CA ControlMinder 12.8 Service Pack 1 (SP1) - Endpoints FIXLIST - CA Technologies
{{search ? 'Close':'Search'}}

CA ControlMinder 12.8 Service Pack 1 (SP1) - Endpoints FIXLIST


No. Severity Module Problem Summary Package OS Cause of the problem Conditions Solution or Workaround Reproduction Steps
1 3 Unix endpoint user mode Fixes an issue where seosd core dumps due to signal 6 (abort). This behavior occurs when a system command reboot is issued. AN01831 Unix all seosd takes a long time to shutdown and the system issues another signal 6 to seosd.     1. cp /opt/CA/AccessControl/samples/system.init/LINUX/S95seos /opt/CA/AccessControl/bin
2. chmod +x /opt/CA/AccessControl/bin/S95seos
3. ln -s /opt/CA/AccessControl/bin/S95seos /etc/rc5.d/S95seos
4. Start CA ControlMinder and then issue the reboot command.
5. After the system starts, check the core dump at /opt/CA/AccessControl/bin.
 
You can reproduce the problem only when seosd receives a lot of cleanup tasks in the client environment.
2 2 Unix endpoint user mode Fixes an issue where seosd produces a core dump during reboot AN02078 Unix all   Any 12.5 SP5 GA with patch that includes changes by AC125SP50555 or 12.5 SP5 CR1 has this problem. Put a check not to free an already freed memory. 1. Install 12.5 SP5 CR1
2. Run CA ControlMinder. 
3. Execute the reboot command.
3 3 Unix endpoint user mode Fixes an issue where a login session terminates when you scroll the seos.ini file in vi. In seos.ini, the keyboard logger is enabled and kbl_output_limit is set to 10. AN02108 Unix all Negative length as a parameter to call read() KBL enabled and kbl_output_limit=10   On AIX 6.1:
1. Set the following parameters in seos.ini:
kbl_enabled = yes
kbl_output_limit = 10 
2. AC> eu root audit(interactive)
3. Log in as root
4. # vi /opt/CA/AccessControl/seos.ini 
5. scroll opened file down
 
EXPECT: Allows to scroll through the file.
ACTUAL: Login session terminates, Connection to ... closed by foreign host.
4 3 Unix endpoint user mode Fixes an issue where in case the file time stamp is changed, the oldest file cannot be retrieved. AN02134 Unix all   seosd is unable to locate the file correctly because the time stamp of the seos.audit backup files is changed. Ensure that the backup files seos.audit.bak.xxx.xx are not touched by any other processes. Set the following tokens.
BackUp_Date = daily
audit_max_files = 3 (or any number you would like to)
 
cd /opt/CA/AccessControl/log
 
cp seos.audit.bak.30-Mar-2014-09:44:32 seos.audit.bak.31-Mar-2014-09:44:32 3.
cp seos.audit.bak.30-Mar-2014-09:44:32 seos.audit.bak.01-Apr-2014-09:44:32
 
Now, we have three backup files.
audit_max_files is set to 3.
If seos.audit is renamed the next day, then the oldest backup file is deleted. According to the name extension, 30-Mar-2014-09:44:32 is the oldest file, and this file must be deleted the next day when seos.audit is renamed to the backup file. However, if we shut down CA ControlMinder and then run "touch seos.audit.bak.30-Mar-2014-09:44:32", the file seos.audit.bak.30-Mar-2014-09:44:32 is not the oldest file anymore. This file fails to delete when seos.audit is rolled to the backup file.
5 2 Unix endpoint user mode Fixes an issue on Zlinux where AgentManager and ReportAgent generate an error when loading Java shared libraries: libjvm.so and libjsig.so AN01812 LINUX s390 Created LD_LIBARARY_PATH does not include the path to libjsig.so   Modify condition to include checking s390x system type. ./report_agent.sh start
 
Error:
/opt/CA/AccessControlShared/bin/ReportAgent: error while loading shared libraries: libjsig.so: cannot open the shared object file: No such file or directory.
6 3 UNAB Fixes an issue where you adapt UNAB to the recent changes on RHEL for nss_uxauth data exchange. AN02092 LINUX all        
7 3 Unix endpoint user mode Fixes an issue where the watchdog attempts to kill seosd process on restart. As a result, the SMF service enters into the maintenance mode after restart, and both SMF and watchdog attempt to restart seosd. AN02080 Unix all     In saferoute, check the returned error. If the error is SEOSSFR_E_NOSERV then do not kill seosd.  
8 2 Unix endpoint kernel mode Fixes an issue where a spurious /etc/os-release file causes SEOS_load to fail AN02081 LINUX x64 Spurious /etc/os-release file is incorrectly parsed by getvar.sh RHEL 5.x with added /etc/os-release file   On a RHEL 5.10 X64 system:
1. Ensure that the SOES kernel module is unloaded:
SEOS_load -u  
2. Add a /etc/os-release file which contains the text:redhat
3. Execute SEOS_load to load the seos kernel module.
CA ControlMinder must load and run (previously SEOS_load was detecting the OS as Debian)
9 2 Unix endpoint user mode Fixes an issue where sepass does not work for local users when UNAB is installed. AN01934 Unix all       1. On a system where both CA ControlMinder endpoint and UNAB are installed, create a User from the native:
#useradd test111
#passwd -r files test111
2. Use Sepass to change the Password for the local user when UNAB is installed and running.
bash-3.00# sepass test111
 
CA ControlMinder sepass v12.80.0.1675 - Password replacement
Copyright (c) 2013 CA. All rights reserved.
Changing password for test111
Enter your password:
Enter new password:
Verify new password:
Permission denied
Local password is updated successfully.
3. Log in with Local user with the new changed Password
You can successfully log in to the system.
10 3 Unix endpoint kernel mode Fixes an issue where the keyboard logger fails to work properly on the Solaris internal zone. AN01829 Unix all CA ControlMinder initializes global structure "SEOS_kbl_info_t KBL_info" only when starting CA ControlMinder in global zone. The CA ControlMinder uses this global structure also in the internal zones. CA ControlMinder fails to run in the Solaris global zone. Create per-zone KBL_info; this structure keeps cmdlog binary description and initializes it when starting CA ControlMinder in the zone.  
11 2 Unix endpoint kernel mode Fixes an issue where on Solaris 10, the Solaris 10 zone with a long path name causes system crash.  AN01861 Solaris Sparc An attempt to write a 1028-bytes string in a buffer of 1024 bytes. Solaris 10 zone with a long path name. Check the length on adding the zone name to the path name. Do not exceed the buffer length MAXPATHLEN=1024 On a Solaris 10 internal zone, create a file such that the total path length is 1020 bytes in internal zone. Start CA ControlMinder in global and internal zone. Try to access this file from the internal and global zone.
 
CA ControlMinder adds zone prefix to the long path and ends with a heap corruption error.
12 3 Unix endpoint user mode Fixes an issue where the Selang connection to the remote host fails when using libscramble.so. AN01868 LINUX s390 The encryption layer fails to decrypt data. The ACCIPHER layer loads shared libraries for encryption. The function _unscramble() in libscrable.so expects input parameter for buffer size as int* while the ACCIPHER layer sends long*. On zLinux, int is 4 bytes while long is 8 bytes. As a result, the called function returns invalid buffer size value (big value) and ACCIPHER layer returns an error. Use libscramble.so. In case of a failed decryption, check the size of the returned buffer size. If the buffer size is big, then most likely the function expects pointer to int. Call decryption again with the new parameter int. Run the following commands on two hosts, respectively. 
 
Host 1 (Solaris 10 and CA ControlMinder 12.6 SP1 (or any other version)):
#rm -rf /opt/CA/AccessControl/lib/libcrypt 
# ln -s /opt/CA/AccessControl/lib/libscramble.so.126.0 /opt/CA/AccessControl/lib/libcrypt 
#seload 
#selang 
AC> er terminal <host2.x.com> owner(nobody) defacc(R) ausit(a) 
AC> authorize terminal host2.x.com uid(root) access(a) 
AC>q 
#sechkey -t -pwd xyz 
 
Host 2 (Linux s390x and CA ControlMinder 12.6 SP2 (or any other version)):
#rm -rf /opt/CA/AccessControl/lib/libcrypt 
# ln -s /opt/CA/AccessControl/lib/libscramble.so.126.0 /opt/CA/AccessControl/lib/libcrypt 
#seload 
#selang 
AC> er terminal <host1.x.com> owner(nobody) defacc(R) ausit(a) 
AC> authorize terminal host1.x.com uid(root) access(a) 
AC>q 
#sechkey -t -pwd xyz 
 
On Host 1:
Run Selang
AC> host host2.x.com 
 
EXPECT: Successfully connected 
13 3 Unix endpoint user mode Fixes an issue with seagent where a corrupted seos.audit file with an empty space fails to retrieve events. As a result, the number of records that are seen through the Enterprise Management UI is different from the number of records that are seen through "seaudit -a". AN01883 Unix all   A corrupted seos.audit file.   Get a corrupted seos.audit with a large empty space. Connect to this box from Endpoint management WEB UI and then click on Audit Event to view records. The number of records you see in the Web UI and the number of records in "seaudit -a" are different indicating that a few records are missing.
14 3 Unix endpoint user mode Fixes a problem where selogrd exits unexpectedly when it fails to read the seos.audit file locked by seosd.  AN01153 Unix all When seosd sends logs to a long seos.audit file, it locks the seos.audit file. When selogrd tries to open the seos.audit file, it fails. seosd locks the file seos.audit which is too long. When selogrd fails to open the file, it sleeps for 10 seconds and tries to open the file again.  
15 3 Unix endpoint user mode Fixes an issue where on a certain AIX system, a user fails to update the password for a user with username longer than 8 characters. AN01527 AIX AIX system API does not support username more than 8 characters. Problem occurs on AIX only.   Choose a user with username more than 8 characters.
AC>eu longusername01 password(12345)
vi /etc/security/passwd
The password is not udpated.
16 3 Unix endpoint user mode Fixes an issue where the command logout fails when the keyboard logger is enabled. AN01613 Unix all       Reproduced, however error is different.
1. Install CA ControlMinder
2. seos.ini
kbl_enabled=yes
3. Log in to the system
4. # logout 3004-064 
You must be the login user.
ACTUAL: Logout fails.
 
