How to Make PIM run in parallel with SELinux in enforce mode.

Document ID : KB000030999
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary:

Sometimes we get a scenario where we need run the Privileged Identity Manager (Control Minder) in parallel with the SELinux. If both are running on the same server at a given time, then PIM (Control Minder) Endpoint Agent's sewhoami utility detects every user who logs in to the server as root user.

To mitigate this, PIM (Control Minder) Endpoint Agent is packed with an executable which allows both SELinux and Privileged Identity Manager to run in conjunction.

 

Instructions: 

 

  • On the endpoint server  login as the root user, navigate to <Access_Control_InstallDirectory>/lbin
  • ./sshd_policy.sh

 

[SAMPLE OUTPUT]

[root@Server lbin]# ./sshd_policy.sh

/usr/bin/checkmodule:  loading policy configuration from /tmp/AC_TMP.31027/CAeAC.te

/usr/bin/checkmodule:  policy configuration loaded

/usr/bin/checkmodule:  writing binary representation (version 6) to /tmp/AC_TMP.31027/CAeAC.mod

Additional Information:

<Access_Control_InstallDirectory> in this document refers to the root directory where endpoint agent is installed