CA ControlMinder r12_6-SP2 FIXLIST - CA Technologies
{{search ? 'Close':'Search'}}

CA ControlMinder r12.6-SP2 FIXLIST

All Service Packs are accumulated therefore fixes included in previous releases are not mentioned in the FIXLIST

Last Updated: February 19, 2013

No. Severity Module Problem summary Package OS Cause of the problem Conditions Solution or workaround Reproduction steps Problem ID TestFix / PublishFix
1 3 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where getvar.sh incorrectly identifies SEOS_syscall.530b as the kernel extension. However, kernel fails to load on AIX 5.3 with TL 12. AC126SP20016 AIX getvar.sh incorrectly identifies SEOS_syscall.530b as the kernel extension to use for AIX 5.3 TL 12 and above. However the new syscall was not introduced until TL 12 SP3, which caused a load failure for TL 12 below SP 3. Problem occurs on AIX 5.3 with TL 12 below SP 3. Upgrade to AIX 5.3 TL 12 SP3 or above. On AIX 5.3 with TL 12 below SP 3, loading SEOS_syscall will fail with following error: Executing un/load exit file/usr/seos/exits/LOAD/SEOS_load_int.always. sysconfig[SYS_SINGLELOAD]:path(/usr/seos/bin/)module(/usr/seos/bin/SEOS_syscall ) err(8) : Exec format error 1711 RO46021
2 2 Windows Endpoint User Mode Fixes an issue where creating or updating groups with groupid property in the pmd native environment returns the error "Property not found". AC126SP20035 Windows all The groupid property is incorrectly defined in the database during creation. Specify the groupid property for group during creation or while updating in the pmd native environment.   1.parent_pmd of unix endpoint is windows pmd
2.create pmd on widnws endpoint and subscribe unix endpoint
3.host pmd@ in selang on windows
4.eg testgrp audit(a) native(groupid(100))
expected result:
1."ERROR: Property not found" does not appar
2. sg in pmd@ netive env shows ID property
562 T4CC164
3 2 Windows Endpoint User Mode Fixes an issue with ControlMinder where removing a native user with appl property returns the error "Property not found". AC126SP20036 Windows all The appl property is not defined in the database during creation. Specify the appl property for user delition in the pmd native environment.   1.parent_pmd of unix endpoint is windows pmd
2.create pmd on widnws endpoint and subscribe unix endpoint
3.host pmd@ in selang on windows
4.eu testuser password(testuser)
5.ru testuser native appl(homedir=yes) expected result: "ERROR: Property not found" does not appar Plase also test:
6.eu testuser native(gscon("test")) expected result: 1."ERROR: Property not found" does not appar 2.sg in pmd@ netive env shows GSCON property 7.eg testgrp native(appl("test")) expected result: "ERROR: Property not found" does not appar
562 T4CC164    
4 3 UNIX Endpoint User Mode Fixes an issue where ControlMinder fails to unload on RHEL 5.8 x86. AC126SP20041 LINUX x86 The messagebus dbus-daemon prevents AC kernel module to unload because of a syscall accept is blocked.   The fix restarts messagebus when ControlMinder kernel module unloads. On RHEL 5.8 x86
1. Start AC seload
2. Restart messagebus /etc/init.d/messagebus restart
3. Verify blocing syscall secons -scl shows blocking syscall 102 by dbus-daemon
4. Shutdown AC secons -sk 5. Attempted unload of AC fails SEOS_load -u
   
5 1 UNIX Endpoint User Mode Fixes an issue with ControlMinder where password change fails on Solaris because Pluggable Authentication Module (PAM) handles password change as a LOGIN event. AC126SP20044 Solaris x86 The problem occurs because ControlMinder PAM handled password change as a LOGIN event.       1752 TC61277 (AIX), TC61278 (HPUX PA-RISC), TC61279 (HPUX IA64), TC61280 (Linux X86), TC61281 (Linux X64), TC61282 (Linux IA64), TC61283 (Solaris Sparc), TC61284 (Solaris X86).
6 2 Windows Endpoint User Mode Fixes an issue with ControlMinder where filtering file access by audit.cfg fails. AC126SP20060 Windows all The AuditHandler did not check audit filtering. Audit record coming form the driver via AuditHandler   [procedure]
1. stop AC \\=^ secons -s
2. create test directory and file \\=^ mkdir TEMP \\=^ mkdir TEMP\\VB_BIN \\=^ echo aaa =^ c:\\TEMP\\VB_BIN\\test.txt
3. create policies editres FILE ("c:\TEMP\*") audit(ALL) defaccess(READ CHDIR) owner('nobody') authorize FILE ("c:\TEMP\*") access(READ WRITE DELETE RENAME CREATE EXECUTE CHOWN CHMOD UTIME SEC CHDIR) uid('administrator')
4. start AC
5. access to the directory/file and check audit log \\=^ cd temp \\=^ cd vb_bin \\=^ type test.txt \\=^ cd \\\=^ seaudit -a -sd today some file access log to C:\\TEMP\\VB_BIN, C:\\TEMP\\VB_BIN\\ and C:\\TEMP\\VB_BIN\\test.txt appears -=^ this is expected
6. add filter in audit.cfg \\=^ secons -s add following filter at the last of audit.cfg: *;C:\\TEMP\\VB_BIN*;Administrator;*;*;* TEST CASE 1
7. do step5 again [expected result] all file access logs are filtered [actual result] some file access logs for C:\\TEMP\\VB_BIN appears; others such as C:\\TEMP\\VB_BIN\\test.txt are filtered TEST CASE 2
8. \\=^ cd temp
9.restat AC
10. \\=^ cd vb_bin(type vb_bin but tab key) \\=^ cd .. \\=^ cd [tab key] \\=^ cd seaudit -a -sd today [expected result] all file access logs are filtered except C:\\TEMP\* [actual result] all file access logs are filtered
1686 T4CC165, T4CC166
7 3 Windows Endpoint User Mode Fixes an issue with ControlMinder where the result of sepmd -t PMDB <offfset> is incorrect. AC126SP20065 Windows all Offset sepmd -t is handled by hex incorrently. Any value specified to offsed is handle by hex.   1. create pmd PMDB
2. input some rules into PMDB
a. eg administrators native
b. eg inf audit(logins loginf trace) native
c. eu test1023 audit(logins loginf f trace) owner(nobody) pwasown(********) grace- profile(inf) native
d. eu test1023
3. check PMDB command file
> sepmd -C PMDB
Offset Command
======== =========
1) 0 eg administrators native
2) 608 (native domain) eg administrators native
3) 1216 eg inf audit(logins loginf trace) native
4) 2848 (native domain) eg inf audit(logins loginf trace)native
5) 3460 eu test1023 audit(logins loginf f trace)
owner(nobody) pwasown(********) grace- profile(inf) native
6) 8212 (native domain) eu test1023 audit(logins loginf f
trace) owner(nobody) pwasown(********) grace- profile(inf) native
7) 9576 eu test1023

4. truncate until offset 1215 ( expect to truncate command 1) and 2) )
> sepmd -t PMDB 1215
Truncating PMDB at 4629
5. check PMDB COMMAND file
> sepmd -C PMDB
Offset Command
======== =========
1) 8212 (native domain) eu test1023 audit(logins loginf f
trace) owner(nobody) pwasown(********) grace- profile(inf) native
2) 9576 eu test1023

commands from 1) to 5) are truncated unexpectedly.
Also, the number value in truncate message is not correct
   
8 3 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where the root directory path is incorrect in the audit record during the chroot system call. AC126SP20071 LINUX all The problem occurs because the audit record does not add a slash when the parent is IS_ROOT. Access chrooted file/directory   1. place proftpd-1.3.4a.tar.gz on /usr/local/src 2. tar zxvf proftpd-1.3.4a.tar.gz
3. cd proftpd-1.3.4a
4. ./configure --with-modules=mod_ifsession 5. make
6. make install
7. uncomment DefaultRoot in proftpd.conf 8. run proftpd I noticed that the /ftpdata was a separate file system according to hostsysinfo.txt in the support.tar.gz file. /dev/sda2 52427772 184372 49537252 1% /ftpdata For setting up a similar environment on LOD, I made a new filesystem in the following way. 1. Create a file to be used for a new filesystem # dd if=/dev/zero of=/root/ftpdata bs=1024 count=10240 2. Create a filesystem in the file # mkfs /root/ftpdata 3. Create a mount point # mkdir /ftpdata 4. mount the created filesystem to /ftpdata # mount -o loop /root/ftpdata /ftpdata For reproducing the problem, we need to create a user and the user's home directory in /ftpdata. # useradd kiban -d /ftpdata/SG001 # chmod 777 /ftpdata/SG001 The following AC rules need to be defined. ef /ftpdata/SG001 defacc(a) audit(a) owner(nobody) ef /ftpdata/SG001/* defacc(a) audit(a) owner(nobody) When you login to the proftpd server as user 'kiban', '/' between directory names disappears in the seos.audit log. This problem deos not happen when /ftpdata is a simple directory in the root filesystem.
   
