Hello Jorghy, This is the problem discussed in KB doc
. You will find a solution there.
Original Message:
Sent: 12-12-2019 11:01 PM
From: Jorghy Misnan
Subject: UNIX Password Management
Here you go:
INFO: start executing the default UNIX credentials update scriptDec 13, 2019 3:57:16 AM com.cloakware.cspm.server.plugin.CSPMClientChannel writeINFO: sent data 'sudo passwd backupvndr'Dec 13, 2019 3:57:17 AM com.cloakware.cspm.server.plugin.CSPMClientChannel readUntilINFO: received data 'sudo passwd backupvndr[bastion@esbbwcel2papp1 ~]$ sudo passwd backupvndrChanging password for user backupvndr.' MATCHES the pattern '(?si)(.*?password(\sfor|\sagain|:).*?)Dec 13, 2019 3:57:17 AM com.cloakware.cspm.server.plugin.CSPMClientChannel writeINFO: sent data '<not logged>'Dec 13, 2019 3:57:18 AM com.cloakware.cspm.server.plugin.CSPMClientChannel readUntilINFO: received data 'rX1ETa!MbwNew password: ' MATCHES the pattern '(?si)(.*?password(\sfor|\sagain|:).*?)Dec 13, 2019 3:57:18 AM com.cloakware.cspm.server.plugin.CSPMClientChannel writeINFO: sent data '<not logged>'Dec 13, 2019 3:57:18 AM com.cloakware.cspm.server.plugin.CSPMClientChannel writeINFO: sent data 'echo -6204082214234569712-OK--8410880490185373406'Dec 13, 2019 3:57:19 AM com.ca.pam.CSRFFilter doFilterINFO: Running Cross-Site Request Forgery (CSRF) check for URL: /cspm/rest/managedDevices/Dec 13, 2019 3:57:19 AM com.ca.pam.CSRFFilter doFilterINFO: Cross-Site Request Forgery (CSRF) check pass for Host: 10.49.5.164 and for HTTP Referer: https://10.49.5.164/cspm/app/feature/app.jsp?managementConsole=0&pamClient=trueDec 13, 2019 3:57:21 AM com.ca.pam.CSRFFilter doFilterINFO: Running Cross-Site Request Forgery (CSRF) check for URL: /cspm/rest/policies/newAssociationDec 13, 2019 3:57:21 AM com.ca.pam.CSRFFilter doFilterINFO: Cross-Site Request Forgery (CSRF) check pass for Host: 10.49.5.164 and for HTTP Referer: https://10.49.5.164/cspm/app/feature/app.jsp?managementConsole=0&pamClient=trueDec 13, 2019 3:57:21 AM com.ca.pam.CSRFFilter doFilterINFO: Running Cross-Site Request Forgery (CSRF) check for URL: /cspm/rest/config/servercontrol/Dec 13, 2019 3:57:21 AM com.ca.pam.CSRFFilter doFilterINFO: Running Cross-Site Request Forgery (CSRF) check for URL: /cspm/rest/policies/getTargetAccountListTransparentLoginDec 13, 2019 3:57:21 AM com.ca.pam.CSRFFilter doFilterINFO: Cross-Site Request Forgery (CSRF) check pass for Host: 10.49.5.164 and for HTTP Referer: https://10.49.5.164/cspm/app/feature/app.jsp?managementConsole=0&pamClient=trueDec 13, 2019 3:57:22 AM com.cloakware.cspm.server.dao.impl.DataSourceManager$c runINFO: DataSourceManagerHeartbeat.run Database cspm1=10.49.5.23 is still active and alive ['ACTIVE_AND_ALIVE' => 'ACTIVE_AND_ALIVE']. Time=0.979711ms [Total=2991.0977ms, Count=3336, Average=0.896612ms, Min=0.374824ms, Max=5.070085ms].Dec 13, 2019 3:57:23 AM com.cloakware.cspm.server.dao.impl.DataSourceManager$c runINFO: DataSourceManagerHeartbeat.run Database cspm2=10.49.5.24 is still active and alive ['ACTIVE_AND_ALIVE' => 'ACTIVE_AND_ALIVE']. Time=0.882122ms [Total=4276.8735ms, Count=3336, Average=1.2820364ms, Min=0.505152ms, Max=34.022564ms].Dec 13, 2019 3:57:23 AM com.cloakware.cspm.server.plugin.CSPMClientChannel readUntilINFO: received data 'Retype new password: Sorry, passwords do not match.New password: ' does NOT CONTAIN the case-sensitive string '-6204082214234569712-0--8410880490185373406'Dec 13, 2019 3:57:23 AM com.cloakware.cspm.server.plugin.BeanShellScriptProcessorImpl executeScriptINFO: