Symantec Privileged Access Management

  • Private Community

  • 1.  Procedure to protect linux process with PIM 12.8

    Posted Mar 22, 2016 05:11 PM

    Hi, I try protect process on linux but i execute kill -9 and kill it , do u have any procedure step by step?



  • 2.  Re: Procedure to protect linux process with PIM 12.8

    Broadcom Employee
    Posted Mar 25, 2016 12:07 PM

    Can you please elaborate which process you are trying to protect from kill -9? Is it a PIM process or another process?



  • 3.  Re: Procedure to protect linux process with PIM 12.8

    Broadcom Employee
    Posted Apr 07, 2016 11:18 AM

    Hi Julio,

    Can you please provide the information requested by Brian or close the question if you no longer want to pursue it?

    Thanks,

    Lluis Domenech

    CA Support Delivery Manager



  • 4.  Re: Procedure to protect linux process with PIM 12.8

    Broadcom Employee
    Posted Apr 14, 2016 10:57 AM

    To protect a process from being "killed", i.e. receiving the SIGKILL signal please confirm in seos.ini default value of kill_signal_mask is set

    Then submit this selang rule to e.g. protect the portmap daemon

     

    AC> er process /sbin/portmap owner(nobody) defaccess(none) audit(all)

     

    Confirm the rule is effective by trying to kill the process

    [root@RH ~]# killall -s SIGTERM portmap

    portmap(5614): Operation not permitted

    portmap: no process killed

     

    Note that by default only SIGKILL | SIGSTOP | SIGTERM signals are protected

    Other signals, such as SIGHUP or SIGUSR1 are passed to the process that they target, and that process decides whether to ignore the signal or to react on it



  • 5.  Re: Procedure to protect linux process with PIM 12.8

    Broadcom Employee
    Posted Apr 28, 2016 05:39 AM

    Hi Julio,

    If you have no further questions, can you please mark this question as answered?

    Thanks,

    Lluis Domenech

    CA Support Delivery Manager