17 1 UNAB Fixes UNAB issue where an account with a hash character (#) in the password fails to customize the rpm package for registration during the package installation. AN02073 Unix all        
18 3 Unix endpoint user mode Fixes an issue where a new shell (new process) wrongly executes a new setuid. AN02082 Unix all A new shell executes setuid to root. old_sesu is set to no and we need the OS that works in a way that a new shell executes setuid to root.    
19 2 Unix endpoint kernel mode Fixes an issue with HOST class denials. AN02064 Unix all The original accept system call has already created a file descriptor for the connected socket when SEOS decides to deny the connection. The existing code terminates the socket but fails to close the file descriptor. As a result, a valid file descriptor is pointing to an invalid socket. Depending on the platform, it would result in a panic or a memory leak. Incoming connection is denied. Close the file descriptor to automatically clean up the socket. 1. Install CA ControlMinder. 
Consider that all the connections are by default denied and a specific port for a particular IP address is enabled. Given this case, if telnet executes on the same port with a different IP address, CA ControlMinder denies the connection leaving a sock entry half opened. After a while, the OS file decryptor table would be full and the server would crash. 2. [Optional for Solaris 10 and later, and HP-UX 11.23 and later, only]
Make sure to use the syscall network interception method.
Set the following token in seos.ini:
SEOS_use_streams = no
SEOS_network_intercept_type = 2 
3. Start CA ControlMinder. 
4. Activate the HOST class. 
5. Add the following selang rules:
chres ADMIN("HOSTNET") audit(failure) defaccess(none) editres HOSTNET("all") audit(failure) owner(nobody) mask(0.0.0.0) match(0.0.0.0)
chres UACC("HOSTNET") authorize HOSTNET("all") access(r) service(22)
authorize HOSTNET("all") access(none) service(*)
Note: With the last rule, all TCP services except SSH are blocked.
6. For Linux and HP-UX, start a second sshd daemon monitoring a different port:
/usr/sbin/sshd -p 22033
 
For Solaris, start a second sshd daemon monitoring a different port:
/usr/lib/ssh/sshd -p 22033
Note: Using "sshd -p 22033" to track the file table of a daemon more easily than inetd.  
7. Try to connect to the second sshd daemon from another host:
ssh -p 22033 this_host 
8. Verify in the audit log that the connection is denied. 
9. Identify the PID of the second sshd daemon:
ps -ef | grep sshd | grep "-p 22033" 
10. For Linux and HP-UX, list the PIDs files:
lsof -p second_sshd_pid.
Result: A file of sock with "can't identify protocol" for each failed connection attempt.
 
For Solaris, list the PIDs files:
pfiles secodn_sshd_pid
Result: Causes system to panic
20 3 Unix endpoint user mode Fixes an issue where the user name is not resolved when the user is not in the Lookaside DB. AN02071 Unix all pam_seos.so in 64 bit is communicating with a 32-bits seosd. The data structure is not matched when data is transmitted from 64 bit to 32 bit. We can reproduce the problem only if we install x32 bit version of CA ControlMinder on a Linux X64 bits. The user is created by a native tool and the user is never added to ladb. These are the two conditions to reproduce the problem. Apply the fix seosd or ensure to add a user in ladb. 1. Install 12.8 on Linux X64 bit system. However, the 12.8 version is in x32 bits. x64 bit of the pam_seos.so is in /lib64/security. 
2. Run useradd to create a user and create a passwd for the user. Note that the user is not in ladb.
3. Log in the user for the first time and then run sewhoami -a
Notice that there are two user names in sewhoami -a instead of one. 
21 3 Unix endpoint user mode Fixes an issue where ftp login fails on HP 11.11 because SEOS_load -u successfully unloads SEOS_syscall, but the HPUX11_SeOS_Syscall_number token continues to appear in the seos.ini file. AN02059 HPUX PA-RISC HPUX11_SeOS_Syscall_number is still set in seos.ini when the SEOS_syscall unloads. On HPUX11.11 only Apply the fix or manually remove HPUX11_SeOS_Syscall_number from seos.ini. 1. Install CA ControlMinder on HPUX11.11.
2. Start CA ControlMinder. 
3. secons -sk 
4. SEOS_load -u 
5. vi seos.ini 
EXPECT: The HPUX11_SeOS_Syscall_number token must not appear in seos.ini.
ACTUAL: The HPUX11_SeOS_Syscall_number token appears in seos.ini.
22 3 Unix endpoint user mode Fixes the policyfetcher problem that produces a core file.  AN02042 Unix all NULL pointer access   Verify the string pointer.  
23 3 Unix endpoint user mode Fixes an issue where a user is able to log in despite the DENY audit record. AN02022 Unix all pam_seos is optional in PAM configuration. The return value from pam_seos is ignored on Linux. PAM loginappl A new token (pam_deny_login_kill=yes) is defined in seos.ini [pam_seos]. When the default value is set to yes, the CA ControlMinder kills the denied process. Setting token to no, makes CA ControlMinder return "deny" to pam_seos.so which in turn returns PAM_PERM_DENIED to the service. In such a case, an admin must also change optional pam_seos.so to the required pam_seos.so in /etc/pam.d/system-auth. On Linux:
AC>er loginappl VFTP loginflags(PAM, nograce)
AC> er terminal x.y.z.a defaccess(n) owner(nobody)
 Do ftp tet_host from the terminal.
EXPECT: Login fails
ACTUAL: Login succeeds
24 3 Unix endpoint kernel mode Fixes a performance issue where the load on the CPU is high when CA ControlMinder is up. AN02030 LINUX all Frequent access to the kernel tables when verifying file access to /proc.   Check the proc_bypass token in the kernel and return immediate ALLOW when SEOS_proc_bypass=1 and while accessing /proc.  
25 2 Unix endpoint kernel mode Fixes an issue where CentOS 6.5 is not detected properly and creates an incorrect link for SEOS_syscall. AN01989 LINUX all getvar.sh fails to detect the OS correctly and SEOS_syscall is linked incorrectly on CentOS 6.5.      
26 3 Unix endpoint user mode Fixes an issue where the clear text password gets saved in the KBL audit log. AN01980 Unix all cmdlog sends all the typed in text to the audit log.   Modify cmdlog to hide the password text. 1. Enable KBL 
2. Create user
AC>eu test audit(interactive)
Log in as 'test'
% su
Password: **** 
3. seaudit -kbl -sid 28327 -cmd 
SessionCmd: Shows clear text password
27 2 Unix endpoint user mode Fixes an issue where CA ControlMinder fails to start when the system has 8000 processes running. AN01982 Unix all At startup, the seosd allocates initial process table of 8000 entries. When the table space is not sufficient to store all the processes, seosd re-allocates table of a bigger size. The function OLD_ProcServer_add_entry() saves an entry pointer 'p' to the previous table and not to the reallocated table, resulting in the seosd crash. System has more than 8000 alive processes. Change OLD_ProcServer_add_entry(). Run the test system with more than 8000 processes.
Save the original process table entry in the local store. Start CA ControlMinder.
Use the saved entry later when copying data to the new entry.  
28 3 Unix endpoint user mode Fixes an issue where the watchdog kills seosd while reading lookaside DB. AN01965 Unix all seosd waits for the file lock which is assumed to be corrupted while accessing ladb. Hence, the watchdog kills seosd.   Before requesting the file lock, check if the lock is available when accessing ladb from seosd.  
29 3 Unix endpoint user mode Fixes an issue where GUI stops to work when you run SEOS_load -u. AN01947 LINUX x64 When you run the command in the unload exit script /etc/init.d/messagebus stop   Do not call /etc/init.d/messagebus stop on Linux RH On an RH 6.4 system, run SEOS_load -u
The Xserver stops.
30 3 Unix endpoint user mode Fixes an issue where the Terminal rule is ignored when the Lookaside DB is disabled. AN01906 Unix all seosd fails to find the host name in the hosts cache. As a result, the uxcache_gethostbyaddr() function returns NULL for any host. In the seos.ini file, configure use_lookaside=no The host cache is entirely remade. 1. In seos.ini, configure the following parameters:
use_lookaside = no
terminal_search_order = name 
2. Create two DM rules for the same host, one rule with name, another with the host IP:
AC> nr TERMINAL my_test.ca.com defaccess(READ) owner('nobody')
AC>nr TERMINAL a.b.c.d defaccess(none) owner('nobody')
3. Log in to the server from my_test.ca.com.
EXPECT: Access allowed by the first terminal rule
ACTUAL: Connection closed, decision made by the IP rule
31 3 Unix endpoint user mode Fixes an issue where the FTP login records occasionally show wrong remote host IP. When LOGINAPPL for FTP is set to PAMLOGIN, a wrong IP address appears in the audit file. AN01881 Unix all CA ControlMinder misses PAM flag for VFTP loginappl and skips PAM login handling. CA ControlMinder fetches IP address from kernel for vftpd process and returns IP of different connection (the kernel takes address from first available socket of process). seosd saves the last login flag in the RT tables only while updating LOGINAPPL rule. In real, seosd must add all flags to the login table entry. Using libscramble.so Add all flags to the RT login program entry. Reproduced on S1 Linux Oracle RH 6.4 1.
1. Start CA ControlMinder on Linux.
2. Edit LOGINAPPL rule er loginappl VFTP loginflags(PAMLogin nograce) 
3. SSH to Linux from another system (on reproduction used Windows a.b.c.d) 
4. On Linux, restart ftp using service vsptpd restart.
5. Connect ftp from 3rd system to Linux (reproduction used Windows w.x.y.z) 
6. On Linux, run seaudit -a 
21 Feb 2014 05:13:17 P LOGIN root 59 2 a.b.c.d SSH
21 Feb 2014 05:14:24 P LOGIN root 54 2 a.b.c.d VFTP 
 
