"Error, cannot open policy" Using EAC on AIX


Hi,

Greetings for the day!!

I am getting error while applying EAC for AIX server. I have applied
EAC rule as

Begin Rule: EAC Rule
If ((command IN cpcksh))
Then
Set Authorize: yes
Set Session Capture: yes
Run Script: Enhanced Access Control Policy
(policy
path default read:!all
path /usr/bin/** exec:!all
)
Stop if authorized
End If
End Rule: EAC Rule

When I am trying to run use this on AIX system, I am getting following
error:

"Error, cannot open policy: A file descriptor does not refer to an open
file."

When I tried to debug deeper, I suspect cause of issue in EAC script in
following line:

"$meta->child("Options")->arg("policy",$policy);"

No sure, where is the issue?

Thanks for help in advance.


--
rajeshemailto
------------------------------------------------------------------------
rajeshemailto's Profile: https://forums.netiq.com/member.php?userid=196
View this thread: https://forums.netiq.com/showthread.php?t=44942


  • Rajesh,

    I think it has to do with your script arguments for your EAC policy.
    As long as you are using the default EAC script, there should be an
    issue within the script.

    For troubleshooting purposes, try removing your current Script
    Arguments for this rule and add:
    name: policy
    value: default all:log

    Then test your rule again. If it works with the above changes, start
    adding new script arguments one by one until you see your error. It
    appears the script arguments you supplied may be too restrictive and you
    stopped crucial binaries from running.

    --Brett



    rajeshemailto;216086 Wrote:
    > Hi,
    >
    > Greetings for the day!!
    >
    > I am getting error while applying EAC for AIX server. I have applied
    > EAC rule as
    >
    > Begin Rule: EAC Rule
    > If ((command IN cpcksh))
    > Then
    > Set Authorize: yes
    > Set Session Capture: yes
    > Run Script: Enhanced Access Control Policy
    > (policy
    > path default read:!all
    > path /usr/bin/** exec:!all
    > )
    > Stop if authorized
    > End If
    > End Rule: EAC Rule
    >
    > When I am trying to run use this on AIX system, I am getting following
    > error:
    >
    > "Error, cannot open policy: A file descriptor does not refer to an open
    > file."
    >
    > When I tried to debug deeper, I suspect cause of issue in EAC script in
    > following line:
    >
    > "$meta->child("Options")->arg("policy",$policy);"
    >
    > No sure, where is the issue?
    >
    > Thanks for help in advance.



    --
    deni
    ------------------------------------------------------------------------
    deni's Profile: https://forums.netiq.com/member.php?userid=1793
    View this thread: https://forums.netiq.com/showthread.php?t=44942


  • Yes Deni!!

    Actually I was trying to implement EAC for SUSE