stopping script processorDec 13, 2019 3:57:24 AM com.cloakware.cspm.server.plugin.SSHConnector$1 logINFO: jsch: Disconnecting from 10.42.97.5 port 22Dec 13, 2019 3:57:24 AM com.cloakware.cspm.server.plugin.SSHConnector$1 logINFO: jsch: Caught an exception, leaving main loop due to Socket closedDec 13, 2019 3:57:24 AM com.cloakware.cspm.server.app.impl.ld cSEVERE: UpdateTargetAccountCmd.invoke 5995: Failed to update the account credentials. Review the log file for further information or else contact your Administrator.com.cloakware.cspm.server.plugin.ClientChannelTimeoutException: PAM-CM-1336: Failed to find case-sensitive patterns while reading from the communications channel: -6204082214234569712-0--8410880490185373406 at com.cloakware.cspm.server.plugin.EnhancedCSPMClientChannel.readUntil(EnhancedCSPMClientChannel.java:219) at com.cloakware.cspm.server.plugin.EnhancedCSPMClientChannel.readUntil(EnhancedCSPMClientChannel.java:241) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at bsh.Reflect.invokeMethod(Reflect.java:131) at bsh.Reflect.invokeObjectMethod(Reflect.java:77) at bsh.Name.invokeMethod(Name.java:852) at bsh.BSHMethodInvocation.eval(BSHMethodInvocation.java:69) at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:96) at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:41) at bsh.BSHBlock.evalBlock(BSHBlock.java:125) at bsh.BSHBlock.eval(BSHBlock.java:75) at bsh.BshMethod.invokeImpl(BshMethod.java:356) at bsh.BshMethod.invoke(BshMethod.java:252) at bsh.BshMethod.invoke(BshMethod.java:180) at bsh.Name.invokeLocalMethod(Name.java:911) at bsh.Name.invokeMethod(Name.java:798) at bsh.BSHMethodInvocation.eval(BSHMethodInvocation.java:69) at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:96) at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:41) at bsh.BSHBlock.evalBlock(BSHBlock.java:125) at bsh.BSHBlock.eval(BSHBlock.java:75) at bsh.BSHBlock.eval(BSHBlock.java:41) at bsh.BSHTryStatement.eval(BSHTryStatement.java:80) at bsh.BSHBlock.evalBlock(BSHBlock.java:125) at bsh.BSHBlock.eval(BSHBlock.java:75) at bsh.BSHBlock.eval(BSHBlock.java:41) at bsh.BSHIfStatement.eval(BSHIfStatement.java:42) at bsh.Interpreter.eval(Interpreter.java:659) at bsh.Interpreter.eval(Interpreter.java:750) at bsh.Interpreter.eval(Interpreter.java:739) at com.cloakware.cspm.server.plugin.BeanShellScriptProcessorImpl.executeScript(BeanShellScriptProcessorImpl.java:279) at com.cloakware.cspm.server.plugin.ChannelBeanShellScriptProcessorImpl.executeScriptAndDisconnect(ChannelBeanShellScriptProcessorImpl.java:201) at com.cloakware.cspm.server.plugin.ChannelBeanShellScriptProcessorImpl.executeDefaultScriptAndDisconnect(ChannelBeanShellScriptProcessorImpl.java:213) at com.cloakware.cspm.server.plugin.targetmanager.UnixAdvancedTargetManager.updateCredentials(UnixAdvancedTargetManager.java:57) at com.cloakware.cspm.server.app.TargetManager.performUpdate(SourceFile:721) at com.cloakware.cspm.server.app.TargetManager.run(SourceFile:667)com.cloakware.cspm.server.plugin.ClientChannelTimeoutException: PAM-CM-1336: Failed to find case-sensitive patterns while reading from the communications channel: -6204082214234569712-0--8410880490185373406 at com.cloakware.cspm.server.plugin.EnhancedCSPMClientChannel.readUntil(EnhancedCSPMClientChannel.java:219) at com.cloakware.cspm.server.plugin.EnhancedCSPMClientChannel.readUntil(EnhancedCSPMClientChannel.java:241) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at bsh.Reflect.invokeMethod(Reflect.java:131) at