9 3 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where a denial occurs for COMMON and PACL properties even when they are trusted script by the DB. AC126SP20079 UNIX all The kernel module didn't find the program in the table by program path. Function "eAC_TrustPg_get_best()" searches the program by full path but checks the return value incorrectly. As a result, the executed script was not marked as "trusted script" and ControlMinder didn't apply the viapgm rule. Program "vi" changes program i-node when file is saved. Kernel module function "eAC_TrustPg_get_best" changed Previous code : --------------- if (path[0] == '/' && eAC_h_tbl_get() == 0 ) return OK; ---------------( condition lack braces after &&) New code: if (path[0] == '/') %7B if (eAC_h_tbl_get() == 0 ) return OK; %7D Prepare: # echo TEST =^ /tmp/test.txt # mkdir /home/work # vi /home/work/test.sh #!/bin/bash cat /tmp/test.txt Rule: AC=^ ef /tmp/test.txt owner(nobody) audit(all) defacc(N) AC=^ auth file /tmp/test.txt uid(*) acc(ALL) via(pgm(/home/work/test.sh)) AC=^ cr PROGRAM /home/work/test.sh flags(none) Recreate steps:
1. run test.sh # /home/work/test.sh ==^ ALLOWED
2. edit test.sh and insert comment line # vi /home/wor/test.sh insert line like ###### at bottom
3. run test.sh again # /home/work/test.sh ==^ EXPECTED result is PERMIT and /home/work/test.sh is trusted program ==^ ACTUAL is DENY
  T3DB126, T3DB127 
10 3 Windows Endpoint User Mode Fixes an issue with ControlMinder where a wrong 'sewhoami' occurs after logging in through the GDM console. AC126SP20080 LINUX all The login program gdm-binary never terminates. ControlMinder does not record end of session and logout, the gdm-binary assigns ACEE. The new session does not assign a new ACEE and uses the old one. RH5 GDM console login New solution is following: the EXT handler will check if exiting program is "gnome-session". If it is true, then check if this "gnome-sesion" is last process woth such program name. If it is true we assume GDM logout and kernel cleans all associated ACEEs     T3DB131
11 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where Solaris 10 zone reboot fails due to failed umount when ControlMinder is running in global and internal zones. AC126SP20081 Solaris Sparc ControlMinder kernel module file name resolving hold and dint release v-node of mounted FS. NFS mounts in internal zones Release v-node when going next loop 1. Default AC installation
2. Installed Solaris NAS (NFS mounts in internal zones)
3. Start AC in global and both internal zones
4. in global zone try to reboot internal zones Expect: zone successfully reboots Actual: umount fails for internal zone
  T3DB122
12 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where ControlMinder causes Kernel panic on HP-UX 11.11 or earlier versions when calling the delay() kernel function. The delay() function is not introduced to HP-UX until version 11.23.  AC126SP20084 HPUX PA-RISC The delay() kernel function called by ac_w_lock_slot() is not available in HP-UX 11.11 or earlier versions. Instead, the delay() function with different calling arguments was called from another kernel module. This led to system panic.  This only occurs on HP-UX 11.11. This may occur when there are multiple threads attempt to acquire read or write lock on the AC kernel table.       T3E7147
13 1 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where SEOS_put_look() failed to check if the message was a TCP STREAMS file. AC126SP20085 Solaris Sparc, Solaris x86 When SEOS_put_hook() was invoked to handle a message, it automatically assumes it as a TCP message. But the message was an X.25 packet, it misidentified it and misinterpreted the contents. This caused the bcopy call to access an invalid memory address and led to panic. This occurs on system running X.25 based application. The workaround is to use the STREAMS mode as the interception type.   1746 T3E7148
14 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where the system panicked in eAC_MM_file_ok. AC126SP20088 UNIX all The problem occurs because unexpected arguments were passed to eAC_MM_file_ok(). This occurs when an intercepted execve event fails and AC is down. When AC is down, there is no need to check Maintenance Mode.     T3E7149 (HP-UX PA-RISC)
T3E7150 (HPUX IA64)
15 2 Windows Endpoint User Mode Fixes an issue with ControlMinder where seosd fails to start due to wrong filter in audit.cfg. AC126SP20090 Windows all Allocated AuditMembersArray is not initialized with NUL, so its members point to an invalid address, invoked later in strncmp as a parameter.   Add initilization of allocated AuditMembersArray, checking filter tokens and return ERROR_PARSING_CFG_LINE for reporting to Application Log about wrong filter. Set filter FILE;*;NT AUTHORITY\SYSTEM;*;*; with missing last token and start AC. It exits with error "Abnormal termination Service Thread" in Application Log.   T5P7199
16 3 Windows Endpoint User Mode Fixes an issue with ControlMinder where you cannot delete a policy because the hnode is deleted. AC126SP20095 Windows all The problem occurs because the hnode is deleted, the poilcy that is assigned to hnode cannot able to be deleted. A policy is assigned to one hnode. this hnode is deleted. Now, we cannot delete the policy.   1. policydeploy -store TestPolicy -ds c:\\ds.txt -uds c:\\uds.txt -dms DMS__@
2. policydeploy -assign TestPolicy -hnode node_name -dms DMS__@
3. selang, AC=^host DMS__@, AC=^rr HNODE node_name Now, you'll have a problem to delete the policy TestPolicy.
4. policydeploy -delete TestPolicy#01 -dms DMS__@ Error: ERROR: Cannot delete policy version TestPolicy#01 as it is effective on some HNODEs
  T243977, T243978
17 2 Windows Endpoint User Mode Fixes the following issues with ControlMinder:
Application ERROR on application exit.
Application crash on DB plugins.
AC126SP20096 Windows all Found and fixed several bugs related to instrumentation unload code. See reproduction steps Found and fixed several bugs related to instrumentation unload code.     T5P7201
18 2 Windows Endpoint User Mode Fixes an issue with ControlMinder related to instrumentation unload code. AC126SP20103 Windows all The problem occurs because stability issues related to race condition on unload were identified in ControlMinder instrumentation code.       569 T5P7201
19 2 UNIX Endpoint User Mode Fixes issues with ControlMinder installation and uninstallation on AIX WPARs. AC126SP20105 AIX ControlMinder installs installation for native package to /CA/AccessControl. But uninstall does not remove AccessControlShared directory. Additionally, AccessControl and AccessControlShared are not get removed from WPAR.     Install AC installation for native package to /CA/AccessControl AC installs, but uninstall does not remove AccessControlShared directory Also AccessControl and AccessControlShared do not get removed from WPAR #customize pkg and install in Global host customize_eac_bff -Ri /CA/AccessControl -d `pwd` -w proceed CAeAC.12.6.1.1431.bff installp -d `pwd` -a CAeAC #install in WPAR syncwpar ^=wpar_name=^ #uninstall from Global installp -u CAeAC Note: /CA/AccessControlShared directory remains #uninstall from WPAR syncwpar ^=wpar_name=^ Note: in WPAR directories /CA/AccessControl* still exist 1686 T540174
20 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where ControlMinder does not start in more than one WPAR on AIX. AC126SP20109 AIX The problem occurs as ControlMinder cannot determine coral id from virtual pids. Multiple running WPARs AC will start in multiple WPARs Install AC on multiple AIX WPARs. Start AC in Global. Start AC in WPAR AC will not start in a second WPAR 1686 T540174
21 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where an error is observed in AccessControl_install.log while upgrading. AC126SP20117 UNIX all ControlMinder tries to access an incorrect directory. The correct directory is /opt/CA/AccessControl/data/japanese_euc_jis-0208/etc/eACLicenseAgreementUNIX_japanese_euc_jis-0208.txt          
22 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where uninstall does not remove the AccessControlShared directory. AC126SP20118 AIX The problem occurs with the packaging scripts.     Install AC installation for native package to /CA/AccessControl AC installs, but uninstall does not remove AccessControlShared directory #customize pkg and install in Global host customize_eac_bff -Ri /CA/AccessControl -d `pwd` -w proceed CAeAC.12.6.1.1431.bff installp -d `pwd` -a CAeAC #install in WPAR syncwpar ^=wpar_name=^ #uninstall from Global installp -u CAeAC Note: /CA/AccessControlShared directory remains #uninstall from WPAR syncwpar ^=wpar_name=^ Note: in WPAR directories /CA/AccessControl* still exist 1686 T540174
23 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where sepmdpull consumes huge memory during ControlMinder start up. AC126SP20119 UNIX all Difference in encrypt/decrypt keys makes objp-=^n_errs corrupt which causes to allocate huge memory. Different encrypt/decrypt keys defined between parent pmd machine and subscriber machine   1.Install AC with default encrypt key on machine A 2.Install AC with different encrypt key on machine B 3.Set token panrent_pmd to machine A Example:pmd1@machine B 4.Start AC on both machine 5.Run sepmdpull -a 6.verify sepmdpull will not allocate huge memory   T4CC190
24 2 UNIX Endpoint User Mode Fixes an issue where ControlMinder cannot install successfully on AIX. AC126SP20121 AIX            
25 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where computer prompts to reboot after installing and synching ControlMinder in AIX 7.1 global environment. AC126SP20123 AIX The problem occurs as the Reboot Message 332 is coming from postinstall script. Needs a change to the script similar to solaris for non-global zone.      Install AC in AIX WPAR using syncwpar syncwpar –gives incorrect warning message that need to reboot “If this is the first time you installed CA Access Control or upgraded CA Access Control, you must REBOOT the machine.”    
26 2 Windows Endpoint User Mode Fixes the following issues with ControlMinder:
Application ERROR on application exit.
Application crash on DB plugins.
AC126SP20125 Windows all MtM unsafe for plug-ins unload. MtM unsafe for plug-ins unload Removed MtM   569 T5P7201
27 2 Windows Endpoint Kernel Mode Fixes a design limitation, where a user can circumvent ControlMinder protection by copying a device. A privileged user (not a ControlMinder Administrator), can create a copy of the device using "mknod" system call. ControlMinder cannot prevent access to the device through direct system call. AC126SP20130 UNIX all ControlMinder does not check target device in syscall "mknod". Privileged user calls "mknod" New AC table keeps protected devices. The AC kernel will authorize target device in "mknod" system call 1. # df -h | grep ^=some_dir=^ /dev/dsk/c2t1d0s6 24G 3.4G 20G 15% /slow-work
2. # ls -l /dev/dsk/c2t1d0s6 /dev/dsk/c2t1d0s6 -=^ ../../devices/pci@1f,700000/scsi@2/sd@1,0:g
3. notice device major ad minor number ls -l /devices/pci@1f,700000/scsi@2/sd@1,0:g brw-r----- 1 root sys 32, 14 Jun 25 15:14 /devices/pci@1f,700000/scsi@2/sd@1,0:g
4. AC=^ ef /devices/pci@1f,700000/scsi@2/sd@1,0:g defaccess(n) owner(root)
5. # mknod /work/tmp/my_dev b 32, 14 ==^ EXPECT DENY of access
1773 TC61313
28 2 UNAB Fixes an issue with ControlMinder where the nss_uxauth module fails to communicate with the agent and suspends its normal processing. This occurs when agent-based debug logging is implemented. AC126SP20132 UNIX all An error occurs while communicating with the agent (because the agent is down). nss_uxauth module treats this as a hard error.       565 T5P7199
29 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where intermittent SURROGATE deny occurs while DB rules allow. AC126SP20134 UNIX all The problem occurs because of wrong ACEE reference counting.   This package makes two changes: 1) kernel function SEOS_procserver_update() will change references to "old" and "new" acee 2) kernel exit function will check real references in process table when reference counter is equal 1, meaning - last reference.   1758 T3DB128
30 2 Windows Endpoint Kernel Mode Fixes an issue with ControlMinder where audit records process termination are missing. AC126SP20137 Windows all The process termination mask from loophole protection is removed, it should be covered by class process.   Removed process termination mask from loophole protectiopn, it should be cobvvered by class process. Try to terminate seosd watchdog - see that despite denial of the operation, AC log contains no appropriate auidt message. 571 T5P7202 
31 2 Windows Endpoint User Mode Fixes the following issues with ControlMinder:
Application ERROR on application exit.
Application crash on DB plugins.
AC126SP20145 Windows all Found and fixed several bugs related to instrumentation unload code.       569 T5P7201
32 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the policyfetcher consumes high CPU usage. AC126SP20147 UNIX all   The policyfetcher fails to send/or receive data twice on a target.     1767 T4CC187
33 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where memory leak occurs in seosd after the scheduled time of ReportAgent. AC126SP20153 UNIX all The problem occurs as the allocated memory to access class definition for checking seos_odf.dat during backup of seosdb is not freed. ReportAgent is setup and send report of seosdb on sheduled time   1.Setup AC endpoint and ReportaAgent 2.observe seosd size before/after scheduled time of ReportaAgent. Default is 00:00 every day. # grep schedule accommon.ini schedule = 00:00@Sun,Mon,Tue,Wed,Thu,Fri,Sat run ps -el | grep seosd before 00:00 and after 00:00 1775 T4CC191 (LINUX x64), T4CC192 (SUN sparc), T4CC193 (AIX)
34 3 Windows Endpoint User Mode, UNIX Endpoint User Mode Fixes an issue with ControlMinder where depoloyments created by "RESTORE HOST" operation were not executed. AC126SP20154 Windows all, UNIX all The problem occurs because deployments for RESTORE HOST operation are created without property TYPE. Policyfetcher does not execute deployments that do not have any TYPE, as a result policyfetcher bypasses the deployment.     1. Back up seosdb of Endpoint(dbmgr -b).
2. Run the policy deployment.
3. Restore seosdb of Endpoint(dbmgr -r).

