seosd incorrectly marking a program as untrusted.

book

Article ID: 5851

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

AC endpoint is blocking execution of a program that does not have a matching rule in selang. SEAUDIT reports it as an untrusted application, but there is no rule pointing to this program.

 

seaudit records:

 

01 Feb 2017 15:53:37 D PROGRAM root Exec 250 2 /incontrol/ctmagent/ctm/sysout/* /incontrol/ctmagent/ctm/exe/p_ctmag root 

01 Feb 2017 15:53:37 D PROGRAM root Exec 250 2 /incontrol/ctmagent/ctm/sysout/* /usr/bin/ksh root 

 

# seaudit -t | grep 250

250     Executing an untrusted program

 

Cause

Corrupted endpoint database.

 

Environment

CA Privileged Identity Manager r12.8 SP1 running on a AIX box.

Resolution

Rebuild the endpoint database by following the instructions of TEC480873.

 

Additional Information

https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.TEC480873.html