Anonymous_User Absent Member.
Absent Member.
699 views

"Error, cannot open policy" Using EAC on AIX


Hi,

Greetings for the day!!

I am getting error while applying EAC for AIX server. I have applied
EAC rule as

Begin Rule: EAC Rule
If ((command IN cpcksh))
Then
Set Authorize: yes
Set Session Capture: yes
Run Script: Enhanced Access Control Policy
(policy
path default read:!all
path /usr/bin/** exec:!all
)
Stop if authorized
End If
End Rule: EAC Rule

When I am trying to run use this on AIX system, I am getting following
error:

"Error, cannot open policy: A file descriptor does not refer to an open
file."

When I tried to debug deeper, I suspect cause of issue in EAC script in
following line:

"$meta->child("Options")->arg("policy",$policy);"

No sure, where is the issue?

Thanks for help in advance.


--
rajeshemailto
------------------------------------------------------------------------
rajeshemailto's Profile: https://forums.netiq.com/member.php?userid=196
View this thread: https://forums.netiq.com/showthread.php?t=44942

0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: "Error, cannot open policy" Using EAC on AIX


Rajesh,

I think it has to do with your script arguments for your EAC policy.
As long as you are using the default EAC script, there should be an
issue within the script.

For troubleshooting purposes, try removing your current Script
Arguments for this rule and add:
name: policy
value: default all:log

Then test your rule again. If it works with the above changes, start
adding new script arguments one by one until you see your error. It
appears the script arguments you supplied may be too restrictive and you
stopped crucial binaries from running.

--Brett



rajeshemailto;216086 Wrote:
> Hi,
>
> Greetings for the day!!
>
> I am getting error while applying EAC for AIX server. I have applied
> EAC rule as
>
> Begin Rule: EAC Rule
> If ((command IN cpcksh))
> Then
> Set Authorize: yes
> Set Session Capture: yes
> Run Script: Enhanced Access Control Policy
> (policy
> path default read:!all
> path /usr/bin/** exec:!all
> )
> Stop if authorized
> End If
> End Rule: EAC Rule
>
> When I am trying to run use this on AIX system, I am getting following
> error:
>
> "Error, cannot open policy: A file descriptor does not refer to an open
> file."
>
> When I tried to debug deeper, I suspect cause of issue in EAC script in
> following line:
>
> "$meta->child("Options")->arg("policy",$policy);"
>
> No sure, where is the issue?
>
> Thanks for help in advance.



--
deni
------------------------------------------------------------------------
deni's Profile: https://forums.netiq.com/member.php?userid=1793
View this thread: https://forums.netiq.com/showthread.php?t=44942

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: "Error, cannot open policy" Using EAC on AIX


Yes Deni!!

Actually I was trying to implement EAC for SUSE & AIX using same
request. But command's absolute location are different in bot flavor of
Linux so created separate EAC for AIX & SUSE.

Thanks for pointing out the issue.

Regards,
RK

deni;216128 Wrote:
> Rajesh,
>
> I think it has to do with your script arguments for your EAC policy.
> As long as you are using the default EAC script, there should be an
> issue within the script.
>
> For troubleshooting purposes, try removing your current Script
> Arguments for this rule and add:
> name: policy
> value: default all:log
>
> Then test your rule again. If it works with the above changes, start
> adding new script arguments one by one until you see your error. It
> appears the script arguments you supplied may be too restrictive and you
> stopped crucial binaries from running.
>
> --Brett



--
rajeshemailto
------------------------------------------------------------------------
rajeshemailto's Profile: https://forums.netiq.com/member.php?userid=196
View this thread: https://forums.netiq.com/showthread.php?t=44942

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.