Try to restore policy..
1. Open the ENTM UI and navigate to
Policy Management -> Policy -> Troubleshooting -> Restore Host
2. Add the host where the policy is already deployed and click Finish.
3. Check "Deployment Audit".
=> It is first "Queued" and then "fail".
..The policy is never deployed. 
1772 T4A7025, T4A7026, T4A7028
35 3 Windows Endpoint User Mode Fixes an issue with ControlMinder where selang command failed to fetch data for Property PASSWDRULES. AC126SP20157 Windows all The problem occurs when ControlMinder failed to fetch password rules to access bidirectional mode set to user password. The password rules were disabled by 'so password(rules-)'. selang command set user passowrd   AC=^ so password(rules-) AC=^ eu test1 admin password(test1) auditor ERROR: Failed to fetch data for Property PASSWDRULES -=^ the error happens Successfully created USER test1 Native: === Successfully created USER test1 AC=^ su test1 Data for USER 'test1' ----------------------------------------------------------- User mode : Admin -=^ admin is set (specified before password) auditor is not set (specified after password) I did same proecdure on RHEL 5.1 x86 and the problem didn't happen; no error happened and both admin and auditor was set.    
36 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where 'issec' reports that ControlMinder daemons runs in Workload Partitioning (WPAR) and in global environment. AC126SP20158 AIX The problem is with issec from Global Environment - where it reports all policyfetcher instances running. Install ControlMinder on AIX 7.1 with WPARs.   Install AC on AIX 7.1 with WPARs. Start AC in Global Environment and WPAR Execute issec in the Global Environment. issec reports AC daemons running in the WPARs as well as in Global    
37 2 Windows Endpoint User Mode Fixes an issue with ControlMinder where an expired user password decrements the grace count each time it connects with the host using the selang 'host' or 'hosts' command. On UNIX this type of login does not change the grace count. AC126SP20159 Windows all The problem occurs as this type of connection sends login data to the target host SeOSAgent which checks the terminal authorization with NOGRACE flag enabled and verifies the logon data by executing nominal Logon to the Workstation. The logon data comes to eACSubAuth.dll which sends excessive time to seosd for authorization. This excessive time for generic logon results in grace reduction.   SeOSAgent reconized this type of logon writes User and Domain to special named shared memory from where eACSubAuth.dll notified through the signaled event reads this data and comparing with User/Domain camed from LSA is able to recognize that Logon acually is initiated by SeOSAgent allowing to avoid excessive authorization. 1. Create user eu ^=hostname=^\tuser password(xxxxxx) admin eu ^=hostname=^\tuser grace(50) 2. Create and authorize terminal for other EP er terminal(^=other EP=^) defacc(R) audit(a) auth terminal(^=other EP=^) uid(tuser) acc(a) 3. From selang ^=other EP=^ host ^=hostname=^ uid(tuser) password(xxxxxx) OR Connect to ^=hostname=^ from EM. 4. Check on ^=hostname=^ decremented grace su ^=hostname=^\tuser 565 T5P7199
38 3 UNAB Fixes an issue with ControlMinder where the UNAB agent restarts even when the tokens for Restart are disabled (agent_restart_delay= -1). AC126SP20166 UNIX all       1)Install UNAB
2) Register and Activate UNAB
3) Edit the File /etc/uxauth.ini for the token agent_vmemory_max = 50,health_c heck_interval= 300 ,agent_restart_delay = -1 and save the file
4) Stop Unab Agent and start the Agent in Debug Mode #uxauthd.sh debug 3 
5) Check the uxauth debug message 20120905160617.118379 T75 L 1: HealthCheck: Process memory size is 56 MBytes, exceeded limit 50 MBytes 20120905160617.120337 T75 L 1: HealthCheck: Agent auto restart is disabled 20120905160617.825300 T74 L 5: Scheduler: Clean LDAP connections 20120905160617.825673 T74 L 5: Scheduler: Reading tibco queue 20120905160617.825742 T74 L 5: Set message filter: DESTINATION_HOST='lodisun0 41x.epad.com' 20120905160617.840625 T74 L10: Scheduler: AC registered OK 20120905160617.840880 T74 L 5: Scheduler: Check agent critical parameters 20120905160717.127517 T75 L 5: HealthCheck: Check agent critical parameters 20120905160717.128436 T75 L 1: HealthCheck: Process memory size is 56 MBytes, exceeded limit 50 MBytes 20120905160717.129990 T75 L 1: HealthCheck: ""Agent auto restart now"" and the agent is getting restarted. Expected Result:Agent shouldnt be restarted
   
39 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the user identity is not available for a user who has not been defined in ControlMinder when sewhoami is executed. AC126SP20167 UNIX all PAM user login sends user id retrieved from user ACEE which is _undefined(-1) to proc table. create_user_in_db = no create_user_in_db = no user is not defined in seosdb ssh login   1.disable the tokens create_user_in_db = no create_user_in_db = no
2.make sure testuser is not defined in AC 3.login by testuser using ssh 4.run sewhoami expected result:sewhoami shows testuser actual result:sewhoami shows nothing
1755 T4CC170 (AIX), T4CC171 (HP-UX PA-RISC), T4CC172 (HP-UX IA64), T4CC173 (LINUX x86), T4CC174 (LINUX x64), T4CC175 (LINUX IA64), T4CC176 (LINUX 390), T4CC177 (LINUX 390 64bit), T4CC178 (SUN x86)
40 1 UNIX Endpoint User Mode Fixes an issue with ControlMinder where PACL does not work when invoking a trusted script via 'sh -c'. AC126SP20172 UNIX all ControlMinder did not evaluate the trusted program hierarchy properly.     1) Test on Linux X64.
2) Create a script called /tmp/shell1.sh: #!/bin/sh # /usr/bin/echo "aa" =^=^ /tmp/gabi02.txt /usr/bin/cat /tmp/gabi02.txt /tmp/shell2.sh
3) Create the script /tmp/shell2.sh: #!/bin/sh # /usr/bin/cat /tmp/gabi02.txt /usr/bin/date =^=^ /tmp/gabi02.txt
4) AC=^ nf /tmp/gabi02.txt owner(nobody) audit(a) defacc(a) AC=^ nr program /tmp/shell1.sh owner(root) audit(a) defacc(a) 5) start AC.
6) cd /tmp
7) ./shell1.sh
8) /opt/CA/AccessControl/bin/seaudit -a | grep FILE | tail --=^ See that you have 4 FILE audit records all with program name of /tmp/shell1.sh as it is a trusted script.
1759 TC61300
41 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where renaming the file is not protected on HP-UX. AC126SP20173 HPUX PA-RISC The problem occurs because the original syscall rename() is called inspite of seosd response. Rename on HP-UX   1. Create dir and file. # mkdir /tmp/test # touch /tmp/test/test.txt
2. Create rules. AC=^ ef ("/tmp/test/*") owner(nobody) defacc(none) audit(all) AC=^ auth FILE ("/tmp/test/*") uid(root) access(CHMOD READ)
3. Attempt to rename. # mv test.txt test.txt1 mv: test.txt1: rename: Permission denied ==^ Rejected(expected). audit.log 04 Sep 2012 14:47:47 D FILE root Rename 55 2 /tmp/test/test.txt /usr/bin/mv 155.35.125.172 root
4. But rename was done. # ls test.txt1 [Findings] It seems this is only HP, not AIX/Solaris/Linux. problem starts from r12.5SP4, not observed until r12.5SP3.
RO52507 TC61335
42 2 Windows Endpoint User Mode Fixes an issue with ControlMinder where memory leak occurs in the ReportAgent. AC126SP20174 Windows all The problem was with caching Host records and service records (Inbound Outbound traffic). There were no checks on the cache for duplicates, therefore each record increased the cache. The problem is with TCP records. You have to provide audit for DIFFERENT hosts. I.e., you have to enable audit for all traffic in class TCP. Once you have a lot of such records, you have to run reportagent to send the audit and see if it still have memory leaks. A memory leak is reportagent =^ 40MB memory size.   The problem is with TCP records. You have to provide audit for DIFFERENT hosts. I.e., you have to enable audit for all traffic in class TCP. Once you have a lot of such records, you have to run reportagent to send the audit and see if it still have memory leaks. A memory leak is reportagent =^ 40MB memory size. 582 T537724
43 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where clogin to WPAR is not logged. AC126SP20176 AIX The problem occurs as ControlMinder zlogin code has not been enabled for AIX WPARs. clogin on AIX WPAR Solution - this fix provides clogin auditing on AIX WPARs Install AC on AIX with WPAR Load AC kernel in Global Start AC in WPAR clogin WPAR seaudit -a shows /USR/SBIN/LOGIN instead of /USR/SBIN/CLOGIN    
44 3 Windows Endpoint User Mode Fixes an issue with ControlMinder where dbmgr -export generates the command "editres XGROUP" which selang fails to import. AC126SP20177 Windows all The problem occurs as the selang command "editres XGROUP" is a syntax error. XGROUP exist in seosdb Edit the command from "editres XGROUP" to editxgrp. 1. create xgroup AC=^ exg administrators
2. export rule \=^ dbmgr -e -r =^ rule.txt
3. load rule \=^ selang -f rule.txt Then, the error happens: ERROR: Failed to fetch data for Property UACC I checked exported file and found the command for xgroup as: editres XGROUP ("BUILTIN\administrators") owner('host\\Administrator')
   
45 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where dbmgr -export generates the command "editres XGROUP" which selang fails to import. AC126SP20178 UNIX all The problem occurs as the selang command "editres XGROUP" is a syntax error. XGROUP exist in seosdb Edit the command from "editres XGROUP" to editxgrp. 1. create xgroup AC=^ exg administrators 2. export rule \\=^ dbmgr -e -r =^ rule.txt 3. load rule \\=^ selang -f rule.txt Then, the error happens: ERROR: Failed to fetch data for Property UACC I checked exported file and found the command for xgroup as: editres XGROUP ("BUILTIN\\administrators") owner('host\\\\Administrator')    
46 2 Windows Endpoint User Mode Fixes an issue with ControlMinder where
the HULFT job does not complete while ControlMinder is working. This issue continues from
20738240-01, 20982975-01.
AC126SP20180 Windows all The problem occurs because seosd was unloading while a thread is still running. On secons -s.        
47 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where SESU does not return the exit status of the command. AC126SP20182 UNIX all The problem occurs as SESU returns 0 instead of the executed command's return code.     Write a script that does 'exit 3'. Run the script via 'sesu user -c ^=script=^'. See that 'echo $?' after sesu execution returns 3. 1782 TC61317
48 3 Windows Endpoint User Mode Fixes an issue with ControlMinder where the password rule (sub_str_len) is configured to 5 characters, but the password can still be changed even when there are 6 characters. AC126SP20183 Windows all The problem occurs because the password validation was implemented in UNIX only and was never ported to the Windows endpoint (though the database and selang supports it).       581 T5P7207
49 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the seosd service fails to re-start in global and in the local zone after reboot. AC126SP20186 UNIX all The problem occurs as the the seosd takes too long to boot. The system stops the start process after the timeout expires. System reboot Set bigger timeout for "start" method in seosd SMF manifest Solaris 10,
1. Do in global zone and all internal zones # svcadm clear seosd # svcadm enable seosd 2. Check service is "online" in global and all internal zones # svcs -l seosd
3. reboot the system ==^ Expect seosd service is online in global and all internal zones
1778 T3DB133
50 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the program class MTIME flag is missing in the dbmgr export output. AC126SP20188 UNIX all The problem occurs as the MTIME missed from the trusted pgm flags list. Specify flags MTIME of PROGRAM. Add MTIME to flags of PROGRAM to exported file. 1. Create a program rule with mtime flag. a. er program /tmp/test1 flags(mtime) b. er program /tmp/test2 flags(mtime ctime)
2. Export the AC rules with dbmgr. dbmgr -e -r
3. mtime flag is missing. a. editres PROGRAM ('/tmp/test1') audit(FAILURE) defaccess(NONE) owner('root') flags(NONE) b. editres PROGRAM ('/tmp/test2') audit(FAILURE) defaccess(NONE) owner('root') flags(CTIME)
   