ACTUAL: CA ControlMinder saves FTP record with IP address of 1st Windows when connecting from 2nd Windows.
32 3 Unix endpoint kernel mode Fixes an issue where the changed kernel symbol after the kernel upgrade, causes SEOS_load to fail. AN01864 LINUX x64 Symbol version does not match. Kernel upgrade SUSE 10SP2, Linux SUSE 10 SP2 x86_64 2.6.16.60-0.66.1-smp
x86_64, SEOS_load
kernel 2.6.16.60-0.66.1 SEOS_load: SEOS_syscall fails to load
link SEOS_syscall to next OSMIC level -EOS_syscall.100SUSEcX86_64.MP.ko  
33 3 Unix endpoint user mode Fixes an issue where on a Linux system, seagent core dumps once in a while due to a connection with the NULL ACCIPHER handle.  AN01840 Unix all The ACCIPHER handle is NULL. seagent connection with a NULL ACCIPHER. seagent fix. Install Enterprise Management Server on a Linux. Note that the seagent core dumps once in a while. Check the debug log for seagent and you find seagent connection with a NULL ACCIPHER handle.
34 3 Unix endpoint kernel mode Fixes an issue where ftruncate call fails to truncate file to size over 4GB. AN01834 AIX   Calling ftruncate to truncate file to size more than 4GB. Change the data type to off_t. 1. Create a program that calls ftruncate to create a file and truncate its size to over 4GB. 
2. Start CA ControlMinder. 
3. Run the program.
It creates a file of intended_size - 4GB long. 
Ensure that the ulimite for file size is set to unlimited.
35 2 Unix endpoint kernel mode Fixes an issue where the system crashes while running the kernel process server function SEOS_procserver_list_len(). AN01811 Unix all The process KBL cmdlog calls AC_ProcGetOrigArg0() and kernel function SEOS_procserver_getArg0(). The kernel procserver function calls alloc() while holding spinlock. The scheduler removes the process from the CPU.   Do not call blockable alloc() while holding spinlock.  
Stack trace:
ID: 12060 TASK: ffff81010d2b7100 CPU: 1 COMMAND: "AC"
#0 [ffff81001bb75c78] schedule at ffffffff80062f90
#1 [ffff81001bb75d50] __cond_resched at ffffffff800900c8
#2 [ffff81001bb75d60] cond_resched at ffffffff800630c5
#3 [ffff81001bb75d70] __kmalloc at ffffffff800de725
#4 [ffff81001bb75d90] eAC_calloc at ffffffff886c5008 [seos]
#5 [ffff81001bb75dc0] SEOS_procserver_getArg0 at ffffffff886c281c [seos]
#6 [ffff81001bb75e00] _SEOS_syscall_ at ffffffff886a41f6 [seos]
36 3 Unix endpoint user mode Fixes an issue where sesu - user01 is denied when old_sesu is set to no in seos.ini because setuid from /bin/su is not allowed. AN01803 Unix all /bin/su also make setuid calls. Change old_sesu to no. Code SURROGATE rules to allow setuid calls. On AIX:
1. vi seos.ini 
2. Change old_sesu to no.
3. Log in as user tt01 and run sesu - tt02.
ACTUAL: The command is denied.
37 2 Unix endpoint kernel mode Fixes an issue where the Kernel module fails to load with SLES 10sp2 kernel running on the SLES 10sp3 system. AN01765 LINUX all CA ControlMinder uses /etc/SuSE-release file to detect if the kernel version is SLES 10 sp2 or sp3. CA ControlMinder must use uname -r to detect the kernel version. AC kernel module fails to load. Install modified getvar.sh 1. Install SLES 10 sp3 (kernel 2.6.16.60-0.54)
2. Revert the kernel to SLES 10 sp2 kernel 2.6.16.60-0.21
ACTUAL: CA ControlMinder fails to load.
38 2 Unix endpoint kernel mode Fixes an issue where a coexistence problem caused panic while working on the Symantic sisip kernel module. AN01766 LINUX x64        
39 3 Unix endpoint user mode Fixes an issue where the /usr/sbin/saslauthd process has growing number of opened file descriptors. AN01750 Unix all pam_seos.so fails to close an open socket. Problem reported on RH 6.0; However, applies to all platforms. Close the socket if PUPM connection fails in pam_create_socket_client_handle(). # ps -ef | grep saslauthd
root 20004 1 0 Oct28 ? 00:00:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 1
# ls -l /proc/20004/fd
(mark number of opened files)
# telnet localhost 110
USER tanma07
+OK Name is a valid mailbox
PASS tanma07
+OK Mailbox locked and ready
QUIT
+OK
# ls -l /proc/20004/fd
 
ACTUAL: Shows another opened socket
40 2 Unix endpoint user mode Fixes an issue where the PUPM Utility throws an error when acpwd runs on the AIX or HP-UX. However, acpwd works fine on a Windows or a Linux. AN02330 Unix all        
41 2 Unix endpoint user mode Fixes an issue where the prohibited chars password rule exists in the database even after clearing the password rule. AN02333 LINUX all     Update the prohibited chars password rule after deleting the password rule (so password(rules-)) 1. Selang
2. so password(rules-)
3. so password(rules(prohibited(!@#)))
4. so list
Observation 1: The prohibited chars rule is not present in the list.
5. so password(rules-); clear the password rules
6. so class+ (PASSWORD)
7. eu test password(test)
8. Log in as 'test' and try to change the password; sepass
9. Set the new password with the prohibited chars (!@#)
10. Password change is denied saying prohibited chars present in password
Observation 2: Even though the password rules are cleared, the prohibited chars rule checks in the sepass module.
42 3 Unix endpoint user mode Fixes an issue where the audit record shows wrong terminal name after executing VFTP PAM. AN02315 Unix all Missing PAM flag; Ignores PAM terminal name. loginappl VFTP loginflags(PAMLogin) Set pd-->flag = PDF_TTY_PAM when handling PAM login. On Linux x86_64:
1. AC> er loginappl VFTP loginflags(PAMLogin nograce)
2. Start the CA ControlMinder trace.
3. Do ftp connection from another host.
 
ACTUAL BEFORE FIX trace:
03 Dec 2014 17:50:24> PAMLOGIN: P=9760 User=test Terminal=xxx.ca.com
03 Dec 2014 17:50:24> LOGIN : P=9760 User=test Terminal=10.219.21.0
 
Line PAMLOGIN shows correct terminal name.
Next line overwrites terminal with a wrong IP address
 
EXPECT:
03 Dec 2014 18:04:21> PAMLOGIN: P=9921 User=test Terminal=xxx.ca.com
03 Dec 2014 18:04:21> LOGIN : P=9921 User=test Terminal=xxx.ca.com
4. # seaudit -a
03 Dec 2014 18:31:14 P LOGIN test 59 2 xxx.ca.com VFTP 
43 3 Unix endpoint user mode Fixes an issue where the libcrypto.sl fails to load on HPUX PA-RISK2.0  AN02320 Unix all       Call seversion seosd.
44 3 Unix endpoint user mode Fixes an issue where in a predefined ghnode node for AIX, the criteria is incorrectly created for the AIX endpoint. AN02321 AIX The Endpoint node information is defined with OS version as AIX 7.1 and the criteria is AIX 7 1*. The dot (.) is missing in the criteria. As a result, the endpoint AIX 7.1  is not added as a member of the ghnode "AIX 7.1". Adding AIX 7.1 as an endpoint to the Enterprise Management Server. Manually correct the criteria in ghnode for "AIX 7.1". Install Enterprise Management Server and then run the following commands:
AC>sr ghnode ("AIX 5.3")
AC>sr ghnode ("AIX 6.1")
AC>sr ghnode ("AIX 7.1")
Criteria
HNODE_INFO = AIX 5 1*
HNODE_INFO = AIX 6 1*
HNODE_INFO = AIX 7 1*
 
