Socket Filter Agent 2.7 on AIX 6.1 and AIX 7.1 are not blocking SSH access to the blacklisted hosts
book
Article ID: 6333
calendar_today
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)PAM SAFENET LUNA HSMCA Privileged Access Manager (PAM)
Issue/Introduction
Socket Filter Agent 2.7 installed on AIX 6.1 and AIX 7.1 are not blocking SSH access to the blacklisted hosts specified in the socket filter list. Whitelist is working accordingly.
Cause
SFA is marking the hosts in the filter list as invalid filter IP and ignores them:
SFA blocks the blacklist hosts as we remove the netmask associated with the host IP address.
SFA 2.7 installers for AIX 6.1 and AIX 7.1 are revised to address the issue.
Additional Information
Troubleshooting SFA issues:
SFA is installed with Windows default Administrator account or UNIX root account
SFA is installed on supported Operating System (https://support.ca.com/phpdocs/7/9526/9526-PAM-platformsupportmatrix.pdf)
Communication between target host and SFA on target host over port 8550 (default port for SFA) and 443 are not blocked
Ensure that SFA daemon is running (/etc/rc.d/init.d/gksfd start)
Check the gksfd.log (/var/tmp/gksfd.log)
Associate the socket filter to the user-device policy
On UNIX and Linux targets, SFA only filters non-root users. Ensure that you login to the target UNIX host with non-root user to test the access control according to the filter list and the non-root user is not specified with SECURE_USER in gksfd.cfg file