51 3 Windows Endpoint Kernel Mode Fixes an issue with ControlMinder where the sewhoami utility displays a wrong user name. AC126SP20189 LINUX all The login program gdm-binary never terminates. ControlMinder does not detect the last process of the gnome-session, as another gnome-session is saved in the ControlMinder process table. RH5 GDM console login This package improves function detecting last "gnome-session" counting just alive processes. The AC process table may have dead "gnome-session" processes. (virtual image on vSphere)
1. Start AC
2. login via GDM console as "test1", then exit GDM
3. Login via GDM console as "test2", and check "sewhoami -a" ACTUAL: sewhoami shows "test1" EXPECTED: sewhoami shows "test2"
1733 T3DB131
52 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where nu- homeDir does not add the user name to the home directory path if the directory path ends with a slash. AC126SP20190 UNIX all An incorrect change was made to the functionality of homeDir where ControlMinder did not concatenate user name to the path. specify native/unix homedir that ends with a /(slash) for native user creation. Specify full path that ends with user name for user creation.   1780 T4CC194 (Solaris SunSparc), T4CC195 (Solaris SunSparc/x86), T4CC196 (Linux x86/x64/ia64)
53 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where sesu - targetUid failed to execute a ksh script. AC126SP20192 UNIX all The problem occurs as the PATH is set twice. A PATH is set in seos.ini PATH=/usr/bin:/usr/sbin and another in /etc/environment. We need to run "sesu - user01". Path in seos.ini is set. sys_env_file = /etc/environment. /etc/environment has a PATH there.   Please see the steps above.
1. vi seos.ini Path = /usr/bin:/usr/sbin sys_env_file = /etc/environment Please make sure PATH is set in /etc/environment with path /opt/CA/AccessControl/bin.
2. vi /etc/passwd Pick a user, let's say user01. please change the /bin/sh to /bin/csh.
3. create a a ksh script in /home/user01. #!/bin/ksh echo $PATH selang ============================ The objective is we want to see if PATH is inherited from csh to the ksh script execution. if it works, then selang should be executed (we don't care if there is error in selang. we just need to check if selang is able to run without a long path.)
1779 T243987
54 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where PACL fails when two trusted scripts exchange i-nodes. AC126SP20193 UNIX all The problem occurs because the trusted script has a new i-node while another program has the same i-node.   In EXEC handler: search accessing program by file path in program table, update i-node value for this program if appropriate pgmflag is not defined   1804 RO52633
55 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where a denial occurs for PACL property with a changed i-node even when they are trusted script by the DB. AC126SP20194 UNIX all The problem occurs because the seosd process table searched for the device and inode in the program table and sets run time flag "trusted=0". Program "vi" changes program i-node when file is saved. Change procserver.c, call trpgmmgr_GetBestEntry() instead of trpgmmgr_GetTrustedProgByDevice()   1749 T3DB126, T3DB127
56 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where sepass doesn't set grace count 1 by the administrative password change. AC126SP20195 UNIX all This problem occurs after package AC126SP10176 was introduced. Admin password change by sepass   1. enable PASSWORD class
2. check user, tusr02, properties. grace does not set.
3. change password by pwmanager, root, for the user at step 2. sepass tusr02
4. check user properties again. selang -c 'su tusr02' Expected Results: Gracelogins : 1 Actual Results: no gracelogins set
1784 T4CC198
57 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where KBL auditing terminates in WPARs when ControlMinder shuts down in one WPAR. AC126SP20196 AIX This problem occurs because KBL does not work correctly with zones or WPARs. KBL running on Solaris zones or AIX WPARs   Steps to reproduce :
1. Install AC
2. Set kbl tokens in global and wpars
3. Load AC kernel and start AC on global (ismeaxp6-71) and wpars (ismeaxp6-71wps1 and ismeaxp6-71wpsp1)
4. Create a user in wpar1 (ismeaxp6-71wps1) Nu demo1 password(demo1) audit(interactive)
5. Login as demo1 and verify kbl audit as root Kbl works , audit can be verified using Seaudit -kbl
6. Restart AC services on wpar2 (ismeaxp6-71wpsp1) Secons -sk or secons -s ; seload
7. In wpar1 , Login as demo1 user and verify kbl audit as root Seaudit -kbl
Actual result : Kbl audit doesn't show demo1 logins
Expected result : Kbl should work , demo1 logins should be displayed .
NOTE : Restarting AC on any of the wpars causes kbl not to work on the wpars nd global . Restarting AC on global , makes Kbl to work on global and wpars
1686 T540174
58 1 UNIX Endpoint User Mode Fixes an issue with ControlMinder where shell becomes root after executing the sesudo command. AC126SP20197 UNIX all The problem occurs because ControlMinder uses SUDO as a shell.       1747 TC61258 (HPUX IA64), TC61291 (AIX), TC61292 (Solaris Sparc), TC61293 (Linux X86), TC61294 (HPUX PA-RISC), TC61295 (Solaris X86), TC61296 (Linux X64), TC61259 (HPUX IA64), TC61260 (AIX), TC61261 (HPUX PA-RISC), TC61262 (Linux X64), TC61263 (Solaris Sparc), TC61297 (Solaris X86), TC61298 (Linux X86)
59 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the ControlMinder does not identify the  init process in WPAR. AC126SP20201 AIX The problem occurs because functions to detect init and sched processes in WPAR were missing. Running AC in AIX WPAR Solution. Apply kernel module with fix   1686 T540174 
60 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where a syntax error occurs in the audit.cfg file when seosd core dumps. AC126SP20203 UNIX all The problem occurs because the Trace File line ends with ';' when ControlMinder expects a token after ;. This causes the core dump. We need to add this line to audit.cfg. TRACE;FILE;/etc/passwd;*;root;*;*; Please try to reproduce it on Aix.        
61 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the ObserveIT injected code results in seagent utilizing 50% of the CPU. AC126SP20204 UNIX all The problem occurs because of the 3rd party code injection. Installed ObserveIT Unset pre-load library path in main daemons   1757 T243979
62 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the cronjob script fails when ControlMinder KBL is enabled. AC126SP20207 UNIX all The /bin/false is saved in table of shell scripts /etc/shells KBL enabled AC should not add /bin/false and /bin/true to internal table of shells   1788 T3DB141
63 1 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the sesudo command could not handle special shell characters. For example,  * and ; in command embed it with "". AC126SP20209 UNIX all The problem occurs as sesu/su in SUDO data Could not handle special shell characters in sesudo commands.       1747 TC61258 (HPUX IA64), TC61291 (AIX), TC61292 (Solaris Sparc), TC61293 (Linux X86), TC61294 (HPUX PA-RISC), TC61295 (Solaris X86), TC61296 (Linux X64), TC61259 (HPUX IA64), TC61260 (AIX), TC61261 (HPUX PA-RISC), TC61262 (Linux X64), TC61263 (Solaris Sparc), TC61297 (Solaris X86), TC61298 (Linux X86)
64 3 Windows Endpoint User Mode, UNIX Endpoint User Mode Fixes an issue with ControlMinder where the policy deployment utility -getrules command does not work.  AC126SP20213 Windows all, UNIX all The problem occurs as an option was an added to the feature.     dmsmgr -create -auto Use this command to create a DMS__ DH__ environment. policydeploy -create policyName -ds /tmp/t1.txt -uds /tmp/t2.txt -dms DMS__@ policydeploy -getrules policyname -ds /tmp/t1.txt -uds /tmp/t2.txt -dms DMS__@ above command returns an error. 528 T243831, T243832
65 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the SFTP login is not detected. AC126SP20216 UNIX all The "ksh" 3rd argument is not separated by null. It is possible that string '/usr/sbin/sftp-server -m /etc/ssh/sshd_config' was copied to kernel as one argument.   Set zero terminator in for sftp program path in seosd EXEC handler   1791 T3DB137
66 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where secons -scl reports blocking syscalls incorrectly when ControlMinder is not running in all WPARs and Global environments. AC126SP20217 AIX The design of the secons -scl implementation does not take into account the situation where there are multiple instances of ControlMinder running in virtual machines, but using the same common intercept hooking mechanism. AIX with WPARs   1. Install AC in Global and WPAR 2. Start AC in Global only 3. In WPAR, run perl script that blocks in accept: cat /tmp/accept_block.pl #!/usr/bin/perl use warnings; use Socket; my $port = 12345; socket(my $server, PF_INET, SOCK_STREAM, getprotobyname("tcp")); setsockopt($server, SOL_SOCKET, SO_REUSEADDR, 1); my $addr = sockaddr_in($port, INADDR_ANY); bind($server, $addr); listen($server, SOMAXCONN); while (accept(my $client, $server)) %7B print "hello\n"; %7D continue %7B close $client; %7D close($server); 4. In global, run secons -scl Blocking syscall reported with pid of 0 - not the real pid    
67 2 Windows Endpoint User Mode, UNIX Endpoint User Mode Fixes an issue with ControlMinder where a JBOSS memory error occurs due to the ReportAgent. AC126SP20221 Windows all, UNIX all The problem occurs because the ReportAgent sends huge data (DB snapshot + audit) which causes a JBOSS memory error.       145 T5P7238
68 2 Windows Endpoint User Mode Fixes an issue with ControlMinder where new rules are added to the PMDB. AC126SP20223 Windows all The problem occurs because the upgrade process for PMDB should not create __local__ hnode rule in the PMDB database. __local__ hnode rule should be created only in the seosdb database.          
69 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where the sewhoami utility displays a wrong user name. AC126SP20228 UNIX all The problem occurs because my_setuid wrappers overwrite uids in the proc table with uids in the setuid syscalls.   check error status of system internal setuid syscalls and put back previous uids only if system setuid fails. 1. create user in selang
2. login as the user
3. su to root
4. sewhoami
   
70 1 UNIX Endpoint User Mode Fixes an issue with ControlMinder where PAM login from a console is ignored. AC126SP20229 UNIX all PAM login from console ignored for a none root user with uid 0.       1795 TC61324
71 1 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where mount protection does not work on AIX. AC126SP20230 AIX The problem occurs because of a coding error.          
72 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where getvar.sh fails to parse /etc/redhat-release file correctly on RHEL systems. AC126SP20242 LINUX x86 The commented lines should be ignored in /etc/redhat-release file RHEL compatible linux release Install updated getvar.sh file start Access Control      
73 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the ReportAgent crashes while retrieving records having an empty data. AC126SP20246 UNIX all The problem occurs because record validation does not check data pointer on NULL causing the failure.   Add checking data pointer and skipping corrupted record.   1797 T5P7211 (AIX), T5P7212 (HPUX), T5P7213 (HPUX IA64), T5P7214 (LINUX), T5P7215 (LINUX X64), T5P7216 (Solaris)
74 1 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where the system crashes in fi_detach_q on HPUX. AC126SP20247 HPUX IA64 The problem occurs because of the race condition between NET_STR_CACHED and ControlMinder detaching queue. ControlMinder was not protecting Streams head while detaching from streams. Disable ControlMinder streams.   176 TC61311
75 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the AIX package does not set correct file permissions for sepass, sesudo, and issec. AC126SP20258 AIX The problem occurs because chmod in the post-install script is ovewritten by the original permission of issec from the bff package. Install AC on AIX 5.2 using customize_eac_bff and installp on that AIX 5.2 machine Soution is to apply this fix to customize_eac_bff and customize AC for AIX 5.2 on the AIX 5.2 system On AIX 5.2
1. Customize the AC AIX package with ./customize_eac_bff -d `pwd` -w proceed CAeAC.12.6.1.1676.bff
2. Install CAeAC installp -d `pwd` -a CAeAC
3. Verify the file permission on issec ls -l /opt/CA/AccessControl/bin/issec -r-sr-xr-x 1 root system 124472 Oct 13 20:30 issec and note that setuid bit is not set without this fix
   
76 2 Windows Endpoint Kernel Mode Fixes an issue with ControlMinder where VSphere installation hangs on x64 platforms. AC126SP20261 Windows all The problem occurs because of compatibility issues with .Net assembly.   Added to driver capacity to read instrumentation settings of plugins and create white list of processes that should be instrumented   587 T5P7217
77 2 Windows Endpoint User Mode Fixes an issue with ControlMinder where the IIS process crash when trying to implement database integration with OLEDB connection against Oracle database. AC126SP20275 Windows all The problem was caused because of bad memory access within our OLEDBPLg instrumentqation process which is loaded by w3wp.exe IIS process.   Install a fix containing the code change in this package. No other work around.      
78 1 UNIX Endpoint User Mode Fixes an issue with ControlMinder where SEOS_load causes a panic on RHEL 6. AC126SP20299 LINUX x64 Incorrect call to get_x86_64_table() on RHEL 6 xen System oops on SEOS_load on RHEL 6 paravirtualized VM Solution is to install a new kernel module with this fix   1800 TC61331
79 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where audit record for kill is not generated if the user does not have permissions to kill the process. AC126SP20302 LINUX all In seos kill wrapper my_kill(), before sending request to seosd (for reducing amount of requests) we check permissions for user to kill the process. Linux user doesn't have permissions to kill the process   1) protect process top from killing
2) run top as non root
3) kill top as root
   