The correct criteria must be.
Criteria
HNODE_INFO = AIX 5.1*
HNODE_INFO = AIX 6.1*
HNODE_INFO = AIX 7.1*
45 3 Unix endpoint kernel mode Fixed an issue where the KBL interactive user is not traced when logged in via JDS and open terminal. AN02310 Unix all Unable to intercept KBL because it fails to meet the KBL trigger conditions.   Check additional conditions to trigger KBL interception when the parent program is LOGINAPPL. 1. On Solaris, install CA ControlMinder and enable KBL in seos.ini
  kbl_enabled = yes
Create LOGINAPPL resource for /usr/bin/gnome-terminal in CA ControlMinder DB. 2. Create a traced user:
  AC> eu test password(test) audit(interactive)
  3. Start CA ControlMinder.
  4. Install xming on Win desktop - http://sourceforge.net/projects/xming/
  5. Start XLaunch.
  6. Select one window and then open session via XDMCP.
  7. Log in to the console using desktop option JDS - Java Desktop System.
  8. When JDS starts, open xterminal and run some commands.
  9. Check the KBL audit:
  # seaudit -kbl 
  EXPECT: Records for traced user 
46 3 Unix endpoint kernel mode Fixes an issue where the Solaris 10 system crashes while performing SEOS_scs_syscstat_refresh(). AN02295 Unix all Divide by zero instruction   Check that the counter is not zero before using the divide instruction.  
47 3 Unix endpoint user mode Fixes an issue where the seosd process automatically restarts to generate core files on exit processing. AN02296 Unix all        
48 2 Unix endpoint user mode Fixes an issue where dlopen fails to load libcryptscr.sl.128.0  AN02298 HPUX IA64 aCC linking with C++ static library ThreadsLibrary.a    Add link with Csup library. Run 
seversion seosd
or
seretrust -l > tmp/retr_script 
49 3 UNAB Fixes an issue that allows to register an endpoint when AD does not increment the key version number.  AN02302 Unix all     Added the xconsole 'k' switch.  
50 3 Unix endpoint kernel mode Fixes an issue where full bypass appears for the program SPECIALPGM in the audit log file for PROCESS protection. AN02290 Unix all FULL bypass ignored in signal handler.   Check in program is trusted for ALL actions in kernel signal handler. 1. Save this script test.sh
#!/bin/sh
echo "-------- PID $$"
if [ "x$1" = "x" ]; then
echo "call itself with parameter $$"
$0 $$
sleep 30
else
sleep 1
echo "kill $1"
kill $1
echo "result $?"
fi
2. Protect resource
AC> er PROCESS <your_path>/test.sh defaccess(n) owner(root)
3. Test protection
# ./test.sh
kill: 352676: Permission denied
# seaudit -a
2014 22:17:44 D PROCESS user01 Read 69 2 /home/lipyu01/test.sh
4. Give bypass
AC> er SPECIALPGM <your_path>/test.sh pgmtype(FULLBYPASS, PROPAGATE)
5. Test protection
# ./test.sh
EXPECT: Process got the signal and terminated J43
51 3 Unix endpoint user mode Fixes an issue where the Selang user password update fails if the user name is longer than 8 characters. AN02275 AIX Update function does nothing if the user does not exist in the shadow file.   If the update function fails to find a user, then create a new entry in the shadow file. On AIX,
1. Add a user using OS command:
# useradd verylongusername
2. Try to update password in Selang:
AC(Unix)> eu verylongusername password(test)
3. Check if the user exists in the shadow file: /etc/security/password
4. Try to log in to the system using updated password
EXPECT: Login succeeds 
ACTUAL: Login fails 
52 3 Unix endpoint user mode Fixes an issue where the clear text password is saved in the KBL audit. AN02279 Unix all cmdlog missed the word Password in the output of su.   Compare both the English Password and the localized word. On a localized system,
1. Install localized CA ControlMinder.
2. Enable KBL
3. Create a user:
AC> eu test audit(interactive)
4. Log in as test
% su
Password: password
seaudit -kbl -sid 28327 -cmd
16 Sep 2014 06:26:04 P TRACE kbl_user 5417d7c6:0000012a kbl_user kbl_user KBL input 13429 INFO:
SessionCmd: *******.
 
EXPECT: Password is hidden 
53 3 Unix endpoint kernel mode Fixes an issue where the system crashes on a system with 27 CPUs. AN02270 Unix all When the seosd starts interception and sets syscall table read-only, another thread tries to access the same pages and crashes.   Do not enter interception code while seosd is in the process of setting interception.  
54 3 Unix endpoint kernel mode Fixes an issue where the system crashes. AN02261 Linux x64 NULL pointer fp->f_op->read   Before accessing, verify fp-->f_op-->read. Customer faces system crash in both 12.5 SP5 and 12.8.
SEOS_exec_file_is_script() called this pointer.
55 3 Unix endpoint user mode Fixes an issue where the cmdlog is debugged to investigate the problem. AN02265 Unix all     cmdlog debug log file  
56 2 Unix endpoint kernel mode Fixes an issue where an owner fails to execute scripts or executables on the NFS file system. AN02254 AIX When the NFS file system is mounted with anon set to -2, SEOS kernel fails to look up the vnode and etc as root. get_realname() fails with EACCES. check_execve() also fails to set to 'allow' when get_realname() fails.  NFS file system is exported with anon = -2. When get_realname() and its child functions fail to lookup using the root credential, try using user credential again. If get_realname() fails, behave like bypass_realpath is set. 1. Create an NFS file system on the AIX NFS server.
2. Export the file system and use the default setting of 02 for anon.
3. Create a test directory that has access permission mode of 700 and set the owner to the uid of the user on the client system. Create a simple script in the test directory.
4. Mount the file system on the AIX NFS client.
5. Execute the test script as the owner. It must allow. Execute it again as root and it must deny.
6. Start CA ControlMinder.
7. Execute the test script as root, it must be denied. 
8. Execute the test script as the owner and it fails. 
57 3 Unix endpoint user mode Fixes an issue where the ReportAgent fails to send kbl audit log to UARM because the audit log is not located in start-up. AN02237 Unix all Code bug in ReportAgent. ReportAgent uses default value for audit_log only. It does not try to get value from seos.ini for audit_log. Set a path for audit_log which is different from the default value. Apply the fix ReportAgent or use the default path for audit_log. 1. Open seos.ini and set audit_log for kblaudit to a customer path. 
For example:
[kblaudit]
audit_log = /tmp/mydir/kbl.audit
2. Start ReportAgent. The following error reports in kblaudit.log. 
 
** eaclog error: failed to initialize EACLOG object, - pFun_eacLog_Init
INFO: audit2elm_RestorePosition: no position file found
EXPECT: KBL logs are sent to the server side.
ACTUAL: KBL logs are not sent to the server side.
58 3 UNAB Fixes an issue where the keytab file is trimmed to avoid Kerberos errors, when it grows too large. AN02240 Solaris x86        
59 3 Unix endpoint user mode Fixes an issue where you add configuration script in the agent_manager.sh to enable AgentManager. AN02228 Unix all Failed to configure AgentManager.     # ./agent_manager.sh config
and check seos.ini.
 
[seoswd]
agent_manager_check_enabled = yes
[daemons]
AgentManager = yes, /opt/CA/AccessControlShared/lbin/agent_manager.sh start
[PUPMAgent]
OperationMode = 1
 
Check /opt/CA/AccessControlShared/accommon.ini.
[AgentManager]
Plugins = PupmAgent
OperationMode = 1
 
Start CA ControlMinder and then run
AC>su +agentmanager 
AC>sr SPECIALPGM /opt/CA/AccessControlShared/bin/AgentManager 
60 2 Unix endpoint user mode Fixes an issue where on a HP-UX system, the KBLAudMgr (seagent) fails to properly update utmp when a user logs off. AN02231 HP PA-RISC / IA64 KBLAudMgr (seagent) fails to properly update utmp when a user logs off.    Update utmp to mark DEAD_PROCESS when a user logs off. 1. Execute "who -u" before starting CA ControlMinder to establish a baseline.
2. Enable KBL in seos.ini.
3. Start CA ControlMinder.
4. Execute "who -u" to verify one more time.
5. Connect to the system as test user 1 (another session).
6. Execute "who -u" to see the changes. There must be two entries for test user 1.
7. Connect to the system as test user 2 (another session).
8. Execute "who -u" to see the changes. There must be two entries for test user 2.
9. Test user 1 exits.
10. Execute "who -u" and you see that one of the entries for test user 1 is still there.
11. Test user 2 exits.
12. Execute "who -u" and you see that one of the entries for test user 2 is still there.
13. Connect to this system as test user 3.
14. Test user 3 exits.
15. Execute "who -u" and you see that one of the entries for test user 3 is still there but it has replaced either with test user 1 or test user 2.  
61 3 Unix endpoint user mode Fixes an issue where a wrong session_id is created in FILE records of seos.audit log. Two users login to a system alternatively and do a file access. The session id of the first user is properly corrected and not that of the second user. AN02219 LINUX all Improper session_id on audit log because psvrb->session_id assigns old session_id (from the cached value)   Change the value of token osuser_enable to yes. Install CA ControlMinder on RHEL box.
seos.ini:
[OS_user]
osuser_enable = no
create_user_in_db = yes
 
Rules:
AC> nf /tmp/samples.txt owner(nobody) audit(all) defacc(all)
 
Users for case 1: (Users only on native)
# useradd testuser_a
# useradd testuser_b
# passwd testuser_a
<enter password>
# passwd testsuer_b
<enter password>
 
Users for case 2: (Users both on seosdb and native)
# Selang
AC> nu test001 password(password)
AC> nu test002 password(password)
 
Steps:
1. Stop and start CA ControlMinder.
# secons -s
# seload
2. Login testuser_a (ssh or telnet)
$ date;cat /tmp/sample.txt
$ date;cat /tmp/sample.txt
$ exit
3. Login testuser_b (ssh or telnet)
$ date;cat /tmp/sample.txt
$ date;cat /tmp/sample.txt
$ exit
4. Check audit log, then you can see following output:
# seaudit -a -sessionid (Example)
4-1 13 Aug 2014 20:21:36 P LOGIN testuser_a 53ec00f2:00000144 59 2 localhost SSH
4-2 13 Aug 2014 20:21:50 P FILE testuser_a 53ec00f2:00000144 Read 59 3 /tmp/sample.txt /bin/cat localhost testuser_a
4-3 13 Aug 2014 20:21:55 P FILE testuser_a 53ec00f2:00000144 Read 59 3 /tmp/sample.txt /bin/cat localhost testuser_a
4-4 13 Aug 2014 20:22:29 P LOGIN testuser_b 53ec00f2:00000145 59 2 localhost SSH
4-5 13 Aug 2014 20:22:45 P FILE testuser_b 53ec00f2:00000145 Read 59 3 /tmp/sample.txt /bin/cat localhost testuser_b
4-6 13 Aug 2014 20:22:51 P FILE testuser_b 53ec00f2:00000145 Read 59 3 /tmp/sample.txt /bin/cat localhost testuser_b
From 4-1 to 4-4, the session ids are OK, but sessionid of 4-5 is strange. It must be " 53ec00f2:00000145" instead of " 53ec00f2:00000144"
62 3 Unix endpoint user mode Fixes an issue where CA ControlMinder verifies PACL rule even when the PROGRAM class is off. AN02203 Unix all Authorization engine does not check the mode of the PROGRAM class while verifying Program ACL for a resource.   Check class PROGRAM before verifying Program ACL of a resource. 1. Test class PROGRAM is on, set rules:
AC> so class+(PROGRAM)
AC> auth TERMINAL ('_default') access(NONE) id('*') via(pgm('/usr/bin/login'))
AC> er PROGRAM /usr/bin/login defaccess(EXECUTE) owner('root') flags(ALL) blockrun
2. Modify /usr/bin/login
Wait until watchdog makes the program "untrusted" (watchdog also checks trusted programs on startup, so you may restart CA ControlMinder)
3. Try to login to the test system.
EXPECT: Login fails because of PACL (viapgm) rule for terminal
4. Switch off class PROGRAM:
AC> so class-(PROGRAM)
5. Try to log in now
EXPECT: Login succeeds 
63 3 Unix endpoint user mode Fixes an issue where the KBL does not save user commands in the audit log when the user runs /bin/sh. AN02210 Unix all cmdlog fails to send commands to audit if /bin/sh is detected. KBL enabled user uses /bin/sh Change cmdlog to send events of type TRACE_CMDLOG_IN to KBL audit 1. In [seos.ini], set kbl_enabled = yes 
2. AC>nu test password(1234) audit(interactive)
3. Log in as a test user and run few commands such as ls,id and so on.
4. Check KBL audit:
# seaudit -kbl -sid XXX -cmd 
EXPECT: Non 0 records
ACTUAL: No records 
64 3 Unix endpoint user mode Fixes an issue where the devcalc process fails and generates core, segmentation fault. AN02190 Unix all Bad address access   Release result buffer in  
function_seadmapi_FetchListPropVal() if an error returns.
65 2 Unix endpoint kernel mode Fixes an issue where watchdog timeouts and restarts seosd. AN02191 Unix all Kernel queue of free messages is corrupted.   Package changes  
eac_release_msg() set msg>mh_next = NULL when adding message to the list.
66 3 Unix endpoint user mode Fixes an issue where the Selang password update fails when connecting from HP/non-TCB to target HP/TCB. AN02192 HPUX PA-RISC When updating password on HP with TCB mode enabled, the LANG client truncates password if the local system is HP with TCP mode disabled. HP-UX TCB enabled on target host The LANG client fetches HP mode of target host from a remote agent. If remote host is TCB, then client must use bigcrypt. 1. Install CA ControlMinder on HPUX 11.23 (test machine 1) and HP(test machine 2) 
2. Enable TCB mode on HP-UX test1 using command: 
# /usr/lbin/tsconvert 
 
IMPORTANT !!!!! Restore HP OS to regular mode after tests are done, using the command # /usr/lbin/tsconvert -r 
Otherwise, you might fail to login with old passwords.
 
3. Start CA ControlMinder on both test machines.
4. On HP test1, create user "test" in OS:
AC(unix)>cu test 
5. On HP test2:
AC>host "test1" 
uid(root) password(...) 
AC(host)> env native 
AC(native)> eu test password(1234567890)
6. Check if you can log in HP test1 using user "test" and password "1234567890" 
EXPECT: Login succeeds
ACTUAL: Login fails 
67 3 UNAB Fixes an issue where UNAB agent dies with skew issues. UNAB reports that the time skew is too large between the UNAB agent and Active Directory. When this happens, UNAB attempts to restart. In this case, UNAB fails to start backup after an attempted restart.  AN02175 Solaris Sparc Communication issues between the UNAB agent and the Distribution Server.   Manually start the UNAB agent.  
Fix the communication issues between the UNAB agent and the Distribution Server.
68 3 Unix endpoint user mode Fixes an issue where an unexpected Selang error occurs. When password rules are disabled, the Selang verification for bidirectional password returns an error. The end error is interpreted incorrectly. AN02156 Unix all     When password rules are not available, ignore check settings for bidirectional. 1. Check that bidirectional mode is not enabled:
# seini -f passwd.passwd_distribution_encryption_mode
# Selang 
AC> so list 
Bidirectional: No 
2. Remove password rule:
AC> so password(rules-)
3. Remove password rule again:
AC> so password(rules-)
ERROR: You are not allowed to disable password rules when bidirectional encryption is enabled
69 3 Unix endpoint user mode Fixes an issue where an existing design lacks the ability to filter captured command line. AN02147 Unix all See "Problem summary".   Add a TRACE rule that includes 8th parameter to filter command line. The new TRACE format coexists with the existing TRACE format so that it does not break the general audit filtering and existing user filter rules. 1. Install CA ControlMinder. 
2. Enable KBL. 
3. Modify ./etc/kblaudit.cfg to include filter rules by user or by object name. (Use the examples in the kblaudit.cfg.)
4. Start CA ControlMinder.
5. Log in as any user and execute several commands.
6. Run seaudit to list KBL sessions and run seaudit to list commands executed by a selected session. 
ACTUAL: The filter rules fail to work.
70 3 Unix endpoint user mode Fixes an issue where the following error occurs on opening audit file seos.audit.  AN01919 Unix all     Add selogrd feature to open the audit file after waiting for the predefined timeout on getting openfile error.  
  Add ReopenInterval = <timeout in seconds> in [selogrd] section.
"Error 1285 [No such file or directory] opening audit file seos.audit"  selogrd waits for the specified interval before retrying to open the audit log file.
   
On replacing the audit file, selogrd fails to open the audit file and exits.  ReopenInterval = 0 means that selogrd exits on open audit file error. 
71 3 Unix endpoint user mode Fixes an issue where system-auth points to the incorrect file after installing and uninstalling CA ControlMinder. AN01962 LINUX x64 A bug in the install script.   Fix install script so that system-auth points to the correct file after installing and uninstalling CA ControlMinder. 1. Run the following command before installing CA ControlMinder:
ls -al /etc/pam.d/system-auth 
[root@konsh01-U108983 pam.d] # ls -al system-auth lrwxrwxrwx. 1 root root 25 Feb 28 17:37 system-auth --> /etc/pam.d/system-auth-ac 
[root@konsh01-U108983 pam.d]# ls -al password-auth  lrwxrwxrwx. 1 root root 27 Feb 28 17:37 password-auth --> /etc/pam.d/password-auth-ac 
2. Install CA ControlMinder.
Note that the target file of system-auth and password-auth points to the file system-auth-cm and password-auth-cm.
3. Uninstall CA ControlMinder. Note that the target file of system-auth and password-auth continue to point to the file system-auth-cm and password-auth-cm.
72 2 Unix endpoint user mode Fixes an issue where the /etc/pam.conf file is zeroed out after installing uxauth and then backed up as a zero-byte file. AN01706 Unix all     A new install_pam_uxauth.sh script  
73 2 Unix endpoint user mode Fixes an issue where CA ControlMinder localized upgrade defaults to English. AN01727 Unix all        
74 2 Unix endpoint user mode Fixes an issue where the file permissions for the files under /etc/pam.d/ are not preserved after uninstalling CA ControlMinder. AN01730 Linux all        
75 3 Unix endpoint user mode Fixes an issue where /tmp/cfg is created and not removed after an upgrade to 12.6 SP2.  AN01880 Unix all Bug in the install shell script. This problem occurs in 12.6 SP2 or higher. A new install_base shell script.  
Install 12.6 SP2 or upgrade from lower version to 12.6 SP2. Notice that the directory /tmp/cfg is created. After an upgrade, remove the directory.
76 3 Unix endpoint user mode Fixes an issue where a cleanup activity after the UNAB uninstallation is required to restore UNAB-related tokens to defaults. AN01952 Unix all     Fix as part of the build  
77 3 Unix endpoint user mode Fixes an issue where the customized value of COMPUTERS_CONTAINER in the parameters file returns the default value (cn=Computers) AN01979 Unix all A bug in the installation script.   Repack the rpm with the fix in the installation script. 1. # customize_uxauth_rpm -w Proceed -d /apps/VZEAC/redhat/unab/12.6 uxauth-126-2.0.633.x86_64.rpm
2. # customize_uxauth_rpm -g -f params.txt -d /apps/VZEAC/redhat/unab/12.6 uxauth-126-2.0.633.x86_64.rpm 
3. Open params.txt and change the value for this token. COMPUTERS_CONTAINER=CN=COMPUTERS to COMPUTERS_CONTAINER= OU=UNIX 
4. Save params.txt.
5. # customize_uxauth_rpm -s -f params.txt -d /apps/VZEAC/redhat/unab/12.6 uxauth-126-2.0.633.x86_64.rpm 
6. Install uxauthd.
# install: rpm -hiv uxauth-126-2.0.633.x86_64.rpm 
7. After the installation, check the value of computer_container
Notice that the computer_container value is NOT OU=UNIX but the default value cn=Computers.
78 3 Unix endpoint user mode Fixes an issue where you install CA ControlMinder on Solaris 11 with Japanese locales and observe the following: AN01983 Solaris Sparc cat command on Solaris 11 does not work well when the locale is set to Japanese.     1. Test on Solaris 11.
seos.ini is truncated AN01822 2. Export LANG=ja_JP.UTF-8 
Missing key tokens in the [seos] section    3. Export LC_ALL=ja_JP.UTF-8 
Missing accommon_path in accommon.ini.   4. Run install_base.
  See that seos.ini file has SEOSPATH and admin_data defined in [seos] section with invalid values
  5. Check if accommon_path is set in accommon.ini at /opt/CA/AccessControlShared.
79 3 Unix endpoint user mode Fixes an issue where Install_base treats a database class with "AS-" as TNG database.  AN01998 Unix all A bug in the install_base script. The script treats a database class with "AS-" as TNG database and creates TNG rules. Define a database with user-defined class and rules. The name of the class and rules has to contain the letter "AS-". A new install_base script that correctly determines the database as the TNG database. 1. Create a database with class named as follows:
setoptions class+(AS-APP-EXECUTE)
chres ADMIN ('AS-APP-EXECUTE') audit(FAILURE) defaccess(NONE)
editres AS-APP-EXECUTE ('*') audit(FAILURE) defaccess(EXECUTE)
chres UACC ('AS-APP-EXECUTE') defaccess(EXECUTE)
editres CONTAINER ('CA-AssetTypes') audit(FAILURE) owner('root')
2. Run install_base to upgrade to a higher version.
3. After the upgrade, check the database. 
Since the class contains the letter "AS-", the install_base script treats the database as TNG database and create TNG rules.
80 3 Unix endpoint user mode Fixes an issue where the clear password in the parameters file is not masked with ******. This problem occurs when you perform the UNAB customized installation. AN02292 Unix all The clear password text is not masked in the parameters file. Specify a password in the parameters file. Mask clear text password with * 1. Customize the package with the password saved in Parameters file.
AN02287 2. Install UNAB
  3. Check the Parameters files. 
  EXPECT: Clear text password must be masked with *
  ACTUAL: Clear text password is not masked with *
81 3 Unix endpoint user mode Fixes an issue where the file mode is incorrect for seoswd_debug file. seoswd creates seoswd_debug file with file permission -rw for owner, group, and others. The file mode is incorrect because only the owner must have write permission and read permission for group and others. AN02300 Unix all seoswd creates seoswd_debug file with 0666. It creates write permission for the owner, group, and others, which is an error. Only an owner must be given the write permission.   Correct the file mode for seoswd_debug with 0644. 1. In /opt/CA/AccessControl/log
rm seoswd_debug 
2. Start CA ControlMinder. 
3. ls -al /opt/CA/AccessControl/log/seoswd.
EXPECT: -rw-r-r- 1 root 0 673 Nov 17 18:54 seoswd_debug
ACTUAL: rw-rw--rw-- 1 root 0 673 Nov 17 18:54 seoswd_debug
82 3 Unix endpoint kernel mode Fixed an issue where the KBL records are missing for the traced user. AN02331 AIX COPYOUT of /etc/AC fails because of the passed NULL pointer "upath" argument.   save  On AIX:
upath = fa->pname; 1. In the seos.ini file, set kbl_enabled = yes 
before 2. AC>eu test password(tesT) audit(interactive) 
fa->pname = NULL;  3. Start CA ControlMinder 
  4. Log in as "test"
  5. Check KBL audit: 
  # seaudit -kbl
  EXPECT: 2014 23:10:39 P LOGIN test 274572 12 ismeax08.memco.co.il cmdlog
  ACTUAL: Total records displayed 0
83 3 Unix endpoint user mode Fixes an issue where the cumulative ACL / PACL is ignored when ACL access is none. AN02249 Unix all Authorization design   Change AC authorization to proceed to the PACL verification even when ACL access is defined as none. 1. Set ACL/PACL accumulative in Selang options (it is default) 
2. Set default access:
AC> ef /QA_tmp/test defaccess(r) 
3. Prevent user access:
AC>auth file /QA_tmp/test uid(test) access(n) 
4. Allow access via specific program:
AC>auth file /QA_tmp/test via(pgm(/usr/bin/cat)) uid(test) access(r) 
5. Verify access 
(test)$ cat /QA_tmp/test
EXPECT: Access allowed
RESULT: Access DENY 
84 3 Unix endpoint user mode Fixes an issue where a user login fails because the proftp login application fails to recognize the user. AN02199 Unix all CA ControlMinder fails to detect the login sequence for proftp login application. As a result, the login user is not defined in CA ControlMinder.   Apply the seosd fix or set loginflags to pamlogin when PAM is enabled. 1. AC> loginappl PROFTP loginflags(none) loginseq(N3UID, FUID, SGRP, SUID)
  2. Run proftp
The login sequence is messed up because setgroup is set to -2 and setuid to -2.  3. Log in to the server as non-root user; say user1. 
  4. On another terminal where root/admin has logged in, run "seaudit -a"
5. Check the LOGIN log for PROFTP;  if the username is root, then it is an issue. 
Audit log shows:
# Audit log 24 Sep 2009 01:09:59 P LOGIN root 54 2 192.168.1.40 PROFTP
85 3 Unix endpoint user mode Fixes an issue where the call_sepass token is set to default in the newer version after an upgrade. AN02239 Unix all The call_sepass token is missing in the script that copies the old token values to the newer version after an upgrade, Problem occurs when you perform an upgrade; the affected token is call_sepass. After an upgrade, manually set the value of the call_sepass token to yes.  
1. Install 12.6 SP3 on a Linux.
2. In seos.ini, set call_sepass = yes and call_segrace = yes.
3. Upgrade 12.6 to 12.8 
4. After an upgrade, notice that call_sepass is set to default while call_segrace is set to yes.
5. You can also find an additional call_sepass token.
 
86 2 Unix endpoint user mode Fixes an issue where the records sent by selogrd to the target file are duplicated. AN02372 Unix all The base condition to switch to an audit log record is wrong, hence forces selogrd to read from the beginning of the log (offset = 0).   Correct the base condition that selogrd uses to read audit log records. 1. Stop CA ControlMinder
2. Configure selogrd in selogrd.cfg to send records to the target file.
fileRule
file /tmp/audit.txt
<dot> 
3. Remove log/seos.audit log/logroute.dat
4. In seos.ini, exclude selogrd from the services that start.
5. Start CA ControlMinder
6. Run in the debug mode:
'selogrd -debug'
7. Trigger new records to seos.audit
Example: run selang
8. Examine duplicate records in /tmp/audit.txt
87 2 Windows endpoint user mode Fixes an issue where you kill a process and notice that the kill events that are recorded in the N Process audit log fail to filter when you set PROCESS;*;*;*;Kill;* in the audit.cfg file. AN02047 Windows all       1. Set PROCESS;*;*;*;Kill;* in the audit.cfg file.
2. Kill seosd.ex from the task manager.
 
The following events are recorded in the audit log:
08 Apr 2014 15:53:29 N PROCESS Administrator Kill 600
10 deviceharddiskvolume2program filescaaccess controlbinseosd.exe
C:Windowssystem32taskmgr.exe
88 2 Windows endpoint user mode Fixes an issue where the Watchdog thread that monitors CA ControlMinder services generates dump. AN01984 Windows all The problem occurs when the process opens with PROCESS_QUERY_LIMITED_INFORMATION access mask on Windows 2003.   Open a process with access right PROCESS_QUERY_INFORMATION. Validate values of VirtualMemorySize and HandlesCount. And, generate process dump depending on the GenerateMemDump value. 1. Install CA ControlMinder endpoint on Windows 2003 with the following services:  
      ReportAgent
Setting the registry value GenerateMemDump = 0 in HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControl does not disable the process dump generation. Also, secons -i prints wrong values of virtual memory size in the output (CA ControlMinder memory utilization statistics).     Task Delegation
    Advanced policy management
2. Start CA ControlMinder and wait for 15 minutes to generate DMP files in AccessControlbin.
89 2 Windows endpoint kernel mode Fixes an issue where the audit log logs wrong user details. AN01827 Windows all The thread attributes cache is used to store impersonation information per thread. The function that updates the cache content with the new data (new  user SID), performs the cache entry update prior to removing the invalidated cache entry. Hence, this update creates an opportunity for another thread to assume the identity of a wrong user and leads to an issue. The fix considers this update as obsolete and prevents opportunities for making wrong impersonation.   Fix in the update table.  
 
For example:
You create a share and provide access to two users - User A and User B. Both the users perform actions on the share. Notice that in the audit log, audits for User A and UserB are mixed or audit of one of users appear instead of the audits for another user.
90 2 Windows endpoint user mode Fixes an issue where the TERMINAL generic rules with wildcards (* ?) in the terminal name or IP has no impact on the authorization result. AN01775 Windows all     Add search TERMINAL objects that match the client host name or IP in the generic resource table (objects with wildcards). On CA ControlMinder endpoint A:
1. Stop CA ControlMinder
2. Specify TerminalSearchOrder = name,RDPIP in    HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlSeOSD
3. Create a user tuser.
4. Verify RDP login to A from host B for tuser.
5. Start CA ControlMinder
6. Create CA ControlMinder user tuser.
     eu tuser owner(nobody)
7. Create TERMINAL rule for IP of host B using wildcard like:
     er terminal(130.119.179.*) owner(nobody) defaccess(none)
8. Check RDP connection from B.
 
Expected Result: Denied login
Actual Result: Permit login
91 1 Windows endpoint user mode Fixes an issue where a system hosts three PMDBs that populate automatically via a script from a remote system. The PMDBs fail to propagate commands to the subscribers and the sepmd -L command shows a negative offset.  AN02334 Windows all When there are many PMDB subscribers and some of them are not available, it takes time to send updates to all the subscribers.    Change timeout configuration to handle PMDB commands. Create the following PMDB hierarchy on Windows:
  1. Create 2 MASTER PMDBs (MASTER_A and MASTER_B) 
HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlPmdTCPReceiveTimeout 2. Create 10 PMDBs on the same machine: SUB_A1, SUB_A2, SUB_A3, SUB_A4, SUB_A5 SUB_B1, SUB_B2, SUB_B3, SUB_B4, SUB_B5 
  3. Create 50 PMDBs on another machine.
HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlPmdClientOperationTimeout 4. Add 5 subscribers to MASTER_A: SUB_A1, SUB_A2, SUB_A3, SUB_A4, SUB_A5 
  5. Add 5 subscribers to MASTER_B: SUB_B1, SUB_B2, SUB_B3, SUB_B4, SUB_B5 
  6. Add 50 subscribers to each PMDB SUB_XY. So, you have 10 PMDBs each sending an update to 50 PMDB.
  7. Create a script that sends 50 commands to MASTER_A and MASTER_B:
  Selang -c 'host MASTER_A@machinename; eu t613872 name("USUARIO NO ASIGNADO") resume owner(nobody)audit(all) ; join t613872 group(AC_USER_SERV) owner(nobody);join t613872 group(AC_LOGIN_EXC) owner(nobody)'
   
  Selang -c 'host MASTER_B@machinename; eu t613872 name("USUARIO NO ASIGNADO") resume owner(nobody)audit(all) ; join t613872 group(AC_USER_SERV) owner(nobody);join t613872 group(AC_LOGIN_EXC) owner(nobody)' 
   
  8. Verify that you do not receive any errors from the master PMDBs
  9. Check that all commands come to subscribers.
  NOTE: If the network is slow, you need to change the registry value.
  HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlPmdClientOperationTimeout and HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlPmdTCPReceiveTimeout to 5 minutes (300). 
  The default value is 1 minute(60).
92 2 Windows endpoint user mode Fixes an issue where the first access to generic resource (File) by logged in user A produces audit record for user A, but subsequent access of the same user A generates audit with user name substituted by another user B who has not logged on to the system. AN02312 Windows all Applied hash function is not effective for generating unique hash values from keys including user names specified by 4-digits number like OACS01\2676.   Replace the current hash function with a more effective hash function CRC.  
93 2 Windows endpoint user mode Fixes an issue where the policies deployed according to the XGROUP authorization fail to work correctly for the PUPM user.  AN02309 Windows all seosd does not allow the AgentManager process to run seadmapi functions, when the AgentManager (PUPMAgent plugin) fails to send the list of resolved OS groups for native user to seosd . Seosd assigns the list to PUPM ACEE and uses it for authorization.     1. Connect Enterprise Management Server to the Microsoft Active Directory as the user store.
  2. Discover a privileged account (for example, localadmin) for the endpoint (PUPM for Access Control type).
For example, 3. Active Directory user to check out the privileged account (local admin) and perform automated RDP login to the endpoint.
Consider the following rule in seosdb: 4. Active Directory user to open cmd.exe on the endpoint and run secons -whoami.
auth file c:tmpkuku.txt gxid(TRUST3xxx_Test_group) acc(n). And, AD user (TRUST3128) is a member of TRUST3xxx_Test_group. There is no denied event when TRUST3128 connects with auto login to endpoint and tries to open the file.     Result: The command displays PUPM User = Active Directory user
5. Run cmd with Run As Administrator and run secons -whoami.
    Result: The command displays PUPM User = local admin
 
The original identity is lost. PUPM ACEE does not include the list of OS groups which the Active Directory user belongs to. As a result, all deployed policies with XGROUP authorization do not work on the machine.
94 1 Windows endpoint kernel mode Fixes an issue where improper incoming connections result in improper functioning of Selang and HOST classes. AN02299 Windows x64 TCP/IP synchronous support is not addressed in the WFP framework resulting in a lot of incoming connection problems.   TANSPORT layer added to handle TCP/IP synchronous connections. 1. Disable all classes:
    AC> so class-(tcp)
    AC> so class-(connect)
    AC> so class-(host)
 
2. Write rules for all classes (disallow case):
    AC> er tcp 3389 defaccess(n) audit(a) owner(nobody)
    AC> er connect 10.134.6.179 defaccess(n) audit(a) owner(nobody)
    AC> er host 10.134.6.179 audit(a) owner(nobody)
    AC> auth host 10.134.6.179 services(*) acc(n)
 
3. Turn on all classes one by one:
     AC> so class+(tcp)
     Expected Result: Incoming and outgoing connections are disallowed.
     Actual Result: Incoming and outgoing connections are disallowed.
 
     AC> so class-(tcp)
     AC>so class+(connect)
 
Test the RDP connection from both ends (incoming and outgoing).
Expected Result: Outgoing connection is blocked but incoming connections are allowed.
Actual Result: Outgoing connection is blocked but incoming connections are allowed.
 
       AC> so class-(connect)
       AC> so class+(host)
 
Test the RDP connection from both ends i.e., incoming and outgoing.
Expect Result: Outgoing connection is allowed but incoming connections are blocked.
Actual Result: Outgoing connection and incoming connection are allowed. 
95 2 Windows endpoint user mode Fixes an issue where the identity of the PUPM user changes on launching a program in the administrative mode (Run as Administrator). AN02294 Windows all       1. Install CA ControlMinder with PUPM functionality and log in to the Integration feature on Windows 2012 machine (domain member). Verify that Windows UAC feature is enabled.
2. Install Enterprise Management Server (ENTM) as Active Directory user-store.
3. Create endpoint for the above mentioned host with RDP application.
4. Create PUPM account.
5. On endpoint, define the PUPM account as XUSER in CA ControlMinder database with Use original identity and Required checkout PUPM flags; add this OS user to the Administrators group.
6. Perform auto-login for PUPM user within ENTM.
7. Check identity for the logged in user, verify that ACEE type is PUPM user and the user name is ENTM admin user.
    > secons -whoami
8. Use UAC feature and run any program using Run as administrator.
9. Check identity for the logged in user, verify that ACEE type is PUPM user and the user name is ENTM admin user.
    > secons -whoami
 
Actual Result:
You will see logged in user and not PUPM user. Identity is lost within UAC session. 
96 2 Windows endpoint user mode Fixes an issue where an upgrade fails to add AgentManager to AC services Registry. AN02230 Windows all       1. Install 12.5 SPx.
2. Upgrade to 12.8/12.8 CF1.
Notice that the AgentManager is not available in the registry:
HKLMSOFTWAREComputerAssociatesAccessControlAccessControl
97 1 Windows endpoint user mode Fixes an issue where the disconnected RDP sessions are logged off by the system.  AN02222 Windows all Distinguished Windows OS event is responsible for logging off the disconnected sessions.   In a WTS Disconnect State-Change event, check if disconnected sessions state is Active and avoid removing this session ID from the current session list and the disconnected session list. 1. On host B, create environment including binaries and scripts for repeat RDP connections.
2. Install CA ControlMinder on a test machine with Terminal Server ( host C)
3. Login as Administrator to host C.
     a.  Stop CA ControlMinder.
     b.  Rename eACSubAuth.dll in Windowssystem32.
     c. Set TerminalsearchOrder = RDPIP in
          HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlSeOSD
     d. From Selang:
           er TERMINAL ("IP of host A") audit(FAILURE) defaccess(READ WRITE) owner(nobody)
           chres TERMINAL ("_default") audit(FAILURE) defaccess(NONE) owner(nobody)
            nu ("admin") password(Mazda626)
            eu ("admin") audit(FAILURE LOGINSUCCESS LOGINFAILURE) owner(nobody)
            auth terminal( host C ) uid(admin) acc(a)
            Disable classes WINSERVICE, REGKEY, REGVAL, PROGRAM, PROCESS, PASSWORD, FILE with
            so class-(.....),
     e. Cleanup ACLogseos.audit.
     f. Start CA ControlMinder.
     g. Open Terminal Service Manager (Run tsadmin.msc ) Sessions tab and set Refresh interval = 1 second
4. On Host A RDP Connect user admin, disconnect session and note this session ID in Terminal Service Manager on host C.
5. On Host B, run scripts repeating RDP connections to CA ControlMinder Endpoint of user admin.
Periodically examine audit log and Terminal Service Manager.
 
Expected Result :
Only audit records reporting
D LOGIN admin 1069 2 <host B> Terminal Services
 
Actual Result:
O LOGOUT admin 1069 2 <host B> Terminal Services
following by logoff disconnected session with noted ID.
In Terminal Service Manager Disconnected session with noted ID disappeared. 
98 2 Windows endpoint kernel mode Fixes an issue where the TCP and the CONNECT classes fail to work in Windows 2012. It is a known limitation of network code which uses synchronous WFP implementation. AN02206 Windows x64 With WFP synchronous implementation, cannot authenticate on the basis of rules as the packets are scheduled at DISPATCH LEVEL for processing. Asynchronous WFP implementation added to handle DISPATCH LEVEL problems. New WFP implementation is added which handles the authentication of packets asynchronously. 1. Open cmd.exe and type Selang in the command prompt.
2. Type these commands:
     AC> so class+(connect)
     AC> er connect 192.168.48.1 defaccess(n) audit(success,failure) owner(nobody)
3. Open mstsc and try to connect to 192.168.48.1. The connection will be established.
4. Go to first cmd.exe and type these commands
     AC> so class-(connect)
     AC> so class+(tcp)
     AC> er tcp 3389 defaccess(n) audit(success,failure) owner(nobody)
5. Repeat step 3. Result is same.
99 3 Windows endpoint user mode Fixes an issue where an update of user's native password fails because Selang or sepmdd consumes high memory. AN02211 Windows all The problem occurs because bi-directional encryption is off when "rules-" is off. But CA ControlMinder still tries to encrypt the password using the bi-directional mode. Run Check "rules-". 1. Stop CA ControlMinder.
AC>password(rules-) When "rules-" is disabled, bi-directional is also disabled. 2. cd to the pmdb database
eu test01 password(xxxx)" to reproduce the problem.   3. Selang -d
    4. AC>so password(rules-)
    5. AC>eu test01 password(xxxx)
     
    Selang consumes 4 gigs of memory after you run the command.
100 3 Windows endpoint user mode Fixes an issue where the dbmgr -e -l -c command generates Selang commands that are syntactically incorrect. AN02308 Windows all The dbmgr -e -l -c command is not properly implemented. Run the dbmgr command in DMS database or DH__ database.  Create a new binary dbmgr. 1. Create a policy.
The new dbmgr command should generate Selang commands to create RULESET.      # policydeploy -store Test -ds c:tmpds.txt -uds c:tmp컯xt -dms DMS__@
       # policydeploy -assign Test -hnode hostname.xxx.com -dms DMS__@
2. Shutdown CA ControlMinder and DMS__ and play with the DMS__ database.
    # cd /opt/CA/AccessControl/policies/DMS__
    # dbmgr -e -l -f DEPLOYMENT GDEPLOYMENT GHNODE GHOST GPOLICY HNODE POLICY RULESET -f  DMS_export.txt
 
Expected Result:
The DMS_export file should not contain the following RULESET commands:
editres RULESET
authorize POLICY
authorize RULESET
 
Actual Result:
The DMS_export file contains the RULESET commands:
editres RULESET
authorize POLICY
authorize RULESET
101 2 Windows endpoint user mode Fixes an issue where the SPECIALPGM rule for msiexec.exe is removed after an upgrade. Upgrade process creates SPECIALPGM rule for msiexec.exe for internal purpose (to avoid problems with CM drivers). After an upgrade, the installer removes the rule even though it exists in the previous version. AN02317 Windows all     Fix as part of the build. 1. Install 12.5SP5 on Windows 2008 R2
2. Add the following rule.
    editres SPECIALPGM ("C:WINDOWSsystem32msiexec.exe") owner('nobody')
    pgmtype(BACKUP DCM PBF PBN STOP REGISTRY SURROGATE) unixuid(*)
3. Upgrade from 12.5SP5 to 12.8GA.
 
Expected Result:
Rule should appear in 12.8
 
Actual Result:
Rule fails to appear in 12.8
102 2 Windows endpoint user mode Fixes an issue to add certificate for validating a host over SSL connection.  AN02099 Windows all     Create the registry values:  
1. HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlcryptocleanup_schedule = 00:00@Sun,Mon,Tue,Wed,Thu,Fri,Sat (STRING)
 
2. HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlcryptorefresh_timeout = 86400 (DWORD)
 
3. HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlcryptossl_hostname_validation = 0 (DWORD)
103 2 Windows endpoint user mode Fixes an issue where a user logins to the CA ControlMinder endpoint and is created as a XUSER in the database even though the user does not exist in the endpoint. AN02163 Windows all Registry value: HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlOS_usercreate_user_in_db is set to 1.   Set registry value HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlOS_usercreate_user_in_db to 0 1. Set the registry value: HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlOS_userosuser_enabled to 1.
2. Set the registry value. HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControlOS_usercreate_user_in_db to 1
3. Create a user on CA ControlMinder endpoint.
4. Add the user for RDP connection.
5. Connect to the endpoint with the user via RDP.
6. The user is created as XUSER in the database.
104 3 Windows endpoint user mode Fixes an issue where seaudit -I D20fails to return TCP audit events. AN02215 Windows all A variable is not set when -i * * is set in the command line.   Get a new seos.audit file that contains INET records. Run seaudit -i * * 
  Note that the audit log contains no TCP records or events.
1. Enable the TCP class.  
    AC>so Class+(TCP)  
    AC> TCP _default audit(all)  
2. Download putty on the localhost.  
3. Run putty (ssh) to connect to another machine. This results in generating INET logs in seos.audit.  
4. Run seaudit -i * *  
   seaudit -i displays TCP audit events.  
105 2 Windows endpoint user mode Fixes an issue in the RemoveAC.exe utility. The utility now allows to remove registry key data from the specified location through an input parameter. AN02522 Windows all       1. Stop CA ControlMinder.
  2. Backup the Registry.
Example: C:>REG SAVE HKEY_LOCAL_MACHINESOFTWAREComputerAssociatesAccessControl C:Tempreg.bak
RemoveAC -d SOFTWAREComputerAssociates 3. Restore Registry in a wrong location
deletes only data subkey of Registry key C:>REG RESTORE KEY_LOCAL_MACHINESOFTWAREComputerAssociates "C:Tempreg.bak"
HKEY_LOCAL_MACHINESOFTWAREComputerAssociates, if exists.   
  The registry is restored under ComputerAssociates and data cannot be removed. 
106 2 Windows endpoint user mode Fixes an issue where an ACEE user login is denied, and a denial Login Event ID:4776 is logged in the Security Event Log. AN02520 Windows all The Garbage Collector thread which updates the ACEE table, runs every 5 minutes. If the ACEE session is not the current session then the Garbage Collector removes the ACEE handle from the ACEE table.     Execute multiple sequential logins on the Domain Controller with duration more the 10 minutes.
   
If the user login authorization is not completed (meaning a session is still not created) then the Garbage Collector removes ACEE handle from the table and throws AUTH_E_INVALIDACEE error. Observe Security Log records of denied Login Event Id:4776 and Error code: 0xc000006f.
  Note that the event appears every 5 minutes.
107 2 Windows endpoint user mode Fixes an seosd memory leak issue. Memory leak is found in a system with multiple logon sessions, and when the enterprise users and groups are disabled (osuser_enabled is set to 0) according to CA ControlMinder configuration.  AN02516 Windows all        
108 2 Windows endpoint user mode Fixes an issue where the dmsmgr -cleanup -hnode -dms DMS__@ command fails due to lack of user rights in executing the Selang command. However, dmsmgr still prints a message "Operation completed successfully". AN02513 Windows all No return code from the LCA API calls. Create a  user with no admin rights in DMS__ to run the dmsmgr -cleanup command. Run dmsmgr with a user who has admin rights in DMS__.  Login as a regular user who has no admin rights in DMS__ and then run the following command:
dmsmgr -cleanup -hnode -days 2 -dms DMS__@
 
hnode is not removed because the user has no admin rights to remove the hnode in DMS__, but the dmsmgr returns a message "Operation completed successfully".
109 2 Windows endpoint user mode Fixes an issue where an XUSER is created in the PMDB, and the rule update fails after an upgrade from version 12.5/12.6 to 12.8. AN02460 Windows all       1. Install 12.5 SP5 or 12.6 SP1.
2. Create PMDB using the command:
    > createpmd pmd1
    In this case, you set the logged in user as Admin user for this PMDB.
3. Create PMDB using the command:
     > createpmd pmd2 admins(acadmin)
     In this case, you specify that Admin user is acadmin, but not logged in user. When you try to connect to this PMDB, you  will get access denied. Only user acadmin can administer this PMDB.
4. Upgrade to 12.8. Do upgrade as logged in user (<domain><machine name>).
5. Check that upgrade process was successful for both PMDBs. Check pmd.audit for each PMDB for errors. You should not see DENIED auditing.
 
Upgrade process should create a new PMD1 PMD2 Policy Models and then import all data from the previous installation. You should see the user that perform upgrade as ADMIN in both PMDBs.
110 2 Windows endpoint user mode Fixes an issue where the time restriction applied on a FILE resource fails to work during the midnight. AN02445  Windows all On Windows, restrictions for StartTime greater EndTime is rejected by Selang with an error:     1. Create file
"Selang set restrictions error:      echo 1234 > C:tempqqq.txt
ERROR: 1801:0759 is not a valid time range." 2. From Selang, type the following commands:
     er FILE(C:TEMPqqq.txt) owner(nobody) defacc(a) audit (a)
     chres FILE(C:tempqqq.txt) restrictions(d(weekdays) time(2123:0345))
 
Error prompted:
ERROR: 2123:0345 is not a valid time range. Use help timerange for valid format.
111 3 Windows endpoint user mode Fixes an issue where sepmdd core dumps when referencing a conditional ACL. AN02454  Windows all       1. AC>host PMDB
2. AC>nr hostnet myhostnet mask(255.255.255.0) match(192.16.xxx.0)
3. AC>nr TCP 21
4. AC>auth TCP 21 hostnet(myhostnet)
5. AC>sr TCP 21
 
Actual Result:
pmdb protocol error. sepmdd memory dump.
112 2 Windows endpoint kernel mode Fixes an issue of the zombie process when instrumenting a .NET application. AN02482  Windows all       Open a few .NET applications and let them run for few minutes. It will eventually slow down the system.
113 2 Windows endpoint kernel mode Fixes an issue where a user cannot transfer multiple files via VSFTPD server (FTP server) as the connection gets closed after transferring a file. AN02533  Windows all The WFP framework fails to handle the FIN ACK failure condition.   Handle the FIN ACK failure condition resolution in the network code.  
114 2 Windows endpoint user mode Fixes an issue where all TCP inbound connections are blocked on applying the rule "er TCP(65535) owner(nobody) defacc(none) audit(all)". AN02434 Windows all       Apply selang rules
AC>so class+(TCP)
AC>er TCP(65535) owner(nobody) defacc(none) audit(all) In 12.8 GA, the RDP connection gets closed.
115 2 Windows endpoint kernel mode Fixes an issue where the Microsoft Windows 2008 R2 SP1 crashes when the WFP driver(drveng) is deployed.  AN02538 Windows all TDI driver causes problems in the synchronization techniques that are used by WFP driver, which eventually leads to crash.  System crashes when the OS is Windows 2008 R2 SP1, WFP driver is deployed(drveng), and a third-party TDI driver is present. For example, vnetflt.sys from VMware. Handle TDI changes made to the packets when both WFP driver and the TDI driver have intercepted.  Install latest Windows EP 12.8 or any version after 12.80.1808, and leave the system as it is. The system restarts after few minutes, or few hours or sometimes in few days. 

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing