Implementation Guide › Installing and Customizing a UNIX Endpoint › Customizing CA ControlMinder › Trusted Programs

Trusted Programs

A trusted program is one that can be executed only as long as it has not been altered. Ordinarily it is a setuid/setgid program. CA ControlMinder also allows you to specify regular programs as trusted. When you are sure that the program has not been tampered with, register it in the PROGRAM class, where CA ControlMinder can guard its integrity.

You may want to use trusted programs together with program pathing, so users can perform certain tasks only by means of trusted programs.

Note: For more information about program pathing, see the Endpoint Administration Guide for UNIX.

CA ControlMinder can help you with a script to register a whole collection of setuid and setgid programs as trusted.

1. To save yourself the effort of remembering all your setuid and setgid programs, use the seuidpgm program that follows. It scans your file system, locates all setuid and setgid programs, and creates a script of selang commands that will register them all in the PROGRAM class.

   Issue this command:

   seuidpgm ‑q ‑l ‑f / > /opt/CA/AccessControl/seuid.txt
   

   Run as shown, seuidpgm does the following:

   • Scans the entire file system (starting from /).
   • Remains quiet (the ‑q option suppresses the “cannot chdir” messages).
   • Ignores any symbolic links (‑l).
   • Registers the programs in both the FILE and PROGRAM classes (‑f).
   • Outputs the commands to file /opt/CA/AccessControl/seuid.txt.

   Note: For a complete description of seuidpgm, see the Reference Guide.

2. Using a text editor, check the seuid.txt file to be sure that it includes all the setgid/setuid programs that you want to have trusted, and no other programs. Edit the file if necessary.
3. Use selang to run the edited file of commands. If the seosd daemon is not running, include the ‑l switch.

   selang [‑l] ‑f /opt/CA/AccessControl/seuid.txt
   

   It may take a few minutes for selang to finish.

4. Restart the seosd daemon if it is not already running. Then check whether your system works as expected and whether setuid programs can be invoked.
5. It is advisable to change the default access of the PROGRAM class to NONE to prevent new untrusted setuid or setgid programs from being added and run without the knowledge of the security administrator.

   Enter the following selang command to set that default access value:

   chres PROGRAM _default defaccess(none)
   

Note: Veteran CA ControlMinder users will remember the UACC class in this connection. That class still exists and can be used to specify the default access of a resource. However, for ease of use we recommended that for specifying the default access of a class, you use the class's _default record instead. The _default specification overrides any UACC specification for the same class.

The records in the PROGRAM class representing the setuid, setgid, and regular programs that you have registered store the following attributes of the executable files.

• Device‑number
• Inode
• Owner
• Group
• Size
• Creation Date
• Creation Time
• Last‑Modification Date
• Last‑Modification Time
• MD5 Signature
• SHA1 Signature
• Checksum CRC (Cyclical Redundancy Check)

The most important attribute of each program you register is that the program is trusted. That is, the program is considered OK to run. Any change in any of the attributes listed previously causes the program to lose its trusted status, and then CA ControlMinder can prevent the program from running.