80 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where it takes 4-8 minutes to receive the results when there are many deployments and gdeployments (around 70000 objects). AC126SP20318 UNIX all We dont have a mechanism to receive all the deployment objects from the DMS using paging. using filters helps (policy, host, host group, etc) but not resolve the performance problem.       132, 586, 98 T4A7036, T4A7037, T4A7038, and T4A7039
RO50732, T5P0093
81 2 Windows Endpoint User Mode Fixes an issue where ControlMinder Silent installation fails. AC126SP20319 Windows all The problem occurs because the registry values were not set correctly during silent installation.          
82 3 UNAB Fixes an issue with ControlMinder where the ControlMinder Unix Attributes tab does not appear when the filter or search operation is used with AD Users and Computers. AC126SP20321 Windows all Thr problem because the UNIX Attribute tab does not support filter or search operation in ADUC.     1) Install Access Control Unix Attributes AC126SP1 GA on domain controller (install x86 package on x86 machine and x64 on x64 machine).
2) Open “Active Directory Users and Computers” MMC.
3) Double click on a user and verify that the “Access Control Unix Attributes” tab exists.
4) In the upper side of the MMC, click on search and search for the user.
5) From the search results , Double click on the user and verify that the “Access Control Unix Attributes” tab NOT exists.
589 T537726
83 3 UNAB Fixes an issue with ControlMinder where the ControlMinder Unix Attributes tab does not appear when the filter or search operation is used with AD Users and Computers. AC126SP20322 Windows all The problem occurs becuase of wrong use of the COM object.     1) Install Access Control Unix Attributes AC126SP1 GA on domain controller (install x86 package on x86 machine and x64 on x64 machine).
2) Open “Active Directory Users and Computers” MMC.
3) Double click on a user and verify that the “Access Control Unix Attributes” tab exists. 4) In the upper side of the MMC, click on search and search for the user.
5) From the search results , Double click on the user and verify that the “Access Control Unix Attributes” tab NOT exists.
589 T537726
84 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the audit log does not record user login to a server. AC126SP20323 UNIX all The problem occurs because the login process loginflag is NOT set to pamlogin. We can reproduce the in telnet only. /usr/bin/loing is not set with pamlogin. set /usr/bin/login with the same settings as loginappl TELNET.   1807 T52V001
85 2 Windows Endpoint User Mode Fixes an issue with ControlMinder where during upgrade the distribution_server registry value is empty. AC126SP20340 Windows all The problem occurs because of a defect in the upgrade process.          
86 3 Windows Endpoint User Mode Fixes an issue with ControlMinder where the ControlMinder Support utility (ACSupport) fails to gather the event log. AC126SP20347 Windows all The FormatMessage error occurs because the number of strings, obtained
from application message does not match the message data.
  Place call FormatMessages in __try - __except Run ACSupport export Event log on Win 2008 R2 (x64) 597 T5P7229, T5P7230
87 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where ac_check_debug_proc() called strstr() which causes the system to panic. AC126SP20351 Solaris Sparc, Solaris x86 This happens when the pathname struct passed to ac_check_debug_proc() has only "/proc" as its path. The pathlen is 5 and the rest of the buffer contains no 0x0 beyond the "/proc" string.   Make sure it is /proc/*/ctl.   1805 T3E7153
88 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the hostname is changed to the localhost name. AC126SP20357 UNIX all The root cause of the problem is the pointer that points to a hostname is overwritten by another call. for seos.collect.audit, seaudit needs to get the hostname where the audit log is generated from. Because of this call, it overwrites the host name pointer that points the audit log's data. Please run "seaudit" on seos.collect.audit where there is hostname in the audit log. The field that for hostname will be replaced by the localhost name.     1654 T243830
89 3 Windows Endpoint User Mode, UNIX Endpoint User Mode Fixes an issue with ControlMinder where Devcalc reports false deviations on policies containing ACVAR. AC126SP20368 Windows all, UNIX all The problem occurs because devcalc compares the wrong value in case the object type is ACVAR of type OSVAR.     1) deploy the following policy script: er ACVAR COMPUTERNAME value(COMPUTERNAME) type(osvar) eu ^=!COMPUTERNAME=^kuku admin
2) In selang, run the following: start devcalc get devcalc
3) verify that there is deviation for COMPUTERNAME
590 T537727
90 3 Windows Endpoint User Mode, UNIX Endpoint User Mode Fixes an issue with ControlMinder where the Restore Host option fails in Advanced policy management. AC126SP20369 Windows all, UNIX all The problem occurs because the user wants to re-deploy policie using the Restore Host option.       570 T4A7026
91 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where cron scripts produce a cmdlog core when KBL is enabled. AC126SP20372 UNIX all The problem occurs because the dynamic loader is not loadable. HP-UX KBL enabled /bin/sh script Workaround - change script's shell from /bin/sh to /sbin/sh   1810 TC61339
92 3 Windows Endpoint User Mode Fixes an issue with ControlMinder where _dms user is created in regular pmdb. AC126SP20380 Windows all The _dms user was added for dms but regular pmdb is not filtered.   The user can be manually removed. creapmd PMDNAME=pmd1 selang host pmd1@ find user    
93 3 Windows Endpoint User Mode Fixes an issue with ControlMinder where the UNIX user/group properties groupid, gecos, shellprog, userid are not exported by dbmgr -export in ControlMinder for Windows. AC126SP20386 Windows all Definition of the properties were missing. UNIX user/group properties created in pmd native env.   1.create pmdb
2.in the pmdb AC=^ eg testgroup native(groupid(100)) AC=^ eu testuser native(gecos("test gecos") shellprog(/program) userid(500))
3.export the pmdb expected result: all properties specified is exported actual result: not exported
591 T4CC205
94 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where after a failed login from GDM terminal, the next next login session gains the user name and acee of the failed login. AC126SP20407 UNIX all ControlMinder cannot detect failed GDM login, "gdm-binary" gets new acee for failed login and AC uses it in next login session. GDM console access Use PAM login event to clean flags associated for "gdm-binary" process. 1. Find Linux RH 5 with console access, install and start AC
2. Define "test" user, change user's shell in /etc/passwd to /bin/false
3. Login GDM console with user "test" ==^ login fails
4. Login GDM console with user "root" 5. run "sewhoami -a" ==^ Expected: root (before fix "sewhoami" showed "test")
1733 T3DB139, T3DB140
95 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where intermittent authorization deny, while DB rules allow. AC126SP20408 UNIX all The problem occurs because of incorrect reference counting. The source of wrong counting was not disovered, because it requires kernel debugging.   Count all processes of specific ACEE and update table before deleting it.   1758 T3DB153
96 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where selogrcd fails to start with a specific port (ServicePort = 3000). AC126SP20409 Solaris Sparc The problem occurs because the compatibility package(ucblib) was removed in Solaris 11. specify ServicePort in seos.ini selogrcd section. Not specify ServicePort 1.set ServicePort = 30000 in seos.ini selogrcd section
2.run selogrcd # selogrcd -d Getting Parameters for CA Access Control Log Collector... Setting value for [selogrd] CollectFile to /opt/CA/seos/log/seos.coll ect.audit Setting value for [selogrd] CollectFileBackup to /opt/CA/seos/log/seo s.collect.bak Setting value for [logmgr] audit_group to none Setting value for [selogrd] CBackUp_Date to NONE Got Prameters form seos.ini file. Warning: The selogrcd extension file does not exist Using preassigned port from seos.ini 30000 Calling svcudp_create(fd=6) Cannot create UDP service. svcudp_create: Bad file number
1812 T4CC204
97 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where PACL from trusted script was not enforced after starting ControlMinder trace. AC126SP20419 UNIX all The problem occurs because of a wrong parent program name in the FILE CACHE in the ControlMinder kernel module. Activating ControlMinder trace Do not activate ControlMinder trace 1) Test on Linux X64.
2) echo "test2" =^=^ /tmp/TEST/work/test2.txt
3) echo "Test4" =^ /tmp/TEST/work/test4.txt
4) Create the following two scripts: /tmp/TEST/script/test.sh: #!/bin/sh cat /tmp/TEST/work/test2.txt echo aaa =^ /tmp/TEST/work/test.txt rm -f /tmp/TEST/work/test.txt /tmp/TEST/script/test2.sh /tmp/TEST/script/test2.sh: #!/bin/sh cat /tmp/TEST/work/test4.txt echo aaa =^ /tmp/TEST/work/test.txt rm -f /tmp/TEST/work/test.txt
5) AC=^ nf /tmp/TEST/work/* owner(nobody) defacc(chdir)audit(a) AC=^ nr program /tmp/TEST/script/test.sh owner(nobody) audit(a) defacc(a) AC=^ auth file /tmp/TEST/work/* uid(*) acc(a) via(pgm(/tmp/TEST/script/test.sh))
6) Start AC (seload).
7) secons -t-
8) sh /tmp/TEST/script/test.sh
9) sh -c /tmp/TEST/script/test.sh
10) . /tmp/TEST/script/test.sh
11) /tmp/TEST/script/test.sh
12) secons -tc -t
13) sh /tmp/TEST/script/test.sh
14) sh -c /tmp/TEST/script/test.sh
15) . /tmp/TEST/script/test.sh
16) /tmp/TEST/script/test.sh --=^ Before the fix you get an error about permission denied for test4
   
