Sometimes we get a scenario where we need run the Privileged Identity Manager (Control Minder) in parallel with the SELinux. If both are running on the same server at a given time, then PIM (Control Minder) Endpoint Agent's sewhoami utility detects every user who logs in to the server as root user.
To mitigate this, PIM (Control Minder) Endpoint Agent is packed with an executable which allows both SELinux and Privileged Identity Manager to run in conjunction.
- On the endpoint server login as the root user, navigate to <Access_Control_InstallDirectory>/lbin
[root@Server lbin]# ./sshd_policy.sh
/usr/bin/checkmodule: loading policy configuration from /tmp/AC_TMP.31027/CAeAC.te
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version 6) to /tmp/AC_TMP.31027/CAeAC.mod
<Access_Control_InstallDirectory> in this document refers to the root directory where endpoint agent is installed