform, the test fix "T52V215" has been provided.

Module: seosd (12.81.0.2496)

This problem will be fixed in the next release.

Environment

Release: ACP1M005900-12.8-Privileged Identity Manager
Component:
Powered by Wolken Software