bsh.Reflect.invokeObjectMethod(Reflect.java:77) at bsh.Name.invokeMethod(Name.java:852) at bsh.BSHMethodInvocation.eval(BSHMethodInvocation.java:69) at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:96) at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:41) at bsh.BSHBlock.evalBlock(BSHBlock.java:125) at bsh.BSHBlock.eval(BSHBlock.java:75) at bsh.BshMethod.invokeImpl(BshMethod.java:356) at bsh.BshMethod.invoke(BshMethod.java:252) at bsh.BshMethod.invoke(BshMethod.java:180) at bsh.Name.invokeLocalMethod(Name.java:911) at bsh.Name.invokeMethod(Name.java:798) at bsh.BSHMethodInvocation.eval(BSHMethodInvocation.java:69) at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:96) at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:41) at bsh.BSHBlock.evalBlock(BSHBlock.java:125) at bsh.BSHBlock.eval(BSHBlock.java:75) at bsh.BSHBlock.eval(BSHBlock.java:41) at bsh.BSHTryStatement.eval(BSHTryStatement.java:80) at bsh.BSHBlock.evalBlock(BSHBlock.java:125) at bsh.BSHBlock.eval(BSHBlock.java:75) at bsh.BSHBlock.eval(BSHBlock.java:41) at bsh.BSHIfStatement.eval(BSHIfStatement.java:42) at bsh.Interpreter.eval(Interpreter.java:659) at bsh.Interpreter.eval(Interpreter.java:750) at bsh.Interpreter.eval(Interpreter.java:739) at com.cloakware.cspm.server.plugin.BeanShellScriptProcessorImpl.executeScript(BeanShellScriptProcessorImpl.java:279) at com.cloakware.cspm.server.plugin.ChannelBeanShellScriptProcessorImpl.executeScriptAndDisconnect(ChannelBeanShellScriptProcessorImpl.java:201) at com.cloakware.cspm.server.plugin.ChannelBeanShellScriptProcessorImpl.executeDefaultScriptAndDisconnect(ChannelBeanShellScriptProcessorImpl.java:213) at com.cloakware.cspm.server.plugin.targetmanager.UnixAdvancedTargetManager.updateCredentials(UnixAdvancedTargetManager.java:57) at com.cloakware.cspm.server.app.TargetManager.performUpdate(SourceFile:721) at com.cloakware.cspm.server.app.TargetManager.run(SourceFile:667)Dec 13, 2019 3:57:24 AM com.cloakware.cspm.server.app.impl.ld cSEVERE: UpdateTargetAccountCmd.invoke Errorcom.cloakware.cspm.server.app.ApplicationException: UpdateTargetAccountCmd.invoke Failed to synchronize password with target at com.cloakware.cspm.server.app.impl.ld.c(SourceFile:966) at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:263) at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:122) at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:114) at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:110) at com.ca.pam.rest.TargetAccountService.update(SourceFile:361) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409) at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:558) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:733) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.filters.ExpiresFilter.doFilter(ExpiresFilter.java:1179) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.ca.pam.RestAuthenticationFilter.doFilter(SourceFile:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.ca.pam.AuthFilter.doFilter(SourceFile:102) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.ca.pam.CSRFFilter.doFilter(SourceFile:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.ca.pam.EncodingFilter.doFilter(SourceFile:18) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423) at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:188) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:620) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2476) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2465) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)Dec 13, 2019 3:57:24 AM com.cloakware.cspm.server.app.impl.lh hINFO: UpdateTargetAccountDescriptorCmd.validate accountID:43343Dec 13, 2019 3:57:24 AM com.cloakware.cspm.server.app.impl.lh cINFO: UpdateTargetAccountVerifiedFlagCmd.invoke starting.Dec 13, 2019 3:57:24 AM com.cloakware.cspm.server.app.impl.ld cWARNING: UpdateTargetAccountCmd.invoke exception: com.cloakware.cspm.server.app.ApplicationException: UpdateTargetAccountCmd.invoke Failed to synchronize password with target at com.cloakware.cspm.server.app.impl.ld.c(SourceFile:966) at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:263) at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:122) at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:114) at com.cloakware.cspm.server.app.impl.aa.invokeCommand(SourceFile:110) at com.ca.pam.rest.TargetAccountService.update(SourceFile:361) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1409) at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:409) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:558) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:733) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.filters.ExpiresFilter.doFilter(ExpiresFilter.java:1179) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.ca.pam.RestAuthenticationFilter.doFilter(SourceFile:259) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.ca.pam.AuthFilter.doFilter(SourceFile:102) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.ca.pam.CSRFFilter.doFilter(SourceFile:89) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.ca.pam.EncodingFilter.doFilter(SourceFile:18) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423) at org.apache.coyote.ajp.AjpAprProcessor.process(AjpAprProcessor.java:188) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:620) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2476) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2465) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748)Dec 13, 2019 3:57:24 AM com.ca.pam.rest.PAUtil generateExceptionFromAppCtxSEVERE: UpdateTargetAccountCmd.invoke Failed to synchronize password with targetDec 13, 2019 3:57:24 AM com.ca.pam.CSRFFilter doFilterINFO: Cross-Site Request Forgery (CSRF) check pass for Host: 10.49.5.164 and for HTTP Referer: https://10.49.5.164/cspm/app/feature/app.jsp?managementConsole=0&pamClient=trueDec 13, 2019 3:57:26 AM com.ca.pam.CSRFFilter doFilterINFO: Running Cross-Site Request Forgery (CSRF) check for URL: /cspm/rest/applicationTypes/Dec 13, 2019 3:57:26 AM com.ca.pam.CSRFFilter doFilterINFO: Cross-Site Request Forgery (CSRF) check pass for Host: 10.49.5.164 and for HTTP Referer: https://10.49.5.164/cspm/app/feature/app.jsp?managementConsole=0&pamClient=trueDec 13, 2019 3:57:27 AM com.ca.pam.CSRFFilter doFilterINFO: Running Cross-Site Request Forgery (CSRF) check for URL: /cspm/rest/policies/getTargetAccountListAccess/t+3919Dec 13, 2019 3:57:27 AM com.ca.pam.CSRFFilter doFilterINFO: Running Cross-Site Request Forgery (CSRF) check for URL: /cspm/rest/targetAccounts/Dec 13, 2019 3:57:27 AM com.ca.pam.CSRFFilter doFilterINFO: Running Cross-Site Request Forgery (CSRF) check for URL: /cspm/rest/targetAccounts/Dec 13, 2019 3:57:28 AM com.ca.pam.CSRFFilter doFilterINFO: Cross-Site Request Forgery (CSRF) check pass for Host: 10.49.5.164 and for HTTP Referer: https://10.49.5.164/cspm/app/feature/app.jsp?managementConsole=0&pamClient=trueDec 13, 2019 3:57:28 AM com.ca.pam.CSRFFilter doFilterINFO: Cross-Site Request Forgery (CSRF) check pass for Host: 10.49.5.164 and for HTTP Referer: https://10.49.5.164/cspm/app/feature/app.jsp?managementConsole=0&pamClient=trueDec 13, 2019 3:57:28 AM com.ca.pam.CSRFFilter doFilterINFO: Running Cross-Site Request Forgery (CSRF) check for URL: /cspm/rest/passwordViewRequests/summary/activeDec 13, 2019 3:57:29 AM com.ca.pam.CSRFFilter doFilterINFO: Cross-Site Request Forgery (CSRF) check pass for Host: 10.49.5.164 and for HTTP Referer: https://10.49.5.164/cspm/app/feature/app.jsp?managementConsole=0&pamClient=trueDec 13, 2019 3:57:29 AM com.ca.pam.CSRFFilter doFilterINFO: Running Cross-Site Request Forgery (CSRF) check for URL: /cspm/rest/configProperties/Dec 13, 2019 3:57:29 AM com.ca.pam.CSRFFilter doFilterINFO: Cross-Site Request Forgery (CSRF) check pass for Host: 10.49.5.164 and for HTTP Referer: https://10.49.5.164/cspm/app/feature/app.jsp?managementConsole=0&pamClient=trueDec 13, 2019 3:57:30 AM com.ca.pam.CSRFFilter doFilterINFO: Cross-Site Request Forgery (CSRF) check pass for Host: 10.49.5.164 and for HTTP Referer: https://10.49.5.164/cspm/app/feature/app.jsp?managementConsole=0&pamClient=trueDec 13, 2019 3:57:30 AM com.ca.pam.CSRFFilter doFilterINFO: Cross-Site Request Forgery (CSRF) check pass for Host: 10.49.5.164 and for HTTP Referer: https://10.49.5.164/cspm/app/feature/app.jsp?managementConsole=0&pamClient=trueDec 13, 2019 3:57:31 AM com.ca.pam.CSRFFilter doFilterINFO: Running Cross-Site Request Forgery (CSRF) check for URL: /cspm/servlet/ConfigDiagnosticsServlet
Original Message:
Sent: 12-12-2019 10:51 PM
From: Ralf Prigl
Subject: UNIX Password Management
I can tell you what's wrong if I see the full log starting with the initial SSH connection.
Original Message:
Sent: 12-12-2019 09:52 PM
From: Jorghy Misnan
Subject: UNIX Password Management
No, the account called bastion is standard user that have NOPASSWD=ALL sudo privileges. In PAM, it configured to use elevated privileges without authentication. I've tried login manually using this account, it's not root. I also tried to reset password of another account manually using this account too, it worked. Only from PAM it failed.
Original Message:
Sent: 12-12-2019 09:09 AM
From: Ralf Prigl
Subject: UNIX Password Management
Hello Jorghy, this looks like an incorrect privilege elevation setting on the target account. Please review https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=123217. Most likely you have the account configured as root account, in which case we don't expect the passwd command to ask for the current password first, but in fact the server did ask for the current password first. I would need to see the full log section related to the update attempt to be sure on that.
Original Message:
Sent: 12-12-2019 02:37 AM
From: Jorghy Misnan
Subject: UNIX Password Management
CA PAM v3.2.6
Trying to manage privileged account from RHEL servers using Credential Discovery failed. This are the Tomcat error during password update:
INFO: received data 'Retype new password: Sorry, passwords do not match.New password: ' does NOT CONTAIN the case-sensitive string '231848617357511941-0-7568834872291681195'Dec 12, 2019 7:30:48 AM com.cloakware.cspm.server.plugin.BeanShellScriptProcessorImpl executeScriptINFO: stopping script processor
Different server with same OS and same "master" credential with a same sudo privileges were able to managed privileged accounts in it. What is the difference?
------------------------------
Regards,
Jorghy M.
------------------------------