Hi Pravin,
I will demonstrate how to generate a basic denial against a file. I am logged in as root. Here is the sewhoami utility verifying my identity as 'root':
[root@gomer02 install]# sewhoami -a
root
ACEE Contents
User's Name : root
ACEE's Handle : 22
Group Connections Table:
<Empty>
Categories : <None>
Profile Group : <None>
Security Label : <None>
User's Audit Mode : Failure LoginSuccess LoginFailure
User's Security Level : 0
Source Terminal : <Unknown>
Process Count for ACEE : 39
User's Mode : Admin Auditor
ACEE's Creation Time : Tue Jul 31 08:17:25 2018
Next, I created a flat file named 'test.txt':
[root@gomer02 install]# touch test.txt
Then, I created a file rule stating no one has access to it:
AC> ef /install/test.txt defaccess(none) owner(nobody)
(localhost)
Successfully created FILE /install/test.txt
--
In the next SSH session, I am logged in as local_user1. Here is the sewhoami utility verifying my identity as 'local_user1':
-sh-4.2$ sewhoami -a
local_user1
ACEE Contents
User's Name : local_user1
ACEE's Handle : 30
Group Connections Table:
<Empty>
Categories : <None>
Profile Group : <None>
Security Label : <None>
User's Audit Mode : Failure LoginSuccess LoginFailure
User's Security Level : 0
Source Terminal : 141.202.114.213
Process Count for ACEE : 3
User's Mode : Auditor
ACEE's Creation Time : Tue Jul 31 11:58:39 2018
Here is me getting the denial of access:
-sh-4.2$ cat /install/test.txt
cat: /install/test.txt: Permission denied
--
I went back to my original SSH session as root. I used the seaudit utility to ensure that there was a denial when local_user1 accessed, '/install/test.txt':
[root@gomer02 install]# seaudit -a -st now-15 | grep ' D '
CA Privileged Access Manager Server Control seaudit v14.01.0.412 - Audit log lister
Copyright (c) 2016 CA. All rights reserved.
31 Jul 2018 11:58:47 D FILE local_user1 Read 69 2 /install/test.txt /usr/bin/cat gomer02-w10a.ca.com local_user1
Here is the code below which provides a definition as to why there was a resource being blocked. As you can see, we blocked the access from happening:
[root@gomer02 install]# seaudit -t | grep 69
CA Privileged Access Manager Server Control seaudit v14.01.0.412 - Audit log lister
Copyright (c) 2016 CA. All rights reserved.
69 No Step that allowed access
I hope this helps.
Thanks,
Eric