98 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where sewhoami shows wrong ControlMinder user. AC126SP20420 UNIX all ControlMinder didn't save the LOGOUT record because of incorrect acee reference count. X11 forwarding enabled function handle_multilogin() triggers login on shell which does not have command parameter "-c"   1733 T3DB143
99 3 Windows Endpoint User Mode Fixes an issue with ControlMinder where dbmgr -export duplicates native user properties like country, phone, location and organization. AC126SP20422 Windows all Definition of the properties were missing. Country, phone, location and organization is defiend to a native user in pmd Removed duplicated entry from native user propertry definition 1.create pmd
2.in pmd native env nu testuser country(japan) phone(111-111-111) location(tokyo) organization(jtc)
3.export pmd dbmgr -e -l expected result: editusr ("testuser ") country(japan) phone(111-111-111) location(tokyo) organization(jtc) actual result: all properties are duplicated
591 T4CC203, T4CC205
100 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where SMF stops ControlMinder watchdog after seosd fails with core. AC126SP20423 Solaris Sparc Both SMF and watchdog try to restart seosd. The SMF also stops all related processes including watchdog. Solaris 10 SMF in use Set manifest property to ignore service core files set "kill_ignore=yes" in seos.ini start seosd service # svcadm seosd enable kill seosd process wait and check service status # svc -l seosd # issec EXPECT: the seosd is up and running    
101 2 UNAB Fixes an issue with ControlMinder where CA license library (LIC98Dir) is not set in uxauth.ini in the WPAR environment. AC126SP20424 AIX The problem occurs because AIX WPAR cannot write to /opt as this is a read only directory. AIX WPAR UNAB install   Steps to reproduce : 1.Install UNAB in global 2.Sync with wpars - syncwpar ^=wparname=^ 3.Check token 'LIC98Dir' in uxauth.ini in non-private wpars . Actual Result : Token is not set . Expected Result : Token is set to SharedComponents/ca_lic NOTE : Token LIC98Dir is set correctly to /opt/CA/SharedComponents/ca_lic in global and private wpar . 1686 T540192
102 1 Unix Endpoint Kernel Mode Fixes a design limitation, where a user can circumvent ControlMinder protection by copying a device. A privileged user (not a ControlMinder Administrator), can create a copy of the device using "mknod" system call. ControlMinder cannot prevent access to the device through direct system call. AC126SP20426 UNIX all ControlMinder does not check target device in syscall "mknod". Usage of syscall "mknod" Translate device number to device name in FS, verify file protection on Linux
1. find some disk device for tests using "df -h"
2. Note device major and minor numbers using "ls -l /dev/^=your_disk=^"
3. Set pattern rule like this AC=^ ef /dev/sdb* defaccess(n) owner(root) audit(a)
4. Try copy this device # mknod /tmp/my_dev b ^=major_num=^ ^=minor_num=^ EXPECT: permission deny
1773 TC61312, TC61313, TC61315, TC61316
103 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where sesu generates two surrogate audit records. AC126SP20431 UNIX all The problem occurs because SEOSROUTE_AuthRequest(...) API generates one log and setuid(..) generates another log.       1658 T243834, T243835
104 2 Windows Endpoint User Mode Fixes an issue with ControlMinder where an error occurs with the Task Delegation feature. AC126SP20433 Windows all The problem occurs because the Task Delegation feature is not added to the ControlMinder services list.          
105 2 Windows Endpoint User Mode Fixes an issue with ControlMinder where dbmgr does not export new properties for native users from PMDB after setting the property at PMDB. AC126SP20436 Windows all Definition of the properties were missing.     host pmdb@ editusr ("eacadmin") country('Japan') gecos('gecos test') export pmdb expected result: editusr ("eacadmin") country('Japan') gecos('gecos\ test') actual result: editusr ("eacadmin") country('Japan') gecos(gecos\ test) 591 T4CC205
106 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where a exit error occurs on the sepmdd load. AC126SP20448 UNIX all When agent exit is configured in seagent.ext, sepmdd and creapmd also try to load this shared object and causing loading error messages.      Install -api package.
# ./install_base xxx.tar.Z -api
# cd /opt/CA/AccessControl/apisample/agent_exits/password_auth
# cp aes_password_auth.ext /opt/CA/AccessControl/etc/seagent.ext
# seosd
# selang
# AC>host pmdb@
you'll see error message. This is because sepmdd is also trying to password_auth.so. 
   
107 2 UNAB Fixes an issue with ControlMinder where an error (Insufficient access rights) occurs when registering the UNAB host. AC126SP20449 AIX /usr/sbin/no cannot be exectuted from a WPAR UNAB registration on AIX WPAR solution Detect if registering from WPAR and Advise administrator to manually adjust PMTU discovery from the AIX Global Environment if it needs changing 1.Install UNAB in global and sync with wpars 2.Register UNAB host in global and wpars using uxconsole -register -a Administrator -w N0tall0wed -s 10.134.5.14(ip of AD machine) 3.While registering UNAB host in wpars , the following message is displayed CA Access Control UNAB uxconsole v12.61.0.1674 - console utility Copyright (c) 2010 CA. All rights reserved. no: 1485-120 Insufficient access rights 1686 T540192
108 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where file protection does not work for setuid files. AC126SP20458 UNIX all The problem occurs because the setuid program seosd does not check FILE class. setuid program that protected by FILE rule   1) protect setuid program from access via FILE class in selang
2) run this program -=^ exec is successful despite of FILE rule
   
109 2 Windows Endpoint Kernel Mode Fixes an issue with ControlMinder where a BSOD occurs during ControlMinder shutdown. AC126SP20466 Windows all The problem occurs because ControlMinder crashed with memory corruption error in soesdrv at shutdown.     On Windows 2008 R2 x64 with verifier Install r12.6 sp1, create generic rule for folder of files with audit(a).
Start 2-3 instances of fstress accessing the folder in cycle( for infinite time ).
Start AC start/stop cycle with 5-10 AC running period with some restarts of AC without sesodrv unload and some with seosdrv unload( net stop seosdrv ).
Test should run at least 24 hours. Expected results, no BSODs.
593 T5P7225
110 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where the Apache Web page refresh stalls after n times when ControlMinder streams are active. AC126SP20482 HPUX PA-RISC, HPUX IA64 AC streams r/w PUT routines did too much for bypassed AC processes Specialpgm Apache program on HPUX that was fully bypassed was stalling a bit when server requested a lot of data Disable AC streams   1813 TC61342
111 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the ReportAgent crashes with core dump on KBL raw data. AC126SP20484 LINUX all Array bound write problem in cmdlog_extarct() where to passed recs[4].Value has been written on size 5497 while allocated on 4096. The problem occures in result replacement unprintable charactres in Data chank buffer of 1024 bytes mostly with ^=BELL=^ text expanding buffer on size beyond 4096.   Setting MAX_KBL_DATA_SIZE to 6144.   1816 T5P7232
112 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where the seagent hangs while checking if the host is an NIS server. AC126SP20486 Solaris Sparc The problem occurs because the yp_master() call does not return. NIS server is stopped (ypstop), then start ypbind on client. At is_host_nis_server(), before calling yp_master, we will check that the host is NIS binded, by calling is_host_nis_binded().      
113 3 Windows Endpoint User Mode Fixes an issue with ControlMinder where the 'today date' section in the ENTM UI calendar does not provide any information. AC126SP20491 Windows all            
114 2 UNAB Fixes an issue where the ControlMinder Unix Attributes tab does not appear when the filter or search operation is used within AD Users and Computers. AC126SP20492 Windows all The problem occurs becuase of wrong use of the COM object.       589 T537726
115 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where seosd hangs while syncing ControlMinder database files. AC126SP20493 UNIX all The problem occurs because seosd hangs in 'fsync()' and is killed by the watchdog producing a core.        1834 T52V033
116 2 UNAB Fixes an issue with ControlMinder where UNAB fails to uninstall cleanly on AIX WPAR. AC126SP20500 AIX The problem occurs as the uninstall scripts are not executed. Uninstalling UNAB from AIX WPAR   On AIX with WPARs
1. Install UNAB on AIX Global environment and propagate into WPAR using "syncwpar"
2. Uninstall UNAB from AIX Global environment and remove from WPAR using "syncwpar"
3. installation directory remains in WPAR
1686 T540192
117 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where installation fails when the following library packages are not installed prior to ControlMinder installation:
libcrypt.so.1()(64bit), libc.so.6()(64bit), libdl.so.2()(64bit), libgcc_s.so.1()(64bit), libm.so.6()(64bit), libnsl.so.1()(64bit), libpam.so.0()(64bit), libpthread.so.0()(64bit), libresolv.so.2()(64bit), libstdc .so.6()(64bit)
AC126SP20503 LINUX all The problem occurs because installation fails when one of these libraries is missing.          
118 3 Windows Endpoint User Mode, UNIX Endpoint User Mode Fixes an issue with ControlMinder where the following polcyfetcher error occurs: Error, failed to fetch policy status for HNODE "nodename". AC126SP20504 Windows all, UNIX all If no policies exist for the node(endpoint) then we return null and print the error message (Error, failed to fetch policy status for HNODE "nodename"). The error message will not read as: "No policies exist for this node as of now".      1.Install endpoint pointing to ENTM Server
2.Before deploying any policies from DMS to endpoint observe below error message in policyfetcher.log(it exists under ^=EACInstallDir=^/log). "Error, failed to fetch policy status for HNODE "nodename"".
1764 T4A5071
119 3 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where intermittent authorization deny, while DB rules allow. AC126SP20511 UNIX all The problem occurs because of incorrect reference counting. The source of wrong counting was not disovered, because it requires kernel debugging.   This package counts really referencing processes before deleting ACEE entry. Also fork synchronization is changed to prevent exiting process before it is registered in process table.   1758 T3DB153, T3DB144
120 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where changing the password using "segracex -user <user-name>" returns an error message. AC126SP20512 UNIX all The buffer size for error message is too small. segracex fails to change remote database   0. Preparation install AC 12.6 SP1 on RHEL that can login by GDM.
start AC # selang AC=^ env pmd AC(pmd)=^ createpmd PMDB admin(root) desktop(^=your box=^) AC(pmd)=^ env config AC(config)=^ er config seos.ini section(seos) token(passwd_pmd) value(PMDB@^=your box=^) AC(config)=^ er config seos.ini section(seos) token(parent_pmd) value(PMDB@^=your box=^) AC(config)=^ !sepmd -s PMDB ^=your box=^ AC(config)=^ env AC AC=^ hosts PMDB@ AC=^ nu pmdusr20 password(password) ### create pmdusr20 in PMDB ### AC=^ hosts localhost AC=^ su pmdusr20 ### confirm pmdusr20 is propagated to your box ### AC=^ exit #
1. login your box from GDM (console GUI) with root user
2. start "Terminal" and enter as follows # date # segracex -user pmdusr20 Then segracex window is displayed. Enter old password for pmdusr20 Enter new password for pmdusr20 Re-enter new password for pmdusr20
expected result: Popup displays ERROR:Login procedure failed ERROR:Password on target does not match client's password actual result: Then, following error message is displayed on screeen "Error: XtCreatePopupShell requires non-NULL parent
   
