AnsweredAssumed Answered

PIM seos does not identify program when not having fullpath

Question asked by stoopid on Jan 13, 2016
Latest reply on Jun 8, 2017 by rehbr01

Hi Pim-Community,

 

i struggle with a seos definition, and wondering if you might be able to help. Here the issue

CA-PIM installed on HPUX

 

issec header

CA ControlMinder version 12.8 installed in /opt/CA/AccessControl

VeRsIoN: 12.81-0 (1912) Compiled On:Feb 05 2015 21:06:13 _AIX610._RS6000  30034

 

there is a proftpd (ftp-daemon) running on the machine, which should have access to with pim "secured resources".

due to our separation of duty only privileged users are allowed to access certain directories, root is not one of these.

as proftpd initialy runs as root, it will be identified as a root access within pim.

 

ps -ef

root 18874486   1   0   Nov 20 -  1:22 proftpd: (accepting connections)

 

To allow access to the resources by using or accessing via proftpd i tried the following

 

My Attempts:

I tried to set up a loginappl with proftpd.

 

Data for LOGINAPPL 'PROFTPD'

-----------------------------------------------------------

Defaccess         : X

Audit mode        : Failure

Owner             : <userid>       (XUSER  )

Create time       : 30-Oct-2015 15:24

Update time       : 21-Dec-2015 16:55

Updated by        : <userid>      (XUSER  )

Login flags       : None

Login method      : Normal

Login path        : /opt/proftpd/sbin/proftpd

Login sequence    : N3UID, FUID, SGRP, SUID

 

which didn't work for me.

 

I've added proftpd binary to my gfile

auth gfile SAP_Secured_Resources_daten via(pgm(/opt/proftpd/sbin/proftpd)) uid(root) access(all)

 

this didn't work as well as

 

Data for SPECIALPGM '/opt/proftpd/sbin/proftpd'

-----------------------------------------------------------

Owner             : +policyfetcher(USER   )

Create time       : 12-Jan-2016 14:30

Update time       : 12-Jan-2016 14:30

Updated by        : +policyfetcher(USER   )

CA ControlMinder UID : +sapwork+

Program Type      : Propagate bypass, Full bypass program

Native UID        : *

 

 

Looking at my processes (ps) i see that proftpd is running without fullpath information, maybe PIM is not able to resolve the path.

Outcomes