Vinay Kumar Reddy Karri

CA Security Tuesday Tip: Privileged Identity Manager: How to Make PIM to run in parallel with SELinux

Discussion created by Vinay Kumar Reddy Karri Employee on Mar 24, 2015
Latest reply on Jun 10, 2015 by Vinay Kumar Reddy Karri

CA (Privileged Identity Manager) Tuesday Tip by <Vinay Reddy>, <Support Engineer> for <3/24/2014>

 

Sometimes we get a scenario where we need run the Privileged Identity Manager (Control Minder) in parallel with the SELinux. If both are running on the server at a given time, the ControlMinder sewhoami utility detects every user who logs in to the server as root.


To mitigate this, Control Minder is packed with an executable which allows both SELinux and Privileged Identity Manager  to run in conjunction.


To achieve this, perform the below steps


  • On the server, navigate to <Access_Control_InstallDirectory>/lbin
  • ./sshd_policy.sh

 

[SAMPLE OUTPUT]

[root@Server lbin]# ./sshd_policy.sh

/usr/bin/checkmodule:  loading policy configuration from /tmp/AC_TMP.31027/CAeAC.te

/usr/bin/checkmodule:  policy configuration loaded

/usr/bin/checkmodule:  writing binary representation (version 6) to /tmp/AC_TMP.31027/CAeAC.mod

 

Thank You for Reading and Have Good Day!!

Outcomes