121 3 UNAB Fixes an issue with ControlMinder where LDAP asserts when uxpreinstall -force Utility is run. AC126SP20517 UNIX all When uxpreinstall was executed in forced mode, it reached an area of code in uxpreinstall that normally it would not reach as by that time it would not have LDAP connections to continue with (normally, it would exit with an error message pior to that place). Forcing it to continue under such conditions required small code modificatios (implemented in this fix) to prevent calling LDAP functions since they would cause asserttion.          
122 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where sepmdpull prints garbled messages to syslog on MB system. AC126SP20521 UNIX all Error printed in unicode. MB system   1.install AC on Japanese(MB) system
2.set pmd@^=localhost=^ to token parent_pmd
3.leave AC stopped
4.make sure syslog.conf is configured to print info level message
5.run ./lbin/sepmdpull
6.check syslog expected result: The following messages in Japanese is not garbled ERROR: Failed to get user identity from CA Access Control CA Access Control is not running
   
123 3 Windows Endpoint User Mode Fixes an issue with ControlMinder where the Active Directory fails to enumerate the Users. AC126SP20526 Windows all The seos Agent tries to bind to the Active Directory with the Domain controller name.   Fix code to bind to the Active Directory with the domain name instead of the Domain controller   594 T5P7226
124 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where sesu fails after restarting sshd and a new login. AC126SP20527 UNIX all The sshd daemon started from script propagating flag "trusted_script" to all child processes. sshd restart Clean process flag "trusted_script" upon login. Start AC stop sshd start ssh using /etc/init.d/sshd 1817 T3DB145
125 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where seosd enters service maintenance mode when svcadm is disabled. AC126SP20530 Solaris Sparc script "/lib/svc/method/security-ca_ac" line CONTRACT_OF_SEOSD=`/bin/svcs -vH seosd | awk '%7Bprint $4%7D'` returned "1178459svc:/security/seosd:default" SMF services in use Use command "/bin/svcs -Ho CTID seosd" to obtain contract      
126 1 UNIX Endpoint User Mode Fixes an issue with ControlMinder where a problem occurs when using sesu/su - (without user implied root) in SUDO data. AC126SP20539 UNIX all The problem occurs because of incorrect code.       1747 TC61258 (HPUX IA64), TC61291 (AIX), TC61292 (Solaris Sparc), TC61293 (Linux X86), TC61294 (HPUX PA-RISC), TC61295 (Solaris X86), TC61296 (Linux X64), TC61259 (HPUX IA64), TC61260 (AIX), TC61261 (HPUX PA-RISC), TC61262 (Linux X64), TC61263 (Solaris Sparc), TC61297 (Solaris X86), TC61298 (Linux X86)
127 3 UNAB Fixes an issue with ControlMinder where memory leaks occur on UNAB pam module while handling local users. AC126SP20546 UNIX all         41 TC61341
128 2 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where installation on AIX causes the system to panic. AC126SP20571 AIX The problem occurs when unloading the kernel module.   Correct the unpin calls in fini_module().   1818 T3E7157
129 3 Unix Endpoint Kernel Mode Fixes an issue with ControlMinder where updating times on files is not protected on AIX 6.1 TL07+. AC126SP20580 AIX The problem occurs because a new syscall utimes64() was introduced. AIX 6.1 TL07 Interception of utimes64() added. Create a file rule for an existing file using selang: selang=^ nf /tmp/testfile owner(nobody) defacc(none) # touch /tmp/testfile Prior to this package on AIX 6.1 TL07+, the file times will be updated. 1822 T47D036
130 3 UNIX Endpoint User Mode Fixes an issue with ControlMinder where LOGIN records are missing in the audit log. AC126SP20584 UNIX all The problem occurs because of specific DB settings.     1. create ADMIN user and join it to group AC=^ nu test admin AC=^ ng sysadmin owner(root) AC=^ join test group(sysadmin)
2. create local host terminal and join it to GTERMINAL AC=^ nr terminal localhost.^=domain=^ owner(root) defaccess(r) AC=^ nr GTERMINAL root-not-allowed owner(secadmin) AC=^ er gterminal root-not-allowed mem+(localhost.^=domain=^)
3. Authorize GTERMINAL for GROUP AC=^ auth gterminal root-not-allowed gid(sysadmin) access(a)
4. login test user # ssh 0 -l test
5. Check login records in audit # seadit -a EXECT: ^=DATE=^ P LOGIN test 59 2 localhost SSH
1819 T3DB148 (32-bit), T3DB149(64-bit)
131 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where specialpgm processes lose their permissions after restarting seosd. AC126SP20590 UNIX all 1) ProcServer_set_special() is not called for processes running under root and having legal parent 2) in aceemgr_DeAssociateProcWithHandle() the ACEE counter is decremented twice - first time in AC_ProcSetACEE (pid, (-1), (-1)) and second time in aceemgr_DelUserAcee(). 3) On seosd stratup the ACEE counter is incremented twice - first time in the 1st loop through processes and second time in the 2nd loop through processes. Between 1st and 2nd loops the proc table is released but ACEE counters remains untouched. seosd restart   1) protect file nr file /work/pop1 audit(a) owner(nobody) defaccess(none)
2) create new seos user nu upop owner(nobody)
3) create surrogate specialpgm nr specialpgm /work/loopread pgmtype(surrogate) unixuid(*) seosuid(upop)
4) authorize access to the file for new user authorize file /work/pop1 uid(upop)
5) run special pgm that accesses the protected file /work/loopread /work/pop1
6) restart seosd
1823 TC61348
132 1 UNIX Endpoint User Mode Fixes an issue with ControlMinder where bypass_suid_program token is not detected in surrogate to root. AC126SP20594 UNIX all The problem occurs because of incorrect code.       1820 TC61346
133 2 Windows Endpoint User Mode Fixes an issue with ControlMinder on Windows where IIS process crashes when trying to implement database integration with OLEDB connection against Oracle database AC126SP20275 Windows all The problem was caused because of bad memory access within our OLEDBPLg instrumentqation process which is loaded by w3wp.exe IIS process. A. Install Oracle on <Oracle-Machine-Name>

B. Create Windows EP environment on <Windows-CMEP>
a. Create an IIS environment with the following:
i . A web page connecting to an Oracle database using ‘Microsoft OLE DB
Provider for Oracle’. Use the following connection
string: “Provider=MSDAORA;Data Source=<Oracle-Machine-Name>;User
ID=<Oracle-Account>;Password=<Oracle-Password<;Min Pool Size=10;Max
Pool Size=100;"
ii. Verify data within the Oracle database could be accessed.
b. Install CM endpoint with PUPM Integration enabled.

C. Create ENTM environment:
a. Define the Oracle database as a PUPM endpoint.
b. Define the <Oracle-Account> as privileged account.
c. Define a Password Consumer of Database type where:
i . Application path could be ‘*’
ii . The <Oracle-Account > should be defined in the Privileged Accounts
tab.
iii. The <Windows-CMEP> should be defined in the Hosts tab (or all Hosts)
iv . All native users should be defined in the Users tab.

D. Within the IIS web page change the password inside the connection string
to ‘******’.

E. Check that the data within the database could still be access.

Observed: IIS (w3wp.exe process) crashes.
       
134 2 UNIX Endpoint User Mode Fixes an issue with ControlMinder where displaying large number of audit records in the  Deployment Audit screen took several minutes to complete. AC126SP20318 UNIX all     New filter "Last Update Time" was added in Deployment Audit view   98 T5P0093

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing