seosd incorrectly marking a program as untrusted.

Document ID : KB000005851
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

AC endpoint is blocking execution of a program that does not have a matching rule in selang. SEAUDIT reports it as an untrusted application, but there is no rule pointing to this program.

 

seaudit records:

 

01 Feb 2017 15:53:37 D PROGRAM root Exec 250 2 /incontrol/ctmagent/ctm/sysout/* /incontrol/ctmagent/ctm/exe/p_ctmag root 

01 Feb 2017 15:53:37 D PROGRAM root Exec 250 2 /incontrol/ctmagent/ctm/sysout/* /usr/bin/ksh root 

 

# seaudit -t | grep 250

250     Executing an untrusted program

 

Environment:
CA Privileged Identity Manager r12.8 SP1 running on a AIX box.
Cause:

Corrupted endpoint database.

 

Resolution:

Rebuild the endpoint database by following the instructions of TEC480873.

 

Additional Information:

https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.TEC480873.html