Layer7 Privileged Access Management

Expand all | Collapse all

CA Security Tuesday Tip: Privileged Identity Manager: How to Make PIM to run in parallel with SELinux

  • 1.  CA Security Tuesday Tip: Privileged Identity Manager: How to Make PIM to run in parallel with SELinux

    Posted 03-23-2015 11:53 PM

    CA (Privileged Identity Manager) Tuesday Tip by <Vinay Reddy>, <Support Engineer> for <3/24/2014>

     

    Sometimes we get a scenario where we need run the Privileged Identity Manager (Control Minder) in parallel with the SELinux. If both are running on the server at a given time, the ControlMinder sewhoami utility detects every user who logs in to the server as root.


    To mitigate this, Control Minder is packed with an executable which allows both SELinux and Privileged Identity Manager  to run in conjunction.


    To achieve this, perform the below steps


    • On the server, navigate to <Access_Control_InstallDirectory>/lbin
    • ./sshd_policy.sh

     

    [SAMPLE OUTPUT]

    [root@Server lbin]# ./sshd_policy.sh

    /usr/bin/checkmodule:  loading policy configuration from /tmp/AC_TMP.31027/CAeAC.te

    /usr/bin/checkmodule:  policy configuration loaded

    /usr/bin/checkmodule:  writing binary representation (version 6) to /tmp/AC_TMP.31027/CAeAC.mod

     

    Thank You for Reading and Have Good Day!!



  • 2.  Re: CA Security Tuesday Tip: Privileged Identity Manager: How to Make PIM to run in parallel with SELinux

    Posted 03-25-2015 04:07 PM

    Thanks for sharing this tip with the CA Security Community, VinayReddy!



  • 3.  Re: CA Security Tuesday Tip: Privileged Identity Manager: How to Make PIM to run in parallel with SELinux

    Posted 06-10-2015 12:22 AM

    Can this also be tagged with "selinux" "sewhoami" and "root" for more visibility? I have had this scenario come up several times and it manifests itself with sewhoami returning root. It is not obvious that selinux being enabled is the cause until we see this document. Thanks



  • 4.  Re: CA Security Tuesday Tip: Privileged Identity Manager: How to Make PIM to run in parallel with SELinux

    Posted 06-10-2015 12:48 AM

    Simon,

    Added the tags as suggested by you. Thanks