Seiji_Moriyama

Tech Tip: Privieged Identity Manager: When you define many rules with a batch file

Discussion created by Seiji_Moriyama Employee on Nov 25, 2015

CA Privileged Identity Manager Tuesday Tip by Seiji Moriyama, Principal Support Engineer for 11/25/2015.

 

You shouldn't try executing the selang utility many times.

 

selang -c "editres FILE ('/dir1/file1.dat') defaccess(n) audit(f) owner(nobody)"

selang -c "editres FILE ('/dir2/file2.dat') defaccess(n) audit(f) owner(nobody)"

selang -c "editres FILE ('/dir3/file3.dat') defaccess(n) audit(f) owner(nobody)"

...

 

Starting/stopping selang has certain overheads and consumes resources unnecessarily.

The best practice is saving selang commands in a file (for example, /work/pimrules.txt)

 

editres FILE ('/dir1/file1.dat') defaccess(n) audit(f) owner(nobody)

editres FILE ('/dir2/file2.dat') defaccess(n) audit(f) owner(nobody)

editres FILE ('/dir3/file3.dat') defaccess(n) audit(f) owner(nobody)

...

 

And reading the file with "-f" option.

 

# selang -f /work/pimrules.txt

Outcomes