How to prevent a binary from being executed once it is modified

Document ID : KB000101538
Last Modified Date : 14/06/2018
Show Technical Document Details
Introduction:
This is an example how to use PIM to prevent execution of a program once its binary file was modified for whatever reason.
Instructions:
This you would accomplish using the PROGRAM class, e.g.
AC> er program /opt/CA/AccessControl/bin/sesu audit(all) defaccess(none) owner(nobody)
and you want to allow only certain users to execute the binary
AC> authorize program /opt/CA/AccessControl/bin/sesu uid(tester) access(execute)
Additional Information:
More information about the PROGRAM class and how to use them you find
https://docops.ca.com/ca-privileged-access-manager-server-control/14-0/EN/reference/selang-reference-guide/classes-in-the-ac-environment/program-class
https://docops.ca.com/ca-privileged-access-manager-server-control/14-0/EN/administrating/endpoint-administration-for-unix/protect-setuid